Comments (6)
keiffster
commented on July 19, 2024
Looks like a good approach, and further thinking I agree that an auth framework would be a good approach.
Previous Bots have relied on different approaches. The last one I built provided Web, SMS, XMPP and Twitter. it required you to register SMS, XMPP and Twitter info and we would then use the credentials embedded in the sent data to see if you should be allowed and for Web, you first had to log onto the website customer account section which left a cookie with your credentials that we could use.
All of these options allowed non authenticated comms for general questions, but if you asked account specific and failed auth you were told to either log into the web client or register your credentials
from program-y.
keiffster
commented on July 19, 2024
I've now started on the authentication framework, new branch authframework contains the code for now until we agree and merge
from program-y.
keiffster
commented on July 19, 2024
So I moved forward with this and now have authentication and authorisation frameworks in place
Authentication is as above following your pattern for using the pre-processor which once I'd implemented it seems the logical place. as authentication should be for every request
Authorisation, however, is likely to be on a per command or group of commands and as such I've implemented a User, Roles and Groups capability and introduced a new tag
Basically, Users have Roles, Groups have Roles, User can belong to Groups and Groups can contain Groups. This gives a flexible approach to applying authorization rules to different collections of people.
There is also a new tag which you wrap a template in which first checks if the user is authorised to execute the template using the above Users, Roles and Groups, e.g
<template>
<authorise role="sysadmin">
<srai>LIST ACTIVE USERS</srai>
</authorise>
<template>
So when the parser gets to this template, it checks that the user defined by clientid, has the role of "sysadmin" either directly or through associated with a group. Only then does it execute the srai.
If user does not have authorisation, then it returns FAIL_AUTHORISATION token
Still work in progress on the authframework branch but its coming together nicely
k
from program-y.
keiffster
commented on July 19, 2024
Hi Sean/ #ideasean ,
Well this email thread has generated a big piece of work, specifically adding authorisation and authentication into the core code base.
I have moved authentication in the core brain loop rather than use a pre-processor. This makes it more solid as a solution
Authentication is now a tag as described above, and there is an implementation of Users, Groups and Roles with an associated way of loading them from a file for now
All code still on the authframework branch but looking good I think
K
from program-y.
keiffster
commented on July 19, 2024
Now merged and sync'd to master, keeping open until documentation written
from program-y.
keiffster
commented on July 19, 2024
Documentation now moving onto the wiki under security, closing this issue to allow individual issues to be raised if needed
from program-y.
Related Issues (20)
- Programy on PythonAnywhere HOT 1
- Program-Y is alive.... again HOT 2
- <system> tag in aiml doesn't work HOT 1
- scheduling extension doesn't print message
- Error when trying to save data from 'learnf' elements to MongoDB HOT 2
- Wikipedia doesn't seam to work HOT 1
- <learn> and <star> don't work together HOT 1
- How to get a variable value outside of aiml files inside python code?
- Setting SentenceSplitter on an embedded bot HOT 4
- Whenever I install program y, cryptography fails to install and the whole installation stops.
- Bug in pattern parser where the star index of the words will change
- WARNING:root:[Console] [bot] [brain] [testuser] - System command node disabled in config
- ModuleNotFoundError: No module named 'sqlalchemy'
- Pattern matching not work in a right way
- image not displaying in telegram
- GUI for my bot (Not a feature request I was just unsure where to ask) HOT 1
- Change Default Response
- AttributeError: module 'collections' has no attribute 'MutableSet' HOT 3
- module apscheduler not found
- Thoughts about ChatGPT service for ProgramY
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from program-y.