[minor] remove token from registration page (#63)

* remove token from registration page

* <bot> update setup.cfg

* <bot> update requirements-tests.txt

* <bot> update requirements.txt

* fix flake8

* remove old import

* remove old import 2

* remove reg_token import

* remove auth test for username

* <bot> update requirements-tests.txt

* <bot> update requirements.txt

* fix inst register test

* <bot> update setup.cfg

* <bot> update .gitignore

* <bot> update dependencies*.log files(s)

* new py-setup action doesn't generate requirements.txt files anymore

* adjust docker container to use python 3.10 and install directly from setup.cfg

* <bot> update dependencies*.log files(s)

---------

Co-authored-by: github-actions <[email protected]>

.github/workflows/wipac_cicd.yaml

@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-      - uses: WIPACrepo/wipac-dev-py-setup-action@v1.15
+      - uses: WIPACrepo/wipac-dev-py-setup-action@v2.6
 
   py-versions:
     needs: [py-setup]

.gitignore

@@ -127,3 +127,7 @@ dmypy.json
 
 # Pyre type checker
 .pyre/
+
+
+# wipac-dev-py-setup-action
+!dependencies*.log

Dockerfile

@@ -1,15 +1,18 @@
-FROM python:3.9
+FROM python:3.10
 
 RUN useradd -m -U keycloak
 
-COPY requirements.txt ./
-RUN pip install --no-cache-dir -r requirements.txt
+RUN mkdir /app && chown keycloak:keycloak /app
 
-WORKDIR /home/keycloak
+WORKDIR /app
 USER keycloak
 
 COPY . .
 
-ENV PYTHONPATH=/home/keycloak
+USER root
+
+RUN pip install -e .
+
+USER keycloak
 
 CMD ["python", "-m", "user_mgmt"]

cypress/integration/insts.spec.js

@@ -1,6 +1,5 @@
 
 import keycloak from '../support/keycloak'
-import reg_token from '../support/reg_token'
 
 context('Institutions Page', () => {
   it('inst approvals', () => {
@@ -9,7 +8,6 @@ context('Institutions Page', () => {
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist-physics":['userA'], "authorlist-astro":[]}},
       inst_approvals: {instA: ['userC']}
     })
-    reg_token({})
 
     cy.get('#nav .active').contains('institutions', {matchCase: false})
     cy.get('#nav li').should('have.length', 2)
@@ -29,7 +27,6 @@ context('Institutions Page', () => {
       username: 'user',
       user_profile: {firstName: 'Foo', lastName: 'Bar', email: 'foo@bar'}
     })
-    reg_token({})
 
     cy.get('[data-test="userA"]').within(() => {
       cy.get('.username').contains('userA', {matchCase: false})
@@ -55,7 +52,6 @@ context('Institutions Page', () => {
     keycloak({
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist-physics":['userA'], "authorlist-astro":[]}}
     })
-    reg_token({})
 
     cy.get('[data-test="userA"] .delete').click()
     cy.wait('@api-institution-users-delete').its('request.url').should('include', 'userA')
@@ -66,7 +62,6 @@ context('Institutions Page', () => {
     keycloak({
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist-physics":['userA'], "authorlist-astro":[]}}
     })
-    reg_token({})
 
     cy.get('[data-test="userB"]').within(() => {
       cy.get('.username').contains('userB', {matchCase: false})
@@ -89,7 +84,6 @@ context('Institutions Page', () => {
     keycloak({
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist":['userA']}}
     })
-    reg_token({})
 
     cy.get('[data-test="userA"]').within(() => {
       cy.get('.username').contains('userA', {matchCase: false})
@@ -110,7 +104,6 @@ context('Institutions Page', () => {
     keycloak({
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist-physics":['userA'], "authorlist-astro":[]}}
     })
-    reg_token({})
 
     cy.get('[data-test="userB"] .delete').click()
     cy.wait('@api-institution-users-delete').its('request.url').should('include', 'userB')
@@ -126,15 +119,8 @@ context('Institutions Page', () => {
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist-physics":['userA'], "authorlist-astro":[]}},
       token_raw: 'tokentoken'
     })
-    reg_token({token: 'foobar'})
 
-    cy.wait('@api-reg_token').should(({ request, response }) => {
-      expect(request.headers).to.include({
-        'authorization': 'bearer tokentoken'
-      })
-    })
-
-    cy.get('[data-test="registration-link"]').should('exist').should('have.attr', 'data-reg-token', 'foobar')
+    cy.get('[data-test="registration-link"]').should('exist')
   })
 
   it('inst edit user profile', () => {
@@ -143,7 +129,6 @@ context('Institutions Page', () => {
       admin_insts: {instA:{users:['userA', 'userB'], "authorlist-physics":['userA'], "authorlist-astro":[]}},
       user_profile: {'firstName': 'Foo', 'lastName': 'Bar', 'email': 'foo@bar', 'orcid': '0000-0000-0000-0000'}
     })
-    reg_token({})
 
     cy.get('[data-test="userA"] .profile').click()
 

cypress/integration/register.spec.js

@@ -1,20 +1,14 @@
 
 import keycloak from '../support/keycloak'
-import reg_token from '../support/reg_token'
 
 context('Registration Page', () => {
   it('register', () => {
-    reg_token({token: 'foobar'})
-    cy.visit('/register?reg_token=foobar')
+    cy.visit('/register')
     keycloak({
       insts: ['instA'],
       new_username: 'fbar'
     })
 
