{ "info": { "author": "Bhujay Kumar Bhatta", "author_email": "bhujay.bhatta@yahoo.com", "bugtrack_url": null, "classifiers": [], "description": "Please take a note on the change log in the bottom of the document in case you had used a previous version\n\nQuick Start\n=============================\n\t\n\tdocker run -p 5001:5001 bhujay/tokenleader\n\nto run in background \n\n\tdocker run -d -p 5001:5001 bhujay/tokenleader\n\nit is installed with default user use1 and password user1 \n\nonce it is running install the client in a venv and test the features . \nconsult the client installation doc https://github.com/microservice-tsp-billing/tokenleaderclient\n\n\nManual installation steps\n=================================\noptional Steps: \n-----------------------------------\n\t\n\tvirtualenv -p python3 venv \n\t\n\tsource venv/bin/activate \n\t\n\tpip install --upgrade pip \n\ninstalltion:\n-----------------------------\n\tpip install tokenleader ( create virtual env if required)\n\nrequired configurations\n========================\ncreate the following directories and files under /etc folder. \n\n1. ssh-keygen < press enter to select all defaults> \n2. /etc/tokenleader/tokenleader_settings.ini\n3. /etc/tokenleader/role_to_acl_map.yml\n4. /etc/tokenleader/client_configs.yml\n5. run tokenleader-auth - u - p --url localhost:5001\n\n\n\nsample configuration of each files\n=============================================================================\nconfigure the /etc/tokenleader/tokenleader_settings.ini\n=============================================================================\n \n sudo mkdir /etc/tokenleader\t\n\tsudo vi /etc/tokenleader/tokenleader_settings.ini\n\t\n\t[flask_default]\n\thost_name = localhost\n\thost_port = 5001\n\t# ssl not required since the production deployment will be behind the apache with ssl \n\t# This is required only when flask is started without apache for testing\n\t# put enabled for enabling ssl \n\tssl = disabled \n\tssl_settings = adhoc\n\t\n\t[token]\n\t# default will take the id_rsa keys from the users home directory and .ssh directiry\n\t# put the file name here if the file name is different\n\t#also the public ley need to be copied in the client settings file under /etc/tlclient\n\tprivate_key_file_location = default \n\tpublic_key_file_location = default\n\t#use full path when deployed with apache \n\t#private_key_file_location = /home/bhujay/.ssh/id_rsa\n\t#public_key_file_location = /home/bhujay/.ssh/id_rsa.pub\n\t\n\t[db]\n\t#change the database string as appripriate for your production environment\n\t#contributors are requested to put some more example here\n\tSQLALCHEMY_DATABASE_URI = sqlite:////tmp/auth.db\n\tSQLALCHEMY_TRACK_MODIFICATIONS = False\n\t\n/etc/tokenleader/role_to_acl_map.yml\n============================================================================================\n\t\n sudo mkdir /etc/tokenleader \n sudo vi /etc/tokenleader/role_to_acl_map.yml\n\t \n\t maintain at least one role and one entry in the following format \n\t \n\t\t- name: role1\n\t\t allow:\n\t\t - tokenleader.adminops.adminops_restapi.list_users\t\t \n\t\t \n\t\t- name: role2\n\t\t allow:\n\t\t - service1.third_api.rulename3\n\t\t - service1.fourthapi_api.rulename4\n/etc/tokenleader/client_configs.yml which holds the non secret configs about the client and looks as\n================================================================================================\nuser_auth_info_file_location: \nfernet_key_file: \ntl_public_key: copy the public key of the server and paste the key here \n \n sudo vi \n sudo vi /etc/tokenleader/client_configs.yml\n\n\t\tuser_auth_info_from: file # OSENV or file , leave it as file\n\t\tuser_auth_info_file_location: /home/bhujay/tlclient/user_settings.ini # change this location to users home dir \n\t\tfernet_key_file: /home/bhujay/tlclient/prod_farnetkeys\n\t\ttl_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYV9y94je6Z9N0iarh0xNrE3IFGrdktV2TLfI5h60hfd9yO7L9BZtd94/r2L6VGFSwT/dhBR//CwkIuue3RW23nbm2OIYsmsijBSHtm1/2tw/0g0UbbneM9vFt9ciCjdq3W4VY8I6iQ7s7v98qrtRxhqLc/rH2MmfERhQaMQPaSnMaB59R46xCtCnsJ+OoZs5XhGOJXJz8YKuCw4gUs4soRMb7+k7F4wADseoYuwtVLoEmSC+ikbmPZNWOY18HxNrSVJOvMH2sCoewY6/GgS/5s1zlWBwV/F0UvmKoCTf0KcNHcdzXbeDU9/PkGU/uItRYVfXIWYJVQZBveu7BYJDR bhujay@DESKTOP-DTA1VEB\n\t\tssl_verify: False # leave it as is \t\t\n\t\ttl_user: user1\n\t\ttl_url: http://localhost:5001\n\t\tssl_verify: False\n\n\n\nusers authentiaction information . The file is generated using an cli \n=================================================================================\n\n\t\ttokenleader-auth -p user1 \n\nthe file , /home/bhujay/tlclient/user_settings.ini , will be auto generated and will looks like this : \n\n\t\t[DEFAULT] \t\t \n\t\ttl_password = gAAAAABcYnpRqet_VEucowJrE0lM1RQh2j5E-_Al4j8hm8vJaMvfj2nk7yb3zQo95lBFDoDR_CeoHVRY3QBFFG-p9Ga4bkJKBw==\n\nnote that the original password has been encrypted before saving in the file. if the keyfile is lost or the \npassword is forgotten the file has to be deleted and recreated. Accordingly the users password in the \ntokenleader server also to be changed. \n\nTO set up the tokenleqder the following entities need to be registered in sequence \nfrom the root directory of tokenleader, change the name of org , ou , dept , wfc , role and user as per your need\n====================================================================================\n \n\t adminops -h provides help to understand the various options of admin function os tokenleader \n\t \n\t adminops initdb \n\t \n\t adminops add org -n org1 \n\t adminops add ou -n ou1 \n\t adminops add dept -n dept1 \n\t adminops addwfc -n wfc1 --wfcorg org1 --wfcou ou1 --wfcdept dept1 \t \n\t adminops list wfc -n wfc1\n\t adminops add role -n role1 \t \n\t adminops adduser -n user1 --password user1 --emailid user1 --rolenames role1 --wfc wfc1\n\t adminops addservice -n tokenleader --password tokenleader --urlint localhost:5001\n\nstart the service :\n==============================================================\n\t\n\ttokenleader-start\n\t\nTest it is working\n=======================================================\n\n\nCLI utilities \n====================================================================\nusing user name and password from config file \n\n\t\ttokenleader gettoken \n\t\t\nor username and password can be supplied theough the CLI \n\n\t\tgettoken --authuser user1 --authpwd user1\n\t\t\nOther CLI operaions \n\n\t\ttokenleader verify -t \n\t\ttokenleader list user\n \n \nPython client \n======================================================================================\nFrom python shell it works as follows:\n\n from tokenleaderclient.configs.config_handler import Configs \n\t\tfrom tokenleaderclient.client.client import Client \n\t\t\n\t\t\nthis will read the credentials from configurations file. Will be used for CLI. \n \n\t\tauth_config = Configs() \t\n\t\t\nthe user name and password will be taken from the input but rest of the settings will be from config files. \nThis will be used for browser based login \n\n\t\tauth_config = Configs(tlusr='user1', tlpwd='user1') \n\t\t\nInititialize the client with auth_config\n\t \n\t\tc = Client(auth_config)\n\t\tc.get_token()\n\t\t{'message': 'success', 'status': 'success', 