| Age | Commit message (Expand) | Author |
|---|
| 2024-08-28 | Override 'client_secret_post' auth with a JSON equivalent...In order to use JSON consistently across the board, we make even the
authentication method use JSON rather than FORMDATA.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Consistently use JSON for all endpoints. | Frederick Muriuki Muriithi |
| 2024-08-28 | bug: add missing `count_per_page` variable. | Frederick Muriuki Muriithi |
| 2024-08-28 | Use auto-created and auto-rotated JSON Web Keys...Use auto-created JWKs for better security.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Use JWKs from auth server public endpoint...* Fetch keys from auth server
* Validate token is signed with one of the keys from server
* Ensure refreshing of token is still synchronised
| Frederick Muriuki Muriithi |
| 2024-08-28 | Add module to help with rotation of JSON Web Keys. | Frederick Muriuki Muriithi |
| 2024-08-28 | Synchronise token refreshes...The application can be run in a multi-threaded server, leading to a
situation where the multiple threads attempt to get a new JWT using
the exact same refresh token.
This synchronises the various threads ensuring only a single thread is
able to retrieve the new JWT that all the rest of the threads then
use.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Use JSON rather than X-Form-URL-encoded data with auth server. | Frederick Muriuki Muriithi |
| 2024-08-28 | Provide PoC public-jwks endpoint. | Frederick Muriuki Muriithi |
| 2024-08-28 | Fix premature session expiration...With the change to JWTs the time-to-live for each token is severely
curtailed to help with security in case of a token theft. We,
therefore, can no longer rely on the TTL for session expiration,
rather, we will rely of the token-refresh mechanism to expire a token
after a long while.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Remove redundant import. | Frederick Muriuki Muriithi |
| 2024-08-28 | Remove token and user detail handling from @app.before_request...The token and user details information is handled in the
`gn2.wqflask.oauth2.session`. Other parts of the system should make
use of that.
It also helps avoid some weird "action-at-a-distance" interactions -
this forces the code to request what it needs when it needs it and not
rely on some global variables.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Remove flawed "group role" idea: use just "role". | Frederick Muriuki Muriithi |
| 2024-08-28 | Remove deprecated endpoints/views and templates | Frederick Muriuki Muriithi |
| 2024-08-28 | Fix error display logic | Frederick Muriuki Muriithi |
| 2024-08-28 | Fetch the active user's roles on a particular resource. | Frederick Muriuki Muriithi |
| 2024-08-28 | Use privilege objects rather than IDS. | Frederick Muriuki Muriithi |
| 2024-08-28 | Delete request to obsoleted endpoint. | Frederick Muriuki Muriithi |
| 2024-08-28 | Create a new resource role. | Frederick Muriuki Muriithi |
| 2024-08-28 | Update URI forms | Frederick Muriuki Muriithi |
| 2024-08-28 | Use json for communication with gn-auth | Frederick Muriuki Muriithi |
| 2024-08-28 | List user assigned role of interest. | Frederick Muriuki Muriithi |
| 2024-08-28 | Unassign privilege from resource role. | Frederick Muriuki Muriithi |
| 2024-08-28 | Import the UUID class directly. | Frederick Muriuki Muriithi |
| 2024-08-28 | Implement "Resource Role Page"...Show the page, providing all UI elements necessary, even if the
elements themselves are not active.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Generalise `render_ur` for the resources pages | Frederick Muriuki Muriithi |
| 2024-08-28 | Set default headers for OAuth2Client requests. | Frederick Muriuki Muriithi |
| 2024-08-28 | Update UI: Use resource roles rather than obsolete group roles...In a fix to fix a privilege-escalation bug, the `…/group/roles`
endpoint was entirely removed and replaced with the less error-prone
`…/resource/…/roles` endpoint. This commit updates the code to use the
new endpoint's data as appropriate.
We also fix typos in some url_for routing arguments.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Fix displayed error message | Frederick Muriuki Muriithi |
| 2024-08-28 | Remove the "Roles" page. | Frederick Muriuki Muriithi |
| 2024-08-28 | Deactivate the "create_role" function...The `create_role` function could lead to privilege escalation. This
commit deactivates it completely to prevent the chance of that
happening.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Bug: Add missing data to search query. | Frederick Muriuki Muriithi |
| 2024-08-28 | Build search URI endpoint on server rather than on JS...To help with maintenance, build the search URI on the server rather
than in the javascript.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Build phenotype results template URI on backend...Build the template URI on the backend to remove the need to remember
to update the javascript if the URI changes in the future.
| Frederick Muriuki Muriithi |
| 2024-08-28 | Provide client data used for user verification. | Frederick Muriuki Muriithi |
| 2024-08-28 | Ensure endpoint returns a response. | Frederick Muriuki Muriithi |
| 2024-08-28 | Bug: Compute numeric timestamp for the claims. | Frederick Muriuki Muriithi |
| 2024-05-14 | Use correct URL when redirecting user after a new registration....Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-05-14 | Consistently use the same OAuthSession client | Frederick Muriuki Muriithi |
| 2024-05-14 | Enable client to automatically request a refresh token. | Frederick Muriuki Muriithi |
| 2024-05-14 | Redirect to index rather than no-longer supported login...Redirect to index of the site rather that the no-longer supported
"Password Grant"-using login page.
Disable the login route entirely.
| Frederick Muriuki Muriithi |
| 2024-04-30 | Revert "Create constructors for encoding and decoding a token."...This reverts commit e7a3bf22da1b63a01343f2cd30cd13c234fe508c.
| Munyoki Kilyungi |
| 2024-04-30 | Make returning an json object from oauth2_get optional....* gn2/wqflask/oauth2/client.py (oauth2_get): Add a jsonify_p key word
that defaults to False.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-04-30 | Create constructors for encoding and decoding a token....* gn2/tests/unit/wqflask/oauth2/(__init__.py, test_tokens.py): Test
cases for jwt token creation.
* gn2/wqflask/oauth2/tokens.py (JWTToken): New module for creating jwt tokens.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
| Munyoki Kilyungi |
| 2024-04-24 | Bug: use dict object on Response object. | Frederick Muriuki Muriithi |
| 2024-04-24 | Fetch message for authlib errors. | Frederick Muriuki Muriithi |
| 2024-04-24 | Send assertion as a string, not bytes. | Frederick Muriuki Muriithi |
| 2024-04-24 | DEBUG: log out request details...There is a failure on CI/CD that is not obvious - the logs should help
with debugging the issue.
| Frederick Muriuki Muriithi |
| 2024-04-23 | Separate the auth server's public key from app's private key...* Use the app's private key to sign the initial assertions used for
retrieving an authorisation token from the auth server.
* Use auth server's public key to validate the authorisation tokens
got from the auth server.
| Frederick Muriuki Muriithi |
| 2024-04-23 | Generate assertions to be used to get the token from the auth server | Frederick Muriuki Muriithi |
