apisonator 3.3.3 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/Gemfile.lock +2 -2
- data/Gemfile.on_prem.lock +2 -2
- data/lib/3scale/backend/alert_limit.rb +5 -11
- data/lib/3scale/backend/service.rb +3 -35
- data/lib/3scale/backend/transactor.rb +17 -26
- data/lib/3scale/backend/transactor/status.rb +27 -9
- data/lib/3scale/backend/validators.rb +7 -0
- data/lib/3scale/backend/validators/oauth_setting.rb +1 -1
- data/lib/3scale/backend/version.rb +1 -1
- data/licenses.xml +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a260bc57e82268c54885b58a12c79d28c9b7c53f8fb5e48182c887488888184
|
4
|
+
data.tar.gz: 7dbed84c520c06e914d15e99f6e1b78365a1b695d8cf8e1fd66a58c02fa36fa9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d0bdd90d90972bc416faf04a852ff56c3895da1cb191b264617f71add2f22c5942d928d85c9877faceab4f00e7fe26955dfeed7c6cbc615a8fe555b7c6e251a
|
7
|
+
data.tar.gz: 22b6dbdb74d73117ba7358d231b5f747f54746687e452285b77883df4b352d20d59b3997b38a0c5c7b6cba9bce618b41900d6a0ee3ea1e169727470bce8158cb
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,25 @@
|
|
2
2
|
|
3
3
|
Notable changes to Apisonator will be tracked in this document.
|
4
4
|
|
5
|
+
## 3.4.0 - 2021-06-14
|
6
|
+
|
7
|
+
### Added
|
8
|
+
|
9
|
+
- New extension that list the keys of an application
|
10
|
+
([#284](https://github.com/3scale/apisonator/pull/284)).
|
11
|
+
|
12
|
+
### Changed
|
13
|
+
|
14
|
+
- It is now possible to use OIDC in the auth and authrep endpoints
|
15
|
+
([#280](https://github.com/3scale/apisonator/pull/280)).
|
16
|
+
- Updated multi-json to 1.15.0
|
17
|
+
([#278](https://github.com/3scale/apisonator/pull/278)).
|
18
|
+
|
19
|
+
### Removed
|
20
|
+
|
21
|
+
- Deleted unused service attributes related with deleted end-users functionality
|
22
|
+
([#277](https://github.com/3scale/apisonator/pull/277)).
|
23
|
+
|
5
24
|
## 3.3.3 - 2021-03-09
|
6
25
|
|
7
26
|
### Changed
|
data/Gemfile.lock
CHANGED
@@ -36,7 +36,7 @@ GIT
|
|
36
36
|
PATH
|
37
37
|
remote: .
|
38
38
|
specs:
|
39
|
-
apisonator (3.
|
39
|
+
apisonator (3.4.0)
|
40
40
|
|
41
41
|
GEM
|
42
42
|
remote: https://rubygems.org/
|
@@ -137,7 +137,7 @@ GEM
|
|
137
137
|
mocha (1.3.0)
|
138
138
|
metaclass (~> 0.0.1)
|
139
139
|
mono_logger (1.1.0)
|
140
|
-
multi_json (1.
|
140
|
+
multi_json (1.15.0)
|
141
141
|
mustache (1.0.5)
|
142
142
|
mustermann (1.0.2)
|
143
143
|
net-scp (1.2.1)
|
data/Gemfile.on_prem.lock
CHANGED
@@ -36,7 +36,7 @@ GIT
|
|
36
36
|
PATH
|
37
37
|
remote: .
|
38
38
|
specs:
|
39
|
-
apisonator (3.
|
39
|
+
apisonator (3.4.0)
|
40
40
|
|
41
41
|
GEM
|
42
42
|
remote: https://rubygems.org/
|
@@ -126,7 +126,7 @@ GEM
|
|
126
126
|
mocha (1.3.0)
|
127
127
|
metaclass (~> 0.0.1)
|
128
128
|
mono_logger (1.1.0)
|
129
|
-
multi_json (1.
|
129
|
+
multi_json (1.15.0)
|
130
130
|
mustache (1.0.5)
|
131
131
|
mustermann (1.0.2)
|
132
132
|
net-scp (1.2.1)
|
@@ -1,21 +1,15 @@
|
|
1
1
|
module ThreeScale
|
2
2
|
module Backend
|
3
3
|
class AlertLimit
|
4
|
-
|
5
|
-
|
6
|
-
"alerts/service_id:#{service_id}/allowed_set"
|
7
|
-
end
|
8
|
-
end
|
9
|
-
|
10
|
-
include KeyHelpers
|
11
|
-
extend KeyHelpers
|
4
|
+
include Alerts::KeyHelpers
|
5
|
+
extend Alerts::KeyHelpers
|
12
6
|
|
13
7
|
include Storable
|
14
8
|
|
15
9
|
attr_accessor :service_id, :value
|
16
10
|
|
17
11
|
def save
|
18
|
-
storage.sadd(
|
12
|
+
storage.sadd(key_allowed_set(service_id), value.to_i) if valid?
|
19
13
|
end
|
20
14
|
|
21
15
|
def to_hash
|
@@ -26,7 +20,7 @@ module ThreeScale
|
|
26
20
|
end
|
27
21
|
|
28
22
|
def self.load_all(service_id)
|
29
|
-
values = storage.smembers(
|
23
|
+
values = storage.smembers(key_allowed_set(service_id))
|
30
24
|
values.map do |value|
|
31
25
|
new(service_id: service_id, value: value.to_i)
|
32
26
|
end
|
@@ -38,7 +32,7 @@ module ThreeScale
|
|
38
32
|
end
|
39
33
|
|
40
34
|
def self.delete(service_id, value)
|
41
|
-
storage.srem(
|
35
|
+
storage.srem(key_allowed_set(service_id), value.to_i) if valid_value?(value)
|
42
36
|
end
|
43
37
|
|
44
38
|
def self.valid_value?(value)
|
@@ -4,16 +4,12 @@ module ThreeScale
|
|
4
4
|
include Storable
|
5
5
|
|
6
6
|
# list of attributes to be fetched from storage
|
7
|
-
ATTRIBUTES = %i[state referrer_filters_required backend_version
|
8
|
-
user_registration_required default_user_plan_id
|
9
|
-
default_user_plan_name provider_key].freeze
|
7
|
+
ATTRIBUTES = %i[state referrer_filters_required backend_version provider_key].freeze
|
10
8
|
private_constant :ATTRIBUTES
|
11
9
|
|
12
10
|
attr_reader :state
|
13
|
-
attr_accessor :provider_key, :id, :backend_version
|
14
|
-
|
15
|
-
attr_writer :referrer_filters_required, :user_registration_required,
|
16
|
-
:default_service
|
11
|
+
attr_accessor :provider_key, :id, :backend_version
|
12
|
+
attr_writer :referrer_filters_required, :default_service
|
17
13
|
|
18
14
|
class << self
|
19
15
|
include Memoizer::Decorator
|
@@ -104,8 +100,6 @@ module ThreeScale
|
|
104
100
|
memoize :list
|
105
101
|
|
106
102
|
def save!(attributes = {})
|
107
|
-
massage_set_user_registration_required attributes
|
108
|
-
|
109
103
|
new(attributes).save!
