-
Notifications
You must be signed in to change notification settings - Fork 5
User Authentication
The datawake is intended as a multi-user system that enables collaboration and sharing of data, which requires user authentication. By default all auth in the system is turned off and a single mock user is provided.
One instance of the datawake can support multiple teams or organizations. Any team member has access to all data gathered by their team, but can not see any data relating to other teams.
Organization level authentication is done against a simple database table mapping email addresses to org names. By default when MOCK_AUTH is used for dev environments this table is ignored and all users are added to a default organization.
To load user org mappings see util/datawaketools/orgLoader.py
The datawake uses google authentication to validate users.
By default authentication is turned OFF and a single mock user (John Doe) is provided. To enable authentication you must do the following.
- First do some background reading on using OAuth with google Using OAuth 2.0 for Login
You need to edit the datawake/conf/datawakeconfig.py file to use Google Auth (if using docker skip this and set the set the DW_GOOGLE_CLIENT_IDS environment variable instead,while ensuring that DW_MOCK_AUTH and DW_MOCK_FORENSIC_AUTH are not set). The Client ids here is for any clients (such as the forensic view web server) that will need to authenticate a user.
MOCK_AUTH = False
MOCK_FORENSIC_AUTH = False
CLIENT_IDS = ["YOUR CLIENT ID HERE"]
Change the scripts at the bottom of the body in newTab.html AND popup.html to use prod_signin.js instead of signin.js.
<!--<script src="js/signin.js"></script>-->
<script src="js/prod_signin.js"></script>
You also need to add your client id to the manifest.json file.
"oauth2": {
"client_id": "your client id here",
"scopes": ["https://www.googleapis.com/auth/plus.login","https://www.googleapis.com/auth/userinfo.email"]
},
You'll need to edit the forensic/index.html file by setting useGoogleAuth to true and adding your client id
...
<meta name="google-signin-clientid" content="client id here"/>
<script type="text/javascript">
//Make sure you add your client id if you enable.
var useGoogleAuth = true;
(function () {
authHelper.setOnLoggedIn(function () {
//once a session is established on the datawake server refresh the view
refreshForensicView()
});
if (!useGoogleAuth) {
authHelper.onSignInCallback({'access_token': '123456'});
} else {
var po = document.createElement('script');
po.type = 'text/javascript'; po.async = true;
po.src = 'https://apis.google.com/js/client:plusone.js?onload=render';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(po, s);
checkClientId();
}
})();
function checkClientId(){
var clientId = $("meta[name='google-signin-clientid']").attr('content');
if(clientId == ""){
alert("You have Google Auth Enabled, but forgot to add a client Id!");
}
}
function onSignInCallback(authResult) {
authHelper.onSignInCallback(authResult);
}
</script>
You need to add a google client id and google client secret to firefox. This can be done by either editing the package.json or going into the add-on preferences (recommended) through firefox itself.
For the package.json:
{
"name": "googleClientId",
"title": "The Google Auth Client ID",
"description": "(Required if Google Auth is checked) Sets the client id that should be used when using Google Auth.",
"type": "string",
"value": "VALUE GOES HERE"
},
{
"name": "googleClientSecret",
"title": "The Google Auth Client Secret",
"description": "(Required if Google Auth is checked) Sets the client secret that should be used when using Google Auth.",
"type": "string",
"value": "VALUE GOES HERE"
}
You also need to check a box to use google auth in the add-on preferences (recommended).