Authentication

This set of milestones is all about building a RESTful API and interface for the Lost Kansas Communities project.

Milestone 4 - Authentication

Building from the previous milestone, expand upon the starter project by adding the following features:

  1. Implement Bypass authentication using the Unique Token Strategy in Passport.js as shown in the tutorial. When enabled via the .env file, it should allow authentication via the /auth/bypass?token=<username> route.
  2. Allow the system to create new users if a user tries to authenticate with a username not currently in the database. That user should not be assigned any roles by default.
  3. Implement CAS authentication strategy in Passport.js as shown in the tutorial. Users should be able to authenticate via the https://testcas.cs.ksu.edu server. CAS settings should be controlled via the .env file.
  4. Implement JSON Web Tokens via the /auth/token route as shown in the tutorial. The token should include the user’s ID and a list of roles assigned to the user.
  5. Require a valid JWT to access ALL routes under the /api/v1 path.
  6. Implement role-based authorization for ALL routes under the /api/v1 path. See below for a matrix of roles and allowed actions.
  7. Update unit tests for each route to use authentication and also to test role-based authorization as shown in the tutorial.
  8. Update the appropriate routes for both Communities and Metadata so that the owner_user_id foreign key is automatically set to the currently authenticated user (it should no longer be provided as part of the POST request to create a new community or metadata, nor should it be editable via PUT request.)
  9. Update the OpenAPI documentation and unit tests to match the change to Communities and Metadata above.

Authorization Matrix

  • Path: /api/v1/users
    • ALL ACTIONS: manage_users
  • Path: /api/v1/roles
    • GET: manage_users
  • Path: /api/v1/communities
    • GET: [view_communities, manage_communities, add_communities]
    • POST: [manage_communities, add_communities]
    • PUT: [manage_communities]
    • DELETE: [manage_communities]
  • Path: /api/v1/counties
    • GET: [view_communities, manage_communities, add_communities]
  • Path: /api/v1/documents
    • GET: [view_documents, manage_documents, add_documents]
    • POST: [manage_documents, add_documents] (including file uploads)
    • PUT: [manage_documents]
    • DELETE: [manage_documents]
  • Path: /api/v1/metadata
    • GET: [view_documents, manage_documents, add_documents]
    • POST: [manage_documents, add_documents] (including adding and removing communities and documents to metadata)
    • PUT: [manage_documents]
    • DELETE: [manage_documents]

Database Diagram

Database Diagram Database Diagram

Open API Specification

UPDATED FOR MILESTONE 4

Tip

You can download this specification file by clicking the link below, and then edit the servers section to test it using your server. You can use the Open API Editor to see a cleaner view of this JSON file.

The OpenAPI specification looks best using the light theme. You can adjust the textbook theme in the left sidebar at the bottom of the textbook page.