Skip to content

Commit

Permalink
Merge commit '16836f262ac39918ada311c70a433f79e1ee7e8b'
Browse files Browse the repository at this point in the history
  • Loading branch information
Apollo3zehn committed Mar 15, 2024
2 parents 7795954 + 16836f2 commit 7374aa7
Show file tree
Hide file tree
Showing 147 changed files with 14,018 additions and 15,369 deletions.
21 changes: 18 additions & 3 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -1,14 +1,29 @@
# How to format:
# (1) Add dotnet_diagnostic.XXXX.severity = error
# (2) Run dotnet-format: dotnet format --diagnostics XXXX
# How to apply single rule:
# Run dotnet format --diagnostics XXXX --severity info

# How to apply all rules:
# Run dotnet format --severity error/info/warn/

[*]
trim_trailing_whitespace = true

[*.cs]
# "run cleanup": https://betterprogramming.pub/enforce-net-code-style-with-editorconfig-d2f0d79091ac
# TODO: build real editorconfig file: https://github.com/dotnet/roslyn/blob/main/.editorconfig

# Prefer var
csharp_style_var_for_built_in_types = false
csharp_style_var_when_type_is_apparent = true
csharp_style_var_elsewhere = true
dotnet_diagnostic.IDE0007.severity = warning

# Make field
dotnet_diagnostic.IDE0044.severity = warning

# Use file scoped namespace declarations
dotnet_diagnostic.IDE0161.severity = error
csharp_style_namespace_declarations = file_scoped

# Enable naming rule violation errors on build (alternative: dotnet_analyzer_diagnostic.category-Style.severity = error)
dotnet_diagnostic.IDE1006.severity = error

Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/build-and-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
tags:
- '*'

pull_request:
branches:
- dev

jobs:

build:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
.vs/
.venv/

artifacts/
BenchmarkDotNet.Artifacts

Expand Down
2 changes: 1 addition & 1 deletion .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@
"pipeProgram": "ssh",
"pipeArgs": [
"-T",
"root@ensyno.iwes.fraunhofer.de",
"root@<docker host>",
"-p",
"2222"
], // replace <docker host>
Expand Down
3 changes: 2 additions & 1 deletion .vscode/settings.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@
"python.analysis.extraPaths": [
"src/clients/python-client"
],
"dotnet.defaultSolution": "Nexus.sln"
"dotnet.defaultSolution": "Nexus.sln",
"editor.formatOnSave": false
}
15 changes: 13 additions & 2 deletions notes/auth.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
# Note
The text below does not fully apply anymore to Nexus because we have switched from refresh tokens + access tokens to personal access tokens that expire only optionally and are not cryptographically signed but checked against the database instead. The negible problem of higher database load is acceptible to get the benefit of not having to manage refresh tokens which are prone to being revoked as soon as the user uses it in more than a single place.

The new personal access tokens approach allows fine-grained access control to catalogs and makes many parts of the code much simpler. Current status is:
- User can manage personal access tokens in the web interface and specify read or read/write access to specific catalogs.
- The token the user gets is a string which consists of a combination of the token secret (a long random base64 encoded number) and the user id.
- Tokens are stored on disk in the folder configured by the `PathsOptions.Users` option in a files named `tokens.json`. They loaded lazily into memory on first demand and kept there for future requests.
- When the token is part of the Authorization header (`Authorization: Bearer <token>`) it is being handles by the `PersonalAccessTokenAuthenticationHandler` which creates a `ClaimsPrincipal` if the token is valid.
- The claims that are associated with the token can be anything but right now only the claims `CanReadCatalog` and `CanWriteCatalog` are being considered. To avoid a token to be more powerful than the user itself, the user claims are also being checked (see `AuthUtilities.cs`) on each request.
- The lifetime of the tokens can be choosen by the users or left untouched to produce tokens with unlimited lifetime.

# Authentication and Authorization

Nexus exposes resources (data, metadata and more) via HTTP API. Most of these resources do not have specific owners - they are owned by the system itself. Most of these resources need to be protected which makes an `authorization` mechanism necessary.
Expand Down Expand Up @@ -50,7 +61,7 @@ In order to detect a compromised token, it is recommended to implement token rot
## Implementation details

The backend of Nexus is a confidential client upon user request, it will perform the authorization code flow to obtain an ID token to authenticate and sign-in the user.
The backend of Nexus is a confidential client and upon user request, it will perform the authorization code flow to obtain an ID token to authenticate and sign-in the user.

Nexus supports multiple OpenID Connect providers. See [Configuration] on how to add configuration values.

Expand All @@ -66,7 +77,7 @@ The problem now is that although the access token contains the subject claim, it

Another problem is that Nexus cannot add these user-specific claims to the access token, which means that the user database must be consulted for every single request, resulting in a high disk load.

Also, a such client would be public which means it is possible to copy the `client_id` and use them in other clients, which might be problematic when there is limited traffic allowed .
Also, a such client would be public which means it is possible to copy the `client_id` and use them in other clients, which might be problematic when there is limited traffic allowed.

The last problem with refresh tokens is that _"for public clients [they] MUST be sender-constrained or use
refresh token rotation [...]"_ [[OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.2.2), [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.13)].
Expand Down
Loading

0 comments on commit 7374aa7

Please sign in to comment.