Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dev/#107 Authentication tokens for APIs #153

Merged
merged 39 commits into from
Oct 10, 2022
Merged

Dev/#107 Authentication tokens for APIs #153

merged 39 commits into from
Oct 10, 2022

Conversation

tuz666
Copy link
Collaborator

@tuz666 tuz666 commented Jul 27, 2022
edited
Loading

A long awaited missing piece of our Arcsi seems to be finished soon. (#107 , #108 )

Our first idea to implement authentication token handling was to start using flask-praetorian, which is a light-weight, API-oriented security package. (#126 ) As far as I remember we also thought that flask-security - what we are using currently - is a dead project and doesn't supported anymore.

I made some attempts to import flask-praetorian into our code parallelly with flask-security. During these process and research it turned out that flask-security also contains the features which we wanted to bring in with flask-praetorian. Also I found a package named flask-security-too, which is an independent well-maintained fork with high code coverage and nice documentation. After these news I stopped the experiments with flask-praetorian and started to work with flask-security.

@tuz666 tuz666 temporarily deployed to dev July 27, 2022 10:42 Inactive
pvj
pvj reviewed Aug 14, 2022
View reviewed changes
Copy link
Member

@pvj pvj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commented your draft Solid first steps and good test db and test key set-up. I hope to help when you continue

entrypoint.sh Outdated Show resolved Hide resolved
docker-compose.yml Outdated Show resolved Hide resolved
config.template.py Outdated Show resolved Hide resolved
arcsi/view/archive.py Outdated Show resolved Hide resolved
arcsi/api/show.py Outdated Show resolved Hide resolved
arcsi/model/user.py Outdated Show resolved Hide resolved
arcsi/model/user.py Outdated Show resolved Hide resolved
pvj
pvj reviewed Aug 14, 2022
View reviewed changes
arcsi/model/user.py Outdated Show resolved Hide resolved
@tuz666 tuz666 temporarily deployed to dev August 15, 2022 13:51 Inactive
@tuz666 tuz666 requested review from pvj and gammaw August 15, 2022 14:48
@tuz666 tuz666 temporarily deployed to dev August 15, 2022 21:13 Inactive
@tuz666 tuz666 marked this pull request as ready for review August 27, 2022 22:34
@tuz666 tuz666 temporarily deployed to dev August 27, 2022 22:38 Inactive
@tuz666 tuz666 temporarily deployed to dev August 28, 2022 10:55 Inactive
@gammaw gammaw requested a review from molnar-a August 28, 2022 14:42
@tuz666 tuz666 marked this pull request as draft September 2, 2022 11:42
@tuz666 tuz666 marked this pull request as ready for review September 22, 2022 16:03
@tuz666 tuz666 mentioned this pull request Sep 22, 2022
Closed
@gammaw
Copy link
Member

gammaw commented Sep 23, 2022

@tuz666 FYI I added the nginx config adjustment (da0220a).

@gammaw gammaw temporarily deployed to dev September 24, 2022 07:28 Inactive
gammaw
gammaw reviewed Oct 8, 2022
View reviewed changes
Copy link
Member

@gammaw gammaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tuz666 thanks for the bold changes! Looks just like we discussed, I just had a couple of questions for clarification before I approve. Can you look into them?

arcsi/api/item.py Outdated Show resolved Hide resolved
arcsi/api/show.py Show resolved Hide resolved
arcsi/api/user.py Show resolved Hide resolved
arcsi/api/utils.py Show resolved Hide resolved
arcsi/templates/user/edit.html Show resolved Hide resolved
arcsi/view/item.py Show resolved Hide resolved
test/empty_dump.sql Show resolved Hide resolved
@tuz666
reverting _add/_edit_show/item functions
2c96300 
removing auth_token_required annotation from GET requests
@tuz666 tuz666 temporarily deployed to dev October 9, 2022 12:01 Inactive
@tuz666 tuz666 requested a review from gammaw October 9, 2022 13:11
@tuz666 tuz666 temporarily deployed to dev October 9, 2022 13:14 Inactive
gammaw
gammaw approved these changes Oct 10, 2022
View reviewed changes
Copy link
Member

@gammaw gammaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comments and the changes, especially, the Swagger updates, which was additional work! Let's start step 1 then (arcsi release w/ only POST APIs being protected)!

@tuz666
Copy link
Collaborator Author

tuz666 commented Oct 10, 2022

Thanks for the review @gammaw , I will push the green button then :)

@tuz666 tuz666 merged commit effa20a into master Oct 10, 2022
This was referenced Oct 11, 2022
Merged
Merged
This was referenced Nov 27, 2022
Merged
Open
@pvj pvj deleted the dev/#107-praetorian_authentication branch December 8, 2022 09:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gammaw gammaw gammaw approved these changes

@pvj pvj Awaiting requested review from pvj

@molnar-a molnar-a Awaiting requested review from molnar-a

Assignees

@tuz666 tuz666

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tuz666 @gammaw @pvj