Improvements for rbac
Description
The first version of rbac is pretty basic and requires some improvements.
TODO:
-
Secure stored passwords (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id) -
Add session handling including proper log out function -
Remove authorization away from auth_interceptor, probably in some kind of rbac service (see !287 (comment 234649)) -
Move user and role management related stuff away from gRPC auth service -
Set secret and duration data for jwt tokens in config (see !287 (comment 234650) and !287 (comment 234657)) -
Provide an interface to support different authentication/authorization methods -
Check that non-admins can only create one user with lowest permissions and can only change their own user or role -
Check that non-logged in users can only create one user with lowest permissions -
Remove option for non-admins to create users
Edited by Ghost User