Closed paulpascal closed 2 months ago
Related to #582
@dianabarsan Can you please have a look at this when you get a chance? How does this work with the pouchdb cookie auth plugin I wonder...
~I think @paulpascal could just use the PouchDb session plugin and drop all the custom code.~
Ah, the session is passed as an argument to the code? I suppose we could have a version of the plugin that can get a session cookie as a parameter when creating the database and have it use that cookie throughout.
Ah, the session is passed as an argument to the code?
Yeah I made that mistake on my first read through too!
I suppose we could have a version of the plugin...
Yes I think that makes sense... if you have a session token passed in, use that, otherwise use the basic auth.
Yea, the intent of the plugin is to not need to add custom code to handle sessions everywhere. So it'd be pretty counterproductive to have each repo have its custom implementation.
@paulpascal can we sync on what is the need here and how can we use https://github.com/medic/pouchdb-session-authentication , which we intend to support, maintain and eventually integrate into PouchDb core?
Thanks @garethbowen and @dianabarsan for looking into this.
@dianabarsan sure we can sync on that 👌.
I think this looks great!
However I think we should have some e2e tests that check that cht-conf works correctly when a session token is passed. The tests should cover api requests and pouchdb requests.
Sure, let me add that 👍
Thanks @dianabarsan !
:tada: This PR is included in version 3.23.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Description
This PR introduces support for a session token-based authentication mechanism in
cht-conf
, supporting the User Management Tool's cloud-based move-contact execution feature.Key changes
New command argument: Added support for new cmdArgs,
session-token
, allowing API requests and database operations to use a session cookie (if provided) for authentication instead of the regular basic authentication.API requests: Updated API request functions to include the session token in the request headers if provided.
Database Authentication: Updated the db connection setup to utilize the session token for authentication using pouchdb-session-authentication plugin.