Commit Graph

9 Commits

Author SHA1 Message Date
Roman Rizzi f13ec11c64
FEATURE: Add scopes to API keys (#9844)
* Added scopes UI

* Create scopes when creating a new API key

* Show scopes on the API key show route

* Apply scopes on API requests

* Extend scopes from plugins

* Add missing scopes. A mapping can be associated with multiple controller actions

* Only send scopes if the use global key option is disabled. Use the discourse plugin registry to add new scopes

* Add not null validations and index for api_key_id

* Annotate model

* DEV: Move default mappings to ApiKeyScope

* Remove unused attribute and improve UI for existing keys

* Support multiple parameters separated by a comma
2020-07-16 15:51:24 -03:00
Joffrey JAFFEUX c4644c61d9
DEV: enforces double quotes ember-template-lint (#9416) 2020-04-14 08:18:49 +02:00
Joffrey JAFFEUX b66b277dc4
DEV: enforces block-indentation of ember-template-lint rules (#9408) 2020-04-13 17:17:20 +02:00
Joffrey JAFFEUX 902d0e1e3a
DEV: enforces no-invalid-interactive linting rule (#8907) 2020-02-11 15:55:16 +01:00
Penar Musaraj f755810906 DEV: replace "trash" icons with "trash-alt" 2020-01-06 12:35:00 -05:00
David Taylor 4c9ca24ccf
FEATURE: Hash API keys in the database (#8438)
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.

This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
2019-12-12 11:45:00 +00:00
David Taylor cf4356cd81 UX: Do not add leading/trailing spaces when copying API key in Firefox
If there is any other whitespace in the container, then Firefox will add a leading/trailing space when double clicking the key. This commit wraps the key in a div with no whitespace, to work around the problem.
2019-11-12 16:00:57 +00:00
David Taylor 99b0697bd9 FIX: Correct display of last used date in API key details UI 2019-11-07 23:41:43 +00:00
David Taylor 52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00