apisonator 3.3.3 → 3.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a63aa45d4fa6c23fde95de0b422f771fc9fc104fa9dfebbcdc2c9c0d09219a1
-  data.tar.gz: 54809f95ad95b7cd4ab835a7ba3238fcd5d3bef1c9243bbabf1eb4fea95a7e97
+  metadata.gz: 7a260bc57e82268c54885b58a12c79d28c9b7c53f8fb5e48182c887488888184
+  data.tar.gz: 7dbed84c520c06e914d15e99f6e1b78365a1b695d8cf8e1fd66a58c02fa36fa9
 SHA512:
-  metadata.gz: c6810598c592d306959e53c89fa602f1f866613f6b6e9001126785f26d688ca71d909a97caafcff1f56ea368d375f146874ff6fd978260c9a8ecd364725afa95
-  data.tar.gz: 011c656c600e048725a869a949316171d583fd0cdac4f7bec84ea7231753571cb6d2b5409a9e41f8600d94c5fbb773a187ffe6a3aa5942e7c6a53c7e8b2e05b7
+  metadata.gz: 4d0bdd90d90972bc416faf04a852ff56c3895da1cb191b264617f71add2f22c5942d928d85c9877faceab4f00e7fe26955dfeed7c6cbc615a8fe555b7c6e251a
+  data.tar.gz: 22b6dbdb74d73117ba7358d231b5f747f54746687e452285b77883df4b352d20d59b3997b38a0c5c7b6cba9bce618b41900d6a0ee3ea1e169727470bce8158cb

data/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 Notable changes to Apisonator will be tracked in this document.
 
+## 3.4.0 - 2021-06-14
+
+### Added
+
+- New extension that list the keys of an application
+([#284](https://github.com/3scale/apisonator/pull/284)).
+
+### Changed
+
+- It is now possible to use OIDC in the auth and authrep endpoints
+([#280](https://github.com/3scale/apisonator/pull/280)).
+- Updated multi-json to 1.15.0
+([#278](https://github.com/3scale/apisonator/pull/278)).
+
+### Removed
+
+- Deleted unused service attributes related with deleted end-users functionality
+([#277](https://github.com/3scale/apisonator/pull/277)).
+
 ## 3.3.3 - 2021-03-09
 
 ### Changed

data/Gemfile.lock

@@ -36,7 +36,7 @@ GIT
 PATH
   remote: .
   specs:
-    apisonator (3.3.3)
+    apisonator (3.4.0)
 
 GEM
   remote: https://rubygems.org/
@@ -137,7 +137,7 @@ GEM
     mocha (1.3.0)
       metaclass (~> 0.0.1)
     mono_logger (1.1.0)
-    multi_json (1.13.1)
+    multi_json (1.15.0)
     mustache (1.0.5)
     mustermann (1.0.2)
     net-scp (1.2.1)

data/Gemfile.on_prem.lock

@@ -36,7 +36,7 @@ GIT
 PATH
   remote: .
   specs:
-    apisonator (3.3.3)
+    apisonator (3.4.0)
 
 GEM
   remote: https://rubygems.org/
@@ -126,7 +126,7 @@ GEM
     mocha (1.3.0)
       metaclass (~> 0.0.1)
     mono_logger (1.1.0)
-    multi_json (1.13.1)
+    multi_json (1.15.0)
     mustache (1.0.5)
     mustermann (1.0.2)
     net-scp (1.2.1)

data/lib/3scale/backend/alert_limit.rb

@@ -1,21 +1,15 @@
 module ThreeScale
   module Backend
     class AlertLimit
-      module KeyHelpers
-        def key(service_id)
-          "alerts/service_id:#{service_id}/allowed_set"
-        end
-      end
-
-      include KeyHelpers
-      extend KeyHelpers
+      include Alerts::KeyHelpers
+      extend Alerts::KeyHelpers
 
       include Storable
 
       attr_accessor :service_id, :value
 
       def save
-        storage.sadd(key(service_id), value.to_i) if valid?
+        storage.sadd(key_allowed_set(service_id), value.to_i) if valid?
       end
 
       def to_hash
@@ -26,7 +20,7 @@ module ThreeScale
       end
 
       def self.load_all(service_id)
-        values = storage.smembers(key(service_id))
+        values = storage.smembers(key_allowed_set(service_id))
         values.map do |value|
           new(service_id: service_id, value: value.to_i)
         end
@@ -38,7 +32,7 @@ module ThreeScale
       end
 
       def self.delete(service_id, value)
-        storage.srem(key(service_id), value.to_i) if valid_value?(value)
+        storage.srem(key_allowed_set(service_id), value.to_i) if valid_value?(value)
       end
 
       def self.valid_value?(value)

data/lib/3scale/backend/service.rb

@@ -4,16 +4,12 @@ module ThreeScale
       include Storable
 
       # list of attributes to be fetched from storage
-      ATTRIBUTES = %i[state referrer_filters_required backend_version
-                      user_registration_required default_user_plan_id
-                      default_user_plan_name provider_key].freeze
+      ATTRIBUTES = %i[state referrer_filters_required backend_version provider_key].freeze
       private_constant :ATTRIBUTES
 
       attr_reader :state
-      attr_accessor :provider_key, :id, :backend_version,
-        :default_user_plan_id, :default_user_plan_name
-      attr_writer :referrer_filters_required, :user_registration_required,
-        :default_service
+      attr_accessor :provider_key, :id, :backend_version
+      attr_writer :referrer_filters_required, :default_service
 
       class << self
         include Memoizer::Decorator
@@ -104,8 +100,6 @@ module ThreeScale
         memoize :list
 
         def save!(attributes = {})
-          massage_set_user_registration_required attributes
-
           new(attributes).save!
         end
 
@@ -139,26 +133,10 @@ module ThreeScale
         def massage_service_attrs(service_attrs)
           service_attrs[:referrer_filters_required] =
             service_attrs[:referrer_filters_required].to_i > 0
-          service_attrs[:user_registration_required] =
-            massage_get_user_registration_required(
-              service_attrs[:user_registration_required])
 
           service_attrs
         end
 
-        # nil => true, 1 => true, '1' => true, 0 => false, '0' => false
-        def massage_get_user_registration_required(value)
-          value.nil? ? true : value.to_i > 0
-        end
-
-        def massage_set_user_registration_required(attributes)
-          if attributes[:user_registration_required].nil?
-            val = storage.get(storage_key(attributes[:id], :user_registration_required))
-            attributes[:user_registration_required] =
-              (!val.nil? && val.to_i == 0) ? false : true
-          end
-        end
-
         def get_attr(id, attribute)
           storage.get(storage_key(id, attribute))
         end
@@ -195,10 +173,6 @@ module ThreeScale
         @referrer_filters_required
       end
 
-      def user_registration_required?
-        @user_registration_required
-      end
-
       def save!
         set_as_default_if_needed
         persist
@@ -227,9 +201,6 @@ module ThreeScale
           provider_key: provider_key,
           backend_version: backend_version,
           referrer_filters_required: referrer_filters_required?,
-          user_registration_required: user_registration_required?,
-          default_user_plan_id: default_user_plan_id,
-          default_user_plan_name: default_user_plan_name,
           default_service: default_service?
         }
       end
@@ -294,9 +265,6 @@ module ThreeScale
 
       def persist_attributes
         persist_attribute :referrer_filters_required, referrer_filters_required? ? 1 : 0
-        persist_attribute :user_registration_required, user_registration_required? ? 1 : 0
-        persist_attribute :default_user_plan_id, default_user_plan_id, true
-        persist_attribute :default_user_plan_name, default_user_plan_name, true
         persist_attribute :backend_version, backend_version, true
         persist_attribute :provider_key, provider_key
         persist_attribute :state, state.to_s if state

data/lib/3scale/backend/transactor.rb

@@ -61,6 +61,8 @@ module ThreeScale
 
       def validate(oauth, provider_key, report_usage, params, request_info)
         service = Service.load_with_provider_key!(params[:service_id], provider_key)
+        oidc_service = !oauth && service.backend_version == 'oauth'.freeze
+
         # service_id cannot be taken from params since it might be missing there
         service_id = service.id
 
@@ -70,12 +72,18 @@ module ThreeScale
         # significant.
         params[:app_id] = nil if app_id && app_id.empty?
 
-        if oauth
-          raise ApplicationNotFound.new nil if app_id.nil?
-          validators = Validators::OAUTH_VALIDATORS
-        else
-          validators = Validators::VALIDATORS
-        end
+        # While OIDC without an app_id makes little sense, we would break existing
+        # behaviour when calling non oauth_auth*.xml endpoints if we returned an
+        # error here, so only do this for oauth_auth*.xml endpoints.
+        raise ApplicationNotFound.new nil if oauth && app_id.nil?
+
+        validators = if oidc_service
+                       Validators::OIDC_VALIDATORS
+                     elsif oauth
+                       Validators::OAUTH_VALIDATORS
+                     else
+                       Validators::VALIDATORS
+                     end
 
         params[:user_key] = nil if params[:user_key] && params[:user_key].empty?
         application = Application.load_by_id_or_user_key!(service_id,
@@ -98,8 +106,9 @@ module ThreeScale
           # hierarchy parameter adds information in the response needed
           # to derive which limits affect directly or indirectly the
           # metrics for which authorization is requested.
-          hierarchy:       extensions[:hierarchy] == '1',
-          flat_usage:      extensions[:flat_usage] == '1'
+          hierarchy:       extensions[:hierarchy] == '1'.freeze,
+          flat_usage:      extensions[:flat_usage] == '1'.freeze,
+          list_app_keys:   extensions[:list_app_keys] == '1'.freeze
         }
 
         application.load_metric_names
@@ -108,24 +117,6 @@ module ThreeScale
         apply_validators(validators, status_attrs, params)
       end
 
-      def get_token_ids(token, service_id, app_id)
-        begin
-          token_aid = OAuth::Token::Storage.get_credentials(token, service_id)
-        rescue AccessTokenInvalid => e
-          # Yep, well, er. Someone specified that it is OK to have an
-          # invalid token if an app_id is specified. Somehow passing in
-          # a user_key is still not enough, though...
-          raise e if app_id.nil?
-        end
-
-        # We only take the token ids into account if we had no parameter ids
-        if app_id.nil?
-          app_id = token_aid
-        end
-
-        app_id
-      end
-
       def do_authorize(method, provider_key, params, context_info)
         notify_authorize(provider_key)
         validate(method == :oauth_authorize, provider_key, false, params, context_info[:request])

data/lib/3scale/backend/transactor/status.rb

@@ -8,17 +8,23 @@ module ThreeScale
         # We only use 'redirect_uri' if a request sent such a param. See #397.
         REDIRECT_URI_FIELD = 'redirect_url'.freeze
         private_constant :REDIRECT_URI_FIELD
+        # Maximum number of keys to list when using the list_app_keys extension
+        # At the time of writing System/Porta has a limit of 5 different app_keys
+        # at any given moment, but this could change anytime.
+        LIST_APP_KEYS_MAX = 256
+        private_constant :LIST_APP_KEYS_MAX
 
