Allow Decypharr to be used

[KyleIsDork]

Making this value true by default will cause the user to be unable to login, and no value is set for login credentials during onboarding.

The user can set their username and password afterwards in the Decypharr GUI, modifying the configuration as desired once set.

Summary by CodeRabbit

• Chores
  • Updated default configuration to disable authentication when extending settings. The “use_auth” option now defaults to off unless explicitly enabled.
  • No other behavior or control flow changes; configuration generation and saving remain the same.

[I-am-PUID-0]

GitKraken automatically performed 2 actions

• assigned @I-am-PUID-0
  Action
  https://gitkraken.dev/automations/64a242c6-1db0-40ec-8a78-8d1d5a75d0fe
• added reviewer @I-am-PUID-0
  Action
  https://gitkraken.dev/automations/64a242c6-1db0-40ec-8a78-8d1d5a75d0fe

Create your own automations at gitkraken.dev/automations

[coderabbitai]

Walkthrough

Changed the default value of final_config["use_auth"] from True to False in the extended Decypharr settings construction. No other logic, control flow, or public API changes.

Changes

Cohort / File(s)	Summary of changes
Settings default tweak utils/decypharr_settings.py	Updated default assignment so final_config["use_auth"] defaults to False when extending settings; no other logic or flow modifications.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

A twitch of whiskers, flip of a bit,
The auth flag’s now False—quite a tidy fit.
I thump in joy, configs align,
Carrots compiled, defaults refined.
Hop-hop hooray, shipped in no time! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “Allow Decypharr to be used” directly reflects the primary outcome of the change—enabling the tool by adjusting its default authentication setting—and is concise and relevant to the patch that flips the use_auth default to false.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d47e632 and c606cc6.

📒 Files selected for processing (1)

• utils/decypharr_settings.py (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

utils/decypharr_settings.py (1)

utils/config_loader.py (1)

• get (263-271)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Approve the UX fix, but flag the security trade-off.

Changing the default to False correctly addresses the login issue where users are locked out because credentials aren't configured during onboarding. However, this means new installations start with authentication disabled, which could be a security concern if the application is exposed to untrusted networks.

Consider adding:

• Documentation or startup warnings reminding users to enable authentication
• A prominent notice in the GUI indicating authentication is disabled
• Guidance in deployment docs about when authentication should be enabled

🤖 Prompt for AI Agents

In utils/decypharr_settings.py around line 81, the default for "use_auth" was
changed to False which fixes onboarding lockouts but lowers security for default
installs; update the project to mitigate this trade-off by adding a startup-time
warning and documentation: emit a clear log/warnings.warn at application startup
when use_auth is False (including guidance to enable authentication), add a
prominent notice in the GUI/dashboard indicating authentication is disabled, and
augment deployment/onboarding docs with explicit instructions on when and how to
enable authentication and recommended network exposure settings.