David Taylor
1cec333f48
REFACTOR: Introduce RouteMatcher class
...
This consolidates logic used to match routes in ApiKey, UserApiKey and DefaultCurrentUserProvider. This reduces duplicated logic, and will allow UserApiKeysScope to easily re-use the parameter matching logic from ApiKeyScope
2020-10-19 10:40:55 +01:00
David Taylor
1ba9b34b03
DEV: Move UserApiKey scopes to dedicated table ( #10704 )
...
This has no functional impact yet, but it is the first step in adding more granular scopes to UserApiKeys
2020-09-29 10:57:48 +01:00
Dan Ungureanu
4e5f9d4cd1
DEV: Drop 'key' column from user_api_keys ( #9388 )
2020-04-22 12:13:19 +03:00
Dan Ungureanu
b64b590cfb
FIX: Add index on user_api_keys.key_hash ( #9387 )
2020-04-08 19:49:18 +03:00
Dan Ungureanu
0653750fbf
FEATURE: Hash user API keys in the database ( #9344 )
...
The 'key' column will be dropped in a future commit.
2020-04-07 16:42:52 +03:00
Penar Musaraj
067696df8f
DEV: Apply Rubocop redundant return style
2019-11-14 15:10:51 -05:00
Sam Saffron
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Penar Musaraj
fdf4145d4b
FEATURE: Delegated authentication via user api keys ( #7272 )
2019-04-01 13:18:53 -04:00
Sam
641b079c78
FIX: add support for missing verbs in user api key
...
Previously "write" scope was missing put and delete verbs which should be
allowed.
Also closes : #6982
2019-02-13 15:49:43 +11:00
Robin Ward
95f263995d
FIX: Previous annotations were broken
2019-01-11 14:30:19 -05:00
Robin Ward
a3839495e0
Update annotations
2019-01-11 12:19:43 -05:00
Joffrey JAFFEUX
5f86564da1
FEATURE: adds latest to user-api-key session scope
2018-10-19 09:54:06 +02:00
Joffrey JAFFEUX
f6eff38c0e
FEATURE: adds list#(unread|new) to user api key routes ( #6494 )
2018-10-15 15:48:35 +02:00
Bianca Nenciu
860c1c3dcd
FEATURE: Automatically expire keys if not used for a configurable amount of time. ( #6264 )
2018-08-20 17:36:14 +02:00
Guo Xiang Tan
226ace1643
Update annotations.
2018-02-20 14:28:58 +08:00
Arpit Jalan
daeb7694bc
update annotations
2017-12-05 21:03:20 +05:30
Sam
c68999e128
annotate models
...
WARNING annotators out there, be to run bin/annotate on RAILS_ENV=test on a clean db
2017-08-16 10:38:11 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Arpit Jalan
e03c1e4cdf
annotate models
2016-10-31 15:02:11 +05:30
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam
a37db9448f
correctly return access rights in auth redirect
2016-08-26 13:12:38 +10:00
Sam
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00