- Enable Jinja2 autoescape by default in the template environment.
- Use json.dumps to safely inject sso_name into JavaScript context.
- Fix linting issue (line too long) in injected_auth_page.py.
- Update tests to verify escaping and safe injection.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: werdnum <271070+werdnum@users.noreply.github.com>
* Add initial test & add pipeline
* Add very basic YAML config tests
* Add coverage reporting
* Add some webserver & template loading tests
* Add test cases for the helpers
* Implement initial OIDC server tests
* Test codestore & discovery checker
* Test basics of the config flow
* Add test for the HA auth provider
* Cleaned up tests & test injection
This relates to #70, where refreshing the webpage causes the user to
need to login again, due to homeassistant not storing the user's session
token `hassTokens`.
* Tweak code field error status
* Add a toggle for SSO vs Code and show a proper error when code fails
* Refactor SSO button handling and improve error message display
* Update timeout warning message duration in UI injection
* add additional scopes to config schema
Keep original groups setting for backwards compatibility.
* fix weird text issue
* Add support for additional scopes in OIDC setup
* fix compile error
* Update documentation to include description of additional oidc scopes
* clarify documentation
* Update README.md
Ad two to dos:
- bool for scopes
- "groups" scope configurable
* Update README.md
- Add scope bool to configuration options
* Final Update for making scope "groups" optinal
README:
Add scope bool to configuration options
Add two to dos:
bool for scopes
"groups" scope configurable
config:
Make scope "groups" a feature which can be deactivated
init:
Make the feature for the groups bool working in the scope variable
* Remove double description
* Update config.py
Added many new configuration options, including claim configuration and client_secret/confidential client support. Also enables user linking & creates person entries upon first sign in.
* Bumped version to 0.2.0
* Implemented Github Actions for HACS, Hassfest, Linting
* Improved code quality (compliant with the linter now)
* Added link to the finish page to automatically login on the same device/browser
