add passwordless login option to env

[tavdog]

option for LAN installs since remembering/typing in passwords all the time is a pain. You can login with any password with this env variable set. closes #325

[gemini-code-assist]

Summary of Changes

Hello @tavdog, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a passwordless login option, designed to streamline user access in specific deployment scenarios, such as LAN installations, by reducing the need for constant password entry. The change involves introducing a new environment variable, PASSWORDLESS_LOGIN_ENABLED, which, when activated, modifies the application's authentication process to accept any password for a valid username. This feature aims to enhance convenience without compromising security in controlled environments where it is explicitly enabled.

Highlights

• Passwordless Login Feature: Introduces a new PASSWORDLESS_LOGIN_ENABLED environment variable to allow users to log in with any password, primarily for convenience in LAN installations.
• Configuration Integration: The new PASSWORDLESS_LOGIN_ENABLED variable is now recognized by the application's configuration and exposed through all docker-compose setups (dev, redis, and main yaml). ADMIN_PASSWORD was also added to docker-compose.redis.yaml and docker-compose.yaml.
• Authentication Logic Update: The auth_user function in tronbyt_server/db.py has been modified to bypass password verification if PASSWORDLESS_LOGIN_ENABLED is active, allowing any provided password to grant access.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a passwordless login option, which is a useful feature for LAN-only setups. The implementation is mostly correct, but I've found a critical security vulnerability and a minor configuration bug.

1. Critical Vulnerability: The current implementation allows anyone to change any user's password without knowing the old one when passwordless login is enabled. My review includes a fix to restrict passwordless authentication strictly to the login flow.
2. Configuration Bug: The example .env.example file uses true for the new variable, but the application code expects 1. This would prevent the feature from working out-of-the-box. I've suggested a fix for this as well.

Please address these points to ensure the security and functionality of the new feature.

[gemini-code-assist]

The application code checks for the string "1" to enable this feature, but the example value here is true. This will cause the feature to not work if this line is uncommented as-is. To ensure consistency with other boolean-like environment variables in the project (like ENABLE_USER_REGISTRATION), please use 1 instead of true.

#PASSWORDLESS_LOGIN_ENABLED=1 # LAN installs only