Merge branch 'develop' for release v3.24.0

CMakeLists.txt

@@ -8,6 +8,7 @@ set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_CXX_STANDARD_REQUIRED True)
 
 include(CTest)
+find_package(Threads REQUIRED)
 find_package(Filesystem REQUIRED)
 find_package(FFMPEGAV REQUIRED)
 find_package(Boost REQUIRED COMPONENTS system program_options)

INSTALL.md

@@ -8,6 +8,7 @@
     + [Upgrade](#upgrade)
 - [Deployment](#deployment)
   * [Configuration](#configuration)
+  * [Authentication backend](#authentication-backend)
   * [Deploy on non root path](#deploy-on-non-root-path)
   * [Reverse proxy settings](#reverse-proxy-settings)
 - [Run](#run)
@@ -125,7 +126,16 @@ _LMS_ uses a configuration file, installed by default in `/etc/lms.conf`. It is
 
 All other settings are set using the web interface (user management, scan settings, transcode settings, ...).
 
-If a setting is not present in the configuration file, a hardcoded default value is used (the same as in the [default.conf](conf/lms.conf) file)
+If a setting is not present in the configuration file, a hardcoded default value is used (the same as in the [default configuration file](conf/lms.conf))
+
+## Authentication backend
+
+You can define which authentication backend to be used thanks to the `authentication-backend` option:
+* `internal` (default): _LMS_ uses an internal database to store users and their associated passwords (salted and hashed using [Bcrypt](https://en.wikipedia.org/wiki/Bcrypt)). Only the admin user can create, edit or remove other users.
+* `PAM`: the user/password authentication request is forwarded to PAM (see the [default configuration file](conf/pam/lms)).
+* `http-headers`: _LMS_ uses a configurable HTTP header field, typically set by a reverse proxy to handle [SSO](https://en.wikipedia.org/wiki/Single_sign-on), to extract the login name. You can customize the field to be used using the `http-headers-login-field` option.
+
+__Note__: the first created user is the admin user
 
 ## Deploy on non root path
 If you want to deploy on non root path (e.g. https://mydomain.com/newroot/), you have to set the `deploy-path` option accordingly in `lms.conf`.

README.md

@@ -18,7 +18,6 @@ A [demo instance](http://lms.demo.poupon.io) is available. Note the administrati
 * Persistent play queue across sessions
 * _Systemd_ integration
 * User management
-  * with optional _PAM_ authentication backend
 * Subsonic API, with the following additional features:
   * Playlists
   * Bookmarks
@@ -30,7 +29,7 @@ _LMS_ provides several ways to help you find the music you like:
 * Radio mode, based on what is in the current playqueue
 * Searches in album, artist and track names (including sort names)
 * Starred Albums/Artists/Tracks
-* Custom tags support to help you filter your music: _mood_, _albummood_, _albumgenre_, _albumgrouping_, ...
+* Various tags to help you filter your music: _mood_, _albummood_, _albumgenre_, _albumgrouping_, ...
 * Random/Starred/Most played/Recently played/Recently added for Artist/Albums/Tracks, allowing you to search for things like:
   * Recently added _Electronic_ artists
   * Random _Metal_ and _Aggressive_ albums
@@ -54,7 +53,7 @@ Since _LMS_ uses metadata tags to organize music, a compatibility mode is used t
 
 The Subsonic API is enabled by default.
 
-__Note__: since _LMS_ stores hashed and salted passwords, it cannot handle the __token authentication__ method defined from version 1.13.0.
+__Note__: since _LMS_ may store hashed and salted passwords or may forward authentication requests to external services, it cannot handle the __token authentication__ method defined from version 1.13.0.
 
 ## Keyboard shortcuts
 * Play/pause: <kbd>Space</bbd>

approot/admin-database.xml

@@ -58,9 +58,11 @@
 						</div>
 					</div>
 				</div>
-				<div class="form-group">
-					<div class="col-lg-offset-3 col-lg-9">
-						${apply-btn class="btn-primary"} ${discard-btn}
+				<div class="form-horizontal">
+					<div class="form-group">
+						<div class="col-lg-offset-3 col-lg-9">
+							${apply-btn class="btn-primary"} ${discard-btn}
+						</div>
 					</div>
 				</div>
 			</form>

