You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by he...@apache.org on 2015/08/14 18:11:17 UTC

[07/13] allura git commit: [#6797] apply security globally; put bearer token option in even though it doesn't do much; remove trait (although it might be a good option to bring back)

[#6797] apply security globally; put bearer token option in even though it doesn't do much; remove trait (although it might be a good option to bring back)


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/d899d684
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/d899d684
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/d899d684

Branch: refs/heads/hs/6797
Commit: d899d68423b1886bb6cdb3e946cab27d24d313b4
Parents: ff97a97
Author: Dave Brondsema <da...@brondsema.net>
Authored: Mon Aug 10 17:40:06 2015 -0400
Committer: Heith Seewald <hs...@hsmb.local>
Committed: Fri Aug 14 09:35:28 2015 -0400

----------------------------------------------------------------------
 Allura/docs/api-rest/api.raml             |  3 ++-
 Allura/docs/api-rest/resourceTypes.yaml   |  1 -
 Allura/docs/api-rest/securitySchemes.yaml | 25 +++++++++++++++++++++++--
 Allura/docs/api-rest/traits.yaml          |  8 --------
 4 files changed, 25 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/d899d684/Allura/docs/api-rest/api.raml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/api.raml b/Allura/docs/api-rest/api.raml
index 749e321..6f040e7 100755
--- a/Allura/docs/api-rest/api.raml
+++ b/Allura/docs/api-rest/api.raml
@@ -3,6 +3,7 @@
 title: Apache Allura
 version: 1
 baseUri: https://{domain}/rest
+securedBy: [null, oauth_1_0, oauth_bearer_token]
 
 resourceTypes: !include resourceTypes.yaml
 traits: !include traits.yaml
@@ -15,6 +16,7 @@ baseUriParameters:
     default: "forge-allura.apache.org"
 
 
+
 /{neighborhood}:
     description: |
       Neighborhoods are groups of logically related projects, which have the same default options.
@@ -558,7 +560,6 @@ baseUriParameters:
                 schema: !include schemas/webhook.json
                 }
               }
-              is: [secured]
               description: |
                 This is to manage webhooks programatically. See the [Webhook docs](https://forge-allura.apache.org/p/allura/wiki/Webhooks/) for more information.
 

http://git-wip-us.apache.org/repos/asf/allura/blob/d899d684/Allura/docs/api-rest/resourceTypes.yaml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/resourceTypes.yaml b/Allura/docs/api-rest/resourceTypes.yaml
index 1f7b9f8..4bb176f 100755
--- a/Allura/docs/api-rest/resourceTypes.yaml
+++ b/Allura/docs/api-rest/resourceTypes.yaml
@@ -94,7 +94,6 @@
             application/json:
               schema: <<schema>>
 - permission:
-    securedBy: [null, oauth_1_0]
     description: |
       Checks if a given user has permissions.
     get:

http://git-wip-us.apache.org/repos/asf/allura/blob/d899d684/Allura/docs/api-rest/securitySchemes.yaml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/securitySchemes.yaml b/Allura/docs/api-rest/securitySchemes.yaml
index a7927cc..c4bdd06 100755
--- a/Allura/docs/api-rest/securitySchemes.yaml
+++ b/Allura/docs/api-rest/securitySchemes.yaml
@@ -4,5 +4,26 @@
     type: OAuth 1.0
     settings:
       requestTokenUri: https://forge-allura.apache.org/rest/oauth/request_token
-      authorizationUri: https://forge-allura.apache.org/rest/oauth/authorize
-      tokenCredentialsUri: https://forge-allura.apache.org/rest/oauth/access_token
\ No newline at end of file
+      authorizationUri: /rest/oauth/authorize
+      tokenCredentialsUri: /rest/oauth/access_token
+
+- oauth_bearer_token:
+    description: |
+        A bearer token (aka access token) may be generated at https://forge-allura.apache.org/auth/oauth/ for simple
+        authorization via URL parameter or HTTP header.
+    type: x-OAuth-Bearer-Token
+    describedBy:
+        headers:
+            Authorization:
+                description: |
+                   Used to send a bearer token.  Use either this or
+                   the "access_token" query string parameter.
+                type: string
+        queryParameters:
+            access_token:
+                description: |
+                   Used to send a bearer token.  Use either this or
+                   the "Authorization" header
+                type: string
+    settings:
+      authorizationUri: https://forge-allura.apache.org//auth/oauth/

http://git-wip-us.apache.org/repos/asf/allura/blob/d899d684/Allura/docs/api-rest/traits.yaml
----------------------------------------------------------------------
diff --git a/Allura/docs/api-rest/traits.yaml b/Allura/docs/api-rest/traits.yaml
index c1f47c5..40b39e3 100755
--- a/Allura/docs/api-rest/traits.yaml
+++ b/Allura/docs/api-rest/traits.yaml
@@ -35,14 +35,6 @@
     queryParameters:
       numPages:
         description: The number of pages to return
-- secured:
-    displayName: secured
-    headers:
-      Authorization:
-        description: The auth token for this request
-    responses:
-      401:
-        description: Unauthorized
 - rateLimited:
     queryParameters:
       numPages: