add user creation/login

adicu / data.adicu.com

API for Columbia data

http://data.adicu.com

13 stars 14 forks source link

add user creation/login #87

Closed natebrennand closed 10 years ago

natebrennand commented 10 years ago

object mocking for tests took so long to grok :triumph:

After going through oauth, if a user record is not found then one is created. Creates a record in redis and the postgres database for a user using their email, name (via google) and a randomly generated token. We're still using the old schema for the users table, users_t.

The auth decorator can be applied to the blueprint before registering it in data.py. Finishes #53.

natebrennand commented 10 years ago

forgot this was supposed to be in Redis...

natebrennand commented 10 years ago

So once a user exists it's definitely quicker / easier to work with if the user is just a hash in Redis (key being their token). There's no easy way to determine if a user has an account via their email & name if it's stored in Redis. This is a super easy problem if using SQL

As it is right now the data would be stored in both... thoughts? It only really affects user creation and deletion, we don't let them edit any info after creation. All the accesses would be done through the Redis

brishin commented 10 years ago

I'll take a closer look at this during our hacking session before the party if possible.

Sounds like Redis should just be used to do key -> access permissions/rate limiting and that SQL should be used if email or name is used. No need to really cache that.

natebrennand commented 10 years ago

to reiterate now that it's not 3 in the morning:

The SQL table has rows of (email, name, token). Redis has key->value records of token -> (email, token). The Redis records are for checking the validity of tokens sent with API requests.

After a user goes through the Google Oauth process, we only have their email and name. The tokens are randomly generated so there's no way to determine if a user has already registered by just using the Redis records because we can only view the keys which are tokens.

I guess I'm asking if you think there is a cleaner way to implement this using Redis. I think having the records in SQL as well might be useful once we add logging.

brishin commented 10 years ago

Recommended to Nate that the just use a set of tokens instead of storing (email, name) as the value

natebrennand commented 10 years ago

closed while moving Redis tokens to a set instead of storing names & email in Redis

natebrennand commented 10 years ago

approval from @brishin in person, merging