Page MenuHomeSoftware Heritage

auth: Add web UI for API bearer tokens management
ClosedPublic

Authored by anlambert on Sep 18 2020, 4:59 PM.

Details

Summary

Add HTML view reachable from the /api/tokens URL enabling a logged in user
to generate, display or revoke bearer tokens for Web API authentication.

Once generated, each token will be encrypted based on user password and
stored to the webapp database.

Each token related action is also protected by the user password.

Below are some screenshots of the result:

Closes T2569

Diff Detail

Repository
rDWAPPS Web applications
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Sep 18 2020, 4:59 PM

Build has FAILED

Patch application report for D3996 (id=14081)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.
Changes applied before test
commit 0757f01b038f12d623818caf9534d6dacd0eea9c
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/376/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/376/console

anlambert updated this revision to Diff 14086.Sep 18 2020, 5:21 PM

Update: Fix cypress tests

Build is green

Patch application report for D3996 (id=14086)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.
Changes applied before test
commit c7aa4b2f3d374e1161884ddf29db262d52569831
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/377/ for more details.

ardumont accepted this revision.Sep 21 2020, 5:46 PM
ardumont added a subscriber: ardumont.

lgtm

some questions/remarks inline.

cypress/integration/api-tokens.spec.js
85

Is there some cypress magic behing that setup call?

swh/web/auth/apps.py
10

is the Swh prefix necessary (we are already in an swh module)?

swh/web/tests/auth/test_views.py
343

"anonymous user with credentials should be refused access with forbidden response"

360

"user with correct credentials should be allowed access"...

372

"user with wrong credentials should be refused access with 401 invalid response" (or something ;)

382

"anonymous access should be refused with forbidden response"

413

"anonymous access should be refused with forbidden response"

This revision is now accepted and ready to land.Sep 21 2020, 5:46 PM
ardumont added inline comments.Sep 21 2020, 5:47 PM
swh/web/auth/utils.py
51

@ardumont, thanks for the review. I will update the diff according to your comments before landing this.

cypress/integration/api-tokens.spec.js
85

not really, it simply tests the UI and mock the generate token request

swh/web/auth/apps.py
10

Right, it can be removed

anlambert updated this revision to Diff 14116.Sep 22 2020, 11:03 AM

Update: Address @ardumont comments

Build is green

Patch application report for D3996 (id=14116)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.
Changes applied before test
commit c45a6af2f7e0805bca99c6c0661931cee87cd1c8
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/378/ for more details.

This revision was automatically updated to reflect the committed changes.