'auth_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpYXQiOjE1NDk5NjcxODAsImV4cCI6MTU0OTk3MDc4MCwic3ViIjp7IndmYyI6eyJvcmd1bml0Ijoib3UxIiwibmFtZSI6IndmYzEiLCJkZXBhcnRtZW50IjoiZGVwdDEiLCJpZCI6MSwib3JnIjoib3JnMSJ9LCJlbWFpbCI6InVzZXIxIiwiaWQiOjEsInVzZXJuYW1lIjoidXNlcjEiLCJyb2xlcyI6WyJyb2xlMSJdfX0.gzW0GlgR9qiNLZbR-upuzgHMw5rOm2luV-EnHZwlOSJ-0kJnHsiiT5Wk-HZaqMGZd0YJxA1e9GMroHixtj7WJsbLLjhgqQ5H1ZprCkA9um6-vdkwAFVduWIqIN7S6LbsE036bN7y4cdgVhuJAKoiV1KyxOU1-Hxid5l3inL0Hx2aDUrZ3InzFKBw7Mll86xWdfkpHSdyVjVuayKQMvH2IdT3N15k4O2tSwV3t6UhG6MO0ngHFt3LFR471QWGzJ8UyRzqyqbheuk5vwPk684MfRclCtKx33LWAMf-HXQgVA2py_NzmEiY1ROsKmZqpbIO9YKIO_aFCmzB7DQSI8dcYg', 'service_catalog': {'tokenleader': {'endpoint_url_external': 'localhost:5001', 'endpoint_url_admin': None, 'id': 2, 'endpoint_url_internal': None, 'name': 'tokenleader'}, 'micros1': {'endpoint_url_external': 'localhost:5002', 'endpoint_url_admin': None, 'id': 1, 'endpoint_url_internal': None, 'name': 'micros1'}}}\n\t\tc.verify_token('eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpYXQiOjE1NDk5NjcxODAsImV4cCI6MTU0OTk3MDc4MCwic3ViIjp7IndmYyI6eyJvcmd1bml0Ijoib3UxIiwibmFtZSI6IndmYzEiLCJkZXBhcnRtZW50IjoiZGVwdDEiLCJpZCI6MSwib3JnIjoib3JnMSJ9LCJlbWFpbCI6InVzZXIxIiwiaWQiOjEsInVzZXJuYW1lIjoidXNlcjEiLCJyb2xlcyI6WyJyb2xlMSJdfX0.gzW0GlgR9qiNLZbR-upuzgHMw5rOm2luV-EnHZwlOSJ-0kJnHsiiT5Wk-HZaqMGZd0YJxA1e9GMroHixtj7WJsbLLjhgqQ5H1ZprCkA9um6-vdkwAFVduWIqIN7S6LbsE036bN7y4cdgVhuJAKoiV1KyxOU1-Hxid5l3inL0Hx2aDUrZ3InzFKBw7Mll86xWdfkpHSdyVjVuayKQMvH2IdT3N15k4O2tSwV3t6UhG6MO0ngHFt3LFR471QWGzJ8UyRzqyqbheuk5vwPk684MfRclCtKx33LWAMf-HXQgVA2py_NzmEiY1ROsKmZqpbIO9YKIO_aFCmzB7DQSI8dcYg')\n\t\t{'payload': {'iat': 1549967180, 'exp': 1549970780, 'sub': {'username': 'user1', 'roles': ['role1'], 'id': 1, 'email': 'user1', 'wfc': {'orgunit': 'ou1', 'id': 1, 'org': 'org1', 'department': 'dept1', 'name': 'wfc1'}}}, 'message': 'Token has been successfully decrypted', 'status': 'Verification Successful'}\n\t\t\n\n\nfor RBAC configure /etc/tokenleader/role_to_aclmap.yml\n============================================================================================\n\t\n sudo mkdir /etc/tokenleader \n sudo vi /etc/tokenleader/role_to_aclmap.yml\n\t \n\t maintain atleast one role and one entry in the follwoing format \n\t \n\t\t- name: role1\n\t\t allow:\n\t\t - tokenleader.adminops.adminops_restapi.list_users\t\t \n\t\t \n\t\t- name: role2\n\t\t allow:\n\t\t - service1.third_api.rulename3\n\t\t - service1.fourthapi_api.rulename4\n\n\t\tfrom tokenleaderclient.rbac.enforcer import Enforcer\n\t\tenforcer = Enforcer(c)\n\t\t\nHere c is the instance of Client() , the tokenleadercliet which we have initialized in the previous\nexample of python client. \n\nNow @enforcer.enforce_access_rule_with_token('rulename1') is avilable within any flask application \nwhere tokenleader client is installed. \n\n\n\nWhat it does \n===================================================================\ntokenleader has three simple operations:\n1) recieves users request , autehnticates her and provides a token which carries more users informations such as \n\ta) user's roles ( one user can have multiple roles, although most of the cases one will suffice) \n\tb) user is also mapped with a wfc ( work function context) \n\t wfc is a combination of organization name, organization unit name departname \n\nA typical token request call is : \n \n\tcurl -X POST -d '{\"username\": \"admin\", \"password\": \"admin\"}' \\\n\t-H \"Content-Type: Application/json\" localhost:5001/token/gettoken\n\nThe validity period of the token can be set through the settings.ini in future , currently it is fixed as one hour.\n\nBefore a token can be recived , user need to be registered in the token leader server following the steps shown \nlater section of this docuement.