aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation
AgeCommit message (Expand)Author
2023-01-19auth: Fix user registration...The code checking for errors was buggy and would let empty values through. The sqlite3.IntegrityError exception was not being handled correctly, and would cause a failure in the application. This commit fixes the issues noted above. * gn3/auth/authorisation/roles.py: fix bug in generating query params * gn3/auth/authorisation/views.py: fix error checking code. Raise exception if email is already registered. Frederick Muriuki Muriithi
2023-01-16auth: update privileges format...Save privileges with ids of the form <top-level>:<sub-level>:<privilege-name> rather than using a UUID, to reduce indirection levels. * migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py: new migration to change the schema and IDs for the privileges. * Update code to use new privileges format * gn3/auth/authorisation/checks.py * gn3/auth/authorisation/groups.py * gn3/auth/authorisation/privileges.py * gn3/auth/authorisation/resources.py * gn3/auth/authorisation/roles.py * migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py * tests/unit/auth/fixtures/role_fixtures.py * tests/unit/auth/test_groups.py * tests/unit/auth/test_privileges.py * tests/unit/auth/test_roles.py Frederick Muriuki Muriithi
2023-01-11auth: assign default role. separate group creation from group admin...A newly registered user will have the ability to create a group. Once a user is a member of a group, either by creating a new group, or being added to a group, they should not be able to create any more groups, i.e. they lose the 'create-group' (and/or equivalent) privileges. This means that the group-administration privileges should be separated from the group-creation privilege. * gn3/auth/authorisation/roles.py: assign default roles to user on registration * gn3/auth/authorisation/views.py: assign default roles to user on registration * migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py: separate group-creation role from group-administration role. * tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test user * tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the expected results for the test Frederick Muriuki Muriithi
2023-01-05auth: Persist the user's registration details...If the registration details pass the validations steps, then persist the details in the database and respond with details about the newly created user. * gn3/auth/authentication/users.py: new functions * `save_user`: create and persist a new user * `set_user_password`: hash and persist the new password for the given user * gn3/auth/authorisation/views.py: Persist the user details and respond with the newly persisted user details. Frederick Muriuki Muriithi
2023-01-04auth: Add `/register-user` endpoint...* gn3/app.py: register top-level error handlers. reorganise oauth2 blueprint. * gn3/auth/__init__.py: reorganise oaut2 blueprint. * gn3/auth/authentication/oauth2/views.py: reorganise oauth2 blueprint. * gn3/auth/authorisation/exceptions.py -> gn3/auth/authorisation/errors.py * gn3/auth/authorisation/groups.py: rename file/module * gn3/auth/authorisation/resources.py: rename file/module * gn3/auth/authorisation/views.py: Add `/register-user` endpoint * gn3/auth/blueprint.py: reorganise oauth2 blueprint. * gn3/errors.py: register top-level error handlers. Frederick Muriuki Muriithi
2023-01-04auth: return group info as part of user details...* gn3/app.py: import blueprint from authorisation views inorder to get all endpoints * gn3/auth/authentication/oauth2/views.py: remove the `/user` endpoint * gn3/auth/authorisation/views.py: add the `/user` endpoint and add the group information to the user details. Frederick Muriuki Muriithi
2023-01-04auth: Return only non-resource roles on `/user-roles` endpoint...Resource roles will be returned as part of the resources request. * gn3/auth/authorisation/roles.py: Simplify query - only get non-resource roles * gn3/auth/authorisation/views.py: update docstring Frederick Muriuki Muriithi
2023-01-03auth: Fetch all of a user's roles....* gn3/auth/authorisation/roles.py: Fetch roles from DB * gn3/auth/authorisation/views.py: Provide API endpoint for user roles * tests/unit/auth/test_roles.py: Tests to check fetching roles works correctly Fix linting and typing issues in the following files: * gn3/auth/authentication/oauth2/resource_server.py * gn3/auth/authentication/oauth2/views.py * tests/unit/auth/fixtures/oauth2_client_fixtures.py Frederick Muriuki Muriithi
2022-12-12auth: functions to get user resources...* gn3/auth/authorisation/resources.py: add function to get the resources that the user has access to. Frederick Muriuki Muriithi
2022-12-12auth: Add a way to check whether a user is a group leader...* gn3/auth/authorisation/groups.py: Add `is_group_leader` function Frederick Muriuki Muriithi
2022-12-12auth: pass cursor object to `user_group` functionFrederick Muriuki Muriithi
2022-12-12auth: Attach group to GroupRole, rather than group_idFrederick Muriuki Muriithi
2022-12-08auth: test for `user_resources` function (incomplete)...* gn3/auth/authorisation/resources.py: dummy `user_resources` function * tests/unit/auth/conftest.py: (incomplete): Add some fixtures for testing the `user_resources` function * tests/unit/auth/test_resources.py: test the `user_resources` function Frederick Muriuki Muriithi
2022-12-08tests: Fix issues caught by tests...The addition of the `public` field in the `resources` table, led to some previously passing tests to fail. This commit fixes the failures, and cleans up some pylint issues. * gn3/auth/authorisation/resources.py: add `public` to db queries * tests/unit/auth/test_groups.py: fix pylint issues Frederick Muriuki Muriithi
