Age | Commit message (Expand) | Author |
2023-01-19 | auth: Fix user registration...The code checking for errors was buggy and would let empty values through.
The sqlite3.IntegrityError exception was not being handled correctly, and
would cause a failure in the application.
This commit fixes the issues noted above.
* gn3/auth/authorisation/roles.py: fix bug in generating query params
* gn3/auth/authorisation/views.py: fix error checking code. Raise exception if
email is already registered.
| Frederick Muriuki Muriithi |
2023-01-16 | auth: update privileges format...Save privileges with ids of the form <top-level>:<sub-level>:<privilege-name>
rather than using a UUID, to reduce indirection levels.
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py: new migration
to change the schema and IDs for the privileges.
* Update code to use new privileges format
* gn3/auth/authorisation/checks.py
* gn3/auth/authorisation/groups.py
* gn3/auth/authorisation/privileges.py
* gn3/auth/authorisation/resources.py
* gn3/auth/authorisation/roles.py
* migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py
* tests/unit/auth/fixtures/role_fixtures.py
* tests/unit/auth/test_groups.py
* tests/unit/auth/test_privileges.py
* tests/unit/auth/test_roles.py
| Frederick Muriuki Muriithi |
2023-01-11 | auth: assign default role. separate group creation from group admin...A newly registered user will have the ability to create a group.
Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.
This means that the group-administration privileges should be separated from
the group-creation privilege.
* gn3/auth/authorisation/roles.py: assign default roles to user on
registration
* gn3/auth/authorisation/views.py: assign default roles to user on
registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
expected results for the test
| Frederick Muriuki Muriithi |
2023-01-05 | auth: Persist the user's registration details...If the registration details pass the validations steps, then persist the
details in the database and respond with details about the newly created user.
* gn3/auth/authentication/users.py: new functions
* `save_user`: create and persist a new user
* `set_user_password`: hash and persist the new password for the given user
* gn3/auth/authorisation/views.py: Persist the user details and respond with
the newly persisted user details.
| Frederick Muriuki Muriithi |
2023-01-04 | auth: Add `/register-user` endpoint...* gn3/app.py: register top-level error handlers. reorganise oauth2 blueprint.
* gn3/auth/__init__.py: reorganise oaut2 blueprint.
* gn3/auth/authentication/oauth2/views.py: reorganise oauth2 blueprint.
* gn3/auth/authorisation/exceptions.py -> gn3/auth/authorisation/errors.py
* gn3/auth/authorisation/groups.py: rename file/module
* gn3/auth/authorisation/resources.py: rename file/module
* gn3/auth/authorisation/views.py: Add `/register-user` endpoint
* gn3/auth/blueprint.py: reorganise oauth2 blueprint.
* gn3/errors.py: register top-level error handlers.
| Frederick Muriuki Muriithi |
2023-01-04 | auth: return group info as part of user details...* gn3/app.py: import blueprint from authorisation views inorder to get all
endpoints
* gn3/auth/authentication/oauth2/views.py: remove the `/user` endpoint
* gn3/auth/authorisation/views.py: add the `/user` endpoint and add the group
information to the user details.
| Frederick Muriuki Muriithi |
2023-01-04 | auth: Return only non-resource roles on `/user-roles` endpoint...Resource roles will be returned as part of the resources request.
* gn3/auth/authorisation/roles.py: Simplify query - only get non-resource
roles
* gn3/auth/authorisation/views.py: update docstring
| Frederick Muriuki Muriithi |
2023-01-03 | auth: Fetch all of a user's roles....* gn3/auth/authorisation/roles.py: Fetch roles from DB
* gn3/auth/authorisation/views.py: Provide API endpoint for user roles
* tests/unit/auth/test_roles.py: Tests to check fetching roles works correctly
Fix linting and typing issues in the following files:
* gn3/auth/authentication/oauth2/resource_server.py
* gn3/auth/authentication/oauth2/views.py
* tests/unit/auth/fixtures/oauth2_client_fixtures.py
| Frederick Muriuki Muriithi |
2022-12-12 | auth: functions to get user resources...* gn3/auth/authorisation/resources.py: add function to get the resources that
the user has access to.
| Frederick Muriuki Muriithi |
2022-12-12 | auth: Add a way to check whether a user is a group leader...* gn3/auth/authorisation/groups.py: Add `is_group_leader` function
| Frederick Muriuki Muriithi |
2022-12-12 | auth: pass cursor object to `user_group` function | Frederick Muriuki Muriithi |
2022-12-12 | auth: Attach group to GroupRole, rather than group_id | Frederick Muriuki Muriithi |
2022-12-08 | auth: test for `user_resources` function (incomplete)...* gn3/auth/authorisation/resources.py: dummy `user_resources` function
* tests/unit/auth/conftest.py: (incomplete): Add some fixtures for testing the
`user_resources` function
* tests/unit/auth/test_resources.py: test the `user_resources` function
| Frederick Muriuki Muriithi |
2022-12-08 | tests: Fix issues caught by tests...The addition of the `public` field in the `resources` table, led to some
previously passing tests to fail. This commit fixes the failures, and cleans
up some pylint issues.
* gn3/auth/authorisation/resources.py: add `public` to db queries
* tests/unit/auth/test_groups.py: fix pylint issues
| Frederick Muriuki Muriithi |
2022-12-08 | auth: add test to retrieve public resources...* gn3/auth/authorisation/resources.py: new functions
* resource_categories: retrieves all resource categories
* public_resources: retrieves all public resources
* tests/unit/auth/test_resources.py: test `public_resources` function
| Frederick Muriuki Muriithi |
2022-12-08 | auth: add function to retrieve a user's group...* gn3/auth/authorisation/groups.py: new `user_group` function
* tests/unit/auth/test_groups.py: test `user_group` function
| Frederick Muriuki Muriithi |
2022-11-24 | auth: Check for authentication and fix errors...* gn3/auth/authorisation/groups.py: base `MembershipError` on new
`AuthorisationError` base exception. Use new authentication checking
decorator.
