owtf icon indicating copy to clipboard operation
owtf copied to clipboard
verified publisher icon owtf

Authentication handlers for API and web server

Open viyatb opened this issue 8 years ago • 1 comments

OWTF should provide authentication options for users to log in and securely run tests if OWTF is hosted on a public IP.

For a barebones implementation, we need:

  • [ ] API handlers for register, login and logout functionality.
  • [ ] Tokens for OWTF REST API (ideally JWT tokens)
  • [ ] A way for users to create API tokens.
  • [ ] Users, APITokens models and integration with current DB schema.

Reference:

  • https://github.com/jupyter/notebook/blob/master/notebook/auth is a good reference implementation of the functionality (in Tornado).
  • Some examples for JWT tokens: https://steelkiwi.com/blog/jwt-authorization-python-part-1-practise/, https://auth0.com/docs/quickstart/backend/python/01-authorization, https://github.com/paulorodriguesxv/tornado-json-web-token-jwt/blob/master/auth.py

viyatb avatar Mar 19 '18 04:03 viyatb

Hello @viyatb, I would like to take up this issue.

amanpro30 avatar Mar 11 '21 05:03 amanpro30