Coldfront REST API

[claire-peters]

I built a read-only REST API for FASRC's ColdFront fork and we've been using it internally to query ColdFront data for about half a year. This PR contains the generalizable parts that may help to address issue #316. The views are largely configured to make the same information available to users via API that would be available to them if they were accessing the GUI. PR #425 contains additional configuration for OAuth options etc that may be of use, but I thought having ready-made queries might be useful.

[aebruno]

@claire-peters We now require all commits to be "Signed-off" by using git commit --signoff which will acknowledge that you agree to the DCO. Can you rebase this PR into a single commit with --signoff? Thanks!

[claire-peters]

Done! Let me know if any further changes are needed.

[aebruno]

@claire-peters This looks great! One question that came up while testing this was about authentication. How are you handling users authenticating to the api at your site? Do you have local user/passwords in ColdFront?

We're currently using OAuth2/OpenID connect for authentication to ColdFront and it looks like some extract configuration for django-rest is necessary to get this all working together. Currently, when accessing the API there is the default django-rest login page for local user/passwords but that won't work in our case. One option we were exploring was to allow users to login to ColdFront via the web and create an API token on their user profile page. Then use that token for programmatic access to the API using django-rest token based auth. Is this something you have experimented with at all?

[claire-peters]

@aebruno We have a custom authentication system that's built on rest_framework token authentication in our ColdFront instance. I realized after you asked that there's an import missing in this PR to enable token authentication to work properly, which isn't missing in ours for that reason - I'll address that.

I think I could extend the userprofile template in the api plugin pretty easily so users can view or regenerate their key there. There's also OAuth config that's part of PR #425 which could be added here. Let me know if you want to go with one or both of those solutions and I can add them!

[aebruno]

I realized after you asked that there's an import missing in this PR to enable token authentication to work properly, which isn't missing in ours for that reason - I'll address that.

Perfect, thanks!

I think I could extend the userprofile template in the api plugin pretty easily so users can view or regenerate their key there. There's also OAuth config that's part of PR #425 which could be added here. Let me know if you want to go with one or both of those solutions and I can add them!

Let's start with token based auth and we can add OAuth later in a separate PR.