Commit ede5d4dc authored by echel0n's avatar echel0n

Merge branch 'develop' into feature-annoucements

parents eaf256d1 8d7cc284
......@@ -77,8 +77,9 @@ Thumbs.db
# Build Files #
######################
.yarn-cache
/bower_components/
/node_modules/
/src/spritesmith-generated/
/dist/
/sickrage/core/webserver/static/js/core.js.map
\ No newline at end of file
/sickrage/core/webserver/static/js/core.js.map
......@@ -14,8 +14,8 @@ stages:
# NODE_ENV: "development"
# script:
# - apk add --no-cache git gcc libffi-dev python3-dev musl-dev openssl-dev
# - npm install -qs
# - npm run build
# - yarn install --pure-lockfile --cache-folder .yarn-cache
# - yarn run build
# only:
# - [email protected]/sickrage
# cache:
......@@ -108,12 +108,12 @@ release:build:master:
- apk add --no-cache git gcc libffi-dev python3-dev musl-dev openssl-dev
- git config --global user.email $(git --no-pager show -s --format='%ae' HEAD)
- git config --global user.name $(git --no-pager show -s --format='%an' HEAD)
- npm install -qs
- yarn install --pure-lockfile --cache-folder .yarn-cache
- pip install bumpversion
- pip install -r requirements-dev.txt
- bumpversion --allow-dirty release package.json sickrage/version.txt
- git checkout -b release-$(cat sickrage/version.txt)
- npm run build
- yarn run build
# - python setup.py extract_messages
# - crowdin-cli-py upload sources
# - crowdin-cli-py download
......@@ -123,13 +123,14 @@ release:build:master:
- git fetch . release-$(cat sickrage/version.txt):master
- git fetch . release-$(cat sickrage/version.txt):develop
- git tag -a $(cat sickrage/version.txt) -m "Release v$(cat sickrage/version.txt) master"
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:master --follow-tags
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:master
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:master --tags
- git checkout develop
- bumpversion --allow-dirty patch package.json sickrage/version.txt
- git add --all
- git commit -m "[TASK] Bump develop branch to v$(cat sickrage/version.txt)"
# - git tag -a $(cat sickrage/version.txt) -m "Pre-Release v$(cat sickrage/version.txt) develop"
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:develop --follow-tags
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:develop
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:develop --tags
when: manual
only:
- /^[0-9.]+dev[0-9]+$/@SiCKRAGE/sickrage
......@@ -148,11 +149,11 @@ release:build:develop:
NODE_ENV: "development"
script:
- apk add --no-cache git gcc libffi-dev python3-dev musl-dev openssl-dev
- npm install -qs
- yarn install --pure-lockfile --cache-folder .yarn-cache
- pip install bumpversion
- pip install -r requirements-dev.txt
- bumpversion --allow-dirty dev package.json sickrage/version.txt
- npm run build
- yarn run build
# - python setup.py extract_messages
# - crowdin-cli-py upload sources
# - crowdin-cli-py download
......@@ -162,7 +163,8 @@ release:build:develop:
- git add --all
- git commit -m "[TASK] Pre-Releasing v$(cat sickrage/version.txt)"
- git tag -a $(cat sickrage/version.txt) -m "Pre-release v$(cat sickrage/version.txt)"
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:$CI_COMMIT_REF_NAME --follow-tags
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:$CI_COMMIT_REF_NAME
- git push https://$GIT_ACCESS_USER:[email protected]$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:$CI_COMMIT_REF_NAME --tags
only:
- [email protected]/sickrage
except:
......
This diff is collapsed.
{
"name": "sickrage",
"version": "9.4.197.dev0",
"version": "9.4.198.dev0",
"private": true,
"repository": {
"type": "git",
......@@ -34,14 +34,6 @@
"eslint-loader": "^2.0.0",
"file-loader": "^1.1.11",
"gettext-parser": "^2.0.0",
"grunt": "^1.0.3",
"grunt-changelog": "^0.3.2",
"grunt-cli": "^1.2.0",
"grunt-exec": "^2.0.0",
"grunt-google-fonts": "^0.3.0",
"grunt-npm-install": "^0.3.1",
"grunt-spritesmith": "^6.6.2",
"grunt-webpack": "^3.1.2",
"imagesloaded": "^4.1.4",
"isotope-layout": "^3.0.6",
"jquery": "^3.3.1",
......@@ -51,7 +43,6 @@
"jquery-form": "^4.2.2",
"jquery-ui": "^1.12.1",
"jquery-validation": "^1.17.0",
"load-grunt-tasks": "^3.4.1",
"material-design-icons": "^3.0.1",
"mini-css-extract-plugin": "^0.4.1",
"node-sass": "^4.9.2",
......@@ -60,7 +51,6 @@
"pnotify": "^4.0.0-alpha.4",
"popper.js": "^1.14.3",
"sass-loader": "^7.0.3",
"shelljs": "^0.8.3",
"tablesorter": "^2.30.7",
"timeago": "^1.6.3",
"toggle-checkbox-radio": "^2.0.2",
......
[bumpversion]
current_version = 9.4.197.dev0
current_version = 9.4.198.dev0
commit = False
tag = False
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(\.(?P<release>[a-z]+)(?P<dev>\d+))?
......
......@@ -45,20 +45,24 @@ class API(object):
@token.setter
@CacheDB.with_session
def token(self, value, session=None):
query = session.query(CacheDB.OAuth2Token)
if query.count():
token = query.first()
sickrage.app.oidc_client.logout(token.refresh_token)
query.delete()
if value:
session.add(CacheDB.OAuth2Token(**{
'access_token': value.get('access_token'),
'refresh_token': value.get('refresh_token'),
'expires_in': value.get('expires_in'),
'expires_at': value.get('expires_at', int(time.time() + value.get('expires_in'))),
'scope': value.scope if isinstance(value, OAuth2Token) else value.get('scope')
}))
new_token = {
'access_token': value.get('access_token'),
'refresh_token': value.get('refresh_token'),
'expires_in': value.get('expires_in'),
'expires_at': value.get('expires_at', int(time.time() + value.get('expires_in'))),
'scope': value.scope if isinstance(value, OAuth2Token) else value.get('scope')
}
try:
token = session.query(CacheDB.OAuth2Token).one()
token.update(**new_token)
except orm.exc.NoResultFound:
session.add(CacheDB.OAuth2Token(**new_token))
@token.deleter
@CacheDB.with_session
def token(self, session=None):
session.query(CacheDB.OAuth2Token).delete()
@property
def token_url(self):
......@@ -71,6 +75,9 @@ class API(object):
def userinfo(self):
return self._request('GET', 'userinfo')
def logout(self):
sickrage.app.oidc_client.logout(self.token.get('refresh_token'))
def refresh_token(self):
extra = {
'client_id': self.client_id,
......@@ -79,6 +86,10 @@ class API(object):
self.token = self.session.refresh_token(self.token_url, **extra)
def exchange_token(self, token, scope='offline_access'):
exchange = {'scope': scope, 'subject_token': token['access_token']}
self.token = sickrage.app.oidc_client.token_exchange(**exchange)
def allowed_usernames(self):
return self._request('GET', 'allowed-usernames')
......
