Skip to content

Redesign Authentication Process#58

Merged
jb3 merged 14 commits into
mainfrom
token-expiry
Mar 6, 2021
Merged

Redesign Authentication Process#58
jb3 merged 14 commits into
mainfrom
token-expiry

Conversation

@HassanAbouelela
Copy link
Copy Markdown
Contributor

@HassanAbouelela HassanAbouelela commented Feb 12, 2021
edited
Loading

Description

This PR restructures the way we do authentication on the backend. The most notable changes are listed below, full changelog at the bottom.

Notable Changes

  • CORS has been implemented, with support for localhost, sentry and CF previews, and production (thanks to Bast and Lemon for helping bikeshed the regex).
  • JWT is no longer returned in authentication requests. It is now set as a cookie.
  • Backend no longer accepts JWT in requests, instead looks for a cookie.
  • Content of the JWT has been changed.

Reasoning

The choice to switch to cookies for authentication is mostly due to the ability to manually set and manipulate them from the backend, something that will be useful for routes that update user information, and alleviates the need to handle those changes on the frontend.

Moving admin logic to the authenticator is mainly done to allow the addition and removal of the permission, without requiring a token refresh.

Full Changelog

In addition to the changes listed above, the following changes have been made:

  • Added a token refresh route
  • Addition of a PRODUCTION env variable. Currently only needs to be set if you are running on HTTP.
  • Added allow credentials to CORS.
  • Added username and token expiry to the returns of the authorization route.
  • Added dynamic selection for OAuth redirect URIs.

@HassanAbouelela HassanAbouelela added area: authentication Code relating to authentication with the backend service, typically for admin only routes. P1 High priority tasks. type: feature A new feature that should be added to the application. labels Feb 12, 2021
@HassanAbouelela HassanAbouelela mentioned this pull request Feb 12, 2021
Merged
@HassanAbouelela
Adds Production Constant
7c01270 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Adds Token Refresh Route
7a16a6b 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Refreshes User Data On Form Submit
10a2afb 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Remove AuthorizationHeaders Class
839525e 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Adds CORS Rules
423a1bd 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Adds Expiry To Authorization Routes
f6b09f5 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Centralizes Admin Authentication
3c4f7e7 
Sets admin authentication on authenticator to allow the addition and
removal of admins without creating a new token.

Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela HassanAbouelela changed the title Adds Token Expiry Time To Auth Route Redesign Authentication Process Feb 20, 2021
@HassanAbouelela HassanAbouelela marked this pull request as ready for review February 20, 2021 01:26
@HassanAbouelela
Dynamically Selects OAuth Redirect URI
f90d0c7 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Merge branch 'main' into token-expiry
637d61e 
# Conflicts:
#	backend/routes/forms/form.py
#	backend/routes/forms/submit.py
@HassanAbouelela HassanAbouelela added P0 Critical priority tasks. and removed P1 High priority tasks. labels Feb 28, 2021
ks129
ks129 suggested changes Mar 1, 2021
View reviewed changes
Comment thread backend/authentication/user.py Outdated
Comment thread backend/discord.py
Comment thread README.md
@HassanAbouelela
Allows All CORS Requests On Development
c175279 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela
Make Admin Fetch Async
da41f25 
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela HassanAbouelela requested a review from ks129 March 1, 2021 14:00
jb3
jb3 requested changes Mar 6, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@jb3 jb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor things. Looks good otherwise.

Comment thread backend/__init__.py
Comment thread backend/authentication/backend.py Outdated
Comment thread backend/routes/auth/authorize.py Outdated
Comment thread backend/routes/auth/authorize.py Outdated
Comment thread backend/routes/auth/authorize.py Outdated
Comment thread backend/routes/forms/submit.py Outdated
HassanAbouelela and others added 2 commits March 6, 2021 22:42
@HassanAbouelela @jb3
Renames Token To token
0215429 
Changes the name for the token used to authorize with the backend.

Co-authored-by: Joe Banks <joseph@josephbanks.me>
@HassanAbouelela @jb3
Formats Authorize File
ca73008 
Cleans up the authorize file, and the __init__ to maintain the project's
 code style.

Co-authored-by: Joe Banks <joseph@josephbanks.me>
Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
@HassanAbouelela HassanAbouelela requested a review from jb3 March 6, 2021 19:50
jb3
jb3 approved these changes Mar 6, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@jb3 jb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit::shipit::shipit::shipit::shipit::shipit:

@jb3 jb3 merged commit 0f363c2 into main Mar 6, 2021
@jb3 jb3 deleted the token-expiry branch March 6, 2021 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jb3 jb3 jb3 approved these changes

@ks129 ks129 Awaiting requested review from ks129

Assignees

No one assigned

Labels

area: authentication Code relating to authentication with the backend service, typically for admin only routes. P0 Critical priority tasks. type: feature A new feature that should be added to the application.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@HassanAbouelela @jb3 @ks129