Flask login #68

TheoLechemia · 2023-06-12T15:27:53Z

Utilisation de flask-login : corrige une faille de sécurité sur les cookie (#2574)
Ajout de la possibilité de passer le token d'authentification via le header HTTP Authorization Bearer
La route /login renvoie le token dans le body pour qu'il puisse être récupérer en frontend
Le support de l'authentification via cookie est maintenu (pour UsersHub)
Suppression de la fonctionnalité de renouvellement automatique du cookie (qui était non fonctionnelle depuis plusieurs versions)

codecov · 2023-06-12T15:30:50Z

Codecov Report

Attention: 41 lines in your changes are missing coverage. Please review.

Files	Coverage Δ
src/pypnusershub/db/models.py	`83.48% <100.00%> (+8.37%)`	⬆️
src/pypnusershub/schemas.py	`95.83% <100.00%> (+0.18%)`	⬆️
src/pypnusershub/test_settings.py	`100.00% <100.00%> (ø)`
src/pypnusershub/decorators.py	`29.41% <29.41%> (ø)`
src/pypnusershub/login_manager.py	`57.14% <57.14%> (ø)`
src/pypnusershub/routes.py	`67.85% <58.53%> (+45.03%)`	⬆️

... and 2 files with indirect coverage changes

📢 Thoughts on this report? Let us know!.

src/pypnusershub/tests/utils.py

src/pypnusershub/tests/fixtures.py

bouttier · 2023-10-05T21:08:21Z

src/pypnusershub/tests/fixtures.py

@@ -15,6 +17,12 @@
 }


+@pytest.fixture(autouse=True)


src/pypnusershub/tests/fixtures.py

requirements-dependencies.in

src/pypnusershub/db/models.py

bouttier · 2023-10-05T21:42:53Z

src/pypnusershub/decorators.py

+        def decorated_view(*args, **kwargs):
+            if not current_user.is_authenticated:
+                raise Unauthorized
+            if current_user.max_level_profil < level:


dépend de current_app

src/pypnusershub/tests/fixtures.py

bouttier · 2023-10-06T09:32:41Z

src/pypnusershub/routes.py

-            value=token,
-            expires=cookie_exp,
+            return Response(msg, status=400)
+        user = models.User.query.filter(models.User.identifiant == login).one()


Cool de plus utiliser AppUser, mais il me semble encore nécessaire de checker l’app et le profile associé non ?

- remove home made cookie management - support of HTTP Header JWT for authentification

TheoLechemia mentioned this pull request Jun 15, 2023

Cookie : paramètre Path toujours égal à "/" #69

Closed

TheoLechemia force-pushed the flask_login branch 8 times, most recently from 4ac6c53 to 008ed5b Compare September 18, 2023 09:33

bouttier reviewed Oct 6, 2023

View reviewed changes

TheoLechemia force-pushed the flask_login branch 9 times, most recently from 2ba8bfe to 1040edb Compare October 16, 2023 12:06

Swith to flask login

3238be3

- remove home made cookie management - support of HTTP Header JWT for authentification

TheoLechemia force-pushed the flask_login branch from 1040edb to 3238be3 Compare October 17, 2023 08:19

TheoLechemia and others added 3 commits October 18, 2023 15:51

load g.current_user via before_request

e02efeb

Changelog 2.0.0 - Review

a7ead1a

Changelog 2.0.0 - Layout

4d226eb

TheoLechemia merged commit d65526f into develop Oct 18, 2023
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Flask login #68

Flask login #68

TheoLechemia commented Jun 12, 2023 •

edited

Loading

codecov bot commented Jun 12, 2023 •

edited

Loading

bouttier Oct 5, 2023

bouttier Oct 5, 2023

bouttier Oct 6, 2023

TheoLechemia Oct 9, 2023

TheoLechemia Oct 10, 2023

Flask login #68

Flask login #68

Conversation

TheoLechemia commented Jun 12, 2023 • edited Loading

codecov bot commented Jun 12, 2023 • edited Loading

Codecov Report

bouttier Oct 5, 2023

Choose a reason for hiding this comment

bouttier Oct 5, 2023

Choose a reason for hiding this comment

bouttier Oct 6, 2023

Choose a reason for hiding this comment

TheoLechemia Oct 9, 2023

Choose a reason for hiding this comment

TheoLechemia Oct 10, 2023

Choose a reason for hiding this comment

TheoLechemia commented Jun 12, 2023 •

edited

Loading

codecov bot commented Jun 12, 2023 •

edited

Loading