waqasbhatti / authnzerver Goto Github PK
View Code? Open in Web Editor NEWAn authentication-authorization server built on Tornado.
License: MIT License
An authentication-authorization server built on Tornado.
License: MIT License
In here:
authnzerver/authnzerver/actions/apikey.py
Line 155 in 8c4b4e2
consider encrypting the API key like we do the password (might make things slower though).
In here:
authnzerver/authnzerver/actions/apikey.py
Lines 246 to 252 in 8c4b4e2
We should:
Obviously we'll never log passwords or PII. Should log the errors, etc. though. Should also:
This won't use bootstrap or JS. Just Tornado templates, basic CSS and HTML, and normal POST/GET queries.
authnzerver/authnzerver/actions/user.py
Lines 65 to 74 in 8c4b4e2
This will use the Tornado OAuth2, GoogleAuthMixin and TwitterAuthMixins to support for:
Should figure out how to do a client redirect bit and put that into the example as well.
[W 200703 08:06:34 user:223] [6kD6rhaNw3kZH3s-] Password for new account with email: 497a592fa499aa87 matches FQDN (similarity: 9.5), their name (similarity: 52.6), or their email address (similarity: 21.4).
[E 200703 08:06:34 user:813] [6kD6rhaNw3kZH3s-] User creation request failed for email: 497a592fa499aa87. The password provided is not secure.
[I 200703 08:06:34 web:2246] 200 POST / (172.20.0.12) 132.95ms
[W 200703 08:10:36 user:171] [D2OQzoBih0lfKrmz] Password for new account with email: 973fc743a79a211a is too short (9 chars < required 12).
[W 200703 08:10:36 user:223] [D2OQzoBih0lfKrmz] Password for new account with email: 973fc743a79a211a matches FQDN (similarity: 9.5), their name (similarity: 52.6), or their email address (similarity: 20.7).
[E 200703 08:10:36 user:813] [D2OQzoBih0lfKrmz] User creation request failed for email: 973fc743a79a211a. The password provided is not secure.
[I 200703 08:10:36 web:2246] 200 POST / (172.20.0.12) 98.45ms```
This will go here:
authnzerver/authnzerver/actions/session.py
Lines 454 to 456 in 8c4b4e2
The use-case is to support a "delete all my other sessions" function (we'll have an optional payload key for the current session token if called by a user themselves so they don't delete their current session). And also to clear all sessions for a user who must be locked everywhere.
Collecting useful links:
Also add a check for authdb emptiness if the DB URL is provided and do autosetup if it's empty.
The list of environ vars to add awareness of (from deploy/authnzerver-environ.conf):
# listen address and port settings
AUTHNZERVER_PORT={{ authnzerver_listenport }}
AUTHNZERVER_LISTEN={{ authnzerver_listenaddr }}
# secret token and authentication DB URL
AUTHNZERVER_SECRET={{ authnzerver_secretkey }}
AUTHNZERVER_AUTHDB={{ authnzerver_authdb }}
# cache and base directory locations
AUTHNZERVER_CACHEDIR={{ authnzerver_cachedir }}
AUTHNZERVER_BASEDIR={{ authnzerver_basedir }}
# session expiry time in days and session cookie name
AUTHNZERVER_SESSIONEXPIRY={{ authnzerver_sessionexpiry }}
AUTHNZERVER_SESSIONCOOKIE={{ authnzerver_sessioncookiename }}
# email settings for sending emails to users
AUTHNZERVER_EMAILSENDER={{ authnzerver_emailsender }}
AUTHNZERVER_EMAILSERVER={{ authnzerver_emailserver }}
AUTHNZERVER_EMAILPORT={{ authnzerver_emailport }}
AUTHNZERVER_EMAILUSER={{ authnzerver_emailuser }}
AUTHNZERVER_EMAILPASS={{ authnzerver_emailpass }}
This might be more suited for the LCC-Server serving user_ids in JSON responses.
Maybe generate a permissions model from a provided JSON and a set of:
Stacktrace:
authnzerver_1 | [I 200706 09:12:11 web:2246] 200 POST / (172.31.0.16) 1740.56ms
authnzerver_1 | [E 200706 09:17:38 handlers:292] Failed to understand request.
authnzerver_1 | authnzerver.external.futures37.process._RemoteTraceback:
authnzerver_1 | """
authnzerver_1 | Traceback (most recent call last):
authnzerver_1 | File "/home/authnzerver/authnzerver/external/futures37/process.py", line 246, in _process_worker
authnzerver_1 | r = call_item.fn(*call_item.args, **call_item.kwargs)
authnzerver_1 | File "/home/authnzerver/authnzerver/actions/user.py", line 994, in create_new_user
authnzerver_1 | pii_hash(rows['user_id'],payload['pii_salt']))
authnzerver_1 | TypeError: 'NoneType' object is not subscriptable
authnzerver_1 | """
authnzerver_1 |
authnzerver_1 | The above exception was the direct cause of the following exception:
authnzerver_1 |
authnzerver_1 | Traceback (most recent call last):
authnzerver_1 | File "/home/authnzerver/authnzerver/handlers.py", line 213, in post
authnzerver_1 | response = await loop.run_in_executor(
authnzerver_1 | TypeError: 'NoneType' object is not subscriptable
authnzerver_1 | [W 200706 09:17:38 web:2246] 400 POST / (172.31.0.16) 104.35ms
authnzerver_1 | [E 200706 09:21:12 handlers:292] Failed to understand request.
authnzerver_1 | authnzerver.external.futures37.process._RemoteTraceback:
authnzerver_1 | """
authnzerver_1 | Traceback (most recent call last):
authnzerver_1 | File "/home/authnzerver/authnzerver/external/futures37/process.py", line 246, in _process_worker
authnzerver_1 | r = call_item.fn(*call_item.args, **call_item.kwargs)
authnzerver_1 | File "/home/authnzerver/authnzerver/actions/user.py", line 994, in create_new_user
authnzerver_1 | pii_hash(rows['user_id'],payload['pii_salt']))
authnzerver_1 | TypeError: 'NoneType' object is not subscriptable
authnzerver_1 | """
authnzerver_1 |
authnzerver_1 | The above exception was the direct cause of the following exception:
authnzerver_1 |
authnzerver_1 | Traceback (most recent call last):
authnzerver_1 | File "/home/authnzerver/authnzerver/handlers.py", line 213, in post
authnzerver_1 | response = await loop.run_in_executor(
authnzerver_1 | TypeError: 'NoneType' object is not subscriptable
authnzerver_1 | [W 200706 09:21:12 web:2246] 400 POST / (172.31.0.16) 90.67ms
This will be used to lock users by:
This should go in actions.users.
This should be done by doing a async sleep until the time to sleep passes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.