-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Header auth #2586
Header auth #2586
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
... and 11 files with indirect coverage changes 📢 Thoughts on this report? Let us know!. |
13b8d3e
to
4631269
Compare
setToken(token, expireDate) { | ||
this._cookie.set('token', token, expireDate); | ||
} | ||
|
||
getToken() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getToken
ne m’a l’air plus utilisé et peut être supprimée
backend/geonature/tests/conftest.py
Outdated
@@ -1,2 +1,3 @@ | |||
# force discovery of some fixtures | |||
from .fixtures import app, users, _session | |||
from pypnusershub.tests.fixtures import _logout_user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from pypnusershub.tests.fixtures import _logout_user | |
from pypnusershub.tests.fixtures import teardown_logout_user |
Peut-être plus clair comme ça, ou alors logout_user_at_teardown
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Est-ce qu’on dit qu’à terme on supprime g.current_user
?
Dans ce cas on peut remplacer les if g.current_user is None
par if not current_user.is_authenticated
dans les autres décorateurs.
Mais j’ai tendance à me dire que l’avantage de g.current_user
, c’est que si on change de lib d’auth, on aura à modifier que load_current_user
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oui c'est peut être plus sur de continuer à utilser g.current_user
7d0dc69
to
f7609a4
Compare
c8d100a
to
6590f2e
Compare
- Use HTTP Header JWT for API auth - keep cookie auth for GN-Admin - bump usershub-auth submodule Co-authored-by: Élie Bouttier <bouttier@users.noreply.github.com>
6590f2e
to
9e19e0d
Compare
88a6f6b
to
4033f1d
Compare
Abandon du système d'authentification par cookie. Le token d'authentification (JWT) est maintenant passé dans chaque appel à l'API dans le header HTTP "Authorization Bearer". Il est aussi fourni par la route de
login
du sous module d'authentification et stocké dans le localStorage (voir : PnX-SI/UsersHub-authentification-module#64)Fix : #2161 #490 #2574