Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloud.gov login integration #35

Merged
merged 35 commits into from
Mar 4, 2024
Merged

cloud.gov login integration #35

merged 35 commits into from
Mar 4, 2024

Conversation

akuny
Copy link
Contributor

@akuny akuny commented Feb 21, 2024

Changes

  • Add integration with cloud.gov identity provider to protect Flask routes that concern application logic
  • Authentication dependencies are isolated to a AuthenticationImplementation class
  • Add User domain entity, SQLAlchemy model, database migration

Considerations

  • No role-based authorization logic yet. Since there are two distinct user roles, each with a distinct set of needs, I was thinking we could build this out simply using a "role" attribute on the User entity
  • As a consequence of the point above, users are not assigned a role upon registration at this time
  • Having to go through MFA for local development has been not-ideal but there are apparently some workarounds to consider
  • We could also use login.gov's sandbox environment as a second oauth provider

akuny added 26 commits February 9, 2024 13:31
@akuny
Begin refining frontend
05f4364
@akuny
Merge branch 'main' into styles
a6b2935
@akuny
Continue fleshing out frontend
84ce652
@akuny
Merge main
8863209
@akuny
Fix template errors
37a604a
@akuny
Working on individual report view
5cb9f7a
@akuny
Add grouping to table
6c42a90
@akuny
Refactor preact components
f12f72c
@akuny
Hack to change color of th and td els when sorted
f3f0e63
@akuny
Force styles
a129dc7
@akuny
Merge branch 'main' into styles
51180ed
@akuny
Adjustments
77f2620
@akuny
Use arrow function
64baaab
@akuny
Build out cloudgov oauth2 login logic
09c7066
@akuny
Remove unneeded dependency
ef72a1a
@akuny
Merge in frontend work
86bb8e4
@akuny
Remove cruft and test logout flow
08f7ab4
@akuny
Remove print statements and useless route
ffb1e20
@akuny
Remove cruft
ccf5a2b
@akuny
Remove some more cruft
d1060f6
@akuny
Deployment configuration
f6fd66c
@akuny
Update manifest.yml
70f9a1e
@akuny
Minimum viable styling for login/logout
d941421
@akuny
Add type annotation
51665df
@akuny
Add flask tests
401584b
@akuny
Remove unused code
315b7f5
@akuny akuny requested a review from danielnaab February 21, 2024 19:28
danielnaab
danielnaab reviewed Feb 22, 2024
View reviewed changes
Dockerfile
USER appuser
CMD ["/bin/sh", "./scripts/start_local.sh"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure on current best practices, but you could speed up the container start-up by precompiling the bytecode as the root user. https://kence.org/2022/05/23/python-bytecode-and-read-only-containers/

danielnaab
danielnaab approved these changes Feb 23, 2024
View reviewed changes
nad_ch/application/use_cases/auth.py

new_user = User(
email=email,
username=email.split("@")[0],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a separate user name? I might vote for omitting it. Or maybe this is a "display name"?

Also, I think this isn't a problem with the way the function is currently called, but I think the email address should probably be validated here.

@akuny akuny changed the title coud.gov login integration cloud.gov login integration Mar 4, 2024
@akuny akuny merged commit 2180570 into main Mar 4, 2024
1 check passed
@akuny akuny deleted the login-integration branch March 4, 2024 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielnaab danielnaab danielnaab approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@akuny @danielnaab