platypush/platypush
platypush
/
platypush
2
2
Fork 4
Code Issues 47 Pull Requests Packages Projects 4 Releases Wiki Activity
2,494 Commits 6 Branches 83 Tags 148 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
Fabio Manganiello d95baac74e Add user credentials on the encrypted JWT token. 
Adding the credentials ensures that tokens associated to non-existing
users, or users with an invalid password, won't be accepted, even if
they were correctly encrypted using the host's keypair.

This adds an additional layer of security in case the host's keypair
gets compromised.
 2022-11-21 13:16:09 +01:00
Fabio Manganiello a2c8e27bd8 Removed PyJWT dependency. 
PyJWT is a very brittle and cumbersome dependency that expects several
cryptography libraries to be already installed on the system, and it can
lead to hard-to-debug errors when ported to different systems.

Moreover, it installs the whole `cryptography` package, which is several
MBs in size, takes time to compile, and it requires a Rust compiler to
be present on the target machine.

Platypush will now use the Python-native `rsa` module to handle JWT
tokens.
 2022-11-21 12:30:38 +01:00
Fabio Manganiello 1a314ffd6b Fixed LGTM errors and warnings 2021-09-17 22:21:29 +02:00
Fabio Manganiello 3bfc5b83ef Moved to manifest files for describing plugins and backends and their dependencies 2021-09-16 17:53:40 +02:00
Fabio Manganiello 87b70716c1 Logic for supporting JWT tokens both as bytes and strings [closes #197] 2021-08-24 22:55:42 +02:00
Fabio Manganiello 2a78f81a7b Major LINT fixes 2021-04-05 00:58:44 +02:00
Fabio Manganiello 570f1d0cf6 Passing expire_on_commit=False on sessionmaker() [see #181] 
Accessing db objects outside of their session seems to fail on SQLAlchemy >= 1.4
with a `Instance `Instance <x> is not bound to a Session` error.

Setting expire_on_commit=False on the session seems to somehow fix the issue
(see https://stackoverflow.com/questions/3039567/sqlalchemy-detachedinstanceerror-with-regular-attribute-not-a-relation)
 2021-03-25 20:30:51 +01:00
Fabio Manganiello 748609c6f4 Migrated settings panel and logout button 2021-02-15 23:09:27 +01:00
Fabio Manganiello b3c28f6773 Added support for JWT token-based authentication 2021-02-12 22:43:34 +01:00
Fabio Manganiello f86e2eb5a7 Implemented settings page and finalized multi-user support 2019-07-19 00:50:52 +02:00
Fabio Manganiello 1c1ecc18df Support for multi-users and authentication for HTTP pages 2019-07-15 14:12:00 +02:00