\n\n2) receives a token from user , can validate and unencrypt the users information. \n\n3) maintains a catalog for all the microservies . The entry for services , it includes service name ,\n servie account password ( we have to see if this is required at all) , url for the service endpoint.\n A client can query tokenleader by service name and will thus get the url for the service .\n \n For each service end point three url can be registered , one for internal , this is the default url .\n External url , when you want to segregate the users network from service network \n and another is admin network , which can be further separated from the above two network\n \n\ntoken can be used for authenticating an user wiithout the need for user to enter password \n\nTo verify token:\n \n \tcurl -H \"X-Auth-Token:\" localhost:5001/token/verify_token \n \t\n tokenleader has a client which is automatically installed with the server , this provides a python api for \n making hte call and verifying the token. The client also has the RBAC enforcer for authorization.\n read more about the client here -\n \n https://pypi.org/project/tokenleaderclient \n https://github.com/microservice-tsp-billing/tokenleaderclient \n \n \n Why token service and how it works\n ======================================================================================\n in situtaions where a service or a client need to make several http /REST call to an \n application/service(microservice)/server or to multiple applications/services/servers, \n sending the user name and password repeatedly over the http traffic is not desiarable, neither it is good\n to store the user name and password in servers session for a stateless application. In thses cases token based \n authentication helps.\n \n Once an user or service obtain a token, subsequent calls to the server or even to different servers can be made\n using the token instead of username and password. The server then will make a validation call to tokenleader for \n authentication and also will retrieve role name and wfc information. \n \n \n The information retrieved from the token leader then can be used by the server for granting proper authorization to the \n server resources . Therefore authentication is handled by the tokenleader application whereas the authorization is handled \n by the applicaion being served to the user. \n \n each application uses a local role to acl map. For each api route there is one acl name which either deny or permits the \n http call to the api route . further to control how much data to be given access to the user , the wfc details will be \n used for filtering the data query ( mainly data persistance and query)\n \n \n For the developer\n ==============================================================================================\n For authorization , there is a enforcer decorator to be used by each microservice . \n A sample microsdervice with this decoraator has been shown in micros1 repo . Any api route which is bind \n with this decorator will retrieve role and wfc from the tokenleader service. \n The role will be used by the decorator to compare with the local acl map yml file for allowing or denying the \n access to api route url. \n The wfc will be passed to the api route function for later usage by the function for database query filtering. \n The api route function must have a keyword argument 'wfc' for the enforcer decorator to work. \n \n Example : \n \n\t @bp1.route('/test1', methods=[ 'POST'])\n\t\t@authclient.enforce_access_rule_with_token(<'rulename'> )\n\t\tdef acl_enforcer_func_for_test(wfc=None):\n\t\t'''\n\t\tthe rule name in this case should be :\n\t\t'pkgname.modulename.classname.acl_enforcer_func_for_test'\n\t\tfor each api route functions the parameter wfc must be present\n\t\t'''\n\t\t msg = (\"enforcer decorator working ok with wfc org = {},\"\n\t\t \"orgunit={}, dept={}\".format(wfc.org, wfc.orgunit, wfc.department))\n\t\t \n\t\t return msg\n\t \nIn the above example, the decorator impose aceess control on the route /test1 . \n\nrole name for the user is retrived from the token leader , compared with the rule to acl map yml file \n(/etc/tokenleaderclient/role_acl_map_file.yml) which is maintained locally in the server where the service is running .