aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Scripts.md121
-rw-r--r--docs/authentication_and_authorisation/oauth2_clients.md64
2 files changed, 0 insertions, 185 deletions
diff --git a/docs/Scripts.md b/docs/Scripts.md
deleted file mode 100644
index 65d93e0..0000000
--- a/docs/Scripts.md
+++ /dev/null
@@ -1,121 +0,0 @@
-# CLI Utility Scripts
-
-This documents the various utility scripts that are provided with the project
-whose purposes are to support the operation of the application in one way or
-another.
-
-To get a list of the available scripts/flask commands that can be run, do:
-
-```sh
-FLASK_APP="main.py" flask --help
-```
-
-With that, you should get a list of commands, which as of 2023-05-26 are:
-
-```sh
-. . . output truncated to save space ...
-
-Commands:
- apply-migrations Apply the dabasase migrations.
- assign-system-admin Assign user with ID `user_id` administrator role.
- init-dev-clients Initialise a development client for OAuth2 sessions.
- init-dev-users Initialise development users for OAuth2 sessions.
- routes Show the routes for the app.
- run Run a development server.
- shell Run a shell in the app context.
-```
-
-*NB*: You can simply do `export FLASK_APP="main.py"` at the beginning of your
-shell session and then just run the commands without prepending with the
-`FLASK_APP="main.py"` declaration.
-
-## Setting a User as System Administrator
-
-Once you have registered the user with the new (as of 2023-05-26)
-auth(entic|oris)ation system, you can then proceed to specify that the user is
-going to be a system administrator of the system.
-
-You will need to retrieve the users identifier (UUID) from the system; say the
-UUID you get for the user is `5b15ef01-a9d7-4ee4-9a38-fe9dd1d871b8`, you can
-then set that user as a system administrator by running:
-
-```sh
-FLASK_APP="main.py" flask assign-system-admin 5b15ef01-a9d7-4ee4-9a38-fe9dd1d871b8
-```
-
-You can retrieve the user ID from the (SQLite) database, with something like:
-
-```sh
-$ sqlite3 /home/frederick/genenetwork/gn3_files/db/auth.db
-SQLite version 3.40.0 2022-11-16 12:10:08
-Enter ".help" for usage hints.
-sqlite> SELECT * FROM users;
-0ad1917c-57da-46dc-b79e-c81c91e5b928|test@development.user|Test Development User
-9c5d4ddf-c361-4133-add3-9ab9845bb9f2|fredtest02@gmail.com|A New Group Member
-b4a8ed7a-a878-4884-94e0-26d3fe0c56a3|fredleader@gmail.com|Frederick the Group Leader
-```
-
-## Make Existing Data Publicly Visible
-
-This will only act on any existing data that is not already linked with a user
-group in the new auth system.
-
-This can be run using flask with
-
-```sh
-FLASK_APP="main.py" flask make-data-public
-```
-
-which will use the application's configuration settings for the
-auth(entic|oris)ation database and the MariaDB database.
-
-You could also run the script directly with:
-
-```sh
-python3 -m scripts.migrate_existing_data AUTHDBPATH MYSQLDBURI
-```
-
-where `AUTHDBPATH` and `MYSQLDBURI` are replaced with the appropriate values,
-e.g.
-
-```sh
-python3 -m scripts.migrate_existing_data \
- /home/frederick/genenetwork/gn3_files/db/auth.db \
- mysql://webqtlout:webqtlout@127.0.0.1:3307/db_webqtl
-```
-
-## List Available Routes
-
-```sh
-FLASK_APP="main.py" flask routes
-```
-
-## Drop Into a Python Shell
-
-```sh
-FLASK_APP="main.py" flask shell
-```
-
-## Development Scripts
-
-The commands in this section are meant for easing development and are not to be
-run in a production environment.
-
-### Setting up a Sample User for Development
-
-```sh
-FLASK_APP="main.py" flask init-dev-users
-```
-
-That will initialise your development database with a development user with the
-following details:
-
-- User ID: 0ad1917c-57da-46dc-b79e-c81c91e5b928
-- Email: test@development.user
-- Password: testpasswd
-
-### Setting up Sample OAuth2 Client for Development
-
-```sh
-FLASK_APP="main.py" flask init-dev-clients
-```
diff --git a/docs/authentication_and_authorisation/oauth2_clients.md b/docs/authentication_and_authorisation/oauth2_clients.md
deleted file mode 100644
index f9af8f9..0000000
--- a/docs/authentication_and_authorisation/oauth2_clients.md
+++ /dev/null
@@ -1,64 +0,0 @@
-# OAuth2
-
-The new authorisation system is made up of two layers:
-
-- Client authorisation
-- User authentication/authorisation
-
-This document will concern itself mostly with "Client Authorisation".
-
-## Client Authorisation
-
-The authentication/authorisation system will (probably) find use in the entire
-suite of applications that are under the Genenetwork umbrella.
-
-The relevant applications (as of 27 May 2023) are:
-
-- [Genenetwork 3](https://github.com/genenetwork/genenetwork3): Serves as both
- the authorisation server and the API server.
-- [Genenetwork 2](https://github.com/genenetwork/genenetwork2): Will eventually
- be the main user-facing UI making requests to GN3 for data and computational
- requests.
-- [QC and Data Upload](https://gitlab.com/fredmanglis/gnqc_py): Provides a means
- to upload new data into the Genenetwork database. It does perform some
- quality-control on the data before upload. Currently, this application is not
- available to the general public due to the potential to mess up the data. Once
- the auth system has been running a while, and the major bugs quashed, this
- will be integrated into the other system and allow users to upload their own
- data.
-
-In this case, the GN2 and QC applications would be clients to GN3 (as the auth
-server), and will have specific scopes of access.
-
-As such, we need to register the clients that can access the authorisation
-server.
-
-If you try to access the authorisation server, or for that matter, the API
-server with a client that is not registered, you will receive an error message
-of the form:
-
-```json
-{
- "error": "invalid_client",
- "error_description": "No client found for the given CLIENT_ID and CLIENT_SECRET."
-}
-```
-
-### Registering a new OAuth2 Client
-
-- **TODO**: Implement client registration then provide docs here.
-
-**NOTES**:
-
-- Collect appropriate client data and register (provide means)
-- Get registered client's "CLIENT ID" and "CLIENT SECRET" values
-- Configure values on client
-
-## User Authentication/Authorisation
-
-A user will make use of (an) authorised client(s) (see 'Client Authorisation'
-section above) to access the authorisation and API servers.
-
-Once the user has authenticated (provided valid authentication credentials),
-they will be able to access the resources in the system according to the roles
-and privileges that they are authorised for.