-
Notifications
You must be signed in to change notification settings - Fork 170
Conversation
Hello @BrnoPCmaniak! Thanks for updating the PR. Cheers ! There are no PEP8 issues in this Pull Request. 🍻 Comment last updated on September 25, 2017 at 16:40 Hours UTC |
50110fe
to
e47ccc8
Compare
from datetime import datetime, timedelta | ||
|
||
|
||
def generate_token_offline(username, jwt_secret, exp_delta=timedelta(days=14)): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The requirement we heard from users is that they want to generate tokens without having Pulp installed, so I think this function should go away and we need docs describing from a high level about how users can generate the JWT using non-pulp tools. Does that make any sense? I could also not be understanding this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ohhhhh this is in a Python codeblock and isn't actual code. This is perfect. Thank you!
2e7f8a9
to
b4339ca
Compare
Let me know if you need help with this, I've recently spent a bunch of time implementing JWT elsewhere. |
@mikeadamz Some help testing would be ideal. Overall we're looking for this PR to fulfill the use cases of the authentication portion of the MVP. Getting a Pulp3 vagrant environment going is what I recommend to test out pulp. Also here are some Pulp3 dev notes we maintain on the wiki. |
This contains the changes to the default HTTP adapter for the requests library proposed in GitHub pull request pulp#3109. Note that at this time, that pull request has not been accepted and is subject to change. In addition to the modified adapter, the Pulp streamer (and only the Pulp streamer) has been changed to use this adapter. Note this fix only works if urllib-1.16+ is used in conjunction with requests. closes pulp#1788
b4339ca
to
db6b2d6
Compare
The doc failure will be solved when pulp/pulp-ci#428 is merged. |
|
||
For using JWT tokens you have to set ``Authorization`` header as follows: | ||
:: | ||
Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNTAyMzgzMDExfQ.3ZpcclxV6hN8ui2HUbwXLJsHl2lhesiCPeDVV2GIbJg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are you using JWT
here? Typically I see Bearer
being used like on the jwt.io site.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@daviddavis It's the default value from the library they decided to use JWT
instead of Bearer
, which they originally used, to maintain compatibility with django-oauth2-provider
which also uses it. Source: jpadilla/django-rest-framework-jwt#4
A couple observations from testing. First, I assumed I could get a jwt token by using basic auth. However, it looks like I have to POST username and password. I think it would be handy to be able to use basic auth to get a jwt (but maybe not?). Maybe we can open a plan.io issue and worry about it later. Also, I get a 401 response when using an outdated jwt token (which I expect) but also a weird "Error decoding signature" error in the response body:
For basic auth when I use a bad username/password, I get something more expected:
Other than that, everything seems to work well. 👍 |
@daviddavis It was in the original MVP, but then we decided not to include it to maximize the usage of the library vs rewriting it. I wasn't present the decision so I'm not exactly sure. You can read more on it here: https://pulp.plan.io/issues/2359#note-11 |
ok test |
db6b2d6
to
a7fe25d
Compare
@daviddavis @bmbouter I changed the error message and even fixed a bug which I didn't know about (when a user that no longer exists try to login), But I have to add few things so if you could re-review it would be great. |
Retested and it works 👍 Any clue on the docs failure? |
The docs builder error is that the It looks like python3 is being used to build all docs environments. Adding jwt in as a dependency to install in that environment is probably what we need to do. The best thing to do is to have the setup.py build the environment so that we can stay DRY on these deps, but there are several issues preventing that from being done including:
For all of ^ reasons, I recommend:
|
I posted a PR that should fix the doc builders here: pulp/pulp-ci#434 |
ok test |
@@ -0,0 +1,9 @@ | |||
pulp.app.auth |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these need to be s/pulp/pulpcore/ right? Also the indention needs to line up too (iirc).
|
||
.. automodule:: pulpcore.app.auth | ||
|
||
pulp.app.auth.jwt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comments here as above.
ok test |
8 similar comments
ok test |
ok test |
ok test |
ok test |
ok test |
ok test |
ok test |
ok test |
I applied the changes to pulp_packaging and pushed them to Jenkins with JJB. One more test will show if it all works for realz. |
ok test |
The latest test passed so this is good to merge. @BrnoPCmaniak I think this is good to merge. It's pretty sweet so consider identifying that it's merged via a short note to pulp-dev and linking to the nightly docs whenever they get built. |
closes #2359
https://pulp.plan.io/issues/2359