Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A simple app for AllianceAuth that allows users to link each character to all the AllianceAuth apps with only 1 login action.
Users with the appropriate permission (see permissions) can audit the linked characters of the users of their corporation, alliance or auth state. A link will appear on top of the main page of the app and will redirect to a page with a table of all the linked characters of the users of the selected corporation.
A user can be audited by clicking on the link on the Main Character
column.
App Audit: Users can now audit character based on the apps they have access to. Select the app you want to audit from the dropdown menu in the audit page.
Admin App status: users with is_superuser
can now see the list of imported apps and the ones with issues with the import.
Install the app with
pip install aa-charlink
Add 'charlink',
to your INSTALLED_APPS
in local.py
Run migrations and collectstatic
python manage.py migrate
python manage.py collectstatic
I've opened an issue to track the apps that have a default integration in CharLink and the WIPs. If you want another app to be supported, please comment on the issue, reach me on the AllianceAuth discord server or ask the developer of the app to implement an integration via hook.
From version 1.1.0, CharLink supports hook integration. If you want to integrate your app with CharLink, you need to register a hook in the auth_hooks.py
file:
@hooks.register('charlink')
def register_charlink_hook():
return 'testauth.testapp.charlink_hook'
The hook has to return a string with the import path of the module containing the app integration. The module must contain a variable called app_import
which is an instance of charlink.app_imports.utils.AppImport
. You can find the documentation of the class in the utils.py
and some examples in the imports folder.
Name | Description | Default |
---|---|---|
CHARLINK_IGNORE_APPS | List of apps to ignore. Use the name of the app as it is called in INSTALLED_APPS | [] |
Name | Description |
---|---|
charlink.view_corp | Can view linked character of members of their corporation. |
charlink.view_alliance | Can view linked character of members of their alliance. |
charlink.view_state | Can view linked character of members of their auth state. |
If you want to setup a template override to link the "Add character" button to the login page of this package, set the a
element to:
<a href="{% url 'charlink:index' %}" class="btn btn-primary flex-fill m-1" title="{% translate 'Add Character' %}">
<span class="d-md-inline m-2">{% translate 'Add Character' %}</span>
</a>
FAQs
Character Linker for Alliance Auth
We found that aa-charlink demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.