-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revisited auth and user management endpoints #74
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initial pass, not tested, just styling/typing/convention review.
You said that
Inheritance is evil here, don't use it too much.
which is true, inheritance makes schemas much harder to read, but (sadly) I believe that it's the only way to have all schemas properly validated without deduplicating code.
Additionally I'd propose to add constraints on outgoing schemas. Example: UserItemResponseSchema
. There's no reason not to add more constraints in there, as they might catch uninitialized variables later down the development.
4fce838
to
6b5b91f
Compare
Agree that response schemas should also have non-nullable constraints. I found that some fields missed |
6654bcd
to
407b5ae
Compare
Migration tested using production database backup data: works well ✔️ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not tested, just styling/typing/convention review.
PR too big for me to approve PR (as I'm not familiar enough with project).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
github hard, I need to approve PR otherwise it won't merge ._.
name = fields.Str(required=True, allow_none=False) | ||
|
||
@validates("name") | ||
def validate_name(self, name): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated, but can we start addding type annotations to malwarecage? :duck001:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Along with Pydantic instead of Marshmallow? :duck001:
Co-authored-by: msm-code <msm@tailcall.net>
Your checklist for this pull request
REST API refactor checklist:
schema.py
to properschema/<endpoint group>.py
directoryRequest
andResponse
classes.missing key
,null
andempty string
could have different meaning:missing key
is viable for update requests when we don't want to set some attributes or want to use a defaultnull
is viable for nullable arguments, non-persisted in database. Can be used in the same meaning asmissing key
.empty string
can be used for persisted fieldsobj.data.get(...)
for required fields, useobj.data[...]
andmissing=
defaults in Schemadb.session.add(...)
for persistent object (objects that are not new, but fetched from database)What is the new behaviour?
/auth/profile
is used instead of/user/<current login>
for gathering current profile information./user/*
and/group/*
endpoints should be used only for user/group management./user/<login>
needsmanage_users
capability even if login matches the name of currently authenticated user/api_key/*
checks if provided id is correct UUID identifier/auth/register
request body schema:/user/{login}/change_password
moved fromauth.py
touser.py
(/user
prefixed, user management endpoint)/group/<name>
response schema (it returns information about single group, not all groups):POST/PUT /group/<name>
missing request body schemaPUT/DELETE /group/<name>
andPOST/PUT /group/<name>/member/<login>
POST/PUT /user/<login>
Test plan