Age | Commit message (Collapse) | Author |
|
|
|
|
|
The authorisation server uses its key to sign any token it generates.
It uses the clients' public keys to validate any assertions it
receives from a client using the client's public key.
|
|
Authenticate with the usual authentication code flow.
Do not inherit AuthenticationCodeGrant in JWTBearerGrant, instead, use
the JWTBearerGrant to generate the token after the user has already
been successfully authenticated.
|
|
|
|
|
|
|
|
|
|
Add paths to the SSL key-pair used for signing and verifying the JWTs.
|
|
|
|
|
|
|
|
* gn_auth/auth/authorisation/resources/views.py: Import operator.
(get_user_roles_on_resource): Flatten roles list.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/models.py (resource_data): A
metadata resource is not linked to any data so we return an empty
tuple.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/models.py
(user_roles_on_resources): New function.
* gn_auth/auth/authorisation/resources/views.py
(resources_authorisation): New endpoint.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
This reverts commit f5e833c0d72eaec80425203b15210ed304cc4811.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
As recommended by:
<https://barry.warsaw.us/software/STYLEGUIDE.txt>
which is a reference for pep-8.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/models/oauth2client.py
(client): Rename the_user -> _user.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py
(__query_authorization_code__): Rename the_code -> _code.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Debugging this if necessary should be handled by pdb.
* gn_auth/auth/authentication/users.py (fetch_users): Delete print
statement.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Use verbs for methods.
* gn_auth/auth/authentication/oauth2/models/oauth2client.py (OAuth2Client):
(oauth2_clients): Rename users -> fetch_users.
* gn_auth/auth/authentication/users.py (users): Ditto.
(fetch_users): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
This module is redundant since dataclasses already provides the asdict
method.
* gn_auth/auth/dictify.py: Delete.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/models/authorization_code.py:
Import dataclass, asdict, cached_property and AuthorizationCodeMixin.
Remove NamedTuple import.
(AuthorisationCode): Use frozen dataclass and explicitly inherit from
AuthorizationCodeMixin. Delete unnecessary comment.
(AuthorisationCode.response_type): Make this a cached_property.
(AuthorisationCode.get_nonce): Delete. This is not defined in the
RFC6749 spec.
(save_authorisation_code): Replace _asdict() with asdict(...).
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/base.py: Import dataclass and
asdict. Remove NamedTuple and dictify.
(ResourceCategory): Use frozen dataclass.
(ResourceCategory.dictify): Delete.
(Resource): Use frozen dataclass.
(Resource.dictify): Delete.
* gn_auth/auth/authorisation/resources/models.py: Delete dictify
import.
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py: Import asdict.
Remove dictify import.
(list_resource_categories): Replace dictify with asdict.
(create_resource): Ditto.
(view_resource): Ditto.
(__safe_get_requests_page__): Ditto.
* gn_auth/auth/authorisation/users/views.py:
(user_resources): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/privileges.py: Import dataclass. Remove
NamedTuple import.
(Privilege): Use frozen dataclass.
(Privelege.dictify): Delete.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict.
(group_privileges): Replace dictify with asdict.
(add_priv_to_role): Ditto.
(delete_priv_from_role): Ditto.
* gn_auth/auth/authorisation/resources/models.py:
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/system/views.py: Import
dataclasses.asdict. Remove dictify import.
(system_roles): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
(resources_authorisation): Ditto.
* gn_auth/auth/authorisation/roles/models.py: Remove dictify and
NameTuple import.
(Role): Use frozen dataclass.
(Role.dictify): Replace dictify(priv) with asdict(priv).
* gn_auth/auth/authorisation/roles/views.py: Import
dataclasses.asdict. Remove dictify import.
(view_role): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py:
(user_roles): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/models/oauth2client.py: Import
dataclass, cached_property and ClientMixin. Remove NamedTuple import.
(OAuth2Client): Use frozen dataclass and explicitly inherit from
ClientMixin.
(OAuth2Client.token_endpoint_auth_method): Make this a cached
property.
(OAuth2Client.client_type): Ditto.
(OAuth2Client.id): Ditto.
