This update introduces an AUTH_MODE configuration that allows developers
to easily test the application locally without requiring Entra ID setup.
Changes:
- Add AUTH_MODE environment variable (entra/none) to .env.example and config
- Update auth decorators to support both authentication modes
- Create role selection page for no-auth mode (admin/user choice)
- Modify auth routes to conditionally use MSAL only in Entra ID mode
- Update UserModel to support mock test users with string IDs
- Add visual indicator in navbar when running in no-auth mode
Benefits:
- Zero Azure AD configuration needed for local development
- Quick testing of role-based features (admin vs user)
- Existing Entra ID functionality remains unchanged
- Simple toggle via environment variable
To use no-auth mode, set AUTH_MODE=none in .env file.
For production, use AUTH_MODE=entra (default).
Implement Microsoft Entra ID (Azure AD) authentication with user and admin roles.
Features:
- OAuth 2.0 authentication flow using MSAL
- User and admin role-based access control
- Tenant ownership and access management
- Server-side session storage
- Protected routes with authentication decorators
Authentication:
- Users authenticate via Microsoft organizational accounts
- Admin role automatically assigned to DEFAULT_ADMIN_EMAIL
- User profiles synced from Microsoft Graph API
Access Control:
- Admins: Full access to all tenants and server settings
- Users: Can create and manage their own tenants only
- Tenant association: Auto-created when user adds products
- API endpoints remain open for AR application access
Database Changes:
- New users table with email, azure_oid, name, and role
- New user_tenants table for many-to-many tenant ownership
- Case-insensitive admin email comparison
Configuration:
- Environment-based config via .env file
- Azure AD credentials (client ID, secret, tenant ID)
- Configurable redirect URI and admin email
- Updated to Flask 2.2.5 for compatibility