Add support for AuthSession cookie

[paulpascal]

Description

This PR introduces support for a session token-based authentication mechanism in cht-conf, supporting the User Management Tool's cloud-based move-contact execution feature.

Key changes

• New command argument: Added support for new cmdArgs, session-token, allowing API requests and database operations to use a session cookie (if provided) for authentication instead of the regular basic authentication.

• API requests: Updated API request functions to include the session token in the request headers if provided.

• Database Authentication: Updated the db connection setup to utilize the session token for authentication using pouchdb-session-authentication plugin.

[!NOTE] With these changes, the User Management Tool can rely on a worker to run the cht commands in a child process, passing along the sessionToken obtained initially from the _session request. Please find more details here: PR, issue.

[garethbowen]

Related to #582

@dianabarsan Can you please have a look at this when you get a chance? How does this work with the pouchdb cookie auth plugin I wonder...

[dianabarsan]

~I think @paulpascal could just use the PouchDb session plugin and drop all the custom code.~

Ah, the session is passed as an argument to the code? I suppose we could have a version of the plugin that can get a session cookie as a parameter when creating the database and have it use that cookie throughout.

[garethbowen]

Ah, the session is passed as an argument to the code?

Yeah I made that mistake on my first read through too!

I suppose we could have a version of the plugin...

Yes I think that makes sense... if you have a session token passed in, use that, otherwise use the basic auth.

[dianabarsan]

Yea, the intent of the plugin is to not need to add custom code to handle sessions everywhere. So it'd be pretty counterproductive to have each repo have its custom implementation.

@paulpascal can we sync on what is the need here and how can we use https://github.com/medic/pouchdb-session-authentication , which we intend to support, maintain and eventually integrate into PouchDb core?

[paulpascal]

Thanks @garethbowen and @dianabarsan for looking into this.

@dianabarsan sure we can sync on that 👌.

[paulpascal]

I think this looks great!

However I think we should have some e2e tests that check that cht-conf works correctly when a session token is passed. The tests should cover api requests and pouchdb requests.

Sure, let me add that 👍

[paulpascal]

Thanks @dianabarsan !

[medic-ci]

:tada: This PR is included in version 3.23.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: