Project 'uis/devops/iam/iar/backend' was moved to 'uis/devops/iar/backend'. Please update any links and bookmarks that may still have the old path.
- Jan 21, 2020
-
-
Dr Rich Wareham authored
Django 3.0 breaks iar-backend, fix the version to <3.0 Closes #96 See merge request !88
-
Dr Abraham Martin authored
-
- Nov 06, 2019
-
-
Robin Goodall authored
Replace authentication with Google OAuth2 and remove cruft Closes #91 and #88 See merge request !87
-
Dr Rich Wareham authored
We no-longer use hydra or lookupproxy so we can remove them from the docker-compose configuration along with the related support files.
-
Dr Rich Wareham authored
We had a number of customisations to the DRF YASG shipped swagger which we no-longer need as the later versions of Swagger UI shipped with DRF cover our needs adequately.
-
Dr Rich Wareham authored
The entire sphinx documentation was hilariously out of date with respect to our current practices. Rather than hacking it, remove it with an eye to replacing it with a better README and markdown formatted documentation.
-
Dr Rich Wareham authored
By including django social auth we no-longer need the use the legacy ucamwebauth protocol.
-
Dr Rich Wareham authored
Add the ability to authenticate to the application via Google OAuth2 (aka GSuite@Cambridge) by making use of the Django social auth library. We enable the option to associate users by email address since we have a large number of existing users in the application and an earlier migration has ensured they should have the correct email address associated with the account. In order to allow use of Google OAuth2 tokens with the API, we implement an "exchange" endpoint which can convert an access token from one of the Django social auth backends into an API token which can be passed to the API in the Authorization header. This is based on a pattern from the Django social auth docs [1]. The Swagger UI is updated to pre-populate the Google client id and correct scopes so that the token exchange can be performed in the Swagger UI. [1] https://python-social-auth.readthedocs.io/en/latest/use_cases.html#signup-by-oauth-access-token
-
Dr Rich Wareham authored
Instead of using OAuth2 to authenticate the API, use DRF's token-based authentication. This removes one place where we rely on hydra's Oauth2 implementation. The other place is the use of lookupproxy. Remove the dependence on lookupproxy and replace it with the use of the djang-ucamlookup wrappers in assets.lookup. This rendered a large number of formerly required settings useless so remove them. Update the tests to make use of token authentication instead of faking OAuth authentication and to mock the lookup wrapper functions.
-
Dr Rich Wareham authored
The filter defined for assets duplicated the "name" arguments. Modern versions of django-filters infer this from the name of the field in the class so the 2name" argument is unnecessary.
-
Dr Rich Wareham authored
The stats endpoint does not require authentication but this is not reflected in the generated Swagger. Annotate it appropriately.
-
Dr Rich Wareham authored
We will be removing lookupproxy so we want to make use of the Lookup client functionality provided by django-ucamlookup. This package assumes that usernames are crsids which is not the case in this application. Indeed it will continue not to be the case since we'll be moving to Django social auth which does not guarantee any particular form for the username. Instead, use the email address as the primary key for user identity. We can write a migration to migrate the existing "crisd+{crsid}" named users to have the right email address and Django social auth *will* set the email address properly for GSuite@Cambridge users. Users with email addresses of the form {crsid}@cam.ac.uk can have information returned from Lookup by parsing out the crsid. Add some utility functions which do so. We add a secrets.env template to the configuration so that a lookup group's credentials may be used ot use the lookup API from outside the CUDN.
-
Dr Rich Wareham authored
We are going to move to a world where email address is the primary key for a user. To this end, make sure that the existing "crsid+{crsid}" users have their emails set correctly. Django social auth will happily associate the Google sign in with these users if the email addresses match and we enable it in the social pipeline.
-
Dr Rich Wareham authored
The existing README linked to out-of-date test and code coverage and documentation which was no-longer being built. Remove most of the README and replace its contents. Note that this README is "forward-looking". It describes functionality which is added in later commits but it didn't seem worth writing a README for old-world and then immediately re-writing it.
-
- May 08, 2018
-
-
Mike Bamford authored
Re-work asset stats endpoint
-
- May 04, 2018
-
-
Dr Rich Wareham authored
Rather than having the stats endpoint split each count out separately by institution, gather them together as proposed in #84. Take the opportunity to make the serializer a little more sophisticated so that the asset count model is re-used between the "all" field and the "by_institution" field. Closes #84.
-
Dr Rich Wareham authored
As noted in #85, the stats endpoint was incorrectly counting deleted assets. Update the view to ignore deleted assets. Closes #85.
-
Dr Rich Wareham authored
Make the stats test a little more orthogonal by directly creating the Asset models rather than bouncing through the API.
-
- May 01, 2018
-
-
Rich Wareham authored
create a new stats endpoint
-
Dr Abraham Martin authored
-
Dr Abraham Martin authored
-
Dr Abraham Martin authored
-
Dr Abraham Martin authored
-
Dr Abraham Martin authored
It reports: Total number of assets Total number of assets completed Total number of assets with personal data Assets per department (total, completed, with personal data)
-
Rich Wareham authored
moved oauth related utilities to django-oauthcommon
-
Rich Wareham authored
-
- Apr 30, 2018
-
-
Mike Bamford authored
-
- Apr 27, 2018
-
-
Mike Bamford authored
-
- Apr 26, 2018
-
-
Dr Rich Wareham authored
According to the Django docs, accessing the body of a POST in middleware is verboten. Doing so is leading to django.http.request.RawPostDataException exceptions in production so remove it. [1] https://docs.djangoproject.com/en/dev/topics/http/middleware/#process-view
-
Rich Wareham authored
minor bugfixes
-
Dr Abraham Martin authored
-
Dr Abraham Martin authored
-
Dr Abraham Martin authored
add middleware to log HTTP 400 errors
-
Dr Rich Wareham authored
To aid in debugging, it is useful to log to the console the requests which cause HTTP 400 responses to be returned and the response body itself. Add a simple middleware which intercepts HTTP errors and logs the required information.
-
- Apr 24, 2018
-
-
Mike Bamford authored
-
- Apr 23, 2018
-
-
Dr Abraham Martin authored
explicitly set postgres image versions to match GCloud version
-
Dr Abraham Martin authored
-
- Apr 19, 2018
-
-
Mike Bamford authored
enable silk profiler
-
Mike Bamford authored
-
Mike Bamford authored
lookup.get_person_for_user: return cached result earlier
-