Remove No Authentication mode from Kavita (#1006)

* Moved the Server Settings out into a button on nav header

* Refactored Mange Users page to the new design (skeleton). Implemented skeleton code for Invite User.

* Hashed out more of the code, but need to move all the email code to a Kavita controlled API server due to password credentials.

* Cleaned up some warnings

* When no user exists for an api key in Plugin controller, throw 401.

* Hooked in the ability to check if the Kavita instance can be accessed externally so we can determine if the user can invite or not.

* Hooked up some logic if the user's server isn't accessible, then default to old flow

* Basic flow is working for confirm email. Needs validation, error handling, etc.

* Refactored Password validation to account service

* Cleaned up the code in confirm-email to work much better.

* Refactored the login page to have a container functionality, so we can reuse the styles on multiple pages (registration pages). Hooked up the code for confirm email.

* Messy code, but making progress. Refactored Register to be used only for first time user registration. Added a new register component to handle first time flow only.

* Invite works much better, still needs a bit of work for non-accessible server setup. Started work on underlying manage users page to meet new design.

* Changed (you) to a star to indicate who you're logged in as.

* Inviting a user is now working and tested fully.

* Removed the register member component as we now have invite and confirm components.

* Editing a user is now working. Username change and Role/Library access from within one screen. Email changing is on hold.

* Cleaned up code for edit user and disabled email field for now.

* Cleaned up the code to indicate changing a user's email is not possible.

* Implemented a migration for existing accounts so they can validate their emails and still login.

* Change url for email server

* Implemented the ability to resend an email confirmation code (or regenerate for non accessible servers). Fixed an overflow on the confirm dialog.

* Removed all code around disabling authentication. Users that were already disabled can look up their password on the wiki.

API/Controllers/AccountController.cs

@@ -191,14 +191,6 @@ namespace API.Controllers
                     "You are missing an email on your account. Please wait while we migrate your account.");
             }
 
-            var isAdmin = await _unitOfWork.UserRepository.IsUserAdminAsync(user);
-            var settings = await _unitOfWork.SettingsRepository.GetSettingsDtoAsync();
-            if (!settings.EnableAuthentication && !isAdmin)
-            {
-                _logger.LogDebug("User {UserName} is logging in with authentication disabled", loginDto.Username);
-                loginDto.Password = AccountService.DefaultPassword;
-            }
-
             var result = await _signInManager
                 .CheckPasswordSignInAsync(user, loginDto.Password, false);
 

API/Controllers/SettingsController.cs

@@ -23,17 +23,15 @@ namespace API.Controllers
         private readonly ILogger<SettingsController> _logger;
         private readonly IUnitOfWork _unitOfWork;
         private readonly ITaskScheduler _taskScheduler;
-        private readonly IAccountService _accountService;
         private readonly IDirectoryService _directoryService;
         private readonly IMapper _mapper;
 
         public SettingsController(ILogger<SettingsController> logger, IUnitOfWork unitOfWork, ITaskScheduler taskScheduler,
-            IAccountService accountService, IDirectoryService directoryService, IMapper mapper)
+            IDirectoryService directoryService, IMapper mapper)
         {
             _logger = logger;
             _unitOfWork = unitOfWork;
             _taskScheduler = taskScheduler;
-            _accountService = accountService;
             _directoryService = directoryService;
             _mapper = mapper;
         }
@@ -84,7 +82,6 @@ namespace API.Controllers
 
             // We do not allow CacheDirectory changes, so we will ignore.
             var currentSettings = await _unitOfWork.SettingsRepository.GetSettingsAsync();
-            var updateAuthentication = false;
             var updateBookmarks = false;
             var originalBookmarkDirectory = _directoryService.BookmarkDirectory;
 
@@ -163,13 +160,6 @@ namespace API.Controllers
 
                 }
 
-                if (setting.Key == ServerSettingKey.EnableAuthentication && updateSettingsDto.EnableAuthentication + string.Empty != setting.Value)
-                {
-                    setting.Value = updateSettingsDto.EnableAuthentication + string.Empty;
-                    _unitOfWork.SettingsRepository.Update(setting);
-                    updateAuthentication = true;
-                }
-
                 if (setting.Key == ServerSettingKey.AllowStatCollection && updateSettingsDto.AllowStatCollection + string.Empty != setting.Value)
                 {
                     setting.Value = updateSettingsDto.AllowStatCollection + string.Empty;
@@ -191,21 +181,6 @@ namespace API.Controllers
             {
                 await _unitOfWork.CommitAsync();
 
