aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2
AgeCommit message (Collapse)Author
2024-08-28Update UI: Use resource roles rather than obsolete group rolesFrederick Muriuki Muriithi
In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments.
2024-08-28Fix displayed error messageFrederick Muriuki Muriithi
2024-08-28Remove the "Roles" page.Frederick Muriuki Muriithi
2024-08-28Deactivate the "create_role" functionFrederick Muriuki Muriithi
The `create_role` function could lead to privilege escalation. This commit deactivates it completely to prevent the chance of that happening.
2024-08-28Bug: Add missing data to search query.Frederick Muriuki Muriithi
2024-08-28Build search URI endpoint on server rather than on JSFrederick Muriuki Muriithi
To help with maintenance, build the search URI on the server rather than in the javascript.
2024-08-28Build phenotype results template URI on backendFrederick Muriuki Muriithi
Build the template URI on the backend to remove the need to remember to update the javascript if the URI changes in the future.
2024-08-28Provide client data used for user verification.Frederick Muriuki Muriithi
2024-08-28Ensure endpoint returns a response.Frederick Muriuki Muriithi
2024-08-28Bug: Compute numeric timestamp for the claims.Frederick Muriuki Muriithi
2024-05-14Use correct URL when redirecting user after a new registration.Munyoki Kilyungi
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-05-14Consistently use the same OAuthSession clientFrederick Muriuki Muriithi
2024-05-14Enable client to automatically request a refresh token.Frederick Muriuki Muriithi
2024-05-14Redirect to index rather than no-longer supported loginFrederick Muriuki Muriithi
Redirect to index of the site rather that the no-longer supported "Password Grant"-using login page. Disable the login route entirely.
2024-04-30Revert "Create constructors for encoding and decoding a token."Munyoki Kilyungi
This reverts commit e7a3bf22da1b63a01343f2cd30cd13c234fe508c.
2024-04-30Make returning an json object from oauth2_get optional.Munyoki Kilyungi
* gn2/wqflask/oauth2/client.py (oauth2_get): Add a jsonify_p key word that defaults to False. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-04-30Create constructors for encoding and decoding a token.Munyoki Kilyungi
* gn2/tests/unit/wqflask/oauth2/(__init__.py, test_tokens.py): Test cases for jwt token creation. * gn2/wqflask/oauth2/tokens.py (JWTToken): New module for creating jwt tokens. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-04-24Bug: use dict object on Response object.Frederick Muriuki Muriithi
2024-04-24Fetch message for authlib errors.Frederick Muriuki Muriithi
2024-04-24Send assertion as a string, not bytes.Frederick Muriuki Muriithi
2024-04-24DEBUG: log out request detailsFrederick Muriuki Muriithi
There is a failure on CI/CD that is not obvious - the logs should help with debugging the issue.
2024-04-23Separate the auth server's public key from app's private keyFrederick Muriuki Muriithi
* Use the app's private key to sign the initial assertions used for retrieving an authorisation token from the auth server. * Use auth server's public key to validate the authorisation tokens got from the auth server.
2024-04-23Generate assertions to be used to get the token from the auth serverFrederick Muriuki Muriithi
2024-04-23Use the JWT Bearer grant typeFrederick Muriuki Muriithi
2024-03-26Use correct variable name.Munyoki Kilyungi
* gn2/wqflask/oauth2/client.py (no_token_post): "uri" does not exist. Replace it with "uri_path." Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-26Delete unused variable.Munyoki Kilyungi
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-26Implement "require_oauth2_edit_resource_access" decorator.Munyoki Kilyungi
* gn2/wqflask/oauth2/checks.py (require_oauth2): New function. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-26Import user_logged_in from the clients module.Munyoki Kilyungi
Importing "user_logged_in" in the checks module just to export adds a layer of indirection and makes the code hard to read. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-26Delete repetitive statement in "render_ui".Munyoki Kilyungi
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-26Remove unused imports.Munyoki Kilyungi
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-26Delete "raise_unimplemented".Munyoki Kilyungi
* gn2/wqflask/oauth2/groups.py: Remove unused "raise_unimplemented" import. * gn2/wqflask/oauth2/request_utils.py (raise_unimplemented): Delete function. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-07fix bugs.Frederick Muriuki Muriithi
2024-03-06Use AUTH_SERVER_URL setting from flask.current_app not gn2.utility.toolsFrederick Muriuki Muriithi
2024-03-06Bug: Break circular importFrederick Muriuki Muriithi
2024-03-05Fix missed bug: Don't use `gn2.utility.tools` for configs.Frederick Muriuki Muriithi
2024-03-05configs: Fetch configs from app not `gn2.utility.tools`Frederick Muriuki Muriithi
Fetch configurations from the application, rather than from the `gn2.utility.tools` module that does not get the updated values from the secrets file.
2024-01-30Error reporting: Pass external error forward to GN2's error handlingFrederick Muriuki Muriithi
2024-01-30Create framework for error handling and handle connection errorsFrederick Muriuki Muriithi
2023-12-29Namespace all modules under gn2.Arun Isaac
We move all modules under a gn2 directory. This is important for "correct" packaging and deployment as a Guix service.