(OAuth2Client.grant_types): Ditto.
(OAuth2Client.redirect_uris): Ditto.
(OAuth2Client.response_types): Ditto.
(OAuth2Client.scope): Ditto.
(OAuth2Client.get_allowed_scope): Autopep-8 it.
(client): Autopep-8 it and use kw args for OAuthClient.
(client_by_id_and_secret): Ditto.
(oauth2_clients): Ditto.
(save_client): Ditto.
(delete_client): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclasses.asdict. Remove dictify import.
(GroupRole): Use frozen dataclass.
(GroupRole.dictify): Replace dictify(...) with self.role.dictify().
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_roles): Replace dictify with asdict.
(view_group_role): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/data/genotypes.py: Import
dataclasses.asdict.
(link_genotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/mrna.py: Import dataclasses.asdict.
(link_mrna_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/phenotypes.py: Import
dataclasses.asdict.
(link_phenotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclass.
(Group): Use frozen dataclass.
(Group.dictify): Delete.
(GroupRole.dictify): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict. Remove dictify import.
(list_groups): Replace dictify with asdict.
(create_group): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py: Import
dataclasses.asdict. Remove dictify import.
(user_details): Replace dictify with asdict.
(user_group): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/endpoints/introspection.py
(IntrospectionEndpoint.introspect_token): Replace token.get_scope()
with token.scope.
* gn_auth/auth/authentication/oauth2/models/oauth2token.py: Import
dataclass, TokenMixin and cached_property. Delete NamedTuple import.
(OAuth2Token): Use a frozen dataclass and explicitly inherit from
TokenMixin.
(OAuth2Token.expires_at): Make this a cached_property.
(OAuth2Token.check_client): Add the "# pylint ..." in it's own line.
Tested-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/users.py: Import dataclass. Remove
NamedTuple and Tuple import.
(User): Use a frozen dataclass.
(User.get_user_id): Delete.
(User.dictify): Ditto.
* gn_auth/auth/authorisation/data/views.py: Import dataclasses.dict.
(authorisation): Replace user._asdict() with asdict(user).
(metadata_resources): Ditto.
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_members): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/models.py: Import
dataclasses.asdict.
(assign_resource_user): Replace dictify(user) with asdict(user).
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/masquerade/views.py: Import
dataclasses.asdict.
(masquerade): Replace masq_user._asdict() with asdict(masq_user).
* gn_auth/auth/authorisation/users/views.py:
(list_all_users): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/endpoints/utilities.py
(query_token): Replace "if" with "match" syntax. Also, correctly
check for the "refresh_token".
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/models/authorization_code.py:
Import "monad_from_none_or_value".
(authorisation_code): Replace if branching for Nothing/Just check with "monad_from_none_or_value".
* gn_auth/auth/authentication/oauth2/models/oauth2token.py: Import
"monad_from_none_or_value".
(__token_from_resultset__): Replace if branching for Nothing/Just
check with "monad_from_none_or_value".
(token_by_access_token): Ditto.
(token_by_refresh_token): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/oauth2/models/authorization_code.py
(AuthorisationCode.__5_MINUTES__): Rename this to EXPIRY_IN_SECONDS.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
This improves readability.
* gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py
(AuthorisationCodeGrant.save_authorization_code): Use keyword arguments.
* gn_auth/auth/authentication/oauth2/models/authorization_code.py
(authorisation_code): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/db/protocols.py (DbCursor): Remove "raise" in DBCursor
Protocol. See:
<https://typing.readthedocs.io/en/latest/spec/protocol.html>
|
|
* gn_auth/auth/authorisation/data/views.py: (metadata_resources): New
end-point for authorising metadata data.
* gn_auth/auth/authorisation/resources/models.py: Import sqlite3.Row.
(__metadata_resource_data__): New function.
(__assign_resource_owner_role__): Add __metadata_resource_data__
to the "resource_data_function" map.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/data/views.py (authorisation): Fix typo.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
|
|
|
|
|
|
Handle the "NotFoundError" exception at the route level, since if we
do not, the application level handler takes over and simply returns a
JSON response with the details of the failure.
|