Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mc issue 310 refactor security #27

Merged
merged 6 commits into from
Jun 6, 2024
Merged

Mc issue 310 refactor security #27

merged 6 commits into from
Jun 6, 2024

Conversation

maxachis
Copy link

@maxachis maxachis commented Jun 3, 2024

Fixes

Description

  • Refactor is_valid and api_required to have more straightforward logic, utilize function extraction where possible, and replace magic numbers and magic strings with reusable constants and functions.
  • Add tests for both in middleware\test_security.py, providing 100% coverage.

Testing

  • ``middleware\test_security.py`

Performance

  • Additional test overhead -- 5 seconds on my computer

Docs

  • Not applicable.

@maxachis
Refactor helper_functions.py to generate a random email for test user…
4008157 
…s if not provided. Add function to create API key in the database.
@maxachis
Implemented various test cases to check the validity and expiration s…
988a3b4 
…tatus of API keys, session tokens, and access tokens in the security middleware module.
@maxachis
Refactor security middleware to improve readability and efficiency in…
e05622b 
… handling API key validation and user roles.
@maxachis
Merge remote-tracking branch 'Data-Sources-App-V2/dev' into mc_issue_…
4b40a16 
…310_refactor_security

# Conflicts:
#	tests/helper_functions.py
@maxachis
⚡️ Refactor and update security middleware and tests for API key vali…
6ca9cf8 
…dation and role checking.
@maxachis
Remove redundant NoAPIKeyError handling
12fbb30 
Removed redundant NoAPIKeyError handling in security middleware to improve code readability and maintainability.🛠️
@josh-chamberlain
Copy link

Nice. Another thing you might have missed from the early days, that I would like to put in your head, is that we would probably be better off with PBAC or ABAC than RBAC. It's early enough that we basically just have admins and everyone else, but worth knowing perhaps.

@maxachis
Copy link
Author

maxachis commented Jun 6, 2024

Nice. Another thing you might have missed from the early days, that I would like to put in your head, is that we would probably be better off with PBAC or ABAC than RBAC. It's early enough that we basically just have admins and everyone else, but worth knowing perhaps.

@josh-chamberlain Got it. Is this worth making an issue about and/or addressing in v2?

@maxachis maxachis merged commit 76e782e into dev Jun 6, 2024
8 of 10 checks passed
@maxachis maxachis deleted the mc_issue_310_refactor_security branch June 6, 2024 10:52
@josh-chamberlain
Copy link

@maxachis we don't have plans for too many complex/deep privileged actions, so there's not much to do yet (I don't think)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josh-chamberlain josh-chamberlain josh-chamberlain approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maxachis @josh-chamberlain