New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(auth): allow Auth0 as authentication server, after bulk user import #705
Conversation
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesFootnotes
|
…k with the legacy signup page contributes to #705.
## [1.55.62](v1.55.61...v1.55.62) (2023-09-05) ### Bug Fixes * **auth:** we need to create a /signup route for Auth0 => make it work with the legacy signup page ([d3e2592](d3e2592)), closes [#705](#705)
@julien-topcu Te sens pas obligé de faire une full review, mais je suis preneur de ton avis les changements et le mode opératoire que j'ai décris dans la description de cette PR, ainsi que tes réponses éventuelles aux questions ouvertes postées sur Notion, quand tu auras un peu de temps. Je laisse ce chantier en stand-by d'ici là, histoire d'éviter d'aller trop loin dans une direction potentiellement contre-productive. |
- argon2 ^0.31.0 → ^0.31.1, because we're developing an alternative: #705 - connect-mongo ^3.2.0 → ^5.0.0, because we're developing an alternative: #705 - formidable ^2.1.1 → ^3.5.1, because it breaks the build (cf #709 and #665) - mongodb 4.17.0 → 6.0.0, because we're not done yet on migrative callbacks to promises (cf #634 and #665) This partially reverts commit 43a63cf.
`$ npx npm-check-updates -u` Updates: - @applitools/eyes-cypress ^3.37.0 → ^3.38.0 - @cypress/code-coverage ^3.11.0 → ^3.12.0 - @types/node ^20.5.7 → ^20.6.0 - approvals ^6.2.1 → ^6.2.2 - cypress ^12.17.4 → ^13.1.0 - dd-trace ^4.14.0 → ^4.15.0 - eslint ^8.48.0 → ^8.49.0 Skipped updates: - argon2 ^0.31.0 → ^0.31.1, because we're developing an alternative: #705 - connect-mongo ^3.2.0 → ^5.0.0, because we're developing an alternative: #705 - formidable ^2.1.1 → ^3.5.1, because it breaks the build (cf #709 and #665) - mongodb 4.17.0 → 6.0.0, because we're not done yet on migrative callbacks to promises (cf #634 and #665)
This PR is now running in production, but without using Auth0 yet. |
Follow up of #705. May contribute to #669. Usage, from project root dir: ```sh $ mongoexport -d ${dbname} -c user --type=json --out ./prod-users.json-lines -u ${dbuser} -p ${dbpassword} $ node ./scripts/auth0/prepare-import-batches.js # => create files: `prod-users-*.for-auth0.json` $ ./scripts/auth0/import-prod-users.sh ```
…e-login everyday follow up for PR #705.
## [1.59.15](v1.59.14...v1.59.15) (2024-03-09) ### Bug Fixes * **auth:** try to refresh auth0 session silently, without having to re-login everyday ([c8fb684](c8fb684)), closes [#705](#705)
Fork of PR #593. May contribute to #669.
What does this PR do / solve?
Make Openwhyd more secure by delegating auth and user management to Auth0.
Overview of changes
When Auth0 env vars are provided, Openwhyd delegates the following features to Auth0:
Otherwise, the legacy auth and user management implementation is used, as currently.
How to test this PR?
Prerequisite
To do once for all:
env-vars-testing.conf
$ docker compose up --build --detach
$ make docker-seed
To repeat after each code change:
$ make dev
=> when you're done testing, don't forget to run
$ make down
.Bulk user import
scripts/auth0/.token
$ scripts/auth0/import-test-users.sh
Login+logout
admin
/admin
ordummy
/admin
Signup
adrien
), an email address and a passwordChange of email address
Once you're logged in:
Change of password
Once you're logged in:
Change of handle/username
Once you're logged in:
Account deletion
Once you're logged in:
TODO / probably worth doing before meging
To be done later
References and resources