approot/admin-initwizard.xml

@@ -20,15 +20,6 @@
 								${admin-login-info class="help-block"}
 							</div>
 						</div>
-						<div class="form-group">
-							<label class="control-label col-lg-3"  for="${id:auth-mode}">
-								${tr:Lms.Admin.User.auth-mode}
-							</label>
-							<div class="col-lg-9">
-								${auth-mode}
-								${auth-mode-info class="help-block"}
-							</div>
-						</div>
 						<div class="form-group">
 							<label class="col-lg-3 control-label"  for="${id:password}">
 								${tr:Lms.password}

approot/admin-user.xml

@@ -30,15 +30,7 @@
 						</div>
 					</div>
 					${</if-has-login>}
-					<div class="form-group">
-						<label class="control-label col-lg-3"  for="${id:auth-mode}">
-							${tr:Lms.Admin.User.auth-mode}
-						</label>
-						<div class="col-lg-9">
-							${auth-mode}
-							${auth-mode-info class="help-block"}
-						</div>
-					</div>
+					${<if-has-password>}
 					<div class="form-group">
 						<label class="control-label col-lg-3"  for="${id:password}">
 							${tr:Lms.password-new}
@@ -48,6 +40,7 @@
 							${password-info class="help-block"}
 						</div>
 					</div>
+					${</if-has-password>}
 					${<if-demo>}
 					<div class="form-group">
 						<div class="col-lg-offset-3 col-lg-3"  for="${id:demo}">

approot/admin-users.xml

@@ -6,7 +6,9 @@
 		<h2>${tr:Lms.Admin.Users.users}</h2>
 	</div>
 	${users}
+	${<if-can-create-user>}
 	${add-btn class="btn-primary Lms-admin-users-add-btn"}
+	${</if-can-create-user>}
 </message>
 
 <message id="Lms.Admin.Users.template.entry">

approot/messages.xml

@@ -17,7 +17,6 @@
 <message id="Lms.password-bad-login-combination">Bad login / password combination</message>
 <message id="Lms.password-client-throttled">Login throttled, please try again later</message>
 <message id="Lms.password-confirm">Confirm password</message>
-<message id="Lms.password-must-not-be-empty">Password must not be empty</message>
 <message id="Lms.password-new">New password</message>
 <message id="Lms.password-old">Old password</message>
 <message id="Lms.password-too-weak">Password too weak</message>
@@ -92,9 +91,6 @@
 <message id="Lms.Admin.Users.menu-users"><i class="fa fa-fw fa-users" aria-hidden="true"></i> Users</message>
 
 <!--User-->
-<message id="Lms.Admin.User.auth-mode">Authentication mode</message>
-<message id="Lms.Admin.User.auth-mode.internal">Internal</message>
-<message id="Lms.Admin.User.auth-mode.pam">PAM</message>
 <message id="Lms.Admin.User.demo-account">Demo account</message>
 <message id="Lms.Admin.User.demo-account-already-exists">Demo account already exists!</message>
 <message id="Lms.Admin.User.demo-password-invalid">Demo password must be the login name!</message>

approot/messages_fr.xml

@@ -17,7 +17,6 @@
 <message id="Lms.password-bad-login-combination">Mauvaise combinaison login / mot de passe</message>
 <message id="Lms.password-client-throttled">Trop de tentatives de connexion, veuillez réessayer plus tard</message>
 <message id="Lms.password-confirm">Confirmation du mot de passe</message>
-<message id="Lms.password-must-not-be-empty">Le mot de passe ne doit pas être vide</message>
 <message id="Lms.password-new">Nouveau mot de passe</message>
 <message id="Lms.password-old">Ancien mot de passe</message>
 <message id="Lms.password-too-weak">Mot de passe trop faible</message>
@@ -92,9 +91,6 @@
 <message id="Lms.Admin.Users.menu-users"><i class="fa fa-fw fa-users" aria-hidden="true"></i> Utilisateurs</message>
 
 <!--User-->
-<message id="Lms.Admin.User.auth-mode">Mode d'authentification</message>
-<message id="Lms.Admin.User.auth-mode.internal">Interne</message>
-<message id="Lms.Admin.User.auth-mode.pam">PAM</message>
 <message id="Lms.Admin.User.demo-account">Compte de démonstration</message>
 <message id="Lms.Admin.User.demo-account-already-exists">Le compte de démonstration existe déjà !</message>
 <message id="Lms.Admin.User.demo-password-invalid">Le password doit être égal au login !</message>