Commit Graph

23 Commits

Author SHA1 Message Date
Angus McLeod 9fc3d46003
Update wordpress scopes and add ``session/scopes`` endpoint (#15366)
* Update wordpress scopes && add ``session/scopes`` endpointt

* Fix failing spec

* Add users#show scope to discourse_connect

* Update app/controllers/session_controller.rb

Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>

Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>
2022-05-02 12:15:32 -03:00
Rafael dos Santos Silva 1203121ac1
PERF: Throttle updates to API key last_used_at (#16390)
Co-authored-by: David Taylor <david@taylorhq.com>
2022-04-06 11:01:52 -03:00
David Taylor 1cec333f48 REFACTOR: Introduce RouteMatcher class
This consolidates logic used to match routes in ApiKey, UserApiKey and DefaultCurrentUserProvider. This reduces duplicated logic, and will allow UserApiKeysScope to easily re-use the parameter matching logic from ApiKeyScope
2020-10-19 10:40:55 +01:00
Roman Rizzi f13ec11c64
FEATURE: Add scopes to API keys (#9844)
* Added scopes UI

* Create scopes when creating a new API key

* Show scopes on the API key show route

* Apply scopes on API requests

* Extend scopes from plugins

* Add missing scopes. A mapping can be associated with multiple controller actions

* Only send scopes if the use global key option is disabled. Use the discourse plugin registry to add new scopes

* Add not null validations and index for api_key_id

* Annotate model

* DEV: Move default mappings to ApiKeyScope

* Remove unused attribute and improve UI for existing keys

* Support multiple parameters separated by a comma
2020-07-16 15:51:24 -03:00
David Taylor 4c9ca24ccf
FEATURE: Hash API keys in the database (#8438)
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.

This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
2019-12-12 11:45:00 +00:00
Daniel Waterworth 7886a3e58a DEV: Update annotations 2019-11-19 10:21:06 +00:00
David Taylor 52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Sam Saffron dc9110cc43 FEATURE: track date api key was last used
Start tracking the date an api key was last used. This has already been
the case for user_api_keys.

This information can provide us with the ability to automatically expire
unused api keys after N days.
2019-09-03 18:11:30 +10:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Guo Xiang Tan 6b17178533 Validate uniquness of `api_key`. 2017-07-24 21:46:08 +09:00
Arpit Jalan 7c7474aa10 create a new table to maintain csv export log 2014-12-24 16:25:36 +05:30
Sam 73041c0e14 uniqueness constraint is not correct scoping on hidden is not fully correct
simpler just to handle it in the DB
2014-11-20 16:48:45 +11:00
Sam 6b10c4dc54 add support for hidden api keys, used in hosting scenarios 2014-11-20 15:38:20 +11:00
Sam 6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Sam 414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Sam b1d5f4440b Annotate models 2014-05-28 12:30:57 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam 862a6696c0 Correct annotations
allow longer usernames (up to 60)
2014-04-15 15:53:48 +10:00
Régis Hanol 6373de550f update annotations 2014-04-08 17:35:44 +02:00
Sam 2db3cfb16b annotate models 2013-12-05 17:40:35 +11:00
Robin Ward 6394d924c8 Change migration to prevent down 2013-10-22 17:51:04 -04:00
Robin Ward 348e2e3ef2 Support for per-user API keys 2013-10-22 17:34:39 -04:00