\n\nthe role_to_acl_map file maps the api route function names to and looks like :\n- name: role1\n allow:\n - pkgname.modulename1.acl_enforcer_func_for_test\n - pkg1.module1.acl_enforcer_func_for_test\n \n check the sample data and test cases inside the tokenleaderclient for better understanding.\n tokenleader server ( this repo) it self uses the tokenleader client for enforcing the rbac for \n many api routes , for example adding users , listing users etc. Check the \n tokenleader/app1/adminops/adminops_restapi.py file to get a better understanding or mail me\n your query at bhujay.bhatta@yahoo.com\n \n \n\ndecorator alos retrived work function context for the user from tokenleader and passed it to \noriginal route function acl_enforcer_func_for_test . The route function mandatorily to have a \nparameter called wfc as argument for the wfc , to get the value from the decorator.\n\nnow within the acl_enforcer_func_for_test funtion , wfc attributes like org, orgunit and department is used\nto display a message. They actually to be used for database query filtering so that based on the work function\nuser is able to view only relevant information.\n\nList of api routes and their rules\n============================================================================\n1. /list/users acl rule name - tokenleader.adminops.adminops_restapi.list_users\n\n\n\n\n\n\n To check the database objects from shell, and to see that the relational properties are working properly \n use the follwoing : \n ==================================================\n\t /microservice-tsp-billing/tokenleader$ flask shell \n\tfrom app1.authentication import models \n\tfrom app1.authentication.models import User, Role, Workfunctioncontext, Organization, OrgUnit, Department \n\tr1 = Role.query.filter_by('role1').first() \n\tr1 = Role.query.filter_by(rolename='role1').first() \n\tr1 \n\t# \n\n\n\n\nTo generate token using curl : \n===================================================\n\n\tcurl -X POST -d '{\"username\": \"admin\", \"password\": \"admin\"}' \\\n\t-H \"Content-Type: Application/json\" localhost:5001/token/gettoken\n\nwhat you get from tokenleader:\n========================================\n\n\t{'service_catalog': { \n\t\t'microservice1': {'id': 1, \n\t\t\t\t\t\t\t'name': 'microservice1', \n\t\t\t\t\t\t\t'endpoint_url_external': 'localhost/5000', \n\t\t\t\t\t\t\t'endpoint_url_admin': 'localhost/5000', \n\t\t\t\t\t\t\t'endpoint_url_internal': 'localhost/5000'}}, \n\t'message': 'success', \n\t'auth_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpYXQiOjE1NDk4Njg5MDYsInN1YiI6eyJpZCI6MSwiZW1haWwiOiJ1MUBhYmMuY29tIiwicm9sZXMiOlsicm9sZTEiXSwid2ZjIjp7ImlkIjoxLCJuYW1lIjoid2ZjMSIsIm9yZyI6Im9yZzEiLCJvcmd1bml0Ijoib3UxIiwiZGVwYXJ0bWVudCI6ImRlcHQxIn0sInVzZXJuYW1lIjoidTEifSwiZXhwIjoxNTQ5ODcyNTA2fQ.BBtTUcu8kUz__sbHmC8sB111C4Yzk6Fth5DjOoLCCTygqDjj-gQOS3x6T7e8rpKmHtf0LrDWPWFCmhIIqD2I8DuK4U4b-Hk7gbKYIVsvqL3DksOVF2SSe_6v4nNbJR50Q8mYrYQz0yijj-KQHj0Gc1FVCaBSXeIbA-uAUmSpQKCBDRqJbayK85e4dSoILpKL_Q1_JT4qqM7OwnGq05akJrosohNGKxp46gBex9l5iTPkoRgvQk-p1H61MMTdLKZIr9CmjIReXBBzfla6LoX8Siur_Lb4o1r0PJUcok-w69h_QCEqLe9VX9e4zFWnXIpDj5nwKqnj0JRKNvMw5VTcHA', \n\t'status': 'success'} \n\n\n\nTo verify token: \n================================================\n\n \tcurl -H \"X-Auth-Token:\" localhost:5001/token/verify_token \n\nHow the verified toekn data looks like :\n===========================================================================\n\n\t{\n\t \"message\": \"Token has been successfully decrypted\",\n\t \"payload\": {\n\t \"exp\": 1549382308,\n\t \"iat\": 1549378708,\n\t \"sub\": {\n\t \"email\": \"u1@abc.com\",\n\t \"id\": 1,\n\t \"roles\": [\n\t \"role1\"\n\t ],\n\t \"username\": \"u1\",\n\t \"wfc\": {\n\t \"department\": \"dept1\",\n\t \"id\": 1,\n\t \"name\": \"wfc1\",\n\t \"org\": \"org1\",\n\t \"orgunit\": \"ou1\"\n\t }\n\t }\n\t },\n\t \"status\": \"Verification Successful\"\n\t}\n\n\n\nfor initial setup or when db model is changed\n===================================================================\nfor db migration \n\n\tflask db init \n\tflask db migrate -m < COMMENT > \n\tflask db upgrde \n\nif there is a change in db structure, and a migration is done , commit and push the migration directory to the git \nfrom the machine where migration was done. \n\nFor development machine with sqllite db , there are chalenges in migration due to lil8mitiaton of database\nalter capabilities inherent to sqllite. So sometimes , delelting the migration folder and and recreating a \nfresh migartion helped.\n\n\n\n\nDeployment\n===========================================\n\n\tsudo apt-get install -y apache2 apache2-dev\n\t\n\tsudo su \n\t\n\tsource venv/bin/activate\n\t\n\tpip install mod_wsgi\n\t \n\tmod_wsgi-express module-config\n\t \n\tmod_wsgi-express install-module\n\nthis will print the folowing lines : \t\nLoadModule wsgi_module \"/usr/lib/apache2/modules/mod_wsgi-py35.cpython-35m-x86_64-linux-gnu.so\" - copy this to wsgi.load\nWSGIPythonHome \"/mnt/c/mydev/microservice-tsp-billing/tokenleader/venv\" copy this to wsgi.conf \n\n\tvi /etc/apache2/mods-available/wsgi.conf\n\t\n\tvi /etc/apache2/mods-available/wsgi.load\n\t\n\tcd /etc/apache2/mods-enabled/\n\t\n\tln -s ../mods-available/wsgi.conf wsgi.conf\n\t\n\tln -s ../mods-available/wsgi.load wsgi.load\n\t\n\tsudo a2enmod ssl \n\t\n\tsudo mkdir /etc/apache2/ssl\n\t\n\tsudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\n\t -keyout /etc/apache2/ssl/tokenleader-apache-server.key \\\n\t -out /etc/apache2/ssl/tokenleader-apache-server.crt\n\t\n\t\n\tapachectl configtest \n\ndownload the copy of app.wsgi file and copy it in /var/www\ndownload the tokenleader-apache.conf , place it in /etc/apache2/sites-enabled/ and modify the \ndirectories and the username \n\nstart the apache service \n\n sudo service apache2 start\n \n\t\n \n \n \n https://pypi.org/project/mod_wsgi/\n \n important note : https://modwsgi.readthedocs.io/en/develop/user-guides/virtual-environments.html \n ===========================\n\t\n\n\n\ndevelopment\n===========================================================\n\nTesting \n===========================================================================\nclone from git and then run \n\n\tpython -m unittest discover tests \n\nto run single unit test \n \n\tpython -m unittest tokenleader.tests.unittests.test_admin_ops.TestAdminOps.test_abort_delete_admin_user_input_not_yes \n\nfor token generation and verification testing this is a useful test \n\n\tpython -m unittest tokenleader.tests.test_auth.TestToken.test_token_gen_n_verify_success_for_registered_user_with_role \n\n\nto test the db operation : \n========================================================================================\n\n\t(venv) bhujay@DESKTOP-DTA1VEB:/mnt/c/mydev/microservice-tsp-billing/tokenleader$ flask shell\n\t\n\tfrom app1 import db \n\tfrom app1.authentication.models import User, Role \n\tr1 = Role(rolename='role1') \n\tdb.session.add(r1) \n\tdb.session.commit() \n\t\n\tu = User(username='john', email='john@example.com') \n\tdb.session.add(u) \n\tdb.session.commit() \n\tu = User.query.filter_by(username='john').first() \n\tu\n\t# \n\tu.roles \n\t# \n\tu.roles=[r1] \n\tdb.session.commit() \n\tu.roles \n\t# \n\tfor l in u.roles: \n\t print(l.rolename) \n\t\n\t#role1 \n\n\n1)operation scope filtering based on users org, div, dept details \nTodo:\nrole and wfc shd not have any relation - done\nuser can have only one wfc - done \nuser to dict now gives wfc dictionary as well\n\ntesing to be done/changes to that affect - upto verification unit test is passed \n\n\nworkcontext to be instantiated as a class \n\nworkcontext to be made avilable to api route function when required\n\next important works:\n \n2) centralized catalogue for all microservice endpoints and \n3) client for tokenleader\n\n\nchange log \n================================================\n\nver 1.5\n----------------\ntokenleader 0.70 and few fixes\n\nver1.3\n-------------\n1. migration/version was missing \n2. Sample config files created under etc directory in source code\n\nver 1.1 \n-------------\n\n1. all configs are in /etc/tokenleader\n2. tlclient command changed to tokenleader\n3. tlconfig command changed to tokenleader-auth\n\nver 1.0\n----------------\nsetting FLASK_APP during db init \n\n\nver 0.8 / 0.9\n------------------\n1. added adminops initdb command for applying the changes in database schema\n\nver 0.7 \n--------------\n1. tokenleaderclient bug resolved in client version 0.64\n\nver 0.6\n--------------\n1. check presence of required parameters in /etc/tokenleader/tokenleader_settings.ini while starting the service\n\nver 0.5 \n------------------\n1. introduction of /etc/tokenleader/tokenleader_settings.ini for hostname, port etc. \n2. tokenleader-start to start the service \n3. service can be started with ssl - although this will be mostly done by a nginx or apache in a production setup. \n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/microservice-tsp-billing/tokenleader", "keywords": "", "license": "Apache Software License", "maintainer": "", "maintainer_email": "", "name": "tokenleader", "package_url": "https://pypi.org/project/tokenleader/", "platform": "", "project_url": "https://pypi.org/project/tokenleader/", "project_urls": { "Homepage": "https://github.com/microservice-tsp-billing/tokenleader" }, "release_url": "https://pypi.org/project/tokenleader/1.8/", "requires_dist": null, "requires_python": "", "summary": "tokenleader server can be used by other microservices for token based authentication and authorization", "version": "1.8" }, "last_serial": 4872776, "releases": { "1.8": [ { "comment_text": "", "digests": { "md5": "928574b12161917ad367ba95e80bbb90", "sha256": "a020130161526b1add0a52e19c390eefcbfbc4d583761e1b52496ff44eea350a" }, "downloads": -1, "filename": "tokenleader-1.8.tar.gz", "has_sig": false, "md5_digest": "928574b12161917ad367ba95e80bbb90", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 39429, "upload_time": "2019-02-25T17:42:23", "url": "https://files.pythonhosted.org/packages/01/d9/72d8743146574149a86c9996c75de5f9e982e1da05a5d1898af7504f35dd/tokenleader-1.8.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "928574b12161917ad367ba95e80bbb90", "sha256": "a020130161526b1add0a52e19c390eefcbfbc4d583761e1b52496ff44eea350a" }, "downloads": -1, "filename": "tokenleader-1.8.tar.gz", "has_sig": false, "md5_digest": "928574b12161917ad367ba95e80bbb90", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 39429, "upload_time": "2019-02-25T17:42:23", "url": "https://files.pythonhosted.org/packages/01/d9/72d8743146574149a86c9996c75de5f9e982e1da05a5d1898af7504f35dd/tokenleader-1.8.tar.gz" } ] }