Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to sign in to Datasette as a root account #784

Closed
simonw opened this issue May 31, 2020 · 5 comments
Closed

Ability to sign in to Datasette as a root account #784

simonw opened this issue May 31, 2020 · 5 comments
Labels
authentication-and-permissions feature medium
Milestone
Datasette 0.44

Comments

@simonw
Copy link
Owner

simonw commented May 31, 2020

I'm going to draw the line here: default Datasette supports authentication but only for a single user account ("admin"). Plugins can then add support for multiple user accounts, social auth, SSO etc.

Originally posted by @simonw in #699 (comment)
@simonw simonw added this to the Datasette 1.0 milestone May 31, 2020
@simonw simonw changed the title Tools for configuring a default admin account and password Tools for configuring a default root account and password May 31, 2020
@simonw
Copy link
Owner Author

simonw commented May 31, 2020

I'm calling this the root account now, for reasons discussed in these two comments: #699 (comment)

@simonw
Copy link
Owner Author

simonw commented May 31, 2020

For the first version of this I'm not going to use passwords at all. I'll implement this:

$ datasette fixtures.db --root

The --root option will cause Datasette to output a URL with a one-time-use token in it which, when clicked, will authenticate the user as the root account (by setting a signed cookie).

Signed cookie means Datasette needs a secrets recipe. I'll open a new issue for that.

@simonw simonw mentioned this issue May 31, 2020
Closed
@simonw simonw changed the title Tools for configuring a default root account and password Ability to sign in to Datasette as a root account Jun 1, 2020
@simonw
Copy link
Owner Author

simonw commented Jun 1, 2020

The URL for this will be:

/-/auth-token?token=xxx

The token will be generated by Datasette on startup and will only be valid for a single request, at which point it will be used to set a signed ds_actor cookie and then redirect to the homepage.

simonw added a commit that referenced this issue Jun 1, 2020
@simonw
--root option and /-/auth-token view, refs #784
cc64215
simonw added a commit that referenced this issue Jun 1, 2020
@simonw
Default actor_from_request hook supporting ds_actor signed cookie
116a26c 
Refs #784, refs #699
simonw added a commit that referenced this issue Jun 1, 2020
@simonw
--root option and /-/auth-token view, refs #784
9f3d4ab
simonw added a commit that referenced this issue Jun 1, 2020
@simonw
Default actor_from_request hook supporting ds_actor signed cookie
57cf513 
Refs #784, refs #699
@simonw
Copy link
Owner Author

simonw commented Jun 1, 2020

I'm considering this done. I'm going to leave it to plugins to implement a web-based sign-in flow for accounts (at least for the moment).

@simonw simonw closed this as completed Jun 1, 2020
@simonw simonw modified the milestones: Datasette 1.0, Datasette 0.44 Jun 6, 2020
@simonw simonw mentioned this issue Jun 9, 2020
Closed
simonw added a commit that referenced this issue Jun 12, 2020
@simonw
Release Datasette 0.44
b906030 
Refs #395, #519, #576, #699, #706, #774, #777, #781, #784, #788, #790, #797,
#798, #800, #802, #804, #819, #822, #825, #826, #827, #828, #829, #830,
#833, #836, #837, #839

Closes #806.
@simonw
Copy link
Owner Author

simonw commented Jul 6, 2020

Documentation: https://datasette.readthedocs.io/en/stable/authentication.html#using-the-root-actor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
authentication-and-permissions feature medium
Projects
None yet
Milestone
Datasette 0.44
Development

No branches or pull requests
1 participant
@simonw