Authentication
- Concept
- Configuration
- Default Privileges
By utilizing flask_security, a role based access control was added as an optional feature to secure the FACT GUI. The idea is to define a privilege to each functionality and link that privilege to a set of roles. E.g. let upload analysis and update analysis have the privilege submit. Then the endpoints /upload, /rest/firmware and all secondary paths require the submit privilege.
To ease the amount of configuration, this privilege can be applied to multiple roles as well as one or none role.
The standard browser interface is given an additional login/logout tab to enter username/password. Additionally an api key is generated for each user which can be used in the Authorization header field of a http request to authenticate against the REST-API.
