| ... | ... | @@ -3,10 +3,41 @@ ___GoSurvey___ uses a pure [M2M](https://en.wikipedia.org/wiki/Machine_to_machin |
|
|
|
# Users
|
|
|
|
Users are defined by a unique-ID ([UUID](https://en.wikipedia.org/wiki/Universally_unique_identifier)).
|
|
|
|
|
|
|
|
Each user gets assigned exactly one [group](#Groups) and _n_ surveys.
|
|
|
|
Each user gets assigned exactly one [group](#groups) and _n_ surveys.
|
|
|
|
|
|
|
|
Each user gets assigned exactly one [token](#tokens).
|
|
|
|
|
|
|
|
## Superadmin
|
|
|
|
- All users except the originally created _superadmin_ user can be deleted.
|
|
|
|
- The _superadmin_ user has a fixed role assigned. No other user can inherit this role.
|
|
|
|
- A superadmin token must be created and retrieved in a [specifically secure way](#superadmin-token-generation).
|
|
|
|
|
|
|
|
# Groups
|
|
|
|
There are exactly __4__ groups available:
|
|
|
|
- Superadmin (cannot be assigned, only existing system-internal)
|
|
|
|
- Admin (read & write)
|
|
|
|
- Survey (write only)
|
|
|
|
- researcher (read only)
|
|
|
|
|
|
|
|
# Tokens
|
|
|
|
Tokens are created in [JWT](https://en.wikipedia.org/wiki/JSON_Web_Token)-format. They contain the information needed by the server to identify the user. As the authorization is performed on the server, no authorization payload needs to be carried.
|
|
|
|
|
|
|
|
# Tokens |
|
|
\ No newline at end of file |
|
|
|
## Superadmin token generation
|
|
|
|
As the superadmin carries a very permissive role, the tokens of the superadmin are only valid for some (e.g. 5) minutes. They need to be recreated through a separate RESTful endpoint using a challenge/response system with a private key. The server is made aware of the public key at installation time. On athentication request, the server creates a challenge and [encrypts](https://pagefault.blog/2019/04/22/how-to-sign-and-verify-using-openssl/) it using the public key.
|
|
|
|
```plantuml
|
|
|
|
@startuml
|
|
|
|
Client -> Server : Authenticate
|
|
|
|
Server -> Server : Create and Encrypt Challenge
|
|
|
|
Server -> Client : Encrypted Challenge
|
|
|
|
Client -> Client : Decrypt and Sign Challenge
|
|
|
|
Client -> Server : Signature
|
|
|
|
Server -> Server : Verify
|
|
|
|
alt Signature valid
|
|
|
|
Server -> Server : Create token
|
|
|
|
Server -> Client : Token
|
|
|
|
else
|
|
|
|
Server -> Client : Send failure
|
|
|
|
end
|
|
|
|
@enduml
|
|
|
|
```
|
|
|
|
As the local client may have no native ability for private/public key infrastructure (PKI), this should be handled by the [middleware](Middleware). |
|
|
\ No newline at end of file |
