Authentication - Githubissues

prjemian commented 2 years ago

Learn how to use authentication with tiled server.

[ ] restrict access to certain paths based on credentials
[ ] demonstrate use with https
[ ] configure with LDAP authentication
[ ] configure with ORCID authentication

prjemian commented 2 years ago

help getting started with LDAP: https://computingforgeeks.com/run-openldap-server-in-docker-containers/

prjemian commented 2 years ago

@danielballan suggests:

See also https://github.com/bluesky/tiled/blob/main/start_LDAP.sh

and

https://github.com/bluesky/tiled/blob/main/tiled/_tests/test_authenticators.py

prjemian commented 2 years ago

First test with my own LDAP server, copying tiled's unit test code:

Start the LDAP server:

(tiled) prjemian@zap:~/.../Bluesky/tiled$ docker-compose -f /home/prjemian/Documents/projects/Bluesky/tiled/continuous_integration/docker-configs/ldap-docker-compose.yml up -d
Creating network "docker-configs_default" with the default driver
Creating docker-configs_openldap_1 ... done
(tiled) prjemian@zap:~/.../Bluesky/tiled$ docker ps
CONTAINER ID   IMAGE                                        COMMAND                  CREATED         STATUS         PORTS                                            NAMES
a8b389ec3569   bitnami/openldap:2.6                         "/opt/bitnami/script…"   5 seconds ago   Up 5 seconds   0.0.0.0:1389->1389/tcp, 0.0.0.0:1636->1636/tcp   docker-configs_openldap_1

test in IPython

In [1]: !docker ps
CONTAINER ID   IMAGE                                        COMMAND                  CREATED          STATUS          PORTS                                            NAMES
3db1a7195dc4   bitnami/openldap:2.6                         "/opt/bitnami/script…"   5 seconds ago    Up 5 seconds   0.0.0.0:1389->1389/tcp, 0.0.0.0:1636->1636/tcp   docker-configs_openldap_1

In [2]: from tiled.authenticators import LDAPAuthenticator

In [3]: authenticator = LDAPAuthenticator("localhost", 1389, bind_dn_template="cn={username},ou=users,dc=example,dc=org",use_tls=False, use_ssl=False)

In [4]: await authenticator.authenticate("user01", "password1") == "user01"
Out[4]: True

In [5]: await authenticator.authenticate("user02", "password2") == "user02"
Out[5]: True

In [6]: await authenticator.authenticate("user02a", "password2") is None
Invalid password for user 'user02a'
Out[6]: True

In [7]: await authenticator.authenticate("user02", "password2a") is None
Invalid password for user 'user02'
Out[7]: True

In [8]:

Stop the LDAP server:

(tiled) prjemian@zap:~/.../Bluesky/tiled$ docker-compose -f /home/prjemian/Documents/projects/Bluesky/tiled/continuous_integration/docker-configs/ldap-docker-compose.yml down
Stopping docker-configs_openldap_1 ... done
Removing docker-configs_openldap_1 ... done
Removing network docker-configs_default

prjemian commented 2 years ago

Used ldap-docker-compose.yml file from tiled repository used in previous test.

version: '2'

services:
  openldap:
    image: docker.io/bitnami/openldap:2.6
    ports:
      - '1389:1389'
      - '1636:1636'
    environment:
      - LDAP_ADMIN_USERNAME=admin
      - LDAP_ADMIN_PASSWORD=adminpassword
      - LDAP_USERS=user01,user02
      - LDAP_PASSWORDS=password1,password2
    volumes:
      - 'openldap_data:/bitnami/openldap'

volumes:
  openldap_data:
    driver: local

prjemian commented 2 years ago

also:

archived now: https://github.com/bitnami/bitnami-docker-openldap
https://github.com/bitnami/containers
https://github.com/osixia/docker-openldap

prjemian commented 2 years ago

Added some checkboxes to better define what to accomplish here.

prjemian / tiled-demo

Authentication #3