auth: Add development utils/tools

To avoid having to manually rebuild some default data for exploration of concepts while developing the system, add a way to build up the test users and oauth2 clients to use for testing.
author: Frederick Muriuki Muriithi 2023-01-20 08:20:28 +0300
committer: Frederick Muriuki Muriithi 2023-01-20 08:22:54 +0300
commit: c843e14249be425e20dcb8cbb6653e49c22298de (patch)
tree: d27e86ad5ae20427846b1a1deb289e8c643c6570
parent: f4d6e8bbf66ce4601934c586014868f2ced690ca (diff)
download: genenetwork3-c843e14249be425e20dcb8cbb6653e49c22298de.tar.gz
2 files changed, 78 insertions, 1 deletions
diff --git a/gn3/auth/authentication/oauth2/models/oauth2client.py b/gn3/auth/authentication/oauth2/models/oauth2client.py
index 2ee7858..efaff54 100644
--- a/gn3/auth/authentication/oauth2/models/oauth2client.py
+++ b/gn3/auth/authentication/oauth2/models/oauth2client.py
@@ -34,7 +34,15 @@ class OAuth2Client(NamedTuple):
 
     @property
     def client_type(self) -> str:
-        """Return the token endpoint authorisation method."""
+        """
+        Return the token endpoint authorisation method.
+
+        Acceptable client types:
+        * public: Unable to use registered client secrets, e.g. browsers, apps
+          on mobile devices.
+        * confidential: able to securely authenticate with authorisation server
+          e.g. being able to keep their registered client secret safe.
+        """
         return self.client_metadata.get("client_type", "public")
 
     def check_endpoint_auth_method(self, method: str, endpoint: str) -> bool:
diff --git a/main.py b/main.py
index 8d03148..d55bd42 100644
--- a/main.py
+++ b/main.py
@@ -1,9 +1,16 @@
 """Main entry point for project"""
+import json
+from math import ceil
+from datetime import datetime
+
+import bcrypt
 from yoyo import get_backend, read_migrations
 
 from gn3 import migrations
 from gn3.app import create_app
 
+from gn3.auth import db
+
 app = create_app()
 
 ##### BEGIN: CLI Commands #####
@@ -15,6 +22,68 @@ def apply_migrations():
         get_backend(f'sqlite:///{app.config["AUTH_DB"]}'),
         read_migrations(app.config["AUTH_MIGRATIONS"]))
 
+def __init_dev_users__():
+    """Initialise dev users. Get's used in more than one place"""
+    dev_users_query = "INSERT INTO users VALUES (:user_id, :email, :name)"
+    dev_users_passwd = "INSERT INTO user_credentials VALUES (:user_id, :hash)"
+    dev_users = ({
+        "user_id": "0ad1917c-57da-46dc-b79e-c81c91e5b928",
+        "email": "test@develpment.user",
+        "name": "Test Development User",
+        "password": "testpasswd"},)
+
+    def __hash_passwd__(passwd):
+        return bcrypt.hashpw(passwd.encode("utf8"), bcrypt.gensalt())
+
+    with db.connection(app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor:
+        cursor.executemany(dev_users_query, dev_users)
+        cursor.executemany(dev_users_passwd, (
+            {**usr, "hash": __hash_passwd__(usr["password"])}
+            for usr in dev_users))
+
+@app.cli.command()
+def init_dev_users():
+    """
+    Initialise development users for OAuth2 sessions.
+
+    **NOTE**: You really should not run this in production/staging
+    """
+    __init_dev_users__()
+
+@app.cli.command()
+def init_dev_clients():
+    """
+    Initialise a development client for OAuth2 sessions.
+
+    **NOTE**: You really should not run this in production/staging
+    """
+    __init_dev_users__()
+    dev_clients_query = (
+        "INSERT INTO oauth2_clients VALUES ("
+        ":client_id, :client_secret, :client_id_issued_at, "
+        ":client_secret_expires_at, :client_metadata, :user_id"
+        ")")
+    dev_clients = ({
+        "client_id": "0bbfca82-d73f-4bd4-a140-5ae7abb4a64d",
+        "client_secret": "yadabadaboo",
+        "client_id_issued_at": ceil(datetime.now().timestamp()),
+        "client_secret_expires_at": 0,
+        "client_metadata": json.dumps({
+            "client_name": "GN2 Dev Server",
+            "token_endpoint_auth_method": [
+                "client_secret_post", "client_secret_basic"],
+            "client_type": "confidential",
+            "grant_types": ["password", "authorisation_code", "refresh_token"],
+            "default_redirect_uri": "http://localhost:5033/oauth2/code",
+            "redirect_uris": ["http://localhost:5033/oauth2/code"],
+            "response_type": "token", # choices: ["code", "token"]
+            "scope": ["profile", "resource", "register-client"]
+        }),
+        "user_id": "0ad1917c-57da-46dc-b79e-c81c91e5b928"},)
+
+    with db.connection(app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor:
+        cursor.executemany(dev_clients_query, dev_clients)
+
 ##### END: CLI Commands #####
 
 if __name__ == '__main__':
author	Frederick Muriuki Muriithi	2023-01-20 08:20:28 +0300
committer	Frederick Muriuki Muriithi	2023-01-20 08:22:54 +0300
commit	c843e14249be425e20dcb8cbb6653e49c22298de (patch)
tree	d27e86ad5ae20427846b1a1deb289e8c643c6570
parent	f4d6e8bbf66ce4601934c586014868f2ced690ca (diff)
download	genenetwork3-c843e14249be425e20dcb8cbb6653e49c22298de.tar.gz