Skip to content

AuthAPI overview and howtos

Overview

AuthAPI is Rails app, in which user can log in as Moderator to Umpire CMS or Wicket. When logging in in these apps the request is made to AuthAPI endpoint:

POST /api/v1/sign_in

{
    "email": "email@example.com",
    "password": "f$e18OnY8cJ"
}

The reponse have JWT Bearer token under the key "access_token". This token is then used for Umpire/Wicket apis requests, by adding it as Authorization request header. To view what content has this token go to https://jwt.io/, paste token ('eyJhbGciO...') in Debugger section. Then one can see moderator's abilities, moderator client abilities, wicket app ids ('app_access'), locale, client name, moderator email etc.

How-tos:

How to add moderator

create moderator for CMS prod: in AuthAPI prod: rails c

generate pass, eg. https://www.lastpass.com/features/password-generator#generatorTool find client: client = Client.find(1)

mod = Moderator.new(client_id: client.id, status: 'active', first_name: 'First', last_name: 'Name', email: 'email@example.com', password: 'f$e18OnY8cJ', locale: 'pl')
mod.save
mod.roles << Role.where(client_id: client.id).where.not(name: 'Support')

or without where.not(name: 'Support') if creating moderator with Support role

How to add/remove permissions for moderator?

check current roles: mod.roles remove role passing role id: mod.roles.destroy(29)

in case when we need more granular change (change roles abilites) change lib/tasks/roles/data.rb file, deploy it, then run on Auth API pod: bundle exec rails role:update

How to reset moderator password?

mod = Moderator.find_by(email: 'email@example.com')
m2.password = 'frgt5456y66'
m2.save

How to disable moderator?

mod = Moderator.find_by(email: 'email@example.com')

Either detroy record: mod.destroy (cannot be undone)

or set 'status' (in case we might need to activate moderator in the future): mod.status_deleted!

to re-activate moderator: mod.status_active!

How to allow moderator to have access to another Client?

For example, the moderator is of Ekstraklasa.org client, we want to give him access to Ekstraklasa.tv. Moderator is assigned to only one client, cannot have two or more. In order to give user access to other client, we need to create new Moderator in AuthApi, using desired client.