Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature(global): auth?!?! USER AUTHENTICATION?!?!?!?! (#1156)
* wip: setup redirecting and dummy token validation * wip: i believe i can do the full auth flow now * wip: playing around with oidc * wip: still working on authentication, oidc engulfs my mind this is fun but i have spent hours on this * wip: working on integrating all parts together * wip: started working on session middleware * wip: refactored requests helpers a little bit * wip: got some semblence of sessions working * feat: setup better errors for oidc and session * wip: playing with cookies * wip: ahhhhhhh * wip: started getting somewhere with token pair flow * wip: hooked up oidc checking/refreshing to the identity and userinfo * wip: worked on identity fetching and more route protecting * wip: made route to generate auth url * wip: login url is now generated by backend * wip: now verifying at_hash * wip: setup some dummy setup checking * fix: remove levenstein * wip: fixup after merge * wip: started refactor for new auth flow * wip: redesigned the session interface * wip: brainstorming new mongo and redis structure * wip: changed sids to uuids * wip: refactored session interface to check replay attack earlier * wip: started rewriting auth routes - identity * wip: wrote login route * wip: rewrote rest of the main auth routes * wip: the rewrite base flow works omg * fix: now deletes state cookie if invalid auth code given * wip: better error handling for logout * wip: address most todos in oidc/requests.py * wip: setup redis docker * wip: hooked up the session token part to redis * wip: started to refactor users db * wip: added session related collections * chore: fix up packages after rebase * wip: converted over refresh token storage to mongo * wip: finished converting all to mongo (first step) * fix: didnt realise pagination happened on ft search ugh i hate this * feat: ttl on redis session tokens wooo * feat: indexes on session collections mongo * feat: converted sids back to uuids * feat: fixed up validation for new user storage * wip: started integrating guest sessions * wip: started to refactor storage interface * wip: culled some interface functions * feat: GUEST SESSIONS (not in user layer yet) * wip: fixed up model props in anticipation for user overhall * wip: added user validation schema and collection typing * feat: created new user database helpers * wip: remove uid from models temporarily and fix pylint * wip: added new user storage setup on session creation * wip: db refactor - refactored out the redis connection * wip: db refactor - deleted storage.py and created all da helper files * wip: db refactor - remove cringe db helper prefixes * wip: db refactor - moved out mongo conns into new file * wip: db refactor - no more database.py * wip: db refactor - started combining init-mongo and init-sessionsdb * wip: db refactor - combined init sessionsdb * fix: remove nanoid and bring back old package-lock * wip: user routes refactor - underwrote old set and get * wip: user routes refactor - hooked up guest login and started with fixing edge cases of underwrite * wip: user routes refactor - fixed bugs with degree wizard and db helpers update success checks * wip: user routes refactor - fix for None marks * wip: frontend token refactor - re-setup guest login and id providing and refreshing * wip: frontend token refactor - created new redux slice for identity * wip: frontend token refactor - fixed any straggling old redux usage * wip: frontend token refactor - token param - addToUnplanned & removeCourse * wip: frontend token refactor - token param - setPlanned & setUnplanned & unschedule & unscheduleAll & ignoreFromProg * wip: frontend token refactor - token param - removeAll & validateTermPlanner * wip: frontend token refactor - token param - setupDegree & resetDegree * wip: frontend token refactor - token param - search & updateMark & validateCTF & toggleLocked * wip: frontend token refactor - token param - getUser * wip: frontend token refactor - token param - getUserDegree * wip: frontend token refactor - token param - getUserPlanner & getUserCourses & setIsComplete * wip: frontend token refactor - completely remove getToken * wip: frontend token refactor - setup identity provider and playing around with different refresh methods * wip: frontend token refactor - reworked token state checking and RequireToken * wip: frontend token refactor - Wrapped routes in RequiredToken and PreventToken * wip: frontend token refactor - fixed setup and reset on frontend * wip: frontend token refactor - fixed PreventToken temporarily * wip: frontend token refactor - remove Auth.tsx * wip: frontend token refactor - add back pagetemplate to Login.tsx * wip: frontend token refactor - create Logout page and fix up some query client invalidation * wip: frontend token refactor - fix bug with refreshing again * wip: fix up models after pydantic upgrade * fix: unplanned courses have null for unplanned * wip: moved all tokens to be passed via headers * feat: create connect function for mongodb conn * feat: replaced nodemon with uvicorn reload for better control of what reloads * feat: effectively removed init-mongo * fix: removed old collections * feat: new straight to uid route dependency * wip: minor route rename * fix: get rid of field since this is now inferred by the shape of the user * fix: added WWW-Authenticate headers to 401 errors * feat: delete all guest data on logout * feat: added dev flag to runserver.py so production dont reload * chore: relabeled all my todos lol * chore: forgor some * feat: setup secure cookies * fix: search bar quick add buttons not updating * feat: redis password * fix: fixed up login success page (i think idk auth is down) * chore: relabelled todos so i actually know when i need to do what * fix: dict() -> model_dump() * fix: removed the token state route in place for isSetup * wip: changed the isSetup error handling to use throwOnError * wip: added userinfo validation p1 * wip: fixed logout redirect and pondered on things * wip: playing around with diff refresh methods * wip: removed whacky thunks for refreshing * wip: change secure cookie prefix and trying out samesite strict * deps: fix after merge * fix: cookies now get deleted on secure mode * fix: rename session errors * wip: investigated sid and logout again * wip: more todo culling and cleanup * wip: converting over oidc config to be dynamic * fix: summer term off by default * fix: move oidc config into helper (kinda mid sol rn) * fix: changed logout to be post * wip: started working out the redirect behaviour of isSetup 401 * fix: useToken now can actually hit error boundary * fix: temporarily solved the redirection 401 conundrum * fix: delete init-mongo from docker-compose * fix: removed some debug token help * feat: made logout a bit more robust i guess * fix: forgot to remove a debug error in landingpage im dumb as hell * fix: oop forgot some more debug comments in IdentityProvider * fix: made the environment capture more explicit for run_app.py * fix: cleanup auth.py logout route a lil * fix: bug with double initial refresh and csesoc logins * fix: changed logout to use hard navigation for data clearing * fix: removed token playground * fix: deleted some unneeded user db helpers * feat: rewrote mongo setup a bit so that it doesnt drop users by default * feat: moved collection names to constants and renamed the dyn cols * feat: redis now gets cleared on startup * fix: made some mongo setup funcs exportable for testing purposes * fix: added redis reset to test clear helper * fix: tests can run locally now given you have env files * feat: backend can now run without fedauth credentials * update CI for testing with new stuff * update documentation * fix readme * fix: cleaned up various return values and files after PR review feedback - fixed return values of delete session and refresh token helpers - removed ideas.md file - changed oidc error string method to use tabs instead of spaces - renamed state cookie and its ttl constant * fix: droppped 'New' naming from collection variables * bump random thingo to remove high vuln * fix: explored better marker typing for models, found out pydantic is broken * fix: major issue of spelling raised by zax-xyz Co-authored-by: Michael Vo <zax@zaxu.xyz> * fix: cleaned up identity slice reducers and thrown errors on frontend As per Michael feedback! * fix: removed all the spreads on the withAuthorization, as per Michael feedback :) * fix: removed suppressed and mostRecentPastTerm to align with #1158 * feat: added new cli arg for deleting user data aswell, updated ci backend container to mirror prod but use this Also finally deleted init-mongo.dockerfile and init-database.py * fix: updated ci to use env script * fix: mypy issues with unsupported typing
- Loading branch information