         def initialize(attributes)
-          @service_id      = attributes[:service_id]
-          @application     = attributes[:application]
-          @oauth           = attributes[:oauth]
-          @usage           = attributes[:usage]
-          @predicted_usage = attributes[:predicted_usage]
-          @values          = filter_values(attributes[:values] || {})
-          @timestamp       = attributes[:timestamp] || Time.now.getutc
-          @hierarchy_ext   = attributes[:hierarchy]
-          @flat_usage_ext  = attributes[:flat_usage]
+          @service_id        = attributes[:service_id]
+          @application       = attributes[:application]
+          @oauth             = attributes[:oauth]
+          @usage             = attributes[:usage]
+          @predicted_usage   = attributes[:predicted_usage]
+          @values            = filter_values(attributes[:values] || {})
+          @timestamp         = attributes[:timestamp] || Time.now.getutc
+          @hierarchy_ext     = attributes[:hierarchy]
+          @flat_usage_ext    = attributes[:flat_usage]
+          @list_app_keys_ext = attributes[:list_app_keys]
 
           raise 'service_id not specified' if @service_id.nil?
           raise ':application is required' if @application.nil?
@@ -106,6 +112,7 @@ module ThreeScale
             add_plan_section(xml, 'plan'.freeze, plan_name)
             add_reports_section(xml, application_usage_reports)
             hierarchy_reports.concat application_usage_reports if hierarchy_reports
+            add_app_keys_section xml if @list_app_keys_ext
           end
 
           if hierarchy_reports
@@ -161,6 +168,17 @@ module ThreeScale
           xml << '</hierarchy>'.freeze
         end
 
+        def add_app_keys_section(xml)
+          xml << '<app_keys app="'.freeze
+          xml << @application.id << '" svc="'.freeze
+          xml << @service_id << '">'.freeze
+          @application.keys.take(LIST_APP_KEYS_MAX).each do |key|
+            xml << '<key id="'.freeze
+            xml << key << '"/>'.freeze
+          end
+          xml << '</app_keys>'.freeze
+        end
+
         # helper to iterate over reports and get relevant hierarchy info
         def with_report_and_hierarchy(reports)
           reports.each do |ur|

data/lib/3scale/backend/validators.rb

@@ -21,6 +21,13 @@ module ThreeScale
       OAUTH_VALIDATORS = ([Validators::OauthSetting,
                            Validators::OauthKey,
                            Validators::RedirectURI] + COMMON_VALIDATORS).freeze
+
+      # OIDC specific validators will only check app keys when app_key is given.
+      #
+      # No need to add OauthSetting, since we need to check that to tell
+      # OIDC apart from the rest when calling authrep.xml (note lack of
+      # the oauth_ prefix).
+      OIDC_VALIDATORS = ([Validators::OauthKey] + COMMON_VALIDATORS).freeze
     end
   end
 end

data/lib/3scale/backend/validators/oauth_setting.rb

@@ -3,7 +3,7 @@ module ThreeScale
     module Validators
       class OauthSetting < Base
         def apply
-          if service.backend_version == 'oauth'
+          if service.backend_version == 'oauth'.freeze
             succeed!
           else
             fail!(OauthNotEnabled.new)

data/lib/3scale/backend/version.rb

@@ -1,5 +1,5 @@
 module ThreeScale
   module Backend
-    VERSION = '3.3.3'
+    VERSION = '3.4.0'
   end
 end

data/licenses.xml

@@ -23,7 +23,7 @@
       </dependency>
           <dependency>
         <packageName>apisonator</packageName>
-        <version>3.3.3</version>
+        <version>3.4.0</version>
         <licenses>
                       <license>
               <name>Apache 2.0</name>
@@ -475,7 +475,7 @@
       </dependency>
           <dependency>
         <packageName>multi_json</packageName>
-        <version>1.13.1</version>
+        <version>1.15.0</version>
         <licenses>
                       <license>
               <name>MIT</name>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: apisonator
 version: !ruby/object:Gem::Version
-  version: 3.3.3
+  version: 3.4.0
 platform: ruby
 authors:
 - Adam Ciganek
@@ -16,7 +16,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-09 00:00:00.000000000 Z
+date: 2021-06-14 00:00:00.000000000 Z
 dependencies: []
 description: This gem provides a daemon that handles authorization and reporting of
   web services managed by 3scale.