Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

REST API cookie authentication and refactor #250

Merged
merged 98 commits into from
Aug 24, 2022
Merged

REST API cookie authentication and refactor #250

merged 98 commits into from
Aug 24, 2022

Conversation

haasal
Copy link
Contributor

@haasal haasal commented May 30, 2022

Changes

The authentication method was changed to cookie authentication with jwt tokens.
The login router was completly changed and moved to /user.

OAuth scopes are included in the jwt token but scopes aren't implemented yet. This is why the check_authorization function was commented out instead of beeing removed. This is also why some unused imports aren't cleaned up yet.

I removed the secret key from the service class and moved it into the Settings class for the fastapi jwt package.
I also did some minor cleanup.

Reasoning

The package was used to increase security, decrease complexity and for ease of use.

The key is generated at runtime to decrease the security risk of accidently publishing it with the config file, decreasing the it's lifespan and enabling the possibilty to regenerate it during runtime in the future.

TODO

  • Authorization/scopes (if needed)
  • Reenabling csrf tokens and secure cookies in Settings class
  • Writing/adjusting tests

@haasal haasal requested review from giffels, maxfischer2781 and a team May 30, 2022 14:49
@lgtm-com
Copy link

lgtm-com bot commented May 30, 2022

This pull request introduces 7 alerts when merging c43aceb into d45425a - view on LGTM.com

new alerts:

  • 7 for Unused import

haasal added 19 commits May 31, 2022 08:30
@haasal
fix: reformat to satisfy flake8
8aabd14
@haasal
fix: second try at satisfying static check
5a7da54
@haasal
added myself as contributor
11135ef
@haasal
fix: remove get secret key tests as it isn't necessary to read it man…
6b2b905 
…ually anymore as it is automatically generated at runtime and then managed by fastapi_jwt_auth
@haasal
fix: delete create_access_token tests as they are generated automatic…
99534a3 
…ally by the jwt package + comment out the authorization tests as it isn't clear if authorization is needed for now
@haasal
fix: minor adjustements to reflect changed error codes
8f55982
@haasal
message: Non expiring tokens are a security risk and aren't really ne…
777a09f 
…eded anymore with the introduction of refresh tokens, which provide a much safer alternative
@haasal
switch machine
8afb278
@haasal
fix: rename test_login to test_user + adjusting test to new api
d533456
@haasal
todo: maybe make test independent of login
5c3c790
@haasal
fix: adjusting test_resources to new api
cc0e441
@haasal
fix: adjusting base test case routers to new api
ac23677
@haasal
todo: deleted obvious todo
f89b6f9
@haasal
chore: deleted generate_token cli as it was deemed obscolete
5427350
@haasal
chore: deleted generate_token tests
bba8c04
@haasal
fix: delete all traces of secret_key to fix test_service
3112ccf
@haasal
todo: do some refactoring in the future
01dfcaf
@haasal
refactor: move the test_user into the base test class
6ea50ab
@haasal
refactor: move login into base test class
0464c20
@haasal haasal requested a review from giffels August 19, 2022 14:23
@haasal haasal mentioned this pull request Aug 21, 2022
Draft
giffels
giffels requested changes Aug 23, 2022
View reviewed changes
Copy link
Member

@giffels giffels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would request only few minor modifications, before approval. Please, see inline comments. In addition, could you please remove drone_registry.db-shm and drone_registry.db-wal from the repe?

tardis/rest/app/routers/resources.py Outdated Show resolved Hide resolved
tardis/rest/app/routers/types.py Outdated Show resolved Hide resolved
tests/rest_t/app_t/test_security.py Outdated Show resolved Hide resolved
tests/rest_t/routers_t/test_resources.py Show resolved Hide resolved
giffels
giffels previously approved these changes Aug 23, 2022
View reviewed changes
Copy link
Member

@giffels giffels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for your work. This is now ready to merge.

mschnepf
mschnepf reviewed Aug 24, 2022
View reviewed changes
Copy link
Member

@mschnepf mschnepf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good just two open points, see review.

tests/rest_t/app_t/test_security.py Outdated Show resolved Hide resolved
tardis/rest/app/routers/resources.py Show resolved Hide resolved
@mschnepf mschnepf self-requested a review August 24, 2022 12:11
mschnepf
mschnepf approved these changes Aug 24, 2022
View reviewed changes
Copy link
Member

@mschnepf mschnepf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks you very much for all your work. 👍

giffels
giffels approved these changes Aug 24, 2022
View reviewed changes
Copy link
Member

@giffels giffels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go!

@giffels giffels merged commit cc13dfd into MatterMiners:master Aug 24, 2022
giffels added a commit to giffels/tardis that referenced this pull request Feb 24, 2023
@giffels
Add changelog for MatterMiners#250
2561154
@giffels giffels mentioned this pull request Feb 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giffels giffels giffels approved these changes

@mschnepf mschnepf mschnepf approved these changes

@maxfischer2781 maxfischer2781 Awaiting requested review from maxfischer2781

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@haasal @codecov-commenter @maxfischer2781 @giffels @mschnepf