Bypass login for edge cases

[thijstakken]

Recommend env flag to disable security for explicitly internal application use.

Originally posted by @calonmerc in #53

[thijstakken]

Info:
@thijstakken With security, do you mean the whole authentication of users?

@calonmerc
Yes, for instance, I have 16 different webapps that all have security/authentication of some kind... explicitly internal to my firewall. Of them, about 8-9 have a way to disable security entirely (or specify when accessing from an internal URL to not require security). I do not open any of my webapps to the web, nor should anyone really, and only access from VPN or when on my home network. Adding "security theater" of another "thing" to authenticate is just adding to users problems of remembering passwords, IMO.

@thijstakken
Yes I agree, I have the same more or less environment. I can see your case. What would be possible in the future is to add an "login bypass" for those who really want it.
When you have created your first user account (the app needs a user, all objects are tied to a user) you could probably set a toggle in the account settings to bypass authentication. This could be implemented for sure, it's possible to make such a flow.
But probably somewhere in the future. I will first have to focus on getting a working MVP out.