| Age | Commit message (Collapse) | Author |
|---|
|
|
|
To ease registration of system-admin user, provide a CLI script to register
the user and mark them as sys admin in one go.
|
|
* gn3/auth/authentication/oauth2/views.py: Remove endpoint
* gn3/auth/authorisation/users/admin/__init__.py: New admin module
* gn3/auth/authorisation/users/admin/ui.py: New admin module
* gn3/auth/authorisation/users/admin/views.py: New admin module
* gn3/auth/views.py: Use new admin module
* gn3/errors.py: Fix linting errors
* gn3/templates/login.html: New html template
* main.py: Fix linting errors
|
|
Document some CLI utility commands useful for development and for supporting
the operation of the GN3 app.
|
|
Enable users with the appropriate privileges to masquerade as other users by
providing an endpoint that provides a new token for the "masqueradee"
|
|
Implement the "Authorization Code Flow" for the authentication of users.
* gn3/auth/authentication/oauth2/grants/authorisation_code_grant.py: query and
save the authorisation code.
* gn3/auth/authentication/oauth2/models/authorization_code.py: Implement the
`AuthorisationCode` model
* gn3/auth/authentication/oauth2/models/oauth2client.py: Fix typo
* gn3/auth/authentication/oauth2/server.py: Register the
`AuthorisationCodeGrant` grant with the server.
* gn3/auth/authentication/oauth2/views.py: Implement `/authorise` endpoint
* gn3/templates/base.html: New HTML Templates of authorisation UI
* gn3/templates/common-macros.html: New HTML Templates of authorisation UI
* gn3/templates/oauth2/authorise-user.html: New HTML Templates of
authorisation UI
* main.py: Allow both "code" and "token" response types.
|
|
|
|
To avoid repeating the same thing in multiple places, leading to errors and
breakages, reuse the same basic functions for password hashing.
|
|
Bcrypt is now somewhat vulnerable to offline cracking, so we move our password
hashing over to Argon2.
|
|
|
|
|
|
|
|
Provide a way to set a user as a system administrator via CLI.
This method was chosen rather that using the WebUI since most users will not
have access to the CLI. It also means that assigning system administration
privileges will not be an accident, since one has to actually run the command
manually on the CLI.
|
|
|
|
To avoid having to manually rebuild some default data for exploration of
concepts while developing the system, add a way to build up the test users and
oauth2 clients to use for testing.
|
|
|
|
* main.py: Provide the `apply-migrations` CLI command to run the migrations
against the auth database.
The command can be invoked with:
$ flask apply-migrations
|
|
|
|
* main.py: Move blueprint registrations to ...
* gn3/app.py (create_app): ... here
|
|
|
|
|
