Skip to content

C3-PRO/c3-pro-idm-service-py

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits

py

py

 
 

systemd

systemd

 
 

templates

templates

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

DEPLOY.md

DEPLOY.md

 
 

README.md

README.md

 
 

app.py

app.py

 
 

create_users.py

create_users.py

 
 

defaults.py

defaults.py

 
 

link_tests.py

link_tests.py

 
 

nginx-site.c3-pro-idm

nginx-site.c3-pro-idm

 
 

requirements.txt

requirements.txt

 
 

run_tests.sh

run_tests.sh

 
 

supervisor.c3-pro-idm.conf

supervisor.c3-pro-idm.conf

 
 

Repository files navigation

C3-PRO IDM Service (Python)

This is a Python-Flask and MongoDB-based backend service for the C3-PRO IDM frontend services, adhering to the IDM API spec. The server maintains its own user database and uses JWT (via Flask-JWT) for authorization.

User Management

In addition to the API endpoints defined by the IDM API spec, this service provides endpoints for user management.

Admin Setup

After installation, the /init endpoint will allow to create an admin users. It can be accessed without password as long as no admin user is present on the system.

Create Users

The /user endpoint will accept POST requests with the following payload, if a JWT bearer token belonging to an admin is provided. Note that usernames are supposed to be email addresses and will be used to reset passwords.

POST /user HTTP/1.1
Content-Type: application/json
Authorization: JWT eyJ0eXA...

{
    "username": "{user's email}",
    "password": "{password}",
    "admin": true/false
}

At this time there is no possibility to change usernames; create a new user instead. A DELETE request to the /user endpoint with a JSON containing username will delete this user, if signed with an admin JWT.

You can use the simple Python 3 script create_users.py contained in this repository to add users via the command line.

Password Reset

The user can navigate to the /iforgot endpoint, which will allow to reset one's password. This will trigger an email sent to the user's username, which contains a link to /reset with a one-time token. The reset screen allows to set a new password.

Authorization

To get a token, make a request to the /auth resource:

POST /auth HTTP/1.1
Content-Type: application/json

{
  "username": "john@doe.com",
  "password": "pass"
}

Installation

Our Flask app is a WSGI app for which we'll set up a virtual environment, which will be run by gunicorn which in turn will be kept running by supervisor.

Requests will be reverse proxied through Nginx.

See DEPLOY.md.

Starting the Server

Before launching you may want to configure the server. All default settings reside in defaults.py and this file is used if there is no settings.py. It's best if you create settings.py at the root directory yourself, import defaults at the top and then override whatever setting you want to customize. By default the server runs on port 9096.

In production it's best to let gunicorn take care of launching the web app. The following will run the app on 5 worker threads (appropriate for a dual-core machine) on port 9096:

gunicorn -w 5 app:app -b 0.0.0.0:9096

During development you can use:

python app.py

About

Python/Flask/MongoDB based IDM backend service

Topics

database c3-pro c3-pro-idm

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages