flatnotes icon indicating copy to clipboard operation
flatnotes copied to clipboard

Published 20 hours ago verified publisher icon dullage

Add option to disable authentication

Open poblabs opened this issue 1 year ago • 3 comments

Hi again, last question. Is it possible to disable auth? Thanks again!

poblabs avatar Jul 20 '22 23:07 poblabs

@poblabs - Not at present. The best you can do is extend the FLATNOTES_SESSION_EXPIRY_DAYS environment variable to something like 365 then at least you'd only need to log in once a year (or when accessing it on a new machine).

I'll leave this open as suggestion and maybe I can add this as an option in the future.

dullage avatar Jul 21 '22 11:07 dullage

@Dullage This would be cool for making a searchable public zettelkasten repo tbh

hbjydev avatar Aug 28 '22 17:08 hbjydev

A hack I've found to disable authentication is to just reply true to the token validation request. In auth.py I did this:

async def validate_token(token: str = Depends(oauth2_scheme)):
    return True
    # try:
    #     payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=[JWT_ALGORITHM])
    #     username = payload.get("sub")
    #     if username is None or username.lower() != FLATNOTES_USERNAME.lower():
    #         raise ValueError
    #     return FLATNOTES_USERNAME
    # except (JWTError, ValueError):
    #     raise HTTPException(
    #         status_code=401,
    #         detail="Invalid authentication credentials",
    #         headers={"WWW-Authenticate": "Bearer"},
    #     )

poblabs avatar Aug 29 '22 12:08 poblabs

As of v2.1.0 you can now disable authentication by setting the FLATNOTES_AUTH_TYPE to none. See the Environment Variables article in the wiki for more information.

dullage avatar Oct 18 '22 12:10 dullage