apisonator 3.3.3 → 3.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/Gemfile.lock +2 -2
- data/Gemfile.on_prem.lock +2 -2
- data/lib/3scale/backend/alert_limit.rb +5 -11
- data/lib/3scale/backend/service.rb +3 -35
- data/lib/3scale/backend/transactor.rb +17 -26
- data/lib/3scale/backend/transactor/status.rb +27 -9
- data/lib/3scale/backend/validators.rb +7 -0
- data/lib/3scale/backend/validators/oauth_setting.rb +1 -1
- data/lib/3scale/backend/version.rb +1 -1
- data/licenses.xml +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a260bc57e82268c54885b58a12c79d28c9b7c53f8fb5e48182c887488888184
|
4
|
+
data.tar.gz: 7dbed84c520c06e914d15e99f6e1b78365a1b695d8cf8e1fd66a58c02fa36fa9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d0bdd90d90972bc416faf04a852ff56c3895da1cb191b264617f71add2f22c5942d928d85c9877faceab4f00e7fe26955dfeed7c6cbc615a8fe555b7c6e251a
|
7
|
+
data.tar.gz: 22b6dbdb74d73117ba7358d231b5f747f54746687e452285b77883df4b352d20d59b3997b38a0c5c7b6cba9bce618b41900d6a0ee3ea1e169727470bce8158cb
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,25 @@
|
|
2
2
|
|
3
3
|
Notable changes to Apisonator will be tracked in this document.
|
4
4
|
|
5
|
+
## 3.4.0 - 2021-06-14
|
6
|
+
|
7
|
+
### Added
|
8
|
+
|
9
|
+
- New extension that list the keys of an application
|
10
|
+
([#284](https://github.com/3scale/apisonator/pull/284)).
|
11
|
+
|
12
|
+
### Changed
|
13
|
+
|
14
|
+
- It is now possible to use OIDC in the auth and authrep endpoints
|
15
|
+
([#280](https://github.com/3scale/apisonator/pull/280)).
|
16
|
+
- Updated multi-json to 1.15.0
|
17
|
+
([#278](https://github.com/3scale/apisonator/pull/278)).
|
18
|
+
|
19
|
+
### Removed
|
20
|
+
|
21
|
+
- Deleted unused service attributes related with deleted end-users functionality
|
22
|
+
([#277](https://github.com/3scale/apisonator/pull/277)).
|
23
|
+
|
5
24
|
## 3.3.3 - 2021-03-09
|
6
25
|
|
7
26
|
### Changed
|
data/Gemfile.lock
CHANGED
@@ -36,7 +36,7 @@ GIT
|
|
36
36
|
PATH
|
37
37
|
remote: .
|
38
38
|
specs:
|
39
|
-
apisonator (3.
|
39
|
+
apisonator (3.4.0)
|
40
40
|
|
41
41
|
GEM
|
42
42
|
remote: https://rubygems.org/
|
@@ -137,7 +137,7 @@ GEM
|
|
137
137
|
mocha (1.3.0)
|
138
138
|
metaclass (~> 0.0.1)
|
139
139
|
mono_logger (1.1.0)
|
140
|
-
multi_json (1.
|
140
|
+
multi_json (1.15.0)
|
141
141
|
mustache (1.0.5)
|
142
142
|
mustermann (1.0.2)
|
143
143
|
net-scp (1.2.1)
|
data/Gemfile.on_prem.lock
CHANGED
@@ -36,7 +36,7 @@ GIT
|
|
36
36
|
PATH
|
37
37
|
remote: .
|
38
38
|
specs:
|
39
|
-
apisonator (3.
|
39
|
+
apisonator (3.4.0)
|
40
40
|
|
41
41
|
GEM
|
42
42
|
remote: https://rubygems.org/
|
@@ -126,7 +126,7 @@ GEM
|
|
126
126
|
mocha (1.3.0)
|
127
127
|
metaclass (~> 0.0.1)
|
128
128
|
mono_logger (1.1.0)
|
129
|
-
multi_json (1.
|
129
|
+
multi_json (1.15.0)
|
130
130
|
mustache (1.0.5)
|
131
131
|
mustermann (1.0.2)
|
132
132
|
net-scp (1.2.1)
|
@@ -1,21 +1,15 @@
|
|
1
1
|
module ThreeScale
|
2
2
|
module Backend
|
3
3
|
class AlertLimit
|
4
|
-
|
5
|
-
|
6
|
-
"alerts/service_id:#{service_id}/allowed_set"
|
7
|
-
end
|
8
|
-
end
|
9
|
-
|
10
|
-
include KeyHelpers
|
11
|
-
extend KeyHelpers
|
4
|
+
include Alerts::KeyHelpers
|
5
|
+
extend Alerts::KeyHelpers
|
12
6
|
|
13
7
|
include Storable
|
14
8
|
|
15
9
|
attr_accessor :service_id, :value
|
16
10
|
|
17
11
|
def save
|
18
|
-
storage.sadd(
|
12
|
+
storage.sadd(key_allowed_set(service_id), value.to_i) if valid?
|
19
13
|
end
|
20
14
|
|
21
15
|
def to_hash
|
@@ -26,7 +20,7 @@ module ThreeScale
|
|
26
20
|
end
|
27
21
|
|
28
22
|
def self.load_all(service_id)
|
29
|
-
values = storage.smembers(
|
23
|
+
values = storage.smembers(key_allowed_set(service_id))
|
30
24
|
values.map do |value|
|
31
25
|
new(service_id: service_id, value: value.to_i)
|
32
26
|
end
|
@@ -38,7 +32,7 @@ module ThreeScale
|
|
38
32
|
end
|
39
33
|
|
40
34
|
def self.delete(service_id, value)
|
41
|
-
storage.srem(
|
35
|
+
storage.srem(key_allowed_set(service_id), value.to_i) if valid_value?(value)
|
42
36
|
end
|
43
37
|
|
44
38
|
def self.valid_value?(value)
|
@@ -4,16 +4,12 @@ module ThreeScale
|
|
4
4
|
include Storable
|
5
5
|
|
6
6
|
# list of attributes to be fetched from storage
|
7
|
-
ATTRIBUTES = %i[state referrer_filters_required backend_version
|
8
|
-
user_registration_required default_user_plan_id
|
9
|
-
default_user_plan_name provider_key].freeze
|
7
|
+
ATTRIBUTES = %i[state referrer_filters_required backend_version provider_key].freeze
|
10
8
|
private_constant :ATTRIBUTES
|
11
9
|
|
12
10
|
attr_reader :state
|
13
|
-
attr_accessor :provider_key, :id, :backend_version
|
14
|
-
|
15
|
-
attr_writer :referrer_filters_required, :user_registration_required,
|
16
|
-
:default_service
|
11
|
+
attr_accessor :provider_key, :id, :backend_version
|
12
|
+
attr_writer :referrer_filters_required, :default_service
|
17
13
|
|
18
14
|
class << self
|
19
15
|
include Memoizer::Decorator
|
@@ -104,8 +100,6 @@ module ThreeScale
|
|
104
100
|
memoize :list
|
105
101
|
|
106
102
|
def save!(attributes = {})
|
107
|
-
massage_set_user_registration_required attributes
|
108
|
-
|
109
103
|
new(attributes).save!
|
110
104
|
end
|
111
105
|
|
@@ -139,26 +133,10 @@ module ThreeScale
|
|
139
133
|
def massage_service_attrs(service_attrs)
|
140
134
|
service_attrs[:referrer_filters_required] =
|
141
135
|
service_attrs[:referrer_filters_required].to_i > 0
|
142
|
-
service_attrs[:user_registration_required] =
|
143
|
-
massage_get_user_registration_required(
|
144
|
-
service_attrs[:user_registration_required])
|
145
136
|
|
146
137
|
service_attrs
|
147
138
|
end
|
148
139
|
|
149
|
-
# nil => true, 1 => true, '1' => true, 0 => false, '0' => false
|
150
|
-
def massage_get_user_registration_required(value)
|
151
|
-
value.nil? ? true : value.to_i > 0
|
152
|
-
end
|
153
|
-
|
154
|
-
def massage_set_user_registration_required(attributes)
|
155
|
-
if attributes[:user_registration_required].nil?
|
156
|
-
val = storage.get(storage_key(attributes[:id], :user_registration_required))
|
157
|
-
attributes[:user_registration_required] =
|
158
|
-
(!val.nil? && val.to_i == 0) ? false : true
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
140
|
def get_attr(id, attribute)
|
163
141
|
storage.get(storage_key(id, attribute))
|
164
142
|
end
|
@@ -195,10 +173,6 @@ module ThreeScale
|
|
195
173
|
@referrer_filters_required
|
196
174
|
end
|
197
175
|
|
198
|
-
def user_registration_required?
|
199
|
-
@user_registration_required
|
200
|
-
end
|
201
|
-
|
202
176
|
def save!
|
203
177
|
set_as_default_if_needed
|
204
178
|
persist
|
@@ -227,9 +201,6 @@ module ThreeScale
|
|
227
201
|
provider_key: provider_key,
|
228
202
|
backend_version: backend_version,
|
229
203
|
referrer_filters_required: referrer_filters_required?,
|
230
|
-
user_registration_required: user_registration_required?,
|
231
|
-
default_user_plan_id: default_user_plan_id,
|
232
|
-
default_user_plan_name: default_user_plan_name,
|
233
204
|
default_service: default_service?
|
234
205
|
}
|
235
206
|
end
|
@@ -294,9 +265,6 @@ module ThreeScale
|
|
294
265
|
|
295
266
|
def persist_attributes
|
296
267
|
persist_attribute :referrer_filters_required, referrer_filters_required? ? 1 : 0
|
297
|
-
persist_attribute :user_registration_required, user_registration_required? ? 1 : 0
|
298
|
-
persist_attribute :default_user_plan_id, default_user_plan_id, true
|
299
|
-
persist_attribute :default_user_plan_name, default_user_plan_name, true
|
300
268
|
persist_attribute :backend_version, backend_version, true
|
301
269
|
persist_attribute :provider_key, provider_key
|
302
270
|
persist_attribute :state, state.to_s if state
|
@@ -61,6 +61,8 @@ module ThreeScale
|
|
61
61
|
|
62
62
|
def validate(oauth, provider_key, report_usage, params, request_info)
|
63
63
|
service = Service.load_with_provider_key!(params[:service_id], provider_key)
|
64
|
+
oidc_service = !oauth && service.backend_version == 'oauth'.freeze
|
65
|
+
|
64
66
|
# service_id cannot be taken from params since it might be missing there
|
65
67
|
service_id = service.id
|
66
68
|
|
@@ -70,12 +72,18 @@ module ThreeScale
|
|
70
72
|
# significant.
|
71
73
|
params[:app_id] = nil if app_id && app_id.empty?
|
72
74
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
75
|
+
# While OIDC without an app_id makes little sense, we would break existing
|
76
|
+
# behaviour when calling non oauth_auth*.xml endpoints if we returned an
|
77
|
+
# error here, so only do this for oauth_auth*.xml endpoints.
|
78
|
+
raise ApplicationNotFound.new nil if oauth && app_id.nil?
|
79
|
+
|
80
|
+
validators = if oidc_service
|
81
|
+
Validators::OIDC_VALIDATORS
|
82
|
+
elsif oauth
|
83
|
+
Validators::OAUTH_VALIDATORS
|
84
|
+
else
|
85
|
+
Validators::VALIDATORS
|
86
|
+
end
|
79
87
|
|
80
88
|
params[:user_key] = nil if params[:user_key] && params[:user_key].empty?
|
81
89
|
application = Application.load_by_id_or_user_key!(service_id,
|
@@ -98,8 +106,9 @@ module ThreeScale
|
|
98
106
|
# hierarchy parameter adds information in the response needed
|
99
107
|
# to derive which limits affect directly or indirectly the
|
100
108
|
# metrics for which authorization is requested.
|
101
|
-
hierarchy: extensions[:hierarchy] == '1',
|
102
|
-
flat_usage: extensions[:flat_usage] == '1'
|
109
|
+
hierarchy: extensions[:hierarchy] == '1'.freeze,
|
110
|
+
flat_usage: extensions[:flat_usage] == '1'.freeze,
|
111
|
+
list_app_keys: extensions[:list_app_keys] == '1'.freeze
|
103
112
|
}
|
104
113
|
|
105
114
|
application.load_metric_names
|
@@ -108,24 +117,6 @@ module ThreeScale
|
|
108
117
|
apply_validators(validators, status_attrs, params)
|
109
118
|
end
|
110
119
|
|
111
|
-
def get_token_ids(token, service_id, app_id)
|
112
|
-
begin
|
113
|
-
token_aid = OAuth::Token::Storage.get_credentials(token, service_id)
|
114
|
-
rescue AccessTokenInvalid => e
|
115
|
-
# Yep, well, er. Someone specified that it is OK to have an
|
116
|
-
# invalid token if an app_id is specified. Somehow passing in
|
117
|
-
# a user_key is still not enough, though...
|
118
|
-
raise e if app_id.nil?
|
119
|
-
end
|
120
|
-
|
121
|
-
# We only take the token ids into account if we had no parameter ids
|
122
|
-
if app_id.nil?
|
123
|
-
app_id = token_aid
|
124
|
-
end
|
125
|
-
|
126
|
-
app_id
|
127
|
-
end
|
128
|
-
|
129
120
|
def do_authorize(method, provider_key, params, context_info)
|
130
121
|
notify_authorize(provider_key)
|
131
122
|
validate(method == :oauth_authorize, provider_key, false, params, context_info[:request])
|
@@ -8,17 +8,23 @@ module ThreeScale
|
|
8
8
|
# We only use 'redirect_uri' if a request sent such a param. See #397.
|
9
9
|
REDIRECT_URI_FIELD = 'redirect_url'.freeze
|
10
10
|
private_constant :REDIRECT_URI_FIELD
|
11
|
+
# Maximum number of keys to list when using the list_app_keys extension
|
12
|
+
# At the time of writing System/Porta has a limit of 5 different app_keys
|
13
|
+
# at any given moment, but this could change anytime.
|
14
|
+
LIST_APP_KEYS_MAX = 256
|
15
|
+
private_constant :LIST_APP_KEYS_MAX
|
11
16
|
|
12
17
|
def initialize(attributes)
|
13
|
-
@service_id
|
14
|
-
@application
|
15
|
-
@oauth
|
16
|
-
@usage
|
17
|
-
@predicted_usage
|
18
|
-
@values
|
19
|
-
@timestamp
|
20
|
-
@hierarchy_ext
|
21
|
-
@flat_usage_ext
|
18
|
+
@service_id = attributes[:service_id]
|
19
|
+
@application = attributes[:application]
|
20
|
+
@oauth = attributes[:oauth]
|
21
|
+
@usage = attributes[:usage]
|
22
|
+
@predicted_usage = attributes[:predicted_usage]
|
23
|
+
@values = filter_values(attributes[:values] || {})
|
24
|
+
@timestamp = attributes[:timestamp] || Time.now.getutc
|
25
|
+
@hierarchy_ext = attributes[:hierarchy]
|
26
|
+
@flat_usage_ext = attributes[:flat_usage]
|
27
|
+
@list_app_keys_ext = attributes[:list_app_keys]
|
22
28
|
|
23
29
|
raise 'service_id not specified' if @service_id.nil?
|
24
30
|
raise ':application is required' if @application.nil?
|
@@ -106,6 +112,7 @@ module ThreeScale
|
|
106
112
|
add_plan_section(xml, 'plan'.freeze, plan_name)
|
107
113
|
add_reports_section(xml, application_usage_reports)
|
108
114
|
hierarchy_reports.concat application_usage_reports if hierarchy_reports
|
115
|
+
add_app_keys_section xml if @list_app_keys_ext
|
109
116
|
end
|
110
117
|
|
111
118
|
if hierarchy_reports
|
@@ -161,6 +168,17 @@ module ThreeScale
|
|
161
168
|
xml << '</hierarchy>'.freeze
|
162
169
|
end
|
163
170
|
|
171
|
+
def add_app_keys_section(xml)
|
172
|
+
xml << '<app_keys app="'.freeze
|
173
|
+
xml << @application.id << '" svc="'.freeze
|
174
|
+
xml << @service_id << '">'.freeze
|
175
|
+
@application.keys.take(LIST_APP_KEYS_MAX).each do |key|
|
176
|
+
xml << '<key id="'.freeze
|
177
|
+
xml << key << '"/>'.freeze
|
178
|
+
end
|
179
|
+
xml << '</app_keys>'.freeze
|
180
|
+
end
|
181
|
+
|
164
182
|
# helper to iterate over reports and get relevant hierarchy info
|
165
183
|
def with_report_and_hierarchy(reports)
|
166
184
|
reports.each do |ur|
|
@@ -21,6 +21,13 @@ module ThreeScale
|
|
21
21
|
OAUTH_VALIDATORS = ([Validators::OauthSetting,
|
22
22
|
Validators::OauthKey,
|
23
23
|
Validators::RedirectURI] + COMMON_VALIDATORS).freeze
|
24
|
+
|
25
|
+
# OIDC specific validators will only check app keys when app_key is given.
|
26
|
+
#
|
27
|
+
# No need to add OauthSetting, since we need to check that to tell
|
28
|
+
# OIDC apart from the rest when calling authrep.xml (note lack of
|
29
|
+
# the oauth_ prefix).
|
30
|
+
OIDC_VALIDATORS = ([Validators::OauthKey] + COMMON_VALIDATORS).freeze
|
24
31
|
end
|
25
32
|
end
|
26
33
|
end
|
data/licenses.xml
CHANGED
@@ -23,7 +23,7 @@
|
|
23
23
|
</dependency>
|
24
24
|
<dependency>
|
25
25
|
<packageName>apisonator</packageName>
|
26
|
-
<version>3.
|
26
|
+
<version>3.4.0</version>
|
27
27
|
<licenses>
|
28
28
|
<license>
|
29
29
|
<name>Apache 2.0</name>
|
@@ -475,7 +475,7 @@
|
|
475
475
|
</dependency>
|
476
476
|
<dependency>
|
477
477
|
<packageName>multi_json</packageName>
|
478
|
-
<version>1.
|
478
|
+
<version>1.15.0</version>
|
479
479
|
<licenses>
|
480
480
|
<license>
|
481
481
|
<name>MIT</name>
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apisonator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Ciganek
|
@@ -16,7 +16,7 @@ authors:
|
|
16
16
|
autorequire:
|
17
17
|
bindir: bin
|
18
18
|
cert_chain: []
|
19
|
-
date: 2021-
|
19
|
+
date: 2021-06-14 00:00:00.000000000 Z
|
20
20
|
dependencies: []
|
21
21
|
description: This gem provides a daemon that handles authorization and reporting of
|
22
22
|
web services managed by 3scale.
|