Skip to content

Example application of RESTful authentication with Flask, Elasticsearch, and scrypt KDF

License

Notifications You must be signed in to change notification settings

korniichuk/test-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The test-auth

Table of Contents

Installation

Run Elasticsearch

Run API

API Docs

Examples

Installation

$ git clone https://github.com/korniichuk/test-auth.git
$ cd test-auth/
$ python3 -m venv venv
$ source venv/bin/activate
(venv) $ pip3 install -r requirements.txt

Run Elasticsearch

$ docker pull docker.elastic.co/elasticsearch/elasticsearch:6.1.2
$ docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" \
        docker.elastic.co/elasticsearch/elasticsearch:6.1.2

Run API

Please, check one more time that Elasticsearch was ran successfully on http://localhost:9200/. Example output:

{
  "name" : "uEoEr2L",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "HDd7eS2KSJaDgss13oBJ8Q",
  "version" : {
    "number" : "6.1.2",
    "build_hash" : "5b1fea5",
    "build_date" : "2018-01-10T02:35:59.208Z",
    "build_snapshot" : false,
    "lucene_version" : "7.1.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}
(venv) $ python3 api.py

API Docs

  • POST /api/auth/accounts

    Sing Up. Register a new user.
    The body must contain a JSON object that defines company_name, contact_person, business_email, contact_phone_number, and password fields.
    On success a status code 201 is returned. The body of the response contains a JSON object with the newly added user.
    On failure status code 400 (bad request) is returned.
    Notes:

    • The password is hashed by scrypt KDF before it is stored in Elasticsearch. Once hashed, the original password is discarded.
    • In a production deployment secure HTTP must be used to protect the password in transit.
    • In a production deployment md5 field based on secret key and timestamp field must be used. Example: goo.gl/395zAB.
  • GET /api/auth/token

    Return an authentication token.
    This request must be authenticated using a HTTP Basic Authentication header.
    On success a JSON object is returned with a field token set to the authentication token for the user and a field duration set to the (approximate) number of seconds the token is valid.
    On failure status code 401 (unauthorized) is returned.

  • GET /api/auth/protected

    Return a protected resource.
    This request must be authenticated using a HTTP Basic Authentication header. Instead of username and password, the client can provide a valid authentication token in the username field. If using an authentication token the password field is not used and can be set to any value.
    On success a JSON object with data for the authenticated user is returned.
    On failure status code 401 (unauthorized) is returned.

Examples

Please import test-auth.postman_collection.json file to Postman.

About

Example application of RESTful authentication with Flask, Elasticsearch, and scrypt KDF

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages