desqol-authentication

This project provides an authentication service for the Erasmus+ DESQOL project.

The desqol-authentication server requires Python 3 and MongoDB.

Setup

Setup using Docker

docker-compose build
docker-compose up

#if you need a shell 
docker-compose run auth-server sh

The server is available on port 4000.

Setup on macOS without Docker

To install MongoDB:

brew tap mongodb/brew
brew install mongodb-community

To install Python 3 and the required libraries:

brew install pyenv
pyenv install 3.9.0
eval "$(pyenv init -)"
pyenv global 3.9.0
pip3 install -r requirements.txt

To start MongoDB:

brew services start mongodb/brew/mongodb-community

To start the server:

python3 run_server.py

The server is available on port 4000.

Setup on Windows without Docker

To install MongoDB:

• visit here
• username & domain as described here

To install Python 3 and the required libraries:

py -m pip install --user virtualenv
py -m venv env
.\env\Scripts\activate
pip install -r requirements.txt

To start MongoDB:

"C:\Program Files\MongoDB\Server\4.4\bin\mongo"

To start the server:

python3 run_server.py

The server is available on port 4000.

Whitelisting a User

To add a user to the whitelist with email address [email protected] and a gamify flag of false and not using gip stick (both these flags default to true):

python run_whitelist.py add [email protected] --no-gamify --no-gip

If a user is gip testing every day:
 
python run_whitelist.py add [email protected] --gamify --gip

If a user is gip testing 3 days week: 

python run_whitelist.py add [email protected] --gamify --gip3days

To list the users on the whitelist:

python run_whitelist.py list

Test the Server

You can run the automated tests using:

python run_test.py

Usage

To check that the server is running:

# locally
http://localhost:4000/desqol-auth/api

# or on production (no 'api' suffix) 
curl https://jira.itcarlow.ie/desqol-auth/

To register a new user:

curl -X POST http://localhost:4000/desqol-auth/api/registration -d '{"email":"[email protected]", "password":"pass", "displayName":"Mr. Foo Bar"}'


# or on production (no 'api' suffix) 
curl https://jira.itcarlow.ie/desqol-auth/registration -d '{"email":"[email protected]", "password":"pass", "displayName":"Mr. Foo Bar"}'

You need to whitelist email addresses before you can register them.

To login:

curl -X POST http://localhost:4000/desqol-auth/api/login -d '{"email":"[email protected]", "password":"pass"}'


# or on production (no 'api' suffix) 
curl https://jira.itcarlow.ie/desqol-auth/login -d '{"email":"[email protected]", "password":"pass"}'

This will return a token. To get all information regarding the current user:

curl -H "X-Token: YOUR_TOKEN_GOES_HERE" http://localhost:4000/desqol-auth/api/user

# or on production (no 'api' suffix) 
curl -H "X-Token:YOUR_TOKEN_GOES_HERE" https://jira.itcarlow.ie/desqol-auth/user

To logout:

curl -X POST -H "X-Token: YOUR_TOKEN_GOES_HERE" http://localhost:4000/desqol-auth/api/logout


# or on production (no 'api' suffix) 
curl -X POST -H "X-Token: YOUR_TOKEN_GOES_HERE" https://jira.itcarlow.ie/desqol-auth/logout

Tokens

A token is 64 hexadecimal digits, e.g., 8442f1b13728312fce04429fe90ac15235bbf2902f613f937880fff0728d56bb. A token expires and is intended to be short-lived. A token expires two hours after login, after a logout, or if there is another login from the same user, generating a new token.

add user scope in db, needed to download user event data

To grants user permission to download recordData table with email address [email protected]:

python grant_scope.py add [email protected]

To list the users and their permissions:

python grant_scope.py list