sartography
/
cr-connect-workflow
mirror of https://github.com/sartography/cr-connect-workflow.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,201 Commits 13 Branches 0 Tags 8.7 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
Aaron Louie faba0f55ab Adds AdminSession model and refactors impersonation methods to use it. 2020-07-30 12:40:53 -04:00
Aaron Louie 1b0ebecbf4 Uses Flask session to store impersonation state. 2020-07-30 10:17:02 -04:00
Aaron Louie 63537d7765 Adds is_admin boolean flag to user schema 2020-07-29 22:45:56 -04:00
Dan Funk 452f2c3723 Building out a user service for getting the current user, it will provide a number of functions, one of which will allow administrative users to impersonate other users in some circumstances (but will assure that we log events correctly when an impersonation occures) 2020-07-27 14:38:57 -04:00
Aaron Louie 1f454536e3 Renames TOKEN_AUTH_SECRET_KEY to SECRET_KEY 2020-07-10 11:26:15 -04:00
Aaron Louie 561e254315 Prevents non-admin users from editing each others' tasks. Fixes bug where test user uid was not being set from token. Moves complete form and get workflow API test utility methods into BaseTest. 2020-06-12 13:46:10 -04:00
Aaron Louie cccff9b856 Fixes broken unit tests. But still broken. 2020-06-11 11:29:58 -04:00
Dan Funk 148e86bb42 Building out the boilerplate code to make pushing forward on this a little friendlier. 
There is an approval api file, and approval model file and an approval test file.
 2020-05-22 18:25:00 -04:00
Dan Funk 992a85e9a5 Rough idea of what the Approvals model will look like. 2020-05-22 11:56:43 -04:00
Dan Funk f4342fc785 It became impossible to use the Swagger ui when we started adding authentication to all of the calls. I discovered Connexion and Swagger have a default way of handing JTW authentication and this cleans up our code quite a bit, moves the securing of endpoints into the API Definition, which is quite nice, and removes a whole library dependency (I never get to do that!) I added a SWAGGER_AUTH_KEY that can be used in non-production environments to allow users to quickly authenticate from the Swagger ui. I also removed all api calls to simple little happy api services, because that is just mean and pointless. 2020-03-24 14:15:21 -04:00
Aaron Louie 40e12f5ab5 Resolves marshmallow_sqlalchemy.ModelSchema deprecation warning 2020-03-16 13:37:31 -04:00
Aaron Louie 581434b453 Adds SSO header attributes 2020-02-20 15:43:29 -05:00
Dan Funk a642593e3d Adding support to handle Single Sign On (Shibboleth) authentication using Flask SSO and an attribute map that has worked in the past with UVA's implementation. Aside from the new user endpoint, nothing requires authentication, but soon everything will expect it. I'm setting up a backdoor we can use for development and staging that will cause a round-robin affair that should make this relatively painless. Dropped "RestException" as we had two ways or raising errors, and that was silly. 2020-02-18 16:38:56 -05:00