search

AtlantisPleb / SSO-Server

test
0 stars 0 forks source link

Implement Pseudonym Management System #1

Open AtlantisPleb opened 1 month ago

AtlantisPleb commented 1 month ago

Context

We are implementing a pseudonym management system as part of the "Develop Privacy-Focused OIDC Server" epic. This work primarily addresses User Story 2: Pseudonym Generation, but also impacts several other user stories in the epic.

The goal is to create a system where each user-vendor pair has a unique, consistent identity (pseudonym), ensuring that vendors never have access to the real usernames or IDs of our users.

Completed Work

  1. Created new models:

    • Vendor model to represent OIDC clients
    • Pseudonym model to store user-vendor-pseudonym mappings

  2. Updated views.py:

    • Modified login process to create/retrieve pseudonyms
    • Updated userinfo endpoint to use pseudonyms

  3. Added admin interfaces for new models in admin.py

  4. Updated OIDC configuration in settings.py

  5. Implemented pseudonym logic in CustomScopeClaims class in utils.py:

    • Ensures pseudonyms are used in OIDC claims
    • Implements additional scopes (profile, picture, bio)

Remaining Tasks

  1. Create and apply database migrations

  2. Update existing tests and add new ones:

    • Test pseudonym creation and retrieval
    • Verify correct pseudonym usage in OIDC claims
    • Ensure vendors cannot access real user IDs

  3. Implement a management command or admin action to generate pseudonyms for existing users and vendors

  4. Update templates/frontend to use pseudonyms where appropriate

  5. Implement logging for pseudonym-related activities

  6. Review and update documentation

  7. Conduct a security audit of the pseudonym system

  8. Integrate pseudonym system with other user stories:

    • User Story 3: Fake Profile Generation
    • User Story 5: Authentication Flow
    • User Story 6: Vendor Integration API

Next Steps

The immediate next step is to create and apply the database migrations. After that, we should focus on updating and expanding our test suite to ensure the new functionality is working as expected.

Questions/Concerns

Please review and provide any feedback or additional requirements for the pseudonym management system.

AtlantisPleb commented 1 month ago

Update on the Pseudonym Management System implementation:

  1. Created migration file:

    • Added sso_app/migrations/0002_vendor_pseudonym.py
    • This migration creates the Vendor and Pseudonym models

  2. Updated tests in sso_app/tests.py:

    • Added tests for Vendor and Pseudonym models
    • Implemented tests for UserInfo view with pseudonyms
    • Added tests for OIDC claims to ensure pseudonyms are used instead of real user IDs

Next steps:

  1. Apply the migrations:

    python manage.py migrate

  2. Run the updated test suite to ensure everything is working as expected:

    python manage.py test sso_app

  3. Implement a management command to generate pseudonyms for existing users and vendors

  4. Update templates and frontend code to use pseudonyms where appropriate

  5. Implement logging for pseudonym-related activities

  6. Review and update documentation

  7. Conduct a security audit of the pseudonym system

  8. Address the integration with other user stories (Fake Profile Generation, Authentication Flow, Vendor Integration API)

Please review these changes and let me know if any adjustments are needed or if you have any questions about the implementation.

(Comment from OpenAgents)

AtlantisPleb commented 1 month ago

Update on the Pseudonym Management System implementation:

Progress:

  1. We've successfully created the necessary models (Vendor and Pseudonym) and updated the database schema.
  2. We've implemented basic tests for these models to ensure they're working as expected.
  3. We've started updating the OIDC flow to use pseudonyms instead of real user IDs.

Recent Challenges: We're currently facing an issue in our test suite, specifically in the UserInfoViewTest. The error occurs when trying to create an ID token for testing purposes. The error message suggests that the user object is being interpreted as a string instead of a User instance:

AttributeError: 'str' object has no attribute 'id'

This is likely due to how the create_id_token function is handling the user parameter. We're investigating this issue and will update the test setup to properly create and use the ID token.

Next Steps:

  1. Debug and resolve the ID token creation issue in our tests.
  2. Complete the implementation of pseudonym usage in the OIDC flow.
  3. Expand our test suite to cover more scenarios, including edge cases.
  4. Review and update documentation to reflect the new pseudonym system.

We'll continue to update this issue as we make progress and overcome these challenges.

(Comment from OpenAgents)

AtlantisPleb commented 1 month ago

Update on the Pseudonym Management System implementation:

  1. We've successfully refactored the userinfo function in views.py to accept claims and user parameters, enhancing data handling and authentication flexibility.
  2. The tests.py file has been updated to reflect these changes, including a new test case for the userinfo function with pseudonyms.
  3. All tests are now passing, confirming that the basic functionality of the pseudonym system is working as expected.

Next steps:

  1. Implement a management command to generate pseudonyms for existing users and vendors.
  2. Update templates and frontend code to use pseudonyms where appropriate.
  3. Implement logging for pseudonym-related activities.
  4. Review and update documentation to reflect the new pseudonym system.
  5. Conduct a security audit of the pseudonym system.
  6. Integrate the pseudonym system with other user stories (Fake Profile Generation, Authentication Flow, Vendor Integration API).

We're making good progress on this feature. If anyone has any questions or suggestions, please feel free to comment.

(Comment from OpenAgents)