brendt
commented
1 week ago After this PR, we'll look into an authorization API (preferably with user roles built-in). All front-end stuff and user-management is left alone for now.
Closed brendt closed 2 days ago
brendt
commented
1 week ago After this PR, we'll look into an authorization API (preferably with user roles built-in). All front-end stuff and user-management is left alone for now.
innocenzi
commented
6 days ago I think this is great, there shouldn't need to be more built-in (besides authorization) π
However, I wouldn't let Tempest take care of the user model itself and the migration, I would rather have Tempest use an interface that has to be implemented in userland
brendt
commented
6 days ago However, I wouldn't let Tempest take care of the user model itself and the migration, I would rather have Tempest use an interface that has to be implemented in userland
Yeah, that's a fair point.
brendt
commented
6 days ago While I want the user model to be configurable, I do want to provide a default implementation β I might reconsider that though.
Also, I'm ok with "the user" being tied to the database, I don't really care about other ways of storing user data for now.
innocenzi
commented
6 days ago Looking at the current code, it's unclear to meβis it possible to ignore the provided migration? Or would you recommend to add another one that would run after it and modify the table as we see fit?
That'd be one reason I was suggesting not to provide a default model/migration, but it seems low enough friction
aidan-casey
commented
6 days ago I'd love to see this use a repository to decouple retrieving the user details. If it were me personally, my criteria would be for this to be decoupled so that it could work entirely outside the framework. I understand that's a bit of an extreme view, though. π
I don't really care about other ways of storing user data for now.
We have to think about the people storing passwords in the filesystem, @brendt!
brendt
commented
6 days ago Looking at the current code, it's unclear to meβis it possible to ignore the provided migration? Or would you recommend to add another one that would run after it and modify the table as we see fit?
Right now it's not possible, but this is something I already planned on figuring out before merging this PR :)
brendt
commented
6 days ago I understand that's a bit of an extreme view, though. π
Yes, not within my scope for now :)
brendt
commented
6 days ago We have to think about the people storing passwords in the filesystem, @brendt!
I thought about it: they are free to roll their own auth layer separate from Tempest's default implementation π
brendt
commented
3 days ago How to deal with this circular dependency: auth requires http because of session management, but http also requires auth because of the middleware.
Since this auth layer is only concerned with http authentication, would it make sense to keep it all within the same component?
I know @aidan-casey will tell me otherwise :)
innocenzi
commented
2 days ago Is the circular dependency itself a technical issue? If not, I think keeping the tempest/auth package separate is a good idea
brendt
commented
2 days ago Apparently it is, composer can't deal with it (at least not in our CI setup). There's no issue in this branch because I haven't added the circular dependency yet, but we had the same issue once before between core and event-bus.
Maybe there's a solution for it, I'll do some digging.
aidan-casey
commented
2 days ago @brendt - I haven't looked through the code yet, but probably I would have said use a driver/repository for storing the auth data. π π
brendt
commented
2 days ago I solved the issue, it was pretty straight forward: just need to hook into the Kernel::BOOTED event and add the middleware like so
brendt
commented
2 days ago Ok so, this branch contains so much code that I want to merge it rather sooner than later. I'm still going to write an implementation for revokePermission, but after that I plan on merging it.
Pull Request Test Coverage Report for Build 11137713319
Details
π - Coveralls