Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: move authentification to the django api #2572

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

feat: move authentification to the django api #2572

wants to merge 5 commits into from

Conversation

jooola
Copy link
Contributor

@jooola jooola commented May 30, 2023
edited

Fixes #1788
Depends on #2523

Moves the authentication mechanism to the API.

  • Load the legacy login view, this sets an anonymous PHPSESSID
  • Call the API /api/v2/auth/login with the PHPSESSID and a JSON body with the credentials
  • The API then:
    • check the credentials as usual
    • creates a Django session
    • creates a Legacy session
      • find and reuse the anonymous PHP session data in the database
      • create a new legacy PHP session
      • regenerate the PHP session ID
      • delete the anonymous PHP session
    • returns the new PHPSESSID as cookie
  • the browser is now authenticated to the API and Legacy

@jooola jooola mentioned this pull request May 30, 2023
Merged
@jooola
Copy link
Contributor Author

jooola commented May 30, 2023
edited

This PR is still a WIP, but I'd be happy to have feedback whether this looks like a good idea.

I didn't get answers on #1788, so I thought I implement a POC, and show how easy (understand not dirty) this could be solved.

@jooola jooola force-pushed the api_auth branch 6 times, most recently from bce42d2 to fd330d7 Compare May 31, 2023 08:17
@codecov
Copy link

codecov bot commented May 31, 2023
edited

Codecov Report

Attention: 35 lines in your changes are missing coverage. Please review.

Comparison is base (7db7eb0) 70.30% compared to head (fd330d7) 71.30%.
Report is 1 commits behind head on main.

❗ Current head fd330d7 differs from pull request most recent head 12660a7. Consider uploading reports for the commit 12660a7 to get more accurate results

Files Patch % Lines
api/libretime_api/legacy/vendor/phpserialize.py 84.93% 25 Missing ⚠️
api/libretime_api/legacy/models.py 90.00% 5 Missing ⚠️
api/libretime_api/auth/apps.py 0.00% 4 Missing ⚠️
...i/libretime_api/legacy/vendor/phpserialize_test.py 98.30% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2572      +/-   ##
==========================================
+ Coverage   70.30%   71.30%   +1.00%     
==========================================
  Files         148      153       +5     
  Lines        4024     4280     +256     
==========================================
+ Hits         2829     3052     +223     
- Misses       1195     1228      +33
Flag Coverage Δ
api 92.79% <88.63%> (-1.00%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

paddatrapper
paddatrapper approved these changes Jun 12, 2023
View reviewed changes
Copy link
Contributor

@paddatrapper paddatrapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paddatrapper paddatrapper paddatrapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Move authentification to the django API
2 participants
@jooola @paddatrapper