Page MenuHomeSoftware Heritage

auth: Add web UI for API bearer tokens management
ClosedPublic

Authored by anlambert on Sep 18 2020, 4:59 PM.

Details

Summary

Add HTML view reachable from the /api/tokens URL enabling a logged in user
to generate, display or revoke bearer tokens for Web API authentication.

Once generated, each token will be encrypted based on user password and
stored to the webapp database.

Each token related action is also protected by the user password.

Below are some screenshots of the result:

Closes T2569

Diff Detail

Repository
rDWAPPS Web applications
Branch
api-tokens-ui
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 15348
Build 23637: Phabricator diff pipeline on jenkinsJenkins console · Jenkins
Build 23636: arc lint + arc unit

Unit TestsFailed

TimeTest
0 msJenkins > should report errors when token display failed::Tests / Cypress tests / Run cypress tests / Test API tokens UI should report errors when token display failed
AssertionError: Timed out retrying: expected '<input#swh-user-password-submit>' to be 'disabled' at displayToken (http://localhost:5004/__cypress/tests?p=cypress/integration/api-tokens.spec.js:189:41) at Context.eval (http://localhost:5004/__cypress/tests?p=cypress/integration/api-tokens.spec.js:207:5)
0 msJenkins > should report errors when token generation failed::Tests / Cypress tests / Run cypress tests / Test API tokens UI should report errors when token generation failed
AssertionError: Timed out retrying: expected '<input#swh-user-password-submit>' to be 'disabled' at generateToken (http://localhost:5004/__cypress/tests?p=cypress/integration/api-tokens.spec.js:151:41) at Context.eval (http://localhost:5004/__cypress/tests?p=cypress/integration/api-tokens.spec.js:163:5)
0 msJenkins > should report errors when token revoke failed::Tests / Cypress tests / Run cypress tests / Test API tokens UI should report errors when token revoke failed
AssertionError: Timed out retrying: expected '<input#swh-user-password-submit>' to be 'disabled' at revokeToken (http://localhost:5004/__cypress/tests?p=cypress/integration/api-tokens.spec.js:229:41) at Context.eval (http://localhost:5004/__cypress/tests?p=cypress/integration/api-tokens.spec.js:245:5)
217 msJenkins > .tox.py3.lib.python3.7.site-packages.swh.web.tests.admin.test_origin_save::Tests / Python tests / test_accept_pending_save_request
663 msJenkins > .tox.py3.lib.python3.7.site-packages.swh.web.tests.admin.test_origin_save::Tests / Python tests / test_add_authorized_origin_url
View Full Test Results (3 Failed · 587 Passed · 7 Skipped)

Event Timeline

Build has FAILED

Patch application report for D3996 (id=14081)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.
Changes applied before test
commit 0757f01b038f12d623818caf9534d6dacd0eea9c
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/376/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/376/console

Build is green

Patch application report for D3996 (id=14086)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.
Changes applied before test
commit c7aa4b2f3d374e1161884ddf29db262d52569831
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/377/ for more details.

ardumont added a subscriber: ardumont.

lgtm

some questions/remarks inline.

cypress/integration/api-tokens.spec.js
84

Is there some cypress magic behing that setup call?

swh/web/auth/apps.py
9

is the Swh prefix necessary (we are already in an swh module)?

swh/web/tests/auth/test_views.py
342

"anonymous user with credentials should be refused access with forbidden response"

359

"user with correct credentials should be allowed access"...

371

"user with wrong credentials should be refused access with 401 invalid response" (or something ;)

381

"anonymous access should be refused with forbidden response"

412

"anonymous access should be refused with forbidden response"

This revision is now accepted and ready to land.Sep 21 2020, 5:46 PM

@ardumont, thanks for the review. I will update the diff according to your comments before landing this.

cypress/integration/api-tokens.spec.js
84

not really, it simply tests the UI and mock the generate token request

swh/web/auth/apps.py
9

Right, it can be removed

Build is green

Patch application report for D3996 (id=14116)

Rebasing onto 626b1e5b75...

Current branch diff-target is up to date.
Changes applied before test
commit c45a6af2f7e0805bca99c6c0661931cee87cd1c8
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Sep 4 14:51:41 2020 +0200

    auth: Add web UI for API bearer tokens management
    
    Add HTML view reachable from the /api/tokens URL enabling a logged in user
    to generate, display or revoke bearer tokens for Web API authentication.
    
    Once generated, each token will be encrypted based on user password and
    stored to the webapp database.
    
    Each token related action is also protected by the user password.
    
    Closes T2569

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/378/ for more details.