2022-12-08auth: add test to retrieve public resources...* gn3/auth/authorisation/resources.py: new functions * resource_categories: retrieves all resource categories * public_resources: retrieves all public resources * tests/unit/auth/test_resources.py: test `public_resources` function Frederick Muriuki Muriithi
2022-12-08auth: add function to retrieve a user's group...* gn3/auth/authorisation/groups.py: new `user_group` function * tests/unit/auth/test_groups.py: test `user_group` function Frederick Muriuki Muriithi
2022-11-24auth: Check for authentication and fix errors...* gn3/auth/authorisation/groups.py: base `MembershipError` on new `AuthorisationError` base exception. Use new authentication checking decorator. * gn3/auth/authorisation/privileges.py: Change argument to User object rather than UUID object * gn3/auth/authorisation/roles.py: Use new authentication checking decorator. * tests/unit/auth/test_groups.py: use `conftest.TEST_USER` * tests/unit/auth/test_privileges.py: use `conftest.TEST_USER` * tests/unit/auth/test_roles.py: use `conftest.TEST_USER` Frederick Muriuki Muriithi
2022-11-24auth: Implement `create_resource` function...* gn3/auth/authentication/checks.py: new `authenticated_p` decorator to apply on any function that requires the user to be authenticated before it runs. * gn3/auth/authorisation/checks.py: use a `auth.authentication.users.User` object rather than a UUID object in the global `g`. * gn3/auth/authorisation/groups.py: Implement the `authenticated_user_group` function to get the group(s) in which the currently authenticated user belongs. * gn3/auth/authorisation/resources.py: Implement the `create_resource` function correctly. * tests/unit/auth/conftest.py: extract the User objects into a global variable for reusability with the tests. * tests/unit/auth/test_resources.py: Use global user objects from conftest in the tests. Set a User object (rather than UUID) in the global `g` variable. Frederick Muriuki Muriithi
2022-11-24auth: Define base exceptions...* gn3/auth/authentication/exceptions.py: define `AuthenticationError` * gn3/auth/authorisation/exceptions.py: define `AuthorisationError` Frederick Muriuki Muriithi
2022-11-24tests: Add test for `create_resource`...* gn3/auth/authorisation/resources.py: Define Resource and ResourceCategory classes. Create the `create_resource` stub. * tests/unit/auth/test_resources.py: test for `create_resource` function Frederick Muriuki Muriithi
2022-11-21auth: Prevent group leader from being a member of multiple groups...* gn3/auth/authorisation/groups.py: Assign the group leader at group creation time. * tests/unit/auth/test_groups.py: Ensure the group leader is only ever a member of a single group. Frederick Muriuki Muriithi
2022-11-17auth: Finish implementation of `create_group_role`...* gn3/auth/authorisation/groups.py: Add `GroupRole` type. Fix typing annotations. Fix bugs. * tests/unit/auth/conftest.py: Fix bugs. * tests/unit/auth/test_groups.py: Fix test to run. Frederick Muriuki Muriithi
2022-11-16auth: fix bugs in the code...* gn3/auth/authorisation/privileges.py: Set id to UUID type * gn3/auth/authorisation/roles.py: fix parameters to types that sqlite3 supports * gn3/auth/db.py: add logging for errors and re-raise the exception * tests/unit/auth/test_roles.py: fix test Frederick Muriuki Muriithi
2022-11-15auth: Add `create_group_role` function.Frederick Muriuki Muriithi
2022-11-15auth: Return results of calling function directly...* gn3/auth/authorisation/checks.py: Return results of calling the function rather than a dict of values that include the results. * gn3/auth/authorisation/groups.py: Use the newer form of `authorised_p` decorator. * tests/unit/auth/test_groups.py: Update tests Frederick Muriuki Muriithi
2022-11-15auth: Specify types for privileges, roles, groups...Use specified types for privileges, roles and types rather than using strings to help with limiting bugs. * gn3/auth/authorisation/groups.py: Specify and use the `Group` type * gn3/auth/authorisation/privileges.py: Specify and use the `Privilege` type * gn3/auth/authorisation/roles.py: Specify the `Role` type. Add the `create_role` function. Frederick Muriuki Muriithi
2022-11-15auth: Reorganise package - move function to `checks` module...* gn3/auth/authorisation/__init__.py: delete function * gn3/auth/authorisation/checks.py: move function to `checks` module Frederick Muriuki Muriithi
2022-11-15pylint: Fix linting errors.Frederick Muriuki Muriithi
2022-11-14auth: Implement `create_group`Frederick Muriuki Muriithi
2022-11-14auth: Add test for `create_group`...* gn3/auth/authorisation/__init__.py: Add `authorised_p` decorator to be used for all function requiring authorisation. * gn3/auth/authorisation/groups.py: Add `create_group` function stub * tests/unit/auth/conftest.py: Add fixture for test users * tests/unit/auth/test_groups.py: Add tests for `create_group` Frederick Muriuki Muriithi
2022-11-03Initialise the Auth(entic|oris)ation packages...Initialise the authentication/authorisation system packages and set up the initial database migrations to set up the system. * README.md: Add documentation on migrations * gn3/auth/__init__.py: init package * gn3/auth/authentication/__init__.py: init package * gn3/auth/authorisation/__init__.py: init package * gn3/migrations.py: provide migration utilities * migrations/auth/20221103_01_js9ub-initialise-the-auth-entic-oris-ation-database.py: new migration * tests/unit/auth/test_init_database.py: test new migration applies and rolls back as expected * tests/unit/conftest.py: fixtures for unit tests * yoyo.auth.ini: basic configuration for yoyo-migration for auth system migrations Frederick Muriuki Muriithi