aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2
AgeCommit message (Collapse)Author
2024-08-05minor code formatting.Frederick Muriuki Muriithi
2024-08-05Update JWKs endpoint documentation.Frederick Muriuki Muriithi
2024-08-05Fix URLFrederick Muriuki Muriithi
2024-08-05Override 'client_secret_post' auth with a JSON equivalentFrederick Muriuki Muriithi
In order to use JSON consistently across the board, we make even the authentication method use JSON rather than FORMDATA.
2024-08-02Consistently use JSON for all endpoints.Frederick Muriuki Muriithi
2024-08-01bug: add missing `count_per_page` variable.Frederick Muriuki Muriithi
2024-08-01Use auto-created and auto-rotated JSON Web KeysFrederick Muriuki Muriithi
Use auto-created JWKs for better security.
2024-08-01Use JWKs from auth server public endpointFrederick Muriuki Muriithi
* Fetch keys from auth server * Validate token is signed with one of the keys from server * Ensure refreshing of token is still synchronised
2024-08-01Add module to help with rotation of JSON Web Keys.Frederick Muriuki Muriithi
2024-07-31Synchronise token refreshesFrederick Muriuki Muriithi
The application can be run in a multi-threaded server, leading to a situation where the multiple threads attempt to get a new JWT using the exact same refresh token. This synchronises the various threads ensuring only a single thread is able to retrieve the new JWT that all the rest of the threads then use.
2024-07-26Use JSON rather than X-Form-URL-encoded data with auth server.Frederick Muriuki Muriithi
2024-07-22Provide PoC public-jwks endpoint.Frederick Muriuki Muriithi
2024-07-17Fix premature session expirationFrederick Muriuki Muriithi
With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while.
2024-07-17Remove redundant import.Frederick Muriuki Muriithi
2024-07-17Remove token and user detail handling from @app.before_requestFrederick Muriuki Muriithi
The token and user details information is handled in the `gn2.wqflask.oauth2.session`. Other parts of the system should make use of that. It also helps avoid some weird "action-at-a-distance" interactions - this forces the code to request what it needs when it needs it and not rely on some global variables.
2024-06-25Remove flawed "group role" idea: use just "role".Frederick Muriuki Muriithi
2024-06-17Remove deprecated endpoints/views and templatesFrederick Muriuki Muriithi
2024-06-17Fix error display logicFrederick Muriuki Muriithi
2024-06-17Fetch the active user's roles on a particular resource.Frederick Muriuki Muriithi
2024-06-17Use privilege objects rather than IDS.Frederick Muriuki Muriithi
2024-06-17Delete request to obsoleted endpoint.Frederick Muriuki Muriithi
2024-06-17Create a new resource role.Frederick Muriuki Muriithi
2024-06-17Update URI formsFrederick Muriuki Muriithi
2024-06-17Use json for communication with gn-authFrederick Muriuki Muriithi
2024-06-11List user assigned role of interest.Frederick Muriuki Muriithi
2024-06-10Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Import the UUID class directly.Frederick Muriuki Muriithi
2024-06-10Implement "Resource Role Page"Frederick Muriuki Muriithi
Show the page, providing all UI elements necessary, even if the elements themselves are not active.
2024-06-10Generalise `render_ur` for the resources pagesFrederick Muriuki Muriithi
2024-06-10Set default headers for OAuth2Client requests.Frederick Muriuki Muriithi
2024-06-07Update UI: Use resource roles rather than obsolete group rolesFrederick Muriuki Muriithi
In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments.
2024-06-06Fix displayed error messageFrederick Muriuki Muriithi
2024-06-06Remove the "Roles" page.Frederick Muriuki Muriithi
2024-06-06Deactivate the "create_role" functionFrederick Muriuki Muriithi
The `create_role` function could lead to privilege escalation. This commit deactivates it completely to prevent the chance of that happening.
2024-06-05Bug: Add missing data to search query.Frederick Muriuki Muriithi
2024-06-05Build search URI endpoint on server rather than on JSFrederick Muriuki Muriithi
To help with maintenance, build the search URI on the server rather than in the javascript.
2024-06-05Build phenotype results template URI on backendFrederick Muriuki Muriithi
Build the template URI on the backend to remove the need to remember to update the javascript if the URI changes in the future.
2024-06-04Provide client data used for user verification.Frederick Muriuki Muriithi
2024-06-03Ensure endpoint returns a response.Frederick Muriuki Muriithi
2024-05-30Fix redirection bug.Frederick Muriuki Muriithi
2024-05-23Bug: Compute numeric timestamp for the claims.Frederick Muriuki Muriithi
2024-05-14Consistently use the same OAuthSession clientFrederick Muriuki Muriithi
2024-05-14Enable client to automatically request a refresh token.Frederick Muriuki Muriithi
2024-05-14Redirect to index rather than no-longer supported loginFrederick Muriuki Muriithi
Redirect to index of the site rather that the no-longer supported "Password Grant"-using login page. Disable the login route entirely.
2024-04-30Revert "Create constructors for encoding and decoding a token."Munyoki Kilyungi
This reverts commit e7a3bf22da1b63a01343f2cd30cd13c234fe508c.
2024-04-30Make returning an json object from oauth2_get optional.Munyoki Kilyungi
* gn2/wqflask/oauth2/client.py (oauth2_get): Add a jsonify_p key word that defaults to False. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-04-30Create constructors for encoding and decoding a token.Munyoki Kilyungi
* gn2/tests/unit/wqflask/oauth2/(__init__.py, test_tokens.py): Test cases for jwt token creation. * gn2/wqflask/oauth2/tokens.py (JWTToken): New module for creating jwt tokens. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-04-24Bug: use dict object on Response object.Frederick Muriuki Muriithi
2024-04-24Fetch message for authlib errors.Frederick Muriuki Muriithi
2024-04-24Send assertion as a string, not bytes.Frederick Muriuki Muriithi