You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2015/08/13 22:02:05 UTC
[11/11] allura git commit: [#6797] replace custom security (which
actually breaks Mulesoft api "try it") with bearer token headers
[#6797] replace custom security (which actually breaks Mulesoft api "try it") with bearer token headers
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/f864c018
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/f864c018
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/f864c018
Branch: refs/heads/db/6797
Commit: f864c018dbcf66c07f91cf0159ef01a2fc500bf0
Parents: 56d8d38
Author: Dave Brondsema <da...@brondsema.net>
Authored: Thu Aug 13 16:01:20 2015 -0400
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Thu Aug 13 16:01:20 2015 -0400
----------------------------------------------------------------------
Allura/docs/api-rest/api.raml | 25 ++++++++++++-----
Allura/docs/api-rest/resourceTypes.yaml | 12 ++++----
Allura/docs/api-rest/securitySchemes.yaml | 39 +++++++++++---------------
Allura/docs/api-rest/traits.yaml | 13 ++++++++-
4 files changed, 53 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/f864c018/Allura/docs/api-rest/api.raml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/api.raml b/Allura/docs/api-rest/api.raml
index 2d9b211..f501679 100755
--- a/Allura/docs/api-rest/api.raml
+++ b/Allura/docs/api-rest/api.raml
@@ -3,7 +3,7 @@
title: Apache Allura
version: 1
baseUri: https://{domain}/rest
-securedBy: [null, oauth_1_0, oauth_bearer_token]
+securedBy: [null, oauth_1_0]
resourceTypes: !include resourceTypes.yaml
traits: !include traits.yaml
@@ -15,8 +15,6 @@ baseUriParameters:
example: "forge-allura.apache.org"
default: "forge-allura.apache.org"
-
-
/{neighborhood}:
description: |
Neighborhoods are groups of logically related projects, which have the same default options.
@@ -107,6 +105,7 @@ baseUriParameters:
post:
description: |
Creates or updates the titled page.
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -141,8 +140,6 @@ baseUriParameters:
schema: !include schemas/tickets.json
}
}
- is: [pageable]
-
displayName: Tracker Url
uriParameters:
tracker:
@@ -165,6 +162,7 @@ baseUriParameters:
get:
description: |
returns summary information about a thread, including the posts in a thread
+ is: [ bearerAuth ]
/{slug}:
uriParameters:
slug:
@@ -174,10 +172,12 @@ baseUriParameters:
get:
description: |
returns detailed information about a post
+ is: [ bearerAuth ]
/reply:
description: |
create a threaded reply to the given post
post:
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -191,6 +191,7 @@ baseUriParameters:
description: |
create a post in the given thread
post:
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -215,6 +216,7 @@ baseUriParameters:
description: |
Creates a new ticket.
post:
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -267,6 +269,7 @@ baseUriParameters:
parameters are the same as /rest/p/project_name/mount_point/new
post:
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -360,7 +363,7 @@ baseUriParameters:
description: |
Represents a thread of posts.
get:
- is: [pageable]
+ is: [pageable, bearerAuth]
description: |
returns a list of posts in the thread, with fields for author, text, and timestamp. Nested posts (i.e. a reply to a post) can be determined by the slug structure. For example, "slug": "0a0b/9f00" is a reply to the post with "slug": "0a0b"
@@ -399,6 +402,7 @@ baseUriParameters:
post:
description: |
Creates a new blog post.
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -450,6 +454,7 @@ baseUriParameters:
post:
description: |
Updates an existing blog post.
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -500,6 +505,7 @@ baseUriParameters:
post:
description: |
Updates the url. *authentication required*.
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -523,13 +529,14 @@ baseUriParameters:
**400 Bad Request:** tools parameter not provided or is invalid
**503 Service Unavailable:** an export job is already running
**200 OK:** job submitted. Body will be: *{"status": "in progress", "filename": FILENAME}*
+ is: [ bearerAuth ]
/export_status:
description: |
Check status of a bulk export job
get:
description: |
Returns status: busy or ready
-
+ is: [ bearerAuth ]
/{project}/webhooks:
type: {
typedCollection: {
@@ -555,6 +562,7 @@ baseUriParameters:
post:
description: |
Create a new webhook.
