Development #7862: API to list/search/add users - Authentic 2 - Entr'ouvert Projects — Projets d'Entr'ouvert

Development #7862

API to list/search/add users

Added by Frédéric Péters about 4 years ago. Updated over 1 year ago.

Status:

Fermé

Priority:

Haut

Assignee:

Benjamin Dauvergne

Category:

Target version:

2.2.0

Start date:

16 Jul 2015

Due date:

16 Nov 2015

% Done:

100%

Patch proposed:

Yes

Planning:

Description

In Welco we are using authentic as the database of users, this requires API endpoints to list, search, and add users.

0001-wip.patch View (3.96 KB) Benjamin Dauvergne, 05 Nov 2015 10:11 AM

0001-api_urls-fix-regexs-7862.patch View (1.07 KB) Benjamin Dauvergne, 13 Nov 2015 11:03 AM

0002-api_views-pep8ness-7862.patch View (2.33 KB) Benjamin Dauvergne, 13 Nov 2015 11:03 AM

0003-api-new-user-API-7862.patch View (8.82 KB) Benjamin Dauvergne, 13 Nov 2015 11:03 AM

0004-add-new-API-tests-fixes-7862.patch View (131 KB) Benjamin Dauvergne, 13 Nov 2015 11:03 AM

0003-api-new-user-API-7862.patch View (8.95 KB) Benjamin Dauvergne, 16 Nov 2015 10:51 AM

Associated revisions

Revision 0e2b719f (diff)
Added by Benjamin Dauvergne almost 4 years ago

api_urls: fix regexs (#7862)

Revision 85d23524 (diff)
Added by Benjamin Dauvergne almost 4 years ago

api_views: pep8ness (#7862)

Revision 34354efb (diff)
Added by Benjamin Dauvergne almost 4 years ago

api: new user API (#7862)

You can list/add/change users. Security is enforced by basic authentication,
session authentication and role permissions:
- custom_user.view_user for listing,
- custom_user.add_user for creating,
- custom_user.change_user for updating,
- custom_user.delete_user for deleting.

Revision e9973387 (diff)
Added by Benjamin Dauvergne almost 4 years ago

add new API tests (fixes #7862)

Revision eae49803 (diff)
Added by Benjamin Dauvergne almost 4 years ago

add missing utils.py (fixes #7862)

Revision 9c5db6a7 (diff)
Added by Benjamin Dauvergne almost 4 years ago

tests: fix user listing API tests (#7862)

History

#1 Updated by Benjamin Dauvergne about 4 years ago

I would like to implement the SCIM 1.1 protocol, see http://www.simplecloud.info/specs/draft-scim-api-01.html , it seems adapted to our goal and not too complicated.

#2 Updated by Benjamin Dauvergne about 4 years ago

Target version set to future

#3 Updated by Benjamin Dauvergne almost 4 years ago

I started designing the thing there; http://git.entrouvert.org/authentic.git/log/?h=wip/scim11

#4 Updated by Frédéric Péters almost 4 years ago

Do note I no longer need it. (welco also needs to get some user information from wcs (current forms) so it was easier to go and take everything from wcs).

#5 Updated by Benjamin Dauvergne almost 4 years ago

Assignee set to Benjamin Dauvergne
Target version changed from future to 2.2.0
Priority changed from Normal to Haut

#7 Updated by Benjamin Dauvergne almost 4 years ago

Started, I need to look security mechanism from django-rest-framework to get something compatible with Publik of doing that (HMAC signature of URLs).

#8 Updated by Benjamin Dauvergne almost 4 years ago

File 0001-wip.patch View added

#9 Updated by Benjamin Dauvergne almost 4 years ago

Due date set to 16 Nov 2015

#10 Updated by Benjamin Dauvergne almost 4 years ago

File 0001-api_urls-fix-regexs-7862.patch View added
Patch proposed changed from No to Yes
File 0004-add-new-API-tests-fixes-7862.patch View added
File 0003-api-new-user-API-7862.patch View added
File 0002-api_views-pep8ness-7862.patch View added

L'API démarre à l'URL /api/users/ on peut y faire un POST du genre:

Content-Type: application/json

{
    "ou": "default",
    "phone": "97989898",
    "password": "joiewjfoiejwfoiewjf",
    "first_name": "Benjamin",
    "last_name": "Dauvergne" 
}

Et on recevra la réponse, pour l'instant le mot de passe est obligatoire, pour un compte "contact" y mettre simplement une chaîne aléatoire.

{
    "id": 12,
    "ou": "default",
    "adresse": "",
    "code_postal": "",
    "phone": "97989898",
    "password": "pbkdf2_sha256$15000$rV8T7ppVFGPz$e+hD9it0M8/acgpxd8xAD6ZXo8Xrjo7EJ3yiWxPzSqE=",
    "last_login": "2015-11-13T09:42:19.554696Z",
    "is_superuser": false,
    "uuid": "365c34d7339d4bd5ba47869465d74705",
    "username": null,
    "first_name": "Benjamin",
    "last_name": "Dauvergne",
    "email": "",
    "is_staff": false,
    "is_active": true,
    "date_joined": "2015-11-13T09:42:19.554933Z" 
}

La droits d'accès sont les mêmes que dans le /manage, "ou" est le slug de l'entité pas son id, l'authentification géré est pour l'instant HTTP Basic ou Session, l'authentification par signature arrive (ticket ouvert sur hobo).

#11 Updated by Benjamin Dauvergne almost 4 years ago

Status changed from Nouveau to En cours

#12 Updated by Benjamin Dauvergne almost 4 years ago

File 0003-api-new-user-API-7862.patch View added

Corrections:

ne pas créer la classe dérivée d'User dans un contexte global à car elle accède à la base (en mode multitenant ça ne marchera pas)
poser une limite de pagination par défaut de 10