Commit graph

22 commits

Author SHA1 Message Date
901338e228
[#397] Replaced bcrypt dependency with native hashlib logic.
Closes: #397
2024-05-05 21:38:27 +02:00
440d70d9cf
LINT/format fixes. 2023-04-25 10:36:27 +02:00
c0dd91838b
Merge branch 'master' into 29-generic-entities-support 2022-11-21 22:13:47 +01:00
d95baac74e Add user credentials on the encrypted JWT token.
Adding the credentials ensures that tokens associated to non-existing
users, or users with an invalid password, won't be accepted, even if
they were correctly encrypted using the host's keypair.

This adds an additional layer of security in case the host's keypair
gets compromised.
2022-11-21 13:16:09 +01:00
ba1681fc22 Merge branch 'master' into 29-generic-entities-support 2022-11-21 12:36:01 +01:00
a2c8e27bd8 Removed PyJWT dependency.
PyJWT is a very brittle and cumbersome dependency that expects several
cryptography libraries to be already installed on the system, and it can
lead to hard-to-debug errors when ported to different systems.

Moreover, it installs the whole `cryptography` package, which is several
MBs in size, takes time to compile, and it requires a Rust compiler to
be present on the target machine.

Platypush will now use the Python-native `rsa` module to handle JWT
tokens.
2022-11-21 12:30:38 +01:00
ae17a12c12
FIX: UserManager.get_users
`UserManager.get_users` should not return a reference to the query
object, since the query object will be invalidated as soon as the
connection is closed.

Instead, it should return directly the list of `User` objects.
2022-11-21 00:57:00 +01:00
69e097707d
Don't lock read session from the main database 2022-11-12 16:10:57 +01:00
86edd70d93
Fixed session/concurrency management on the main SQLite db
- The `declarative_base` instance should be shared
- Database `session_locks` should be stored at module, not instance
  level
- Better isolation of scoped sessions
- Enclapsulated `get_session` method in `UserManager`
2022-11-12 15:36:17 +01:00
6b7933cd33
Using a different SQLite database for entities
This prevents multiprocessing/concurrency issues when modifying the same
database file both from the main process and from the web server process
2022-11-12 02:00:55 +01:00
3fc94181b7
LINT fixes 2022-11-11 22:02:36 +01:00
8a70f1d38e
Replaced deprecated sqlalchemy.ext.declarative with sqlalchemy.orm 2022-04-05 22:47:44 +02:00
4ee7e4db29
Basic support for entities on the local db and implemented support for switch entities on the tplink plugin 2022-04-04 16:50:17 +02:00
1a314ffd6b Fixed LGTM errors and warnings 2021-09-17 22:21:29 +02:00
3bfc5b83ef Moved to manifest files for describing plugins and backends and their dependencies 2021-09-16 17:53:40 +02:00
87b70716c1 Logic for supporting JWT tokens both as bytes and strings [closes #197] 2021-08-24 22:55:42 +02:00
2a78f81a7b Major LINT fixes 2021-04-05 00:58:44 +02:00
570f1d0cf6 Passing expire_on_commit=False on sessionmaker() [see #181]
Accessing db objects outside of their session seems to fail on SQLAlchemy >= 1.4
with a `Instance `Instance <x> is not bound to a Session` error.

Setting expire_on_commit=False on the session seems to somehow fix the issue
(see https://stackoverflow.com/questions/3039567/sqlalchemy-detachedinstanceerror-with-regular-attribute-not-a-relation)
2021-03-25 20:30:51 +01:00
748609c6f4 Migrated settings panel and logout button 2021-02-15 23:09:27 +01:00
b3c28f6773 Added support for JWT token-based authentication 2021-02-12 22:43:34 +01:00
Fabio Manganiello
f86e2eb5a7 Implemented settings page and finalized multi-user support 2019-07-19 00:50:52 +02:00
Fabio Manganiello
1c1ecc18df Support for multi-users and authentication for HTTP pages 2019-07-15 14:12:00 +02:00