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -582,6 +590,7 @@ baseUriParameters:
post:
description: |
Update an existing webhook
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
@@ -598,6 +607,7 @@ baseUriParameters:
required: false
type: string
delete:
+ is: [ bearerAuth ]
description: |
Delete an existing webhook
/install_tool:
@@ -608,6 +618,7 @@ baseUriParameters:
success: False if error is occurred, otherwise True
info: success or error message
post:
+ is: [ bearerAuth ]
body:
application/x-www-form-urlencoded:
formParameters:
http://git-wip-us.apache.org/repos/asf/allura/blob/f864c018/Allura/docs/api-rest/resourceTypes.yaml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/resourceTypes.yaml b/Allura/docs/api-rest/resourceTypes.yaml
index 7d38d3f..9a69e5a 100755
--- a/Allura/docs/api-rest/resourceTypes.yaml
+++ b/Allura/docs/api-rest/resourceTypes.yaml
@@ -8,15 +8,15 @@
patch?:
responses: *standardResponses
post?:
- responses:
- 201:
- description: Created
+ responses:
+ 201:
+ description: Created
delete?:
responses: *standardResponses
- collection:
type: base
get:
- is: [ pageable ]
+ is: [ pageable, bearerAuth ]
- member:
type: base
get?:
@@ -27,6 +27,7 @@
- tool:
type: member
get:
+ is: [ bearerAuth ]
responses:
200:
body:
@@ -55,6 +56,7 @@
delete?:
- searchableCollection:
get:
+ is: [ bearerAuth ]
queryParameters:
<<queryParamName>>:
description: Return <<resourcePathName>> that have their <<queryParamName>> matching the given value
@@ -77,7 +79,7 @@
description: |
Checks if a given user has permissions.
get:
- is: [permissionTestable]
+ is: [permissionTestable, bearerAuth]
- project:
type: member
get:
http://git-wip-us.apache.org/repos/asf/allura/blob/f864c018/Allura/docs/api-rest/securitySchemes.yaml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/securitySchemes.yaml b/Allura/docs/api-rest/securitySchemes.yaml
index c4bdd06..7516290 100755
--- a/Allura/docs/api-rest/securitySchemes.yaml
+++ b/Allura/docs/api-rest/securitySchemes.yaml
@@ -1,29 +1,22 @@
- oauth_1_0:
description: |
- Apache Allura supports OAuth 1.0 for authenticating API requests.
+ OAuth 1.0 may be used to authenticate API requests.
+
+ Another option which is simpler in some ways is "bearer tokens":
+
+ A bearer token (aka access token) may be generated at https://forge-allura.apache.org/auth/oauth/ and used
+ in an HTTP header like:
+
+ `Authorization: Bearer MY_BEARER_TOKEN`
+
+ or in a URL like
+
+ `?access_token=MY_BEARER_TOKEN`
+
+ To use bearer tokens, choose "Anonymous" security and then use the Authorization header to enter your Bearer token.
type: OAuth 1.0
settings:
requestTokenUri: https://forge-allura.apache.org/rest/oauth/request_token
- authorizationUri: /rest/oauth/authorize
- tokenCredentialsUri: /rest/oauth/access_token
+ authorizationUri: https://forge-allura.apache.org/rest/oauth/authorize
+ tokenCredentialsUri: https://forge-allura.apache.org/rest/oauth/access_token
-- oauth_bearer_token:
- description: |
- A bearer token (aka access token) may be generated at https://forge-allura.apache.org/auth/oauth/ for simple
- authorization via URL parameter or HTTP header.
- type: x-OAuth-Bearer-Token
- describedBy:
- headers:
- Authorization:
- description: |
- Used to send a bearer token. Use either this or
- the "access_token" query string parameter.
- type: string
- queryParameters:
- access_token:
- description: |
- Used to send a bearer token. Use either this or
- the "Authorization" header
- type: string
- settings:
- authorizationUri: https://forge-allura.apache.org//auth/oauth/
http://git-wip-us.apache.org/repos/asf/allura/blob/f864c018/Allura/docs/api-rest/traits.yaml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/traits.yaml b/Allura/docs/api-rest/traits.yaml
index 2b45b71..31ee122 100755
--- a/Allura/docs/api-rest/traits.yaml
+++ b/Allura/docs/api-rest/traits.yaml
@@ -54,4 +54,15 @@
type: string
example: heiths
required: true
- description: The username to check
\ No newline at end of file
+ description: The username to check
+- bearerAuth:
+ # This can also be done with ?access_token=
+ # But it's simpler in the docs / Try It interface to just show one option
+ # and using the header method keeps it separate from query params that the individual API endpoints use
+ headers:
+ Authorization:
+ description: |
+ Optional. Authenticate yourselve with a token from https://forge-allura.apache.org/auth/oauth/
+ Use it here like: `Bearer 5d79e800a36bf602314d`
+ type: string
+ pattern: "^Bearer [0-9a-f]+$"