Age | Commit message (Collapse) | Author |
|
|
|
|
|
We are saving the client secret in an encrypted form, meaning we have to
verify that the CLIENT_SECRET that is provided is the same one as was
generated at registration in a different way.
Initially, I was doing a direct comparison, having saved the CLIENT_SECRET
value as unencrypted plain-text.
|
|
Add UI and code to enable the administrative user to register new OAuth2
clients that can access the API server.
|
|
Implement the "Authorization Code Flow" for the authentication of users.
* gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py: query and
save the authorisation code.
* gn3/auth/authentication/oauth2/models/authorization_code.py: Implement the
`AuthorisationCode` model
* gn3/auth/authentication/oauth2/models/oauth2client.py: Fix typo
* gn3/auth/authentication/oauth2/server.py: Register the
`AuthorisationCodeGrant` grant with the server.
* gn3/auth/authentication/oauth2/views.py: Implement `/authorise` endpoint
* gn3/templates/base.html: New HTML Templates of authorisation UI
* gn3/templates/common-macros.html: New HTML Templates of authorisation UI
* gn3/templates/oauth2/authorise-user.html: New HTML Templates of
authorisation UI
* main.py: Allow both "code" and "token" response types.
|
|
Fix the bug where the system was trying to load a user from a non-existing
OAuth2 client, leading to an exception.
|
|
Due to the fact that the data migration requires higher privileges than the
user details, separate the user details migration endpoint from the data
migrations endpoint.
|
|
Fetching the user by id should return the user, or raise an exception. We get
rid of the Maybe monad here since it is leading to some weird code flows -
probably the wrong monad to use here.
|
|
Setting the scope as a list of strings was leading to errors when attempting
to logout. This commit leaves the scope as a string to avoid the errors.
|
|
|
|
|
|
If the token already exists, then update the details rather than trying to
insert.
|
|
* gn3/auth/authentication/oauth2/grants/password_grant.py: Return user rather
than boolean
* gn3/auth/authentication/oauth2/models/oauth2client.py: provide optional
`user` argument to allow flexibility in setting up the client's user
* gn3/auth/authentication/oauth2/models/oauth2token.py: Set token and client
user correctly
* gn3/auth/authentication/oauth2/server.py: Set token user from the request
|
|
To avoid having to manually rebuild some default data for exploration of
concepts while developing the system, add a way to build up the test users and
oauth2 clients to use for testing.
|
|
Add code to implement the OAuth2 flow.
* Add test fixtures for setting up users and OAuth2 clients
* Add tests for token generation with the "Password Grant" flow
* Fix some issues with test due to changes in the database connection's
row_factory
|