-    cy.wait('@api-reg_token-validate').should(({ request, response }) => {
-      expect(request.url).to.match(/foobar$/)
-    })
-
     cy.get('#nav .active').contains('register', {matchCase: false})
 
     cy.get('[data-test="institution"]').should('exist').should('be.disabled')
@@ -26,9 +20,6 @@ context('Registration Page', () => {
     cy.get('[name="last_name"]').type('bar')
 
     cy.wait('@api-username-post').should(({ request, response }) => {
-      expect(request.headers).to.include({
-        'authorization': 'bearer foobar'
-      })
       expect(response.body).to.deep.eq({
         "username": "fbar"
       })
@@ -39,9 +30,6 @@ context('Registration Page', () => {
     cy.get('[data-test="submit"]').click()
 
     cy.wait('@api-inst-approvals-post').should(({ request, response }) => {
-      expect(request.headers).to.include({
-        'authorization': 'bearer foobar'
-      })
       expect(request.body).to.deep.eq({
         'experiment': 'test-exp',
         'institution': 'instA',
@@ -54,17 +42,12 @@ context('Registration Page', () => {
   })
 
   it('clear-username', () => {
-    reg_token({token: 'foobar'})
-    cy.visit('/register?reg_token=foobar')
+    cy.visit('/register')
     keycloak({
       insts: ['instA'],
       new_username: 'fbar'
     })
 
-    cy.wait('@api-reg_token-validate').should(({ request, response }) => {
-      expect(request.url).to.match(/foobar$/)
-    })
-
     cy.get('#nav .active').contains('register', {matchCase: false})
 
     cy.get('[data-test="institution"]').should('exist').should('be.disabled')
@@ -76,9 +59,6 @@ context('Registration Page', () => {
     cy.get('[name="last_name"]').type('bar')
 
     cy.wait('@api-username-post').should(({ request, response }) => {
-      expect(request.headers).to.include({
-        'authorization': 'bearer foobar'
-      })
       expect(response.body).to.deep.eq({
         "username": "fbar"
       })
@@ -89,9 +69,6 @@ context('Registration Page', () => {
     cy.get('[name="username"]').should('have.value', '')
 
     cy.wait('@api-username-post').should(({ request, response }) => {
-      expect(request.headers).to.include({
-        'authorization': 'bearer foobar'
-      })
       expect(response.body).to.deep.eq({
         "username": "fbar"
       })
@@ -100,8 +77,7 @@ context('Registration Page', () => {
   })
 
   it('username-cycle-detect', () => {
-    reg_token({token: 'foobar'})
-    cy.visit('/register?reg_token=foobar')
+    cy.visit('/register')
     keycloak({
       insts: ['instA'],
       new_username: function(input_username){
@@ -114,10 +90,6 @@ context('Registration Page', () => {
       }
     })
 
-    cy.wait('@api-reg_token-validate').should(({ request, response }) => {
-      expect(request.url).to.match(/foobar$/)
-    })
-
     cy.get('#nav .active').contains('register', {matchCase: false})
 
     cy.get('[data-test="institution"]').should('exist').should('be.disabled')
@@ -129,9 +101,6 @@ context('Registration Page', () => {
     cy.get('[name="last_name"]').type('bar')
 
     cy.wait('@api-username-post').should(({ request, response }) => {
-      expect(request.headers).to.include({
-        'authorization': 'bearer foobar'
-      })
       expect(response.body).to.deep.eq({
         "username": "fbar"
       })

dependencies-from-Dockerfile.log

@@ -0,0 +1,30 @@
+aio-pika==9.3.0
+aiormq==6.7.7
+cachetools==5.3.1
+certifi==2023.7.22
+cffi==1.16.0
+charset-normalizer==3.3.0
+cryptography==41.0.4
+dnspython==2.4.2
+idna==3.4
+ldap3==2.9.1
+motor==3.3.1
+multidict==6.0.4
+pamqp==3.2.1
+pyasn1==0.5.0
+pycparser==2.21
+PyJWT==2.8.0
+pymongo==4.5.0
+pypng==0.20220715.0
+qrcode==7.4.2
+requests==2.31.0
+requests-futures==1.0.1
+tornado==6.3.3
+typing_extensions==4.8.0
+Unidecode==1.3.7
+urllib3==2.0.6
+-e /app
+wipac-dev-tools==1.7.0
+wipac-keycloak-rest-services==1.4.44
+wipac-rest-tools==1.6.0
+yarl==1.9.2

docs/admin_insts.md

@@ -10,16 +10,10 @@ to join your institution, or directly make changes for existing users.
 
 ## Registering New Users
 
-New users should register through a link provided on the institution page,
-which contains a 7-day authorization.
+New users should register through the [https://user-management.icecube.aq/register](registration page).
+It is possible to give out a specific link for an institution, like:
 
-As an example, for IceCube/Aachen, a registration link is:
-
-    https://user-management.icecube.aq/register?experiment=IceCube&institution=Aachen&reg_token=XXXXXXX
-
-Here is what the registration section looks like:
-
-![registration link](images/admin_inst_reg_link.png)
+    https://user-management.icecube.aq/register?experiment=IceCube&institution=Aachen
 
 ### Manually adding a new user