791 commits

Author	SHA1	Message	Date
Denis Arnst	ffc5ea37ed	Merge a6848065e1 into 47ea6b5092	2026-05-05 20:09:33 -07:00
advplyr	f8a71cc514	Merge pull request #5089 from meek2100/pass_managers ... feat: add autocomplete attributes for password manager support	2026-04-26 16:16:42 -05:00
advplyr	928051744a	ShareController check ?t param is less than duration, revert frontend mounted usage of param	2026-04-25 17:13:22 -05:00
peter.kottke	5a6b3d8e61	updates to allow share t argument to over-ride server stored position	2026-04-01 21:05:48 -04:00
advplyr	7c0d9efe91	Update Confirm component to support allowHtml prompt option	2026-03-18 16:51:51 -05:00
advplyr	690a7e0da9	Update session DeviceInfo with sanitize on clientDeviceInfo	2026-03-11 17:03:07 -05:00
meek2100	a9e12657f5	Add autocomplete attributes to login and setup fields for password manager support	2026-02-26 14:29:28 -08:00
Denis Arnst	073eff74ef	Add OIDC Back-Channel Logout support ... Implement OIDC Back-Channel Logout 1.0 (RFC). When enabled, the IdP can POST a signed logout_token JWT to invalidate user sessions server-side. - Add BackchannelLogoutHandler: JWT verification via jose, jti replay protection with bounded cache, session destruction by sub or sid - Add oidcSessionId column to sessions table with index for fast lookups - Add backchannel logout route (POST /auth/openid/backchannel-logout) - Notify connected clients via socket to redirect to login page - Add authOpenIDBackchannelLogoutEnabled toggle in schema-driven settings UI - Migration v2.34.0 adds oidcSessionId column and index - Polish settings UI: auto-populate loading state, subfolder dropdown options, KeyValueEditor fixes, localized descriptions via descriptionKey, duplicate key detection, success/error toasts - Localize backchannel logout toast (ToastSessionEndedByProvider) - OidcAuthStrategy tests now use real class via require-cache stubbing	2026-02-05 17:55:10 +01:00
Denis Arnst	33bee70a12	Revamp OIDC auth: remove Passport wrapper, add schema-driven settings UI ... - Remove Passport.js wrapper from OIDC auth, use openid-client directly - Add schema-driven OIDC settings UI (OidcSettingsSchema.js drives form rendering) - Add group mapping with KeyValueEditor (explicit mapping or legacy direct name match) - Add scopes configuration (authOpenIDScopes) - Add verified email enforcement option (authOpenIDRequireVerifiedEmail) - Fix group claim validation rejecting URN-style claims (#4744) - Add auto-discover endpoint for OIDC provider configuration - Store oidcIdToken in sessions table instead of cookie - Add AuthError class for structured error handling in auth flows - Migration v2.33.0 adds oidcIdToken column and new settings fields	2026-02-05 17:54:59 +01:00
advplyr	503f4611b2	Update tooltip with plaintext prop	2025-12-12 17:24:01 -06:00
advplyr	8758c62ae2	Merge pull request #4702 from Vito0912/feat/uploadProgress ... feat: Added progress indicator to upload	2025-11-24 17:08:03 -06:00
advplyr	a92ba564bd	Merge pull request #4750 from mikiher/providers-api ... Add metadata providers API and use them on web client	2025-10-21 17:24:11 -05:00
mikiher	538a5065a4	Update providers users to fetch providers on demand	2025-10-19 18:57:27 +03:00
mikiher	ce4ff4f894	Client: Use new server providers API	2025-10-15 09:52:15 +03:00
Frank de Lange	fc06aa2c78	Explicitly launch OpenID Connect authentication with ?autoLaunch=1 ... This change extends OIDC authentication by enabling explicit redirection to the OAuth provider when navigating to the login page with the manual override parameter (/login?autoLaunch=1). Use case: directly launch audiobookshelf from within e.g. Nextcloud using the external sites app (use something like https://abs.example.org/login?autoLaunch=1 as URL) while keeping the possibility to launch audiobookshelf using its built-in authentication mechanism. Assuming the username or mail address used in Nextcloud and audiobookshelf are identical the user will be logged in to his or her account no matter which method is used.	2025-10-09 16:02:02 +02:00
advplyr	2592467d09	Fix: Always re-load libraries when changing users #4694	2025-10-08 15:32:37 -05:00
advplyr	37beb7b37c	Disable chapter editor chapter play button when time is invalid #4691	2025-10-08 15:03:33 -05:00
Vito0912	9ce6de3100	Added progress to upload	2025-09-27 17:00:57 +02:00
advplyr	85d5531bc1	Update chapter editor remove redirect on save or delete all #4650	2025-09-07 17:50:59 -05:00
advplyr	856cf180a5	Fix chapter editor overflow, set custom wrap breakpoint #4652	2025-09-05 17:21:55 -05:00
advplyr	dcaca43817	Merge pull request #4384 from josh-vin/feat/ChaptersEnhancments ... Enhancement: Improves chapter editing and adds bulk import	2025-08-14 17:38:56 -04:00
advplyr	0eed4e82f9	Fix bulk add chapter icon button tooltip	2025-08-14 16:35:28 -05:00
advplyr	2ed2328401	Remove negative chapter end check & tooltip	2025-08-14 16:18:33 -05:00
advplyr	8b260c8bc6	Update bulk chapter modal styles, decreased text and button sizes	2025-08-14 16:16:34 -05:00
advplyr	7dcb9b98a0	Chapter lookup modal add back button to clear lookup results	2025-08-14 16:03:32 -05:00
advplyr	2c45b28d48	Fix authorize race condition by not updating the user on token refresh #4567	2025-08-13 08:31:01 -05:00
Josh Vincent	3e423839a1	Fixes UI for Bulk Chapter adder, and changes logic around locking	2025-08-04 18:33:06 -06:00
Josh Vincent	2773c8c4a9	Merge remote-tracking branch 'josh-vin/master' into feat/ChaptersEnhancments	2025-08-04 18:32:28 -06:00
advplyr	1908ec3df5	Remove commented out experimental features setting	2025-08-04 17:54:59 -05:00
advplyr	df3878d4ca	Add Security section to settings with allowed cors origin setting, increase width of setting inputs	2025-08-04 17:54:29 -05:00
Vito0912	1097de6f1f	now updates the input field	2025-08-04 19:17:46 +02:00
Vito0912	af67c2e86f	locale	2025-08-03 13:57:44 +02:00
Vito0912	6a52d2a968	CORS	2025-08-03 13:52:58 +02:00
advplyr	894ea0b80a	Update chapter data log	2025-07-31 19:19:11 -05:00
Chris Campanile	e54571f011	Including total durations into the de-branding from #4226 as warning message is always present currently	2025-07-31 16:48:05 -07:00
Josh Vincent	77d7a50b99	Merge remote-tracking branch 'josh-vin/master' into feat/ChaptersEnhancments	2025-07-30 16:51:12 -06:00
advplyr	0107cb4782	UI/UX fix x overflow for sessions tables on mobile	2025-07-26 09:45:44 -05:00
advplyr	5b6807892f	Fix set token on page load #4509	2025-07-18 16:59:27 -05:00
advplyr	3845940245	Add warning under legacy token input on users page to use api keys instead	2025-07-16 16:43:53 -05:00
advplyr	99110f587a	Localize elapsed duration on sessions tables	2025-07-14 17:17:39 -05:00
advplyr	d09db19cd5	Update re-login message to show for users without github discussion link, add message to i18n strings	2025-07-12 11:21:52 -05:00
advplyr	d3402e30c2	Update ereaders to handle refreshing, epubjs to use custom request method, separate accessToken in store	2025-07-10 16:54:28 -05:00
advplyr	d0d152c20d	Seperate setUserToken from setUser in store	2025-07-08 09:45:24 -05:00
advplyr	6cc7a44a22	Update oidc redirect to pass both new and old token in url	2025-07-07 17:21:25 -05:00
advplyr	ad092ef8f8	Merge branch 'master' into jwt_auth_refactor	2025-07-07 16:50:58 -05:00
advplyr	9c8900560c	Seperate out auth strategies, update change password to return error status codes	2025-07-07 15:04:40 -05:00
advplyr	ce803dd6de	Use getServerSetting to ensure serverSettings is set before accessing	2025-07-06 17:39:03 -05:00
advplyr	97afd22f81	Refactor Auth to breakout functions in TokenManager, handle token generation for OIDC	2025-07-06 16:43:03 -05:00
advplyr	e24eaab3f1	Log when token expiry is set via env var, api-keys create/update returns with user association	2025-07-06 13:10:14 -05:00
advplyr	a24dae5262	Merge branch 'master' into jwt_auth_refactor	2025-07-06 09:06:39 -05:00