......@@ -19,11 +19,13 @@
# along with SiCKRAGE. If not, see <http://www.gnu.org/licenses/>.
# ##############################################################################
import functools
import json
import os
import threading
import time
import traceback
from abc import ABC
from json import JSONDecodeError
from urllib.parse import urlparse, urljoin
from keycloak.exceptions import KeycloakClientError
......@@ -99,15 +101,19 @@ class BaseHandler(RequestHandler, ABC):
webroot=sickrage.app.config.web_root))
def get_current_user(self):
cookie = self.get_secure_cookie('_sr')
if not cookie:
return
try:
if not API().token:
return
token = sickrage.app.oidc_client.refresh_token(self.get_secure_cookie('sr_refresh_token'))
self.set_secure_cookie('sr_access_token', token['access_token'])
self.set_secure_cookie('sr_refresh_token', token['refresh_token'])
return sickrage.app.oidc_client.userinfo(token['access_token'])
except (KeycloakClientError, HTTPError, OSError):
token = json.loads(cookie)
try:
return sickrage.app.oidc_client.userinfo(token['access_token'])
except KeycloakClientError as e:
token = sickrage.app.oidc_client.refresh_token(token['refresh_token'])
self.set_secure_cookie('_sr', json.dumps(token))
return sickrage.app.oidc_client.userinfo(token['access_token'])
except Exception:
pass
def render_string(self, template_name, **kwargs):
......
......@@ -18,6 +18,7 @@
# You should have received a copy of the GNU General Public License
# along with SiCKRAGE. If not, see <http://www.gnu.org/licenses/>.
# ##############################################################################
import json
from abc import ABC
import sickrage
......@@ -37,8 +38,7 @@ class LoginHandler(BaseHandler, ABC):
token = sickrage.app.oidc_client.authorization_code(code, redirect_uri)
userinfo = sickrage.app.oidc_client.userinfo(token['access_token'])
self.set_secure_cookie('sr_access_token', token['access_token'])
self.set_secure_cookie('sr_refresh_token', token['refresh_token'])
self.set_secure_cookie('_sr', json.dumps(token))
if not userinfo.get('sub'):
return self.redirect('/logout')
......@@ -51,11 +51,13 @@ class LoginHandler(BaseHandler, ABC):
if API().token:
allowed_usernames = API().allowed_usernames()['data']
if not userinfo['preferred_username'] in allowed_usernames:
sickrage.app.log.debug("USERNAME:{} IP:{} - ACCESS DENIED".format(userinfo['preferred_username'], self.request.remote_ip))
sickrage.app.log.debug("USERNAME:{} IP:{} - WEB-UI ACCESS DENIED".format(userinfo['preferred_username'], self.request.remote_ip))
return self.redirect('/logout')
else:
return self.redirect('/logout')
else:
if API().token:
API().logout()
API().token = token
except Exception as e:
return self.redirect('/logout')
......
......@@ -29,9 +29,6 @@ class LogoutHandler(BaseHandler, ABC):
logout_uri = sickrage.app.oidc_client.get_url('end_session_endpoint')
redirect_uri = "{}://{}{}/login".format(self.request.protocol, self.request.host, sickrage.app.config.web_root)
# if self.get_secure_cookie('sr_refresh_token'):
# sickrage.app.oidc_client.logout(self.get_secure_cookie('sr_refresh_token'))
self.clear_all_cookies()
self.clear_cookie('_sr')
return super(BaseHandler, self).redirect('{}?redirect_uri={}'.format(logout_uri, redirect_uri))
......@@ -237,8 +237,8 @@ class UnlinkHandler(BaseHandler, ABC):
sickrage.app.config.sub_id = ""
sickrage.app.config.save()
sickrage.app.oidc_client.logout(API().token['refresh_token'])
API().token = {}
API().logout()
del API().token
return self.redirect('/logout/')
......
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
This diff was suppressed by a .gitattributes entry.
9.4.197.dev0
\ No newline at end of file
9.4.198.dev0
\ No newline at end of file
......@@ -38,9 +38,9 @@ $container-max-widths: (
$fa-font-path: "[email protected]/fontawesome-free/webfonts";
@import "[email protected]/fontawesome-free/scss/fontawesome";
@import "[email protected]/fontawesome-free/scss/fa-regular";
@import "[email protected]/fontawesome-free/scss/fa-brands";
@import "[email protected]/fontawesome-free/scss/fa-solid";
@import "[email protected]/fontawesome-free/scss/regular";
@import "[email protected]/fontawesome-free/scss/brands";
@import "[email protected]/fontawesome-free/scss/solid";
body {
color: #fff;
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment