nefarioustim / cerberus-auth Goto Github PK

The Travis build should be updated to use the pre-built Docker image inline with docker-compose.yml. This should allow faster builds, since the image won't be built each time.

The Python API for Cerberus should provide a simple, predictable interface:

import cerberusauth

cerberus = cerberusauth.cerberus()
new_users = cerberus.registration.register_users({"email": "[email protected]"})

Add a namespace property to both Role and Permission models. This can be used to control domain specific roles and permissions.

Definition

Create internal models for:

• User
• Role
• Permission

Expected columns for models are as follows:

• User
  • email (required)
  • password_hash (required, derived)
  • fullname (required)
• Role
  • name (required)
  • description
  • enabled
• Permission
  • slug (required)
  • description
  • enabled

User.password_hash will be derived from a passed-in password string at point of creation.

Acceptance Criteria

• All models must contain created and modified UTC datetime fields.
• All models must contain an ID column, which will be generated on passing to storage.

A Repository object should implement CRUD actions for a model. The UserRepository should do this for User models.

UserRepository should have the following methods:

• save for saving models.
• delete for deleting models.
• get for getting individual models.
• count for counting stored models.

Repository objects should also allow batch actions.

As a user
I want a wrapper object for authorisation commands
So that my interface is intuitively grouped

All models should include a soft delete flag, so that deletes can be processed at a later date, allowing for a temporary period where undo is possible.

A Repository should contain methods that allow:

• Create
• Read
• Update
• Delete

Add a RegisterUsersCommand object that creates and stores a new User aggregate root. Should also be capable of storing multiple users.

Should expect user data to be passed in as dictionaries, and will only process valid dictionaries that contain an "email" key.

The service should include a standard Python logging instance, in order to allow various levels of logging throughout the service code.

Acceptance criteria:

• Allow logging instance to be functionally summoned, in order to avoid issues with modules, import context, and clashing logging instances.
• Provide logging configuration through a YAML file, whose location can be overridden from an ENV variable.
  • Will require inclusion of pyyaml dependency.
  • Ensure configuration allows control of what and where.

As a developer
I want CerberusAuth to be a nameko service
So that I can utilise the nameko microservice structure and extensions for access

As a service consumer
I want to be able to register new Users
So that I can provide user-specific auth

In order for proper API documentation to be generated, ReadTheDocs will need BCrypt and SQLAlchemy dependencies installed, which requires a conda build.

A Repository object should implement CRUD actions for a model. The RoleRepository should do this for Role models.

RoleRepository should have the following methods:

• save for saving models.
• delete for deleting models.
• get for getting individual models.
• count for counting stored models.

Repository objects should also allow batch actions.

Provide many-to-many relationships between User and Role, and Role and Permission. This should provide a means of accessing and managing children and parents.

As a user
I want a wrapper object for authentication commands
So that my interface is intuitively grouped

Create a RepositoryAdapter object specifically for SQLAlchemy.

SQLRepositoryAdapter will need to:

• Inherit from the RepositoryAdapterInterface.
• Implement all the methods from RepositoryAdapterInteface.
• Update entity or aggregate root with stored ID when relevant.

As a user
I want to authenticate a token
So that I can validate login state

Add a CreatePermissionCommand object that creates new permissions.

A Repository object should implement CRUD actions for a model. The PermissionRepository should do this for Permission models.

PermissionRepository should have the following methods:

• save for saving models.
• delete for deleting models.
• get for getting individual models.
• count for counting stored models.

Repository objects should also allow batch actions. This means the above methods should be able to take parameters representing multiple models.

Add a CreateRoleCommand object that creates new roles.

Create derivatives of internal models specifically for SQLAlchemy.

Models will need to override object attributes with Column definitions.

As a user
I want to be able to authenticate and receive a JWT
So that I can prove authentication on further requests

In order to store models, they should be converted into a datastore schema.

The scripts used to create a schema should be triggered using the correct storage strategy.