aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-25Roles: Get rid of use of GroupRole; use Role directly for resourcesFrederick Muriuki Muriithi
The GroupRole idea was flawed, and led to a critical bug that would have allowed privilege escalation. This uses the Role directly acting on a specific resource when assigning said role to a user.
2024-06-20Move deactivated tests to module where they will be re-implementedFrederick Muriuki Muriithi
2024-06-20Reorganise test fixtures. Fix tests and issues caught.Frederick Muriuki Muriithi
Reorganise test fixtures to more closely follow the design of the auth system. Fix the broken tests due to refactors and fix all issues caught by the running tests.
2024-06-18Update tests for new paradigmFrederick Muriuki Muriithi
* Create a jwt token generator in place of a static token * Update some fixtures * Skip some tests that will require more work to fix
2024-06-18fix mypy errorsFrederick Muriuki Muriithi
2024-06-17Fix mypy errorsFrederick Muriuki Muriithi
2024-06-17Remove obsolete endpoint.Frederick Muriuki Muriithi
2024-06-17Fix linting errorsFrederick Muriuki Muriithi
2024-06-17Remove deprecated endpoint.Frederick Muriuki Muriithi
2024-06-17Retrieve complete list of a users roles on a particular resource.Frederick Muriuki Muriithi
2024-06-17Bug: use or's short-circuiting to prevent evaluation of statementsFrederick Muriuki Muriithi
Without the `or` later statements were being evaluated, before the final value was computed. This commit short-circuits that behaviour.
2024-06-17Improve error-handling.Frederick Muriuki Muriithi
2024-06-17Fix linting errors.Frederick Muriuki Muriithi
2024-06-17Create a resource role.Frederick Muriuki Muriithi
2024-06-17Present errors more cleanly.Frederick Muriuki Muriithi
2024-06-17Don't save the resource-owner role as a resource roleFrederick Muriuki Muriithi
The 'resource-owner' role is a system-default role that applies to most resources, but should not be editable by users. This commit removes the code that was linking the role with each resource, leading it to being presented to the user as a editable role.
2024-06-17Use the form's json attribute to retrieve sent dataFrederick Muriuki Muriithi
The system uses JSON as the default communication format, so we use the form's json attribute to get any data sent.
2024-06-11Fix typo.Frederick Muriuki Muriithi
2024-06-11Temporary fix to retrieve users with read access to resource.Frederick Muriuki Muriithi
2024-06-11List users assigned a particular role on a specific resource.handle-role-privilege-escalationFrederick Muriuki Muriithi
2024-06-11Import the symbols we use in the module directly.Frederick Muriuki Muriithi
Import the modules directly to help with reducing line-length and unnecessary typing.
2024-06-11Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Improve error messaging.Frederick Muriuki Muriithi
2024-06-10Fetch a role by its ID.Frederick Muriuki Muriithi
2024-06-10Handle generic exceptions.Frederick Muriuki Muriithi
2024-06-10Provide some endpoints for privileges.Frederick Muriuki Muriithi
2024-06-10Use new db resultset conversion functions.Frederick Muriuki Muriithi
2024-06-10Provide functions to convert DB rows into data objects.Frederick Muriuki Muriithi
2024-06-10Provide resource roles endpointFrederick Muriuki Muriithi
Provide an endpoint that returns all the roles that a particular user has on a specific resource.
2024-06-10Share reusable functionFrederick Muriuki Muriithi
2024-06-10Return error code in error handlers.Frederick Muriuki Muriithi
2024-06-07Replace `…/group/roles` endpoint with `…/resource/…/roles` endpoint.Frederick Muriuki Muriithi
The `…/group/roles` endpoint relied on the now deleted `group_roles` table that caused the implementation to be prone to privilege escalation attacks. This commit provides the `…/resource/…/roles` endpoint that provides the required functionality without the exposure.
2024-06-07Update role assignment: user resource_roles tableFrederick Muriuki Muriithi
We no longer use the group_roles table, and have moved to the less privilege-escalation-prone resource_roles table. This commit updates the queries to use the newer resource_roles table.
2024-06-07migration: Drop `group_roles` db table.Frederick Muriuki Muriithi
2024-06-06migration: Create `resource_roles` db tableFrederick Muriuki Muriithi
2024-06-06migration: Move role-manipulation privileges from group to resourcesFrederick Muriuki Muriithi
Attach the role-manipulation privileges to the resource rather than the group, because the roles actually act on the resource itself - thus each role needs to track which resource it acts on.
2024-06-06Add deprecation warning to /group-privileges endpoint function.Frederick Muriuki Muriithi
2024-06-05Bug: Point to correct key to avoid errorsFrederick Muriuki Muriithi
2024-06-04Approximate the GN2 look-and-feel.Frederick Muriuki Muriithi
2024-06-04auth: scope: Remove confusing UI elementsFrederick Muriuki Muriithi
2024-06-04Update system name from GeneNetwork3 to gn-authFrederick Muriuki Muriithi
2024-06-04Update email styling and text.Frederick Muriuki Muriithi
2024-06-04Redirect appropriately when verifying emails.Frederick Muriuki Muriithi
2024-06-03Raise explicit error messages for more graceful handling.enable-sending-emailsFrederick Muriuki Muriithi
2024-06-03Log out emails in debug mode.Frederick Muriuki Muriithi
Log out emails sent when the application is in debug mode to help with maintenance efforts.
2024-06-03Handle unverified emailsFrederick Muriuki Muriithi
If a user provides the correct credentials to login, but they are unverified, redirect them to the email verification page, where they are provided with a chance to verify their email, or send a new verification code.
2024-06-03Update docs on launching the application.Frederick Muriuki Muriithi
2024-06-03Provide endpoint for verification and do verificationFrederick Muriuki Muriithi
2024-06-03Send verification email on registration.Frederick Muriuki Muriithi
2024-06-03Use asdict(...)Frederick Muriuki Muriithi
Use dataclasses.asdict function to generate the dict that will be used for the response rather than building it up manually.