Paths

Table of Contentst

Differential D3996

auth: Add web UI for API bearer tokens management
ClosedPublic
Actions

Authored by anlambert on Sep 18 2020, 4:59 PM.

Details

Reviewers

ardumont

Group Reviewers

Reviewers

Maniphest Tasks

T2569: Add Web UI to generate and revoke bearer tokens

Commits

rDWAPPSc45a6af2f7e0: auth: Add web UI for API bearer tokens management

Summary

Add HTML view reachable from the /api/tokens URL enabling a logged in user
to generate, display or revoke bearer tokens for Web API authentication.

Once generated, each token will be encrypted based on user password and
stored to the webapp database.

Each token related action is also protected by the user password.

Below are some screenshots of the result:

Closes T2569

Diff Detail

Repository

rDWAPPS Web applications

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Sep 18 2020, 4:59 PM

Herald added a reviewer: Reviewers. · View Herald TranscriptSep 18 2020, 4:59 PM

Build has FAILED

Patch application report for D3996 (id=14081)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.

Changes applied before test

commit 0757f01b038f12d623818caf9534d6dacd0eea9c
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/376/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/376/console

Harbormaster failed remote builds in B15348: Diff 14081!Sep 18 2020, 5:07 PM

Update: Fix cypress tests

Build is green

Patch application report for D3996 (id=14086)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.

Changes applied before test

commit c7aa4b2f3d374e1161884ddf29db262d52569831
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/377/ for more details.

Harbormaster completed remote builds in B15353: Diff 14086.Sep 18 2020, 5:28 PM

lgtm

some questions/remarks inline.

cypress/integration/api-tokens.spec.js
84	Is there some `cypress` magic behing that setup call?
swh/web/auth/apps.py
9	is the `Swh` prefix necessary (we are already in an swh module)?
swh/web/tests/auth/test_views.py
342	"anonymous user with credentials should be refused access with forbidden response"
359	"user with correct credentials should be allowed access"...
371	"user with wrong credentials should be refused access with 401 invalid response" (or something ;)
381	"anonymous access should be refused with forbidden response"
412	"anonymous access should be refused with forbidden response"

This revision is now accepted and ready to land.Sep 21 2020, 5:46 PM

ardumont added inline comments.Sep 21 2020, 5:47 PM

swh/web/auth/utils.py
50	for the reference: https://cryptography.io/en/latest/fernet/

@ardumont, thanks for the review. I will update the diff according to your comments before landing this.

cypress/integration/api-tokens.spec.js
84	not really, it simply tests the UI and mock the generate token request
swh/web/auth/apps.py
9	Right, it can be removed

Update: Address @ardumont comments

Build is green

Patch application report for D3996 (id=14116)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.

Changes applied before test

commit c45a6af2f7e0805bca99c6c0661931cee87cd1c8
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/378/ for more details.

Harbormaster completed remote builds in B15382: Diff 14116.Sep 22 2020, 11:10 AM

Closed by commit rDWAPPSc45a6af2f7e0: auth: Add web UI for API bearer tokens management (authored by anlambert). · Explain WhySep 22 2020, 12:21 PM

This revision was automatically updated to reflect the committed changes.

anlambert added a commit: rDWAPPSc45a6af2f7e0: auth: Add web UI for API bearer tokens management.