[pull] develop from amidaware:develop

[pull]

See Commits and Changes for more details.

---

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

---

Note

Adds SSO (allauth) support, Nushell/Deno scripting, a software uninstall endpoint, and major infra/dependency upgrades (uvicorn, Node 20, NATS), with related migrations and logging.

• EE/SSO:
  • Integrates allauth-based SSO with custom adapter, middleware, endpoints, and settings; gated via new env flags and URLs.
• Scripts:
  • Adds nushell and deno shells, runtime flags (permissions/config), and parsing fixes; extends audit logging and test-run flow.
• Software:
  • New POST /software/<agent_id>/uninstall/ with dedicated permissions; models use BigAutoField.
• Core/Logging/Scheduling:
  • New scheduler helpers and URL/script audit events; NATS/WS helpers; larger IDs; constants expanded.
• Migrations:
  • BigAutoField for logs/software/winupdate; script shell choices update.
• Settings/Tasks:
  • Version bumps; new Celery beats (sync perms, schedulers); NATS host/port/TLS options; request/WS size limits.
• Docker/Infra:
  • Switch to uvicorn ASGI (replaces daphne), Node 20, NATS 2.12; new nginx/static assets; dynamic web tar fetch; new env toggles (SSO/server scripts/web terminal).
• Install/Restore/Update scripts:
  • Robustness improvements (certs, jq, weasyprint), uvicorn migration, mesh compression handling, OS checks.
• Deps/Go:
  • Requirements modernized; Go mods updated; natsapi uses os.ReadFile; version bumps.

^{Written by Cursor Bugbot for commit 5099b87. This will update automatically on new commits. Configure here.}

[cursor]

Bug: Multiple commands cause memory leak and orphaned tasks

When multiple commands are sent on the same websocket connection, self.cmd_id, self.stop_evt, and self.stream_task are overwritten with each new command, but entries for previous commands remain in active_streams. On disconnect, only the last cmd_id is cleaned up. Previous entries persist in active_streams indefinitely causing a memory leak. Additionally, references to previous commands' stop_evt are lost, so those background tasks cannot be stopped gracefully and continue running until timeout.

Additional Locations (1)

• api/tacticalrmm/agents/consumers.py#L152-L167

 

[cursor]

Bug: LocalUserPerms blocks all users not just local users

The LocalUserPerms permission class added to UserActions returns False when block_local_user_logon is enabled, which completely blocks access to password reset and 2FA reset functionality for ALL authenticated users, including SSO users. This prevents SSO-authenticated admins from managing other users' credentials when the system is configured for SSO-only login. The permission check should verify whether the target user being modified is a local user, not unconditionally block the endpoint based on a global setting.

Additional Locations (1)

• api/tacticalrmm/accounts/permissions.py#L45-L49

 

[cursor]

Bug: Wrong key checked when extracting logical processor count

The list comprehension for extracting NumberOfLogicalProcessors incorrectly filters items by checking if "NumberOfCores" in x (line 314) but then accesses x["NumberOfLogicalProcessors"] (line 312). Based on the WMI data structure where these values are stored in separate dictionary entries, this filter condition will select the wrong items. The condition on line 314 should check for "NumberOfLogicalProcessors" in x instead of "NumberOfCores" in x. While the exception is suppressed, this likely results in the core/thread count never being displayed.