|
110
104
|
end
|
111
105
|
|
@@ -139,26 +133,10 @@ module ThreeScale
|
|
139
133
|
def massage_service_attrs(service_attrs)
|
140
134
|
service_attrs[:referrer_filters_required] =
|
141
135
|
service_attrs[:referrer_filters_required].to_i > 0
|
142
|
-
service_attrs[:user_registration_required] =
|
143
|
-
massage_get_user_registration_required(
|
144
|
-
service_attrs[:user_registration_required])
|
145
136
|
|
146
137
|
service_attrs
|
147
138
|
end
|
148
139
|
|
149
|
-
# nil => true, 1 => true, '1' => true, 0 => false, '0' => false
|
150
|
-
def massage_get_user_registration_required(value)
|
151
|
-
value.nil? ? true : value.to_i > 0
|
152
|
-
end
|
153
|
-
|
154
|
-
def massage_set_user_registration_required(attributes)
|
155
|
-
if attributes[:user_registration_required].nil?
|
156
|
-
val = storage.get(storage_key(attributes[:id], :user_registration_required))
|
157
|
-
attributes[:user_registration_required] =
|
158
|
-
(!val.nil? && val.to_i == 0) ? false : true
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
140
|
def get_attr(id, attribute)
|
163
141
|
storage.get(storage_key(id, attribute))
|
164
142
|
end
|
@@ -195,10 +173,6 @@ module ThreeScale
|
|
195
173
|
@referrer_filters_required
|
196
174
|
end
|
197
175
|
|
198
|
-
def user_registration_required?
|
199
|
-
@user_registration_required
|
200
|
-
end
|
201
|
-
|
202
176
|
def save!
|
203
177
|
set_as_default_if_needed
|
204
178
|
persist
|
@@ -227,9 +201,6 @@ module ThreeScale
|
|
227
201
|
provider_key: provider_key,
|
228
202
|
backend_version: backend_version,
|
229
203
|
referrer_filters_required: referrer_filters_required?,
|
230
|
-
user_registration_required: user_registration_required?,
|
231
|
-
default_user_plan_id: default_user_plan_id,
|
232
|
-
default_user_plan_name: default_user_plan_name,
|
233
204
|
default_service: default_service?
|
234
205
|
}
|
235
206
|
end
|
@@ -294,9 +265,6 @@ module ThreeScale
|
|
294
265
|
|
295
266
|
def persist_attributes
|
296
267
|
persist_attribute :referrer_filters_required, referrer_filters_required? ? 1 : 0
|
297
|
-
persist_attribute :user_registration_required, user_registration_required? ? 1 : 0
|
298
|
-
persist_attribute :default_user_plan_id, default_user_plan_id, true
|
299
|
-
persist_attribute :default_user_plan_name, default_user_plan_name, true
|
300
268
|
persist_attribute :backend_version, backend_version, true
|
301
269
|
persist_attribute :provider_key, provider_key
|
302
270
|
persist_attribute :state, state.to_s if state
|
@@ -61,6 +61,8 @@ module ThreeScale
|
|
61
61
|
|
62
62
|
def validate(oauth, provider_key, report_usage, params, request_info)
|
63
63
|
service = Service.load_with_provider_key!(params[:service_id], provider_key)
|
64
|
+
oidc_service = !oauth && service.backend_version == 'oauth'.freeze
|
65
|
+
|
64
66
|
# service_id cannot be taken from params since it might be missing there
|
65
67
|
service_id = service.id
|
66
68
|
|
@@ -70,12 +72,18 @@ module ThreeScale
|
|
70
72
|
# significant.
|
71
73
|
params[:app_id] = nil if app_id && app_id.empty?
|
72
74
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
75
|
+
# While OIDC without an app_id makes little sense, we would break existing
|
76
|
+
# behaviour when calling non oauth_auth*.xml endpoints if we returned an
|
77
|
+
# error here, so only do this for oauth_auth*.xml endpoints.
|
78
|
+
raise ApplicationNotFound.new nil if oauth && app_id.nil?
|
79
|
+
|
80
|
+
validators = if oidc_service
|
81
|
+
Validators::OIDC_VALIDATORS
|
82
|
+
elsif oauth
|
83
|
+
Validators::OAUTH_VALIDATORS
|
84
|
+
else
|
85
|
+
Validators::VALIDATORS
|
86
|
+
end
|
79
87
|
|
80
88
|
params[:user_key] = nil if params[:user_key] && params[:user_key].empty?
