From 0c6ccca5fac44ab40671627fd3181e9b138672fa Mon Sep 17 00:00:00 2001
From: Fabian Mastenbroek <mail.fabianm@gmail.com>
Date: Fri, 14 May 2021 15:17:49 +0200
Subject: api: Migrate to Auth0 for API authorization

This change updates the OpenDC API to use Auth0 for API authorization.
This removes the hard dependency on Google for logging into OpenDC and
simplifies implementation as we do not have to store user information
anymore, other than the user identifier.
---
 opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py        | 2 +-
 opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'opendc-web/opendc-web-api/opendc/api/v2/users')

diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py
index 0dcf2463..fe61ce25 100644
--- a/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py
+++ b/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py
@@ -20,7 +20,7 @@ def POST(request):
     request.check_required_parameters(body={'user': {'email': 'string'}})
 
     user = User(request.params_body['user'])
-    user.set_property('googleId', request.google_id)
+    user.set_property('googleId', request.current_user['sub'])
     user.set_property('authorizations', [])
 
     user.check_already_exists()
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py
index be3462c0..26ff7717 100644
--- a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py
+++ b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py
@@ -27,7 +27,7 @@ def PUT(request):
     user = User.from_id(request.params_path['userId'])
 
     user.check_exists()
-    user.check_correct_user(request.google_id)
+    user.check_correct_user(request.current_user['sub'])
 
     user.set_property('givenName', request.params_body['user']['givenName'])
     user.set_property('familyName', request.params_body['user']['familyName'])
@@ -45,7 +45,7 @@ def DELETE(request):
     user = User.from_id(request.params_path['userId'])
 
     user.check_exists()
-    user.check_correct_user(request.google_id)
+    user.check_correct_user(request.current_user['sub'])
 
     for authorization in user.obj['authorizations']:
         if authorization['authorizationLevel'] != 'OWN':
-- 
cgit v1.2.3


From 05d2318538eba71ac0555dc5ec146499d9cb0592 Mon Sep 17 00:00:00 2001
From: Fabian Mastenbroek <mail.fabianm@gmail.com>
Date: Fri, 14 May 2021 16:50:23 +0200
Subject: api: Remove user handling from OpenDC API server

This change removes any of the user handling and endpoints from the
OpenDC API server. The API server does not need to store user
information other than an identifier in the database.
---
 .../opendc-web-api/opendc/api/v2/users/__init__.py |  0
 .../opendc-web-api/opendc/api/v2/users/endpoint.py | 30 -----------
 .../opendc/api/v2/users/test_endpoint.py           | 34 -------------
 .../opendc/api/v2/users/userId/__init__.py         |  0
 .../opendc/api/v2/users/userId/endpoint.py         | 59 ----------------------
 .../opendc/api/v2/users/userId/test_endpoint.py    | 56 --------------------
 6 files changed, 179 deletions(-)
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/users/__init__.py
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/users/test_endpoint.py
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/users/userId/__init__.py
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/users/userId/test_endpoint.py

(limited to 'opendc-web/opendc-web-api/opendc/api/v2/users')

diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/__init__.py b/opendc-web/opendc-web-api/opendc/api/v2/users/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py
deleted file mode 100644
index fe61ce25..00000000
--- a/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py
+++ /dev/null
@@ -1,30 +0,0 @@
-from opendc.models.user import User
-from opendc.util.rest import Response
-
-
-def GET(request):
-    """Search for a User using their email address."""
-
-    request.check_required_parameters(query={'email': 'string'})
-
-    user = User.from_email(request.params_query['email'])
-
-    user.check_exists()
-
-    return Response(200, 'Successfully retrieved user.', user.obj)
-
-
-def POST(request):
-    """Add a new User."""
-
-    request.check_required_parameters(body={'user': {'email': 'string'}})
-
-    user = User(request.params_body['user'])
-    user.set_property('googleId', request.current_user['sub'])
-    user.set_property('authorizations', [])
-
-    user.check_already_exists()
-
-    user.insert()
-
-    return Response(200, 'Successfully created user.', user.obj)
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/test_endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/test_endpoint.py
deleted file mode 100644
index 13b63b20..00000000
--- a/opendc-web/opendc-web-api/opendc/api/v2/users/test_endpoint.py
+++ /dev/null
@@ -1,34 +0,0 @@
-from opendc.util.database import DB
-
-
-def test_get_user_by_email_missing_parameter(client):
-    assert '400' in client.get('/v2/users').status
-
-
-def test_get_user_by_email_non_existing(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value=None)
-    assert '404' in client.get('/v2/users?email=test@test.com').status
-
-
-def test_get_user_by_email(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
-    res = client.get('/v2/users?email=test@test.com')
-    assert 'email' in res.json['content']
-    assert '200' in res.status
-
-
-def test_add_user_missing_parameter(client):
-    assert '400' in client.post('/v2/users').status
-
-
-def test_add_user_existing(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
-    assert '409' in client.post('/v2/users', json={'user': {'email': 'test@test.com'}}).status
-
-
-def test_add_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value=None)
-    mocker.patch.object(DB, 'insert', return_value={'email': 'test@test.com'})
-    res = client.post('/v2/users', json={'user': {'email': 'test@test.com'}})
-    assert 'email' in res.json['content']
-    assert '200' in res.status
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/__init__.py b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py
deleted file mode 100644
index 26ff7717..00000000
--- a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py
+++ /dev/null
@@ -1,59 +0,0 @@
-from opendc.models.project import Project
-from opendc.models.user import User
-from opendc.util.rest import Response
-
-
-def GET(request):
-    """Get this User."""
-
-    request.check_required_parameters(path={'userId': 'string'})
-
-    user = User.from_id(request.params_path['userId'])
-
-    user.check_exists()
-
-    return Response(200, 'Successfully retrieved user.', user.obj)
-
-
-def PUT(request):
-    """Update this User's given name and/or family name."""
-
-    request.check_required_parameters(body={'user': {
-        'givenName': 'string',
-        'familyName': 'string'
-    }},
-                                      path={'userId': 'string'})
-
-    user = User.from_id(request.params_path['userId'])
-
-    user.check_exists()
-    user.check_correct_user(request.current_user['sub'])
-
-    user.set_property('givenName', request.params_body['user']['givenName'])
-    user.set_property('familyName', request.params_body['user']['familyName'])
-
-    user.update()
-
-    return Response(200, 'Successfully updated user.', user.obj)
-
-
-def DELETE(request):
-    """Delete this User."""
-
-    request.check_required_parameters(path={'userId': 'string'})
-
-    user = User.from_id(request.params_path['userId'])
-
-    user.check_exists()
-    user.check_correct_user(request.current_user['sub'])
-
-    for authorization in user.obj['authorizations']:
-        if authorization['authorizationLevel'] != 'OWN':
-            continue
-
-        project = Project.from_id(authorization['projectId'])
-        project.delete()
-
-    old_object = user.delete()
-
-    return Response(200, 'Successfully deleted user.', old_object)
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/test_endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/test_endpoint.py
deleted file mode 100644
index 4085642f..00000000
--- a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/test_endpoint.py
+++ /dev/null
@@ -1,56 +0,0 @@
-from opendc.util.database import DB
-
-test_id = 24 * '1'
-
-
-def test_get_user_non_existing(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value=None)
-    assert '404' in client.get(f'/v2/users/{test_id}').status
-
-
-def test_get_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
-    res = client.get(f'/v2/users/{test_id}')
-    assert 'email' in res.json['content']
-    assert '200' in res.status
-
-
-def test_update_user_missing_parameter(client):
-    assert '400' in client.put(f'/v2/users/{test_id}').status
-
-
-def test_update_user_non_existing(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value=None)
-    assert '404' in client.put(f'/v2/users/{test_id}', json={'user': {'givenName': 'A', 'familyName': 'B'}}).status
-
-
-def test_update_user_different_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'_id': test_id, 'googleId': 'other_test'})
-    assert '403' in client.put(f'/v2/users/{test_id}', json={'user': {'givenName': 'A', 'familyName': 'B'}}).status
-
-
-def test_update_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'_id': test_id, 'googleId': 'test'})
-    mocker.patch.object(DB, 'update', return_value={'givenName': 'A', 'familyName': 'B'})
-    res = client.put(f'/v2/users/{test_id}', json={'user': {'givenName': 'A', 'familyName': 'B'}})
-    assert 'givenName' in res.json['content']
-    assert '200' in res.status
-
-
-def test_delete_user_non_existing(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value=None)
-    assert '404' in client.delete(f'/v2/users/{test_id}').status
-
-
-def test_delete_user_different_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'_id': test_id, 'googleId': 'other_test'})
-    assert '403' in client.delete(f'/v2/users/{test_id}').status
-
-
-def test_delete_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value={'_id': test_id, 'googleId': 'test', 'authorizations': []})
-    mocker.patch.object(DB, 'delete_one', return_value={'googleId': 'test'})
-    res = client.delete(f'/v2/users/{test_id}', )
-
-    assert 'googleId' in res.json['content']
-    assert '200' in res.status
-- 
cgit v1.2.3