Skip to content
🔑 Authentication service for Wazo
Python Other
  1. Python 99.1%
  2. Other 0.9%
Branch: master
Clone or download
Latest commit 271ce6e Oct 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
alembic Fix down revision Oct 3, 2019
bin update SPDX-License-Identifier Jan 31, 2019
contribs alembic: read wazo-auth config file when upgrading Feb 2, 2018
debian use /run instead of /var/run Oct 10, 2019
etc use /run instead of /var/run Oct 10, 2019
integration_tests rename xivo-lib-rest-client Oct 15, 2019
templates password reset: fix english in email message Jun 27, 2019
wazo_auth use /run instead of /var/run Oct 10, 2019
.dockerignore add tox.ini Jul 28, 2015
.gitignore Revert "Revert "WAZO-67 refresh token"" Sep 10, 2019
AUTHORS group tests: use the ":" acl separator Jan 8, 2019
CHANGELOG.md doc: fix the refresh token delete API Oct 1, 2019
Dockerfile use /run instead of /var/run Oct 10, 2019
LICENSE copy the GPL licence from fossas github repo Sep 25, 2019
README.md Rename xivo_user to wazo_user Sep 26, 2019
alembic.ini
alembic_revision.sh update SPDX-License-Identifier Jan 31, 2019
bindep.txt re-introduce zuul Sep 19, 2019
requirements.txt rename xivo-lib-rest-client Oct 15, 2019
setup.cfg re-introduce zuul Sep 19, 2019
setup.py re-introduce zuul Sep 19, 2019
test-requirements.txt re-introduce zuul Sep 19, 2019
tox.ini re-introduce zuul Sep 19, 2019
zuul.yaml re-introduce zuul Sep 19, 2019

README.md

wazo-auth

Build Status FOSSA Status

A micro-service to create tokens, check ACLs and delete expired tokens

Usage

Launching wazo-auth

wazo_auth [--user <user>] --config <path/to/config/file>

Getting a token

curl -k -i -X POST -H 'Content-Type: application/json' -u "alice:alice" "https://localhost:9497/0.1/token" -d '{"backend": "xivo_user"}'

Retrieving token data

curl -k -i -X GET -H 'Content-Type: application/json' "https://localhost:9497/0.1/token/${TOKEN}"

Boostraping wazo-auth

In order to be able to create users, groups and policies you have to be authenticated. The bootstrap process allows the administrator to create a first user with the necessary rights to be able to add other users.

Preparing wazo-auth to be bootstrapped

To be able to bootstrap wazo-auth, you will have to enable the init plugin and create a key file in wazo-auth's HOME directory. This can be done using the wazo-auth-bootstrap command.

wazo-auth-bootstrap setup && systemctl restart wazo-auth

Bootstrapping wazo-auth

Once wazo-auth is ready to be bootstrapped, calling the init resource with a username, password and the content of the key file will create a new user. The username and password can then be used to create a token with the auth.# acl. This can be done using the wazo-auth-bootstrap command.

wazo-auth-bootstrap complete

This script will create a configuration file named /root/.config/wazo-auth-cli/050-credentials.yml containing all necessary information to be used from the wazo-auth-cli.

Docker

The wazopbx/wazo-auth image can be built using the following command:

% docker build -t wazopbx/wazo-auth .

To run wazo-auth in docker, use the following commands:

% docker run -p 9497:9497 -v /conf/wazo-auth:/etc/wazo-auth/conf.d/ -it wazopbx/wazo-auth bash
% wazo-auth [-df] [-u <user>] [-c <path/to/config/file>]

The wazopbx/wazo-auth-db image can be built using the following command:

% docker build -f contribs/docker/Dockerfile-db -t wazopbx/wazo-auth-db .

Configuration

The default config is /etc/wazo-auth/config.yml, you could override in /etc/wazo-auth/conf.d/

Enabling the users registration API

To enable the users registration (/users/register) API endpoint, add a file containing the following lines to the /etc/wazo-auth/conf.d directory and restart wazo-auth

enabled_http_plugins:
  user_registration: true

Running unit tests

apt-get install libldap2-dev libpq-dev python-dev libffi-dev libyaml-dev libsasl2-dev
pip install tox
tox --recreate -e py27

Running integration tests

You need Docker installed.

cd integration_tests
pip install -U -r test-requirements.txt
make test-setup
make test

Load testing

To test wazo-auth with ab

Dependencies

  • ab
apt-get update && apt-get install apache2-utils

Running the tests

with the following content in '/tmp/body.json'

{"backend": "wazo_user"}
ab -n1000 -c25 -A 'alice:alice' -p /tmp/body.json -T 'application/json' "https://localhost:9497/0.1/token"

This line will start 25 process creating 1000 tokens with the username and password alice alice

Adding a new database migration

To add a new migration script for the database use the following command from the root of the project:

% ./alembic_revision.sh ""

To add a new ACL migration script use the following command from the root of the project:

% ./alembic_revision.sh -a ""

Available ACL policies are:

  • wazo_default_admin_policy
  • wazo_default_user_policy

License

FOSSA Status

You can’t perform that action at this time.