Implement single-use token for downloading restricted datasets

mat3rial-dev / ckanext-yycdatacollective

CKAN extension for YYC Data Collective

GNU Affero General Public License v3.0

0 stars 1 forks source link

Implement single-use token for downloading restricted datasets #5

Closed vigliensoni closed 6 years ago

vigliensoni commented 6 years ago

The user sends an email asking for permissions to access a dataset' resources and receives back an email with the links to the resources. This link should be a one-time-use link.

A possible implementation may be with Single-Use Tokens with JSON Web Tokens (JWT). See https://www.jbspeakr.cc/howto-single-use-jwt.

vigliensoni commented 6 years ago

We may use the signature hash of the user as a secret. For doing this, however, we will require users to be registered.

http://blog.apcelent.com/json-web-token-tutorial-with-example-in-python.html

How to implement this as a single-use token?

vigliensoni commented 6 years ago

CKAN has already some functionality to generate and use tokens in links sent over email.

Try Organization/Group > Add Member > Invite a new user

A URL is generated with this form:

http://165.227.45.253:5000/user/reset/a2fda733-bda7-4e77-9673-f0064783364a?key=c07d608129

Inviting a new member

Controller : organization
Action : member_new

Landing page after clicking on the link

Controller : user
Action : perform_reset

vigliensoni commented 6 years ago

This is no longer required. We are sending an automatic email when an external user ask for access to a restricted dataset.