{
    "info": {
        "author": "Jonathan Schaeffer",
        "author_email": "jonathan.schaeffer@univ-grenoble-alpes.fr",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 4 - Beta",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
            "Natural Language :: English",
            "Operating System :: OS Independent",
            "Programming Language :: Python :: 3.6",
            "Programming Language :: Python :: 3.7"
        ],
        "description": "# Method /auth for EIDA authentication\n\nThis projects is the implementation of the `/auth` method as described in EIDA.\n\nInput : a signed token (validity will be checked by the program)\n\nOutput : a login and password in the `login:password` form\n\nThis login and password is valid for a certain amount of time (24h typically)\n\n## Playing around\n\n``` shell\npip install gunicorn httpie\ngunicorn --reload -w 1 eidaws_auth:auth\n```\nThen, to send a post request :\n\n``` shell\nhttp localhost:8000/version\nhttp POST localhost:8000 < token.asc\n```\n## Running tests\n\n``` shell\npip install -e .\npytest\n```\n\n\n## Configuration\n\nThe conifguration is set in the `eidawsauth/config.py` file.\n\nThere are 4 classes :\n- `Config` : the root class with some defaults\n- `Production` : the configuration suitable for production\n- `Test` : the configuration suitable for pytest\n- `Dev` : the configuration for the developpment environment\n\nYou can choose the configuration class by setting up the `RUNMODE` environment variable. Default value is DEVELOPMENT\n\n``` shell\nRUNMODE=PRODUCTION gunicorn -w 4 eidaws_auth:aut\n```\n\n## Database initialisation\n\n### User and minimum privileges\n\n``` sql\ngrant connect on database \"resifAuth\" to eidawsauth;\ngrant connect on database \"resifInv-Prod\" to eidawsauth;\n\\c \"resifAuth\"\ngrant select,insert,update,delete on table users,credentials TO eidawsauth ;\ngrant select,update on sequence  users_user_index_seq TO eidawsauth ;\n\\c \"resifInv-Prod\"\ngrant select,insert,update,delete on table eida_temp_users TO eidawsauth;\ngrant select on table networks to eidawsauth;\ngrant select,update on sequence aut_user_user_id_seq to eidawsauth ;\n```\n\n### Expected tables schema\n\n#### AUTHDB\nTable `users`:\nFrom the existing table, we have to add an `expires_at` column.\n\n``` sql\nalter table users add column if not exists expires_at timestamp default value null;\n```\n\nTable `credentials` :\nNo modification to the resifAuth schema\n\n#### PRIVILEDGEDB\nTable `aut_user`.\nNo modification to the resifInv-Prod schema.\n\n``` sql\n  Colonne   |  Type   | Collationnement | NULL-able |                Par d\u00e9faut                 | Stockage |\n------------+---------+-----------------+-----------+-------------------------------------------+----------+\n user_id    | integer |                 | not null  | nextval('aut_user_user_id_seq'::regclass) | plain    |\n network_id | bigint  |                 |           | 0                                         | plain    |\n network    | text    |                 | not null  |                                           | extended |\n start_year | integer |                 | not null  | 0                                         | plain    |\n end_year   | integer |                 | not null  | 0                                         | plain    |\n name       | text    |                 | not null  |                                           | extended |\nIndex :\n    \"aut_user_pkey\" PRIMARY KEY, btree (user_id)\n    \"uniq_aut_user\" UNIQUE CONSTRAINT, btree (network, start_year, end_year, name)\nContraintes de cl\u00e9s \u00e9trang\u00e8res :\n    \"aut_user_network_id_fkey\" FOREIGN KEY (network_id) REFERENCES networks(network_id) ON DELETE SET DEFAULT\n```\n\n\n# Explanations\n\nWhat does this program do ?\n\n## Steps\n\n0. Get all configurations and setup database connections\n1. Read the data from POST request\n   NOTE : We should put a size limit on the WSGI server\n2. Verify the token's signature using the geofon public key\n2. Parse the token's informations\n3. Compute a random login and password\n4. Register this in the resifAuth database, along with the `expires_at` value (24h)\n5. From the `member-of` field in the token :\n   - do the mapping from EPOS names to FDSN reference from the epos_fdsn table in the resifAuth database\n     the FDSN reference is the network name, startyear, endyear\n   - register the login along with the FDSN references and the expiration date in the resifInv-Prod database, table `access`\n6. Return the `login:password` to the client\n\n# Other methods\n\n## /version\n\nreturns the version number and environment string.\n\n## /cleanup\n\nRemove old users, credentials and privileges.\n\nIt's probably a good idea to protect this method at the webserver level.",
        "description_content_type": "text/markdown",
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://gitlab.com/resif/ws-eidaauth",
        "keywords": "",
        "license": "GPL-3.0",
        "maintainer": "Jonathan Schaeffer",
        "maintainer_email": "jonathan.schaeffer@univ-grenoble-alpes.fr",
        "name": "eidawsauth",
        "package_url": "https://pypi.org/project/eidawsauth/",
        "platform": "",
        "project_url": "https://pypi.org/project/eidawsauth/",
        "project_urls": {
            "Homepage": "https://gitlab.com/resif/ws-eidaauth"
        },
        "release_url": "https://pypi.org/project/eidawsauth/0.3.1/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "Implement /auth for EIDA",
        "version": "0.3.1"
    },
    "last_serial": 5540733,
    "releases": {
        "0.3.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "868156f2928f9986502071e9018ec340",
                    "sha256": "95268167b071ffc0fd39363079fe47f0117422ba2e28aefcff443121b0d729fa"
                },
                "downloads": -1,
                "filename": "eidawsauth-0.3.1.tar.gz",
                "has_sig": false,
                "md5_digest": "868156f2928f9986502071e9018ec340",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 7542,
                "upload_time": "2019-07-16T13:57:14",
                "url": "https://files.pythonhosted.org/packages/12/b5/9b7443d4a84c6b4acb1c44545519e8257048cdd9cfd690045273a7c96653/eidawsauth-0.3.1.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "868156f2928f9986502071e9018ec340",
                "sha256": "95268167b071ffc0fd39363079fe47f0117422ba2e28aefcff443121b0d729fa"
            },
            "downloads": -1,
            "filename": "eidawsauth-0.3.1.tar.gz",
            "has_sig": false,
            "md5_digest": "868156f2928f9986502071e9018ec340",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 7542,
            "upload_time": "2019-07-16T13:57:14",
            "url": "https://files.pythonhosted.org/packages/12/b5/9b7443d4a84c6b4acb1c44545519e8257048cdd9cfd690045273a7c96653/eidawsauth-0.3.1.tar.gz"
        }
    ]
}