Skip to content

Improve Auth Controller

Gabriel Preuß requested to merge improve_auth_controller into 26-prepare-code-to-be-testable

This merge request contains multiple tasks and should be seen as a discussion entry (esp. point 3):

  1. Refactor AuthController to split Controller Tasks and Business Logic
  2. Split Authentification and User Management
  3. Instead of checking if the user is logged in on multiple places checking it once how it should be.
  • For this I added an AuthorizationMiddleware which checks if the user is logged in and the accessed route is restricted or not
  • But: This is not how it should be used. The FlaskAPI approach using OAuth2PasswordBearer is to add the Token dependency on each route method which should be restricted. An example of that can be found in UserController.read_users_me method.
  • I tried to improve this approach to get the current user instead of the token only as a dependency but on the current structure with Controller / Logic I failed of doing so…
  • So we need to discuss here, which approach (Middleware vs. FlaskAPI way) we prefer. Both have advantages and disadvantages…

Merge request reports

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog | Status