Merge email validation flow to main #42
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Introduced a new DynamoDBService for managing email validation codes. - Updated backend-start.sh to initialize the DynamoDB validation table based on the PASSWORDLESS_SIGN_IN environment variable. - Added a new endpoint for email validation in auth.py, allowing users to generate and store validation codes. - Enhanced the models to include EmailValidation schema. - Updated requirements.txt to include boto3 for AWS interactions. - Modified docker-compose.yml to set PASSWORDLESS_SIGN_IN environment variable. - Expanded tests in test_auth.py to cover email validation functionality.
- Removed the deprecated `authenticate_user` function to streamline user authentication. - Removed the unused `get_current_user_from_token` - Integrated the `LoginData` model directly into the login process for improved clarity. - Cleaned up imports and organized model definitions for better maintainability.
- Introduced a new `sign_in` endpoint allowing users to authenticate using a verification code instead of a password. - Added `SignInData` model to handle sign-in data input. - Refactored access token creation into a separate `create_and_set_access_token` function for better code organization. - Enhanced tests to cover various sign-in scenarios, including successful sign-ins and error handling for invalid or missing data.
- Updated the `sign_in` endpoint to automatically create a new user if the provided email does not exist in the database. - Ensured new users are registered with an empty password and `is_admin` set to False. - Added tests to verify the successful sign-in of new users and handle missing data scenarios effectively.
- Updated the `sign_in` endpoint to automatically create a new team for users who register without an existing account. - New users are now assigned an admin role and associated with the newly created team. - Adjusted tests to verify the correct creation of teams and user roles during the sign-in process.
…gement - Introduced a new test suite in `test_dynamodb.py` to validate the behavior of the `DynamoDBService`. - Added tests for scenarios including missing environment variables, successful initialization, and credential refresh logic. - Implemented fixtures to mock environment variables and STS client responses for comprehensive testing coverage.
- Added support for passwordless sign-in by introducing a new `PasswordlessLoginForm` component. - Updated the `LoginPage` to conditionally render the passwordless login form based on the `PASSWORDLESS_SIGN_IN` configuration. - Modified the API configuration to expose the `PASSWORDLESS_SIGN_IN` environment variable. - Removed unnecessary console log from the audit logs page. - Updated the Docker Compose file to set the `PASSWORDLESS_SIGN_IN` environment variable. - Enhanced the configuration utility to cache and retrieve the passwordless sign-in setting.
- Introduced a new `aws_auth.py` module for managing AWS credentials and role assumptions. - `SESService` class to handle interactions with SES. - Updated `Makefile` to include new environment variables for AWS roles and region. - Added unit tests for AWS authentication and SES template management. - Created a markdown template for verification codes and included a design diagram for the sign-up flow. - Updated `requirements.txt` to include the `markdown` package for template processing.
- Added SES email template initialization in backend-start.sh to ensure templates are created/updated during startup. - Integrated SESService into the email validation flow in auth.py to send verification codes via email. - Updated SESService to read markdown templates, extracting subjects and content for email formatting. - Enhanced error handling and logging in DynamoDBService for better service initialization feedback. - Expanded unit tests to cover SES email sending and template management functionalities.
- Modified the user creation process to handle optional passwords, allowing for passwordless sign-in. - Updated the UserCreate schema to make the password field optional. - Enhanced the TeamsPage, UsersPage, and TeamUsersPage components to conditionally render password input based on the passwordless configuration. - Integrated the passwordless sign-in feature into the user creation mutation logic across relevant components.
- Updated .gitignore to include Terraform state files and directories. - Added main.tf to define AWS IAM roles and policies for email and DynamoDB operations. - Created outputs.tf to expose ARNs of the IAM roles and user. - Introduced variables.tf for AWS account ID, region, and tags. - Added terraform.tfvars for environment-specific configuration.
- Added new environment variables for DynamoDB and SES configurations in .lagoon.env and docker-compose.yml. - Updated README.md to reflect changes in environment setup and AWS resource management using Terraform. - Enhanced the sign-in process to be case-insensitive for verification codes in auth.py. - Introduced IAM access key management in Terraform configuration to support role assumption for AWS services.
- Modified .lagoon.env to include default values for environment-specific variables. - Updated docker-compose.yml to comment out unused environment variables and remove the env_file reference. - Enhanced Terraform configuration by appending environment suffix to IAM role and policy names. - Introduced new variables for domain name and DKIM private key in variables.tf, supporting SES identity management.
- Updated .lagoon.env to introduce ENV_SUFFIX for environment-specific resource naming. - Modified backend-start.sh to remove DynamoDB initialization and streamline SES template management. - Updated README.md to document new ENV_SUFFIX variable. - Added DynamoDB table creation to terraform
- Modified .gitignore to ignore all Terraform state files and backups. - Updated .lagoon.env to remove the AWS_REGION variable, relying on defaults. - Refactored AWS authentication functions to use a default region of "eu-central-2". - Adjusted SES and DynamoDB services to utilize the new region variable, and to apply their own defaults. - Enhanced README.md to document new optional region variables for SES and DynamoDB.
- Added `email-validator` package to improve email format validation in `auth.py`. - Refactored email validation logic to utilize the new package for better error handling. - Updated Pydantic models in `models.py` to use `EmailStr` for email fields, ensuring stricter type validation. - Added `email-validator` dependency to `requirements.txt`.
- Moved database and SES template initialization logic from backend-start.sh to a new script, initialise_resources.py, for better organization and maintainability. - Updated backend-start.sh to call the new initialization script. - Adjusted SES template management in SESService to remove environment suffix from template names. - Enhanced Dockerfile to include the new scripts directory.
Passwordless sign in flow
- Updated the `validate_email` function in `auth.py` to differentiate between new and returning users based on email presence in the database. - Introduced two new email templates: `new-user-code.md` for new users and `returning-user-code.md` for returning users, providing tailored verification messages. - Adjusted email sending logic to utilize the appropriate template based on user status.
- Enhanced the `list_private_ai_keys` function to improve access control for team members and non-team users, ensuring that non-admin users can only see their own keys. - Updated test cases to reflect changes in access logic, including tests for non-team users and the creation of keys for other users. - Modified email template assertions in tests to use the new user-specific template for verification codes.
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The major change included in this merge is two new APIs which allow sign in and sign up without specifying a password, using Amazon SES to send a "magic code" via email which is used to verify the user.
The change also includes a bug-fix for a too-permissive view on users not in teams.