aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-17Use the form's json attribute to retrieve sent dataFrederick Muriuki Muriithi
The system uses JSON as the default communication format, so we use the form's json attribute to get any data sent.
2024-06-11Fix typo.Frederick Muriuki Muriithi
2024-06-11Temporary fix to retrieve users with read access to resource.Frederick Muriuki Muriithi
2024-06-11List users assigned a particular role on a specific resource.handle-role-privilege-escalationFrederick Muriuki Muriithi
2024-06-11Import the symbols we use in the module directly.Frederick Muriuki Muriithi
Import the modules directly to help with reducing line-length and unnecessary typing.
2024-06-11Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Improve error messaging.Frederick Muriuki Muriithi
2024-06-10Fetch a role by its ID.Frederick Muriuki Muriithi
2024-06-10Handle generic exceptions.Frederick Muriuki Muriithi
2024-06-10Provide some endpoints for privileges.Frederick Muriuki Muriithi
2024-06-10Use new db resultset conversion functions.Frederick Muriuki Muriithi
2024-06-10Provide functions to convert DB rows into data objects.Frederick Muriuki Muriithi
2024-06-10Provide resource roles endpointFrederick Muriuki Muriithi
Provide an endpoint that returns all the roles that a particular user has on a specific resource.
2024-06-10Share reusable functionFrederick Muriuki Muriithi
2024-06-10Return error code in error handlers.Frederick Muriuki Muriithi
2024-06-07Replace `…/group/roles` endpoint with `…/resource/…/roles` endpoint.Frederick Muriuki Muriithi
The `…/group/roles` endpoint relied on the now deleted `group_roles` table that caused the implementation to be prone to privilege escalation attacks. This commit provides the `…/resource/…/roles` endpoint that provides the required functionality without the exposure.
2024-06-07Update role assignment: user resource_roles tableFrederick Muriuki Muriithi
We no longer use the group_roles table, and have moved to the less privilege-escalation-prone resource_roles table. This commit updates the queries to use the newer resource_roles table.
2024-06-07migration: Drop `group_roles` db table.Frederick Muriuki Muriithi
2024-06-06migration: Create `resource_roles` db tableFrederick Muriuki Muriithi
2024-06-06migration: Move role-manipulation privileges from group to resourcesFrederick Muriuki Muriithi
Attach the role-manipulation privileges to the resource rather than the group, because the roles actually act on the resource itself - thus each role needs to track which resource it acts on.
2024-06-06Add deprecation warning to /group-privileges endpoint function.Frederick Muriuki Muriithi
2024-06-05Bug: Point to correct key to avoid errorsFrederick Muriuki Muriithi
2024-06-04Approximate the GN2 look-and-feel.Frederick Muriuki Muriithi
2024-06-04auth: scope: Remove confusing UI elementsFrederick Muriuki Muriithi
2024-06-04Update system name from GeneNetwork3 to gn-authFrederick Muriuki Muriithi
2024-06-04Update email styling and text.Frederick Muriuki Muriithi
2024-06-04Redirect appropriately when verifying emails.Frederick Muriuki Muriithi
2024-06-03Raise explicit error messages for more graceful handling.enable-sending-emailsFrederick Muriuki Muriithi
2024-06-03Log out emails in debug mode.Frederick Muriuki Muriithi
Log out emails sent when the application is in debug mode to help with maintenance efforts.
2024-06-03Handle unverified emailsFrederick Muriuki Muriithi
If a user provides the correct credentials to login, but they are unverified, redirect them to the email verification page, where they are provided with a chance to verify their email, or send a new verification code.
2024-06-03Update docs on launching the application.Frederick Muriuki Muriithi
2024-06-03Provide endpoint for verification and do verificationFrederick Muriuki Muriithi
2024-06-03Send verification email on registration.Frederick Muriuki Muriithi
2024-06-03Use asdict(...)Frederick Muriuki Muriithi
Use dataclasses.asdict function to generate the dict that will be used for the response rather than building it up manually.
2024-06-03Move user creation from db resultset into static methodFrederick Muriuki Muriithi
Creation of a User object from the database resultset will mostly be the same. This commit moves the repetitive code into a static method that can be called wherever we need it. This improves maintainability, since we only ever need to do an update in one place now.
2024-06-03Save the creation date and verification status.Frederick Muriuki Muriithi
2024-06-03Update db schema to allow user verification.Frederick Muriuki Muriithi
2024-06-03Initialise default email settings for the application.Frederick Muriuki Muriithi
2024-06-03Set module for sending emails.Frederick Muriuki Muriithi
2024-05-29Remove unused import.Frederick Muriuki Muriithi
2024-05-29Revert "jwt: add user roles to the jwt token."Frederick Muriuki Muriithi
This reverts commit 0582565fa7db4b95e86fb0dde8d83e3170e566a7. Adding the user roles to the token makes the token ridiculously large. Rather than doing that, we'll use an endpoint on the auth server to get the user roles and privileges instead.
2024-05-24Revoke refresh token, and all its children.Frederick Muriuki Muriithi
2024-05-24Check whether a refresh token has been used beforeFrederick Muriuki Muriithi
Check whether a refresh token has been used before using it to generate a new JWT token. If the refresh token has been used previously, it should be revoked, and an error raised. As of this commit the actual revocation process hasn't been implemented.
2024-05-24Linting: reorganise imports.Frederick Muriuki Muriithi
2024-05-24Use monads consistently to reduce chances of errors.Frederick Muriuki Muriithi
2024-05-23jwt: add user roles to the jwt token.Frederick Muriuki Muriithi
2024-05-13Skip "PasswordGrant" tests.Frederick Muriuki Muriithi
2024-05-13Provide missing `CLIENTS_SSL_PUBLIC_KEYS_DIR` config for tests.Frederick Muriuki Muriithi
2024-05-13Fix myriad of linting errorFrederick Muriuki Muriithi
These linting errors can't be rebased into the newer commits.
2024-05-13Link old refresh token to newly issued refresh tokenFrederick Muriuki Muriithi
We need to track the "lineage" of refresh tokens in order to detect possible stolen tokens and mitigate damage.