Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IDP-873] Generate Openapi Description of Security Requirements #80

Merged
merged 44 commits into from
Jul 3, 2024
Merged

[IDP-873] Generate Openapi Description of Security Requirements #80

merged 44 commits into from
Jul 3, 2024

Conversation

PrincessMadMath
Copy link
Contributor

@PrincessMadMath PrincessMadMath commented Jun 21, 2024
edited
Loading

Description of changes

Add Swagger Filter to be able to generate security requirements for an OpenAPI Document:

  • Add requirements on the operation based on the RequireClientCredentials attributes
  • Find all required permissions by scanning all RequireClientCredentials attributes of the API
  • Formatting of scopes assuming workleap pattern
  • Support minimal api
  • Remove support of RequireClientCredentials at class level

Breaking changes

Remove support of the attribute at class level: was dangerous since it was unclear what would be the expected behavior.

[ApiController]
[RequireClientCredentials("cocktail.read")]
public class ClientCredentialsController : ControllerBase
{
    [HttpPost]
    [RequireClientCredentials("cocktail.admin")]
    public IActionResult ChangePrice(int id)
    {
     ...
    }
}

In ASP.NET you should & the Authorization Policy, but our ClientCredentialRequirement is doing a | between the roles: so concatenating the class and method attributes would make an endpoint more accessible. Here to access the ChangePrice endpoint what role the users need (cocktail.read | cocktail.admin, cocktail.admin, cocktail.read & cocktail.admin).

For simplicity and since current usage seems to be at the controller level we remove class support for now.

Additional checks

  • Updated the documentation of the project to reflect the changes
  • Added new tests that cover the code changes

Mathieu Gamache and others added 22 commits June 18, 2024 17:51
POC to support granular permission
950a926
Add unit test
3f13916
Cleanup
e6dbae3
Update readme
ab73911
Cleanup PR
15c0535
Fix linting
939a553
Deploy on gsoftdev feed on CI
cc131f9
Move to shipped
5d6be41
@asimmon
Use hashset in requirement handler
9dd8831
Fix CR
ea422d9
Merge remote-tracking branch 'origin/feature/idp-1027_support_policy_…
fc10110 
…with_custom_permissions' into feature/idp-1027_support_policy_with_custom_permissions

# Conflicts:
#	src/Workleap.AspNetCore.Authentication.ClientCredentialsGrant/RequireClientCredentialsRequirementHandler.cs
@PrincessMadMath @asimmon
Update src/Workleap.AspNetCore.Authentication.ClientCredentialsGrant/…
1c35ee7 
…RequireClientCredentialsAttribute.cs

Co-authored-by: Anthony Simmon <[email protected]>
Fix test
7aa2219
wip
25873fe
CR fix
5222c72
Merge branch 'refs/heads/feature/idp-1027_support_policy_with_custom_…
05cc418 
…permissions' into feature/idp-873_generate_openapi_description
wip
cf5b9cf
Merge branch 'refs/heads/main' into feature/idp-873_generate_openapi_…
6b6673c 
…description
POC to generate OpenAPI document for security
61335a0
wip
393c6fc
Fix test
ecc1cb4
Cleanup
51872a9
@PrincessMadMath PrincessMadMath requested a review from a team as a code owner June 21, 2024 15:19
@PrincessMadMath
Copy link
Contributor Author

Need to update documentation!

Mathieu Gamache and others added 6 commits June 25, 2024 16:23
Merge branch 'refs/heads/main' into feature/idp-873_generate_openapi_…
b697007 
…description

# Conflicts:
#	src/Workleap.Authentication.ClientCredentialsGrant.Tests/Workleap.Authentication.ClientCredentialsGrant.Tests.csproj
Fix merge
455a1d7
@asimmon
Code review fixes
5fca433
@asimmon
A single permission is now required
55a3ce1
@asimmon
Update readme
e49580b
@asimmon
Update README
15ef2f7
Gcaya
Gcaya reviewed Jul 3, 2024
View reviewed changes
@heqianwang heqianwang self-requested a review July 3, 2024 21:13
@asimmon asimmon merged commit 13642cb into main Jul 3, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gcaya Gcaya Gcaya left review comments

@asimmon asimmon asimmon left review comments

@heqianwang heqianwang heqianwang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PrincessMadMath @Gcaya @asimmon @heqianwang