-
-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(auth): allow Auth0 as authentication server, after bulk user imp…
…ort (#705) Fork of PR #593. May contribute to #669. ## What does this PR do / solve? Make Openwhyd more secure by delegating auth and user management to Auth0. ## Overview of changes When Auth0 env vars are provided, Openwhyd delegates the following features to Auth0: - login/logout - signup - password change (forgotten or not) - ... Otherwise, the legacy auth and user management implementation is used, as currently. ## How to test this PR? ### Prerequisite To do once for all: 1. setup a Auth0 account with a "user-password" auth database, with "usernames" login enabled 2. paste Auth0 credentials to `env-vars-testing.conf` 3. (re)start openwhyd + db in docker: `$ docker compose up --build --detach` 4. seed test users: `$ make docker-seed` To repeat after each code change: 3. (re)start openwhyd + db: `$ make dev` => when you're done testing, don't forget to run `$ make down`. ### Bulk user import 1. copy-paste [this token](https://manage.auth0.com/dashboard/eu/dev-vh1nl8wh3gmzgnhp/apis/management/explorer) to file: `scripts/auth0/.token` 2. run `$ scripts/auth0/import-test-users.sh` 3. check that users are imported: [Users](https://manage.auth0.com/dashboard/eu/dev-vh1nl8wh3gmzgnhp/users) + [Logs](https://manage.auth0.com/dashboard/eu/dev-vh1nl8wh3gmzgnhp/logs) ### Login+logout 1. open http://localhost:8080 2. click on "log in" => you're redirected to auth0's login page 3. login with `admin`/`admin` or `dummy`/`admin` 4. back on openwhyd, logout ### Signup 1. open http://localhost:8080 2. click on "sign up" => you're redirected to auth0's signup page 3. submit a username (e.g. `adrien`), an email address and a password 4. back on openwhyd, logout 6. follow the "login+logout" procedure (above), to check that you can login with username or email ### Change of email address Once you're logged in: 1. open http://localhost:8080/settings 2. change the email address 3. click "save changes", ignore the error message 4. check that the email address was updated, in [Auth0's user list](https://manage.auth0.com/dashboard/eu/dev-vh1nl8wh3gmzgnhp/users) ### Change of password Once you're logged in: 1. open http://localhost:8080/settings 2. click on the "password" tab 3. type the same password in the 3 fields (any valid value will do) 4. click "save changes" => a message tells you that you'll receive an email 6. logout 7. open the email, click the link, pick a new password 8. back on http://localhost:8080, login with your new password ### Change of handle/username Once you're logged in: 1. open http://localhost:8080/settings 2. type a username in the "Custom URL" field 3. click "save changes" 4. logout 5. login with your new username+password ### Account deletion Once you're logged in: 1. open http://localhost:8080/settings 2. click on "delete your account" and confirm 3. check that the user is not listed anymore in [Auth0's user list](https://manage.auth0.com/dashboard/eu/dev-vh1nl8wh3gmzgnhp/users) ## TODO / probably worth doing before meging - [ ] import users' Facebook id to Auth0 too, so users can still login to Openwhyd using their Facebook account, after migrating to Auth0 => we could delete all facebook-related code and possibly close #658. => test that it works as expected. ## To be done later - forward change of avatar to Auth0 ## References and resources - Auth0 [Application Details](https://manage.auth0.com/dashboard/eu/dev-vh1nl8wh3gmzgnhp/applications/87WcUOdE9SGegwDcZfPRdl4Kw3T21pqs/settings) - npm package used for auth: [express-openid-connect](https://auth0.github.io/express-openid-connect/) - API reference of npm package used for other operations: [node-auth0](https://auth0.github.io/node-auth0/index.html)
- Loading branch information
1 parent
254f301
commit a65723f
Showing
21 changed files
with
2,002 additions
and
216 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,7 @@ | |
.gitignore | ||
.git | ||
.env | ||
.token | ||
.port | ||
.DS_Store | ||
Dockerfile | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
.env | ||
.token | ||
.port | ||
.idea | ||
.DS_Store | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.