-                if (updateAuthentication)
-                {
-                    var users = await _unitOfWork.UserRepository.GetNonAdminUsersAsync();
-                    foreach (var user in users)
-                    {
-                        var errors = await _accountService.ChangeUserPassword(user, AccountService.DefaultPassword);
-                        if (!errors.Any()) continue;
-
-                        await _unitOfWork.RollbackAsync();
-                        return BadRequest(errors);
-                    }
-
-                    _logger.LogInformation("Server authentication changed. Updated all non-admins to default password");
-                }
-
                 if (updateBookmarks)
                 {
                     _directoryService.ExistOrCreate(bookmarkDirectory);
@@ -253,12 +228,5 @@ namespace API.Controllers
             var settingsDto = await _unitOfWork.SettingsRepository.GetSettingsDtoAsync();
             return Ok(settingsDto.EnableOpds);
         }
-
-        [HttpGet("authentication-enabled")]
-        public async Task<ActionResult<bool>> GetAuthenticationEnabled()
-        {
-            var settingsDto = await _unitOfWork.SettingsRepository.GetSettingsDtoAsync();
-            return Ok(settingsDto.EnableAuthentication);
-        }
     }
 }

API/Controllers/UsersController.cs

@@ -47,21 +47,6 @@ namespace API.Controllers
         }
 
 
-
-        [AllowAnonymous]
-        [HttpGet("names")]
-        public async Task<ActionResult<IEnumerable<MemberDto>>> GetUserNames()
-        {
-            // This is only for disabled auth flow - being removed
-            var setting = await _unitOfWork.SettingsRepository.GetSettingsDtoAsync();
-            if (setting.EnableAuthentication)
-            {
-                return Unauthorized("This API cannot be used given your server's configuration");
-            }
-            var members = await _unitOfWork.UserRepository.GetEmailConfirmedMemberDtosAsync();
-            return Ok(members.Select(m => m.Username));
-        }
-
         [HttpGet("has-reading-progress")]
         public async Task<ActionResult<bool>> HasReadingProgress(int libraryId)
         {
@@ -104,6 +89,5 @@ namespace API.Controllers
 
             return BadRequest("There was an issue saving preferences.");
         }
-
     }
 }

API/DTOs/Settings/ServerSettingDTO.cs

@@ -23,11 +23,6 @@ namespace API.DTOs.Settings
         /// Enables OPDS connections to be made to the server.
         /// </summary>
         public bool EnableOpds { get; set; }
-
-        /// <summary>
-        /// Enables Authentication on the server. Defaults to true.
-        /// </summary>
-        public bool EnableAuthentication { get; set; }
         /// <summary>
         /// Base Url for the kavita. Requires restart to take effect.
         /// </summary>

API/Entities/Enums/ServerSettingKey.cs

@@ -47,6 +47,7 @@ namespace API.Entities.Enums
         /// <summary>
         /// Is Authentication needed for non-admin accounts
         /// </summary>
+        /// <remarks>Deprecated. This is no longer used v0.5.1+. Assume Authentication is always in effect</remarks>
         [Description("EnableAuthentication")]
         EnableAuthentication = 8,
         /// <summary>

API/Helpers/Converters/ServerSettingConverter.cs

@@ -36,9 +36,6 @@ namespace API.Helpers.Converters
                     case ServerSettingKey.EnableOpds:
                         destination.EnableOpds = bool.Parse(row.Value);
                         break;
-                    case ServerSettingKey.EnableAuthentication:
-                        destination.EnableAuthentication = bool.Parse(row.Value);
-                        break;
                     case ServerSettingKey.BaseUrl:
                         destination.BaseUrl = row.Value;
                         break;

API/Services/DirectoryService.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.IO;
@@ -6,7 +7,7 @@ using System.IO.Abstractions;
 using System.Linq;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
-using API.Entities.Enums;
+using API.Comparators;
 using API.Extensions;
 using Microsoft.Extensions.Logging;
 
@@ -681,7 +682,7 @@ namespace API.Services
                     FileSystem.Path.Join(directoryName, "test.txt"),
                     string.Empty);
             }
-            catch (Exception)
+            catch (Exception ex)
             {
                 ClearAndDeleteDirectory(directoryName);
                 return false;