GeneNetwork3 REST API for data science and machine learning http://git.genenetwork.org/genenetwork3/atom?h=auth%2Fimplement-authorization-code-flow 2023-05-09T10:15:47+00:00 2023-05-09T10:15:47+00:00 Frederick Muriuki Muriithi 2023-05-08T13:31:38+00:00 urn:sha1:5526f0316c2714d30e47a90f81e0ff686a29042f Implement the "Authorization Code Flow" for the authentication of users. * gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py: query and save the authorisation code. * gn3/auth/authentication/oauth2/models/authorization_code.py: Implement the `AuthorisationCode` model * gn3/auth/authentication/oauth2/models/oauth2client.py: Fix typo * gn3/auth/authentication/oauth2/server.py: Register the `AuthorisationCodeGrant` grant with the server. * gn3/auth/authentication/oauth2/views.py: Implement `/authorise` endpoint * gn3/templates/base.html: New HTML Templates of authorisation UI * gn3/templates/common-macros.html: New HTML Templates of authorisation UI * gn3/templates/oauth2/authorise-user.html: New HTML Templates of authorisation UI * main.py: Allow both "code" and "token" response types. 2023-03-23T06:18:10+00:00 Frederick Muriuki Muriithi 2023-03-23T06:18:10+00:00 urn:sha1:d4b48aef6cca3182559f7479cace3bd77cc1fb40 Fix the bug where the system was trying to load a user from a non-existing OAuth2 client, leading to an exception. 2023-03-13T03:26:14+00:00 Frederick Muriuki Muriithi 2023-03-13T03:26:14+00:00 urn:sha1:4bcbe992b132dd77ff6f61185b0ad7299a4b7863 Due to the fact that the data migration requires higher privileges than the user details, separate the user details migration endpoint from the data migrations endpoint. 2023-03-09T01:39:37+00:00 Frederick Muriuki Muriithi 2023-03-09T01:39:37+00:00 urn:sha1:dee42dd14dc7786b1ccf9465bb28dfe74024166c The introspection endpoint could contain privileged information, thus requires that the endpoint be protected. This commit ensures that a user has authenticated to the system and that the client they are using be one of the allowed clients. 2023-03-08T08:42:04+00:00 Frederick Muriuki Muriithi 2023-03-08T08:42:04+00:00 urn:sha1:a35d16f9a191afbb31e2c185e87e5eec5e23122f To avoid repeating the same thing in multiple places, leading to errors and breakages, reuse the same basic functions for password hashing. 2023-03-08T08:18:35+00:00 Frederick Muriuki Muriithi 2023-03-08T08:18:35+00:00 urn:sha1:5a8cc0d7fc241494580cd4a060690eaf09ff46d7 Bcrypt is now somewhat vulnerable to offline cracking, so we move our password hashing over to Argon2. 2023-03-07T02:49:21+00:00 Frederick Muriuki Muriithi 2023-03-07T02:49:21+00:00 urn:sha1:09c2330e9e8279f6c9fd391a736435ceb4705873 Fetching the user by id should return the user, or raise an exception. We get rid of the Maybe monad here since it is leading to some weird code flows - probably the wrong monad to use here. 2023-03-06T11:57:53+00:00 Frederick Muriuki Muriithi 2023-03-06T11:57:53+00:00 urn:sha1:98e93be1b8e5353656e18f1452026db6f2902e6c 2023-02-08T14:44:50+00:00 Frederick Muriuki Muriithi 2023-02-08T14:24:35+00:00 urn:sha1:9b94ec57c504acb6ef815d134144c4c357c71f17 2023-02-02T09:03:51+00:00 Frederick Muriuki Muriithi 2023-02-02T08:35:51+00:00 urn:sha1:dfe5eb18e3ec8dc570d118bfe95c5d4dcb2c7575 Split the views/routes into separate modules each dealing with a narrower scope of the application to aid in maintenance, and help with making the development easier.