|
81
89
|
application = Application.load_by_id_or_user_key!(service_id,
|
@@ -98,8 +106,9 @@ module ThreeScale
|
|
98
106
|
# hierarchy parameter adds information in the response needed
|
99
107
|
# to derive which limits affect directly or indirectly the
|
100
108
|
# metrics for which authorization is requested.
|
101
|
-
hierarchy: extensions[:hierarchy] == '1',
|
102
|
-
flat_usage: extensions[:flat_usage] == '1'
|
109
|
+
hierarchy: extensions[:hierarchy] == '1'.freeze,
|
110
|
+
flat_usage: extensions[:flat_usage] == '1'.freeze,
|
111
|
+
list_app_keys: extensions[:list_app_keys] == '1'.freeze
|
103
112
|
}
|
104
113
|
|
105
114
|
application.load_metric_names
|
@@ -108,24 +117,6 @@ module ThreeScale
|
|
108
117
|
apply_validators(validators, status_attrs, params)
|
109
118
|
end
|
110
119
|
|
111
|
-
def get_token_ids(token, service_id, app_id)
|
112
|
-
begin
|
113
|
-
token_aid = OAuth::Token::Storage.get_credentials(token, service_id)
|
114
|
-
rescue AccessTokenInvalid => e
|
115
|
-
# Yep, well, er. Someone specified that it is OK to have an
|
116
|
-
# invalid token if an app_id is specified. Somehow passing in
|
117
|
-
# a user_key is still not enough, though...
|
118
|
-
raise e if app_id.nil?
|
119
|
-
end
|
120
|
-
|
121
|
-
# We only take the token ids into account if we had no parameter ids
|
122
|
-
if app_id.nil?
|
123
|
-
app_id = token_aid
|
124
|
-
end
|
125
|
-
|
126
|
-
app_id
|
127
|
-
end
|
128
|
-
|
129
120
|
def do_authorize(method, provider_key, params, context_info)
|
130
121
|
notify_authorize(provider_key)
|
131
122
|
validate(method == :oauth_authorize, provider_key, false, params, context_info[:request])
|
@@ -8,17 +8,23 @@ module ThreeScale
|
|
8
8
|
# We only use 'redirect_uri' if a request sent such a param. See #397.
|
9
9
|
REDIRECT_URI_FIELD = 'redirect_url'.freeze
|
10
10
|
private_constant :REDIRECT_URI_FIELD
|
11
|
+
# Maximum number of keys to list when using the list_app_keys extension
|
12
|
+
# At the time of writing System/Porta has a limit of 5 different app_keys
|
13
|
+
# at any given moment, but this could change anytime.
|
14
|
+
LIST_APP_KEYS_MAX = 256
|
15
|
+
private_constant :LIST_APP_KEYS_MAX
|
11
16
|
|
12
17
|
def initialize(attributes)
|
13
|
-
@service_id
|
14
|
-
@application
|
15
|
-
@oauth
|
16
|
-
@usage
|
17
|
-
@predicted_usage
|
18
|
-
@values
|
19
|
-
@timestamp
|
20
|
-
@hierarchy_ext
|
21
|
-
@flat_usage_ext
|
18
|
+
@service_id = attributes[:service_id]
|
19
|
+
@application = attributes[:application]
|
20
|
+
@oauth = attributes[:oauth]
|
21
|
+
@usage = attributes[:usage]
|
22
|
+
@predicted_usage = attributes[:predicted_usage]
|
23
|
+
@values = filter_values(attributes[:values] || {})
|
24
|
+
@timestamp = attributes[:timestamp] || Time.now.getutc
|
25
|
+
@hierarchy_ext = attributes[:hierarchy]
|
26
|
+
@flat_usage_ext = attributes[:flat_usage]
|
27
|
+
@list_app_keys_ext = attributes[:list_app_keys]
|
22
28
|
|
23
29
|
raise 'service_id not specified' if @service_id.nil?
|
24
30
|
raise ':application is required' if @application.nil?
|
@@ -106,6 +112,7 @@ module ThreeScale
|
|
106
112
|
add_plan_section(xml, 'plan'.freeze, plan_name)
|
107
113
|
add_reports_section(xml, application_usage_reports)
|
108
114
|
hierarchy_reports.concat application_usage_reports if hierarchy_reports
|
115
|
+
add_app_keys_section xml if @list_app_keys_ext
|
109
116
|
end
|
110
117
|
|
111
118
|
if hierarchy_reports
|
@@ -161,6 +168,17 @@ module ThreeScale
|
|
161
168
|
xml << '</hierarchy>'.freeze
|
162
169
|
end
|
163
170
|
|
171
|
+
def add_app_keys_section(xml)
|
172
|
+
xml << '<app_keys app="'.freeze
|
173
|
+
xml << @application.id << '" svc="'.freeze
|
174
|
+
xml << @service_id << '">'.freeze
|
175
|
+
@application.keys.take(LIST_APP_KEYS_MAX).each do |key|
|
176
|
+
xml << '<key id="'.freeze
|
177
|
+
xml << key << '"/>'.freeze
|
178
|
+
end
|
179
|
+
xml << '</app_keys>'.freeze
|
180
|
+
end
|
181
|
+
|
164
182
|
# helper to iterate over reports and get relevant hierarchy info
|
165
183
|
def with_report_and_hierarchy(reports)
|
166
184
|
reports.each do |ur|
|
@@ -21,6 +21,13 @@ module ThreeScale
|
|
21
21
|
OAUTH_VALIDATORS = ([Validators::OauthSetting,
|
22
22
|
Validators::OauthKey,
|
23
23
|
Validators::RedirectURI] + COMMON_VALIDATORS).freeze
|
24
|
+
|
25
|
+
# OIDC specific validators will only check app keys when app_key is given.
|
26
|
+
#
|
27
|
+
# No need to add OauthSetting, since we need to check that to tell
|
28
|
+
# OIDC apart from the rest when calling authrep.xml (note lack of
|
29
|
+
# the oauth_ prefix).
|
30
|
+
OIDC_VALIDATORS = ([Validators::OauthKey] + COMMON_VALIDATORS).freeze
|
24
31
|
end
|
25
32
|
end
|
26
33
|
end
|
data/licenses.xml
CHANGED
@@ -23,7 +23,7 @@
|
|
23
23
|
</dependency>
|
24
24
|
<dependency>
|
25
25
|
<packageName>apisonator</packageName>
|
26
|
-
<version>3.
|
26
|
+
<version>3.4.0</version>
|
27
27
|
<licenses>
|
28
28
|
<license>
|
29
29
|
<name>Apache 2.0</name>
|
@@ -475,7 +475,7 @@
|
|
475
475
|
</dependency>
|
476
476
|
<dependency>
|
477
477
|
<packageName>multi_json</packageName>
|
478
|
-
<version>1.
|
478
|
+
<version>1.15.0</version>
|
479
479
|
<licenses>
|
480
480
|
<license>
|
481
481
|
<name>MIT</name>
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apisonator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Ciganek
|
@@ -16,7 +16,7 @@ authors:
|
|
16
16
|
autorequire:
|
17
17
|
bindir: bin
|
18
18
|
cert_chain: []
|
19
|
-
date: 2021-
|
19
|
+
date: 2021-06-14 00:00:00.000000000 Z
|
20
20
|
dependencies: []
|
21
21
|
description: This gem provides a daemon that handles authorization and reporting of
|
22
22
|
web services managed by 3scale.
|