Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
# Changes **Commit:** fabric8-services/fabric8-auth@92d4b86 **Author:** Dipak Pawar ([email protected]) **Date:** 2018-08-28T15:56:18+05:30 chore: add config file to skip validation for minishift folder (fabric8-services/fabric8-auth#626) ---- **Commit:** fabric8-services/fabric8-auth@f261844 **Author:** Xavier Coulon ([email protected]) **Date:** 2018-08-28T18:56:55+02:00 Use existing type as query param for listing resources a user has a role in (fabric8-services/fabric8-auth#628) Replace `spaces` with `openshift.io/resource/space` as the resource type for spaces so there's no need for a transation from `spaces`, but keep checking the `type` query param for invalid values, to avoid running an expensive query for nothing (and then return a 400 error) Also, `openshift.io/resource/space` is a valid query param as defined in https://tools.ietf.org/html/rfc3986#section-3.4, even if it contains `/` characters Fixes fabric8-services/fabric8-auth#623 Signed-off-by: Xavier Coulon <[email protected]> ---- **Commit:** fabric8-services/fabric8-auth@62cc9ff **Author:** Shane Bryzak ([email protected]) **Date:** 2018-08-29T21:07:02+10:00 Audit API for validating/updating RPT tokens (fabric8-services/fabric8-auth#561) Fixes fabric8-services/fabric8-auth#544, Fixes fabric8-services/fabric8-auth#611 Implements an endpoint which allows a token to be audited in respect to the user's privileges for a specified resource ID. Returns a new RPT token if the current token does not contain the required privileges, or the privileges have expired. Otherwise returns an empty response if the presented token already contains the up-to-date state of the user's privileges for the resource. Request: ``` Authorization: Bearer $ACCESS_TOKEN_OR_RPT POST /api/token/audit?resource_id=c0ee2b94-aee3-4c41-9e15-6fa330ce8e0b ``` Response when a new RPT token has been issued: ``` { rpt_token: eyJhbGciOiJ____token___GeFIyvT_sIDyPgYFSR2YCN4_N3CSQPfQYdrQhDGKM7fKLBKnYqAwfUe2OeibQ } ``` Decoded RPT token: ``` { alg: "RS256", kid: "aUGv8mQA85jg4V1DU8Uk1W0uKsxn187KQONAGl6AMtc", typ: "JWT" }. { acr: "0", allowed-origins:[ "http://auth.openshift.io", "http://openshift.io" ], approved: true, aud: "http://openshift.io", auth_time: 1535414160, azp: "http://openshift.io", email: "[email protected]", email_verified: false, exp: 1538006160, family_name: "", given_name: "TestUser-50edff18-6c86-4910-b069-37d68f1c02c1", iat: 1535414160, iss: "http://auth.openshift.io", jti: "109d09ed-91cc-4393-8fa1-bc3187aa40ba", name: "TestUser-50edff18-6c86-4910-b069-37d68f1c02c1", nbf: 0, permissions: [ { resource_set_name: null, resource_set_id: "c0ee2b94-aee3-4c41-9e15-6fa330ce8e0b", scopes: ["lima"], exp: 1535500572 } ], preferred_username: "TestUserIdentity-50edff18-6c86-4910-b069-37d68f1c02c1", realm_access: { roles: [ "uma_authorization" ] }, resource_access: { account: { roles: [ "manage-account", "manage-account-links", "view-profile" ] }, broker: { roles: [ "read-token" ] } }, session_state: "", sub: "7aca58df-b6e1-4a58-8d3a-600df382dd40", typ: "Bearer" }. [signature] -- ``` ---- **Commit:** fabric8-services/fabric8-auth@f0b3024 **Author:** Shane Bryzak ([email protected]) **Date:** 2018-08-30T19:23:37+10:00 Add scopes endpoint for resources (fabric8-services/fabric8-auth#635) * ISSUE-634 added scopes endpoint for resources Signed-off-by: Shane Bryzak <[email protected]> * ISSUE-634 test scopes with two separate roles Signed-off-by: Shane Bryzak <[email protected]> * ISSUE-634 restructured response Signed-off-by: Shane Bryzak <[email protected]> ---- **Commit:** fabric8-services/fabric8-auth@9344288 **Author:** Xavier Coulon ([email protected]) **Date:** 2018-09-03T13:44:37+02:00 Remove role names and scopes from API (fabric8-services/fabric8-auth#632) Roles and scopes should not be provided in the response to the endpoint that lists all resources of a given type for which the current user has a role, as this may lead to bad usage of the API. Other endpoints already exists to check the permissions on a given resource. Response now looks like this: ```` { "data": [{ "id": "114c89ec-8ff2-4c65-adb4-161c9b505be9", "links": { "related": "http:///api/resource/114c89ec-8ff2-4c65-adb4-161c9b505be9" }, "type": "resources" }, { "id": "5d7d3f9b-5a53-4d7e-b321-de3999542626", "links": { "related": "http:///api/resource/5d7d3f9b-5a53-4d7e-b321-de3999542626" }, "type": "resources" }] } ```` Also: needed to rename the `Read` action to `Show` so that Goa can generate the `Href` utility function to provide a link to the resource in the JSON-API response. Fixes fabric8-services/fabric8-auth#629 Signed-off-by: Xavier Coulon <[email protected]> ---- **Commit:** fabric8-services/fabric8-auth@de03430 **Author:** Xavier Coulon ([email protected]) **Date:** 2018-09-04T10:11:45+02:00 Improve data isolation in tests (fabric8-services/fabric8-auth#639) Use test graph attached to current subtest 't' Also, avoid using space and organization types Fixes fabric8-services/fabric8-auth#638 Signed-off-by: Xavier Coulon <[email protected]> ---- **Commit:** fabric8-services/fabric8-auth@8565a61 **Author:** Dipak Pawar ([email protected]) **Date:** 2018-09-04T16:21:31+05:30 Redirect to specified resource URL after accepting invitation (fabric8-services/fabric8-auth#620) fixes fabric8-services/fabric8-auth#546 ----
- Loading branch information