* gn3/auth/authorisation/privileges.py: Change argument to User object rather
than UUID object
* gn3/auth/authorisation/roles.py: Use new authentication checking decorator.
* tests/unit/auth/test_groups.py: use `conftest.TEST_USER`
* tests/unit/auth/test_privileges.py: use `conftest.TEST_USER`
* tests/unit/auth/test_roles.py: use `conftest.TEST_USER`
| Frederick Muriuki Muriithi |
2022-11-24 | auth: Implement `create_resource` function...* gn3/auth/authentication/checks.py: new `authenticated_p` decorator to apply
on any function that requires the user to be authenticated before it runs.
* gn3/auth/authorisation/checks.py: use a `auth.authentication.users.User`
object rather than a UUID object in the global `g`.
* gn3/auth/authorisation/groups.py: Implement the `authenticated_user_group`
function to get the group(s) in which the currently authenticated user
belongs.
* gn3/auth/authorisation/resources.py: Implement the `create_resource`
function correctly.
* tests/unit/auth/conftest.py: extract the User objects into a global variable
for reusability with the tests.
* tests/unit/auth/test_resources.py: Use global user objects from conftest in
the tests. Set a User object (rather than UUID) in the global `g` variable.
| Frederick Muriuki Muriithi |
2022-11-24 | auth: Define base exceptions...* gn3/auth/authentication/exceptions.py: define `AuthenticationError`
* gn3/auth/authorisation/exceptions.py: define `AuthorisationError`
| Frederick Muriuki Muriithi |
2022-11-24 | tests: Add test for `create_resource`...* gn3/auth/authorisation/resources.py: Define Resource and ResourceCategory
classes. Create the `create_resource` stub.
* tests/unit/auth/test_resources.py: test for `create_resource` function
| Frederick Muriuki Muriithi |
2022-11-21 | auth: Prevent group leader from being a member of multiple groups...* gn3/auth/authorisation/groups.py: Assign the group leader at group creation
time.
* tests/unit/auth/test_groups.py: Ensure the group leader is only ever a
member of a single group.
| Frederick Muriuki Muriithi |
2022-11-17 | auth: Finish implementation of `create_group_role`...* gn3/auth/authorisation/groups.py: Add `GroupRole` type. Fix typing
annotations. Fix bugs.
* tests/unit/auth/conftest.py: Fix bugs.
* tests/unit/auth/test_groups.py: Fix test to run.
| Frederick Muriuki Muriithi |
2022-11-16 | auth: fix bugs in the code...* gn3/auth/authorisation/privileges.py: Set id to UUID type
* gn3/auth/authorisation/roles.py: fix parameters to types that sqlite3
supports
* gn3/auth/db.py: add logging for errors and re-raise the exception
* tests/unit/auth/test_roles.py: fix test
| Frederick Muriuki Muriithi |
2022-11-15 | auth: Add `create_group_role` function. | Frederick Muriuki Muriithi |
2022-11-15 | auth: Return results of calling function directly...* gn3/auth/authorisation/checks.py: Return results of calling the function
rather than a dict of values that include the results.
* gn3/auth/authorisation/groups.py: Use the newer form of `authorised_p`
decorator.
* tests/unit/auth/test_groups.py: Update tests
| Frederick Muriuki Muriithi |
2022-11-15 | auth: Specify types for privileges, roles, groups...Use specified types for privileges, roles and types rather than using strings
to help with limiting bugs.
* gn3/auth/authorisation/groups.py: Specify and use the `Group` type
* gn3/auth/authorisation/privileges.py: Specify and use the `Privilege` type
* gn3/auth/authorisation/roles.py: Specify the `Role` type. Add the
`create_role` function.
| Frederick Muriuki Muriithi |
2022-11-15 | auth: Reorganise package - move function to `checks` module...* gn3/auth/authorisation/__init__.py: delete function
* gn3/auth/authorisation/checks.py: move function to `checks` module
| Frederick Muriuki Muriithi |
2022-11-15 | pylint: Fix linting errors. | Frederick Muriuki Muriithi |
2022-11-14 | auth: Implement `create_group` | Frederick Muriuki Muriithi |
2022-11-14 | auth: Add test for `create_group`...* gn3/auth/authorisation/__init__.py: Add `authorised_p` decorator to be used
for all function requiring authorisation.
* gn3/auth/authorisation/groups.py: Add `create_group` function stub
* tests/unit/auth/conftest.py: Add fixture for test users
* tests/unit/auth/test_groups.py: Add tests for `create_group`
| Frederick Muriuki Muriithi |
2022-11-03 | Initialise the Auth(entic|oris)ation packages...Initialise the authentication/authorisation system packages and set up the
initial database migrations to set up the system.
* README.md: Add documentation on migrations
* gn3/auth/__init__.py: init package
* gn3/auth/authentication/__init__.py: init package
* gn3/auth/authorisation/__init__.py: init package
* gn3/migrations.py: provide migration utilities
* migrations/auth/20221103_01_js9ub-initialise-the-auth-entic-oris-ation-database.py:
new migration
* tests/unit/auth/test_init_database.py: test new migration applies and rolls
back as expected
* tests/unit/conftest.py: fixtures for unit tests
* yoyo.auth.ini: basic configuration for yoyo-migration for auth system
migrations
| Frederick Muriuki Muriithi |