OSIT-AE-API-FastAPI

Scott.Idem/OSIT-AE-API-FastAPI

Fork 0

Commit Graph

Author	SHA1	Message	Date
Scott Idem	d4e46a4a97	feat(auth): implement site-based passcode-to-JWT endpoint - Add POST /api/authenticate_passcode to verify site access codes - Refactor sign_jwt to support arbitrary role flags (super, admin, etc.) - Update dependencies_v3 to extract role flags from JWT payloads - Add E2E test for passcode auth verification	2026-01-20 17:51:54 -05:00
Scott Idem	dc7732ab5f	feat(security): implement safe guest auth flow and harden request_jwt - Patched request_jwt to strip privileged IDs when signing with public keys - Updated AccountContext and V3 dependencies to preserve JWT payloads for guests - Whitelisted Archive, Post, Event, and other core objects for public read access - Added 'default_qry_str' to Event searchable fields - Added test_e2e_jwt_guest_auth.py for security verification	2026-01-20 14:56:56 -05:00
Scott Idem	b2384f2869	Tests: Reorganize test suite into functional subdirectories - Categorized scripts into tests/unit/, tests/integration/, tests/e2e/, and tests/tools/. - Adopted consistent naming prefixes (test_unit_, test_int_, test_e2e_, tool_). - Renamed conftest_mock.py to mock_config_helper.py for clarity. - Updated test_int_boot_diagnosis.py with sys.path setup for root-level execution.	2026-01-16 10:46:19 -05:00

Author

SHA1

Message

Date

Scott Idem

d4e46a4a97

feat(auth): implement site-based passcode-to-JWT endpoint

- Add POST /api/authenticate_passcode to verify site access codes
- Refactor sign_jwt to support arbitrary role flags (super, admin, etc.)
- Update dependencies_v3 to extract role flags from JWT payloads
- Add E2E test for passcode auth verification

2026-01-20 17:51:54 -05:00

Scott Idem

dc7732ab5f

feat(security): implement safe guest auth flow and harden request_jwt

- Patched request_jwt to strip privileged IDs when signing with public keys
- Updated AccountContext and V3 dependencies to preserve JWT payloads for guests
- Whitelisted Archive, Post, Event, and other core objects for public read access
- Added 'default_qry_str' to Event searchable fields
- Added test_e2e_jwt_guest_auth.py for security verification

2026-01-20 14:56:56 -05:00

Scott Idem

b2384f2869

Tests: Reorganize test suite into functional subdirectories

- Categorized scripts into tests/unit/, tests/integration/, tests/e2e/, and tests/tools/.
- Adopted consistent naming prefixes (test_unit_*, test_int_*, test_e2e_*, tool_*).
- Renamed conftest_mock.py to mock_config_helper.py for clarity.
- Updated test_int_boot_diagnosis.py with sys.path setup for root-level execution.

2026-01-16 10:46:19 -05:00

3 Commits