Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Authorization #1037

Open
1 task done
kirkkwang opened this issue May 30, 2024 · 6 comments
Open
1 task done

Implement Authorization #1037

kirkkwang opened this issue May 30, 2024 · 6 comments
Assignees
@kirkkwang
Labels
Blocked Contribute Back Pitt Sword2

Comments

@kirkkwang
Copy link
Contributor

kirkkwang commented May 30, 2024
edited
Loading

Story

Currently, WillowSword is unprotected and allows anyone to deposit. We must implement authorization before rolling this feature out.

https://github.com/CottageLabs/willow_sword/wiki/Enabling-Authorization-In-Willow-Sword

Acceptance Criteria

  • Users need to be authorized to utilize WillowSword

Testing Instructions

In your terminal send this request:

curl --request GET \
  --url <insert-appropriate-url-here>/sword/service_document \
  --header 'Content-Type: application/xml'

You should see and error because no API key was sent with the request.

See Kirk for API-key, and retest with the API-key, it should now succeed.
@kirkkwang kirkkwang mentioned this issue May 30, 2024
Open
4 tasks
@kirkkwang kirkkwang self-assigned this May 30, 2024
kirkkwang added a commit to samvera/hyku that referenced this issue May 30, 2024
@kirkkwang
🎁 Add Api-Key auth for WillowSword
963f856 
This commit will add the api_key column to the user model and turn on
authorized requests for WillowSword.  To give a user access, do
something like the following:

```rb
u = User.find_by(email: 'some_user@example.com')
u.api_key = eSecureRandom.uuid
u.save!
```

Ref:
  - https://github.com/CottageLabs/willow_sword/wiki/Enabling-Authorization-In-Willow-Sword
  - notch8/palni-palci#1037
@kirkkwang kirkkwang mentioned this issue May 30, 2024
Merged
kirkkwang added a commit to samvera/hyku that referenced this issue May 30, 2024
@kirkkwang
🎁 Add Api-Key auth for WillowSword
aab8006 
This commit will add the api_key column to the user model and turn on
authorized requests for WillowSword.  To give a user access, do
something like the following:

```rb
u = User.find_by(email: 'some_user@example.com')
u.api_key = SecureRandom.uuid
u.save!
```

Ref:
  - https://github.com/CottageLabs/willow_sword/wiki/Enabling-Authorization-In-Willow-Sword
  - notch8/palni-palci#1037
@ShanaLMoore ShanaLMoore moved this to Code Review in palni-palci Jun 3, 2024
@ShanaLMoore
Copy link
Contributor

@kirkkwang Does this need to be QA'd? If so, could you please include testing instructions? Thanks!

@kirkkwang
Copy link
Contributor Author

@ShanaLMoore Got it, added some instructions.

@ShanaLMoore
Copy link
Contributor

ShanaLMoore commented Jun 7, 2024
edited
Loading

QA Results: Pass ✅

Tested by sending the curl request from my terminal to pals knapsack staging.

With NO API Key ✅

The request did not have an API key, so I was denied:

image

With API Key: ✅

Request was successful:

image

@ShanaLMoore ShanaLMoore moved this from Code Review to PALs QA in palni-palci Jun 7, 2024
@ShanaLMoore ShanaLMoore mentioned this issue Jun 7, 2024
Open
10 tasks
@kirkkwang
Copy link
Contributor Author

To whoever is QA'ing this, please contact me on slack so I can set up your user with an API key

@ctgraham
Copy link
Collaborator

QA Results: Pass ✅

Confirmed Not Authorized without the key at https://demo.palni-palci-staging.notch8.cloud/sword/service_document .

Confirmed successful service document with an authorized key. The Content-type header does not seem to affect anything, but that is non-critical.

@jillpe jillpe moved this from PALs QA to Deploy to Production in palni-palci Jun 27, 2024
@jillpe jillpe added the Blocked label Aug 12, 2024
@jillpe
Copy link

jillpe commented Aug 12, 2024

This gets deployed with the knapsack cutover

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kirkkwang kirkkwang

Labels
Blocked Contribute Back Pitt Sword2
Projects
palni-palci
Status: Deploy to Production
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ctgraham @ShanaLMoore @kirkkwang @jillpe