Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PB-1124 Add django authentication and permission check to API #39

Merged
merged 1 commit into from
Nov 13, 2024
Merged

PB-1124 Add django authentication and permission check to API #39

merged 1 commit into from
Nov 13, 2024

Conversation

msom
Copy link
Contributor

@msom msom commented Nov 12, 2024

This adds a simple authentication to the API using the django (session) authentication and the django model permission and therefore the same restrictions as in the admin UI.

This PR also gets rid of the ninja test client, as this skips all middleware - probably anyway not a very good idea. Since API tests run slower now, I also added pytest-xdist to be able to test in parallel locally.

@msom msom force-pushed the feat-PB-1124-djang-permissions-in-api branch from b96f59d to e73055b Compare November 12, 2024 13:11
benschs
benschs approved these changes Nov 12, 2024
View reviewed changes
Copy link
Contributor

@benschs benschs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
I don't see how services authenticate to use the API. Is there a way to generate a JWT or use basic auth?

@msom
Copy link
Contributor Author

msom commented Nov 13, 2024

No, currently there is no possibility to use JWT or basic auth, as the context of this change is to use django access management to secure service-control in a first step. Once auth is working and authorization is discussed, we'll use the same pattern as in service stac (see PB-1124), hence replacing this (temporary) solution.

To use the service, the same authentication as with the admin UI is used (sessionid cookie), e.g.

curl --cookie sessionid=xyz -i http://127.0.0.1:8000/api/users

@msom msom force-pushed the feat-PB-1124-djang-permissions-in-api branch from e73055b to 1f8eab5 Compare November 13, 2024 06:31
boecklic
boecklic approved these changes Nov 13, 2024
View reviewed changes
Copy link

@boecklic boecklic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@msom msom merged commit c572950 into develop Nov 13, 2024
3 checks passed
@msom msom deleted the feat-PB-1124-djang-permissions-in-api branch November 13, 2024 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@boecklic boecklic boecklic approved these changes

@benschs benschs benschs approved these changes

@schtibe schtibe Awaiting requested review from schtibe

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@msom @benschs @boecklic