Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup schema and models for API Key authentication #9904

Merged
merged 1 commit into from
Oct 2, 2018
Merged

Setup schema and models for API Key authentication #9904

merged 1 commit into from
Oct 2, 2018

Conversation

kevinansfield
Copy link
Member

@kevinansfield kevinansfield commented Sep 25, 2018
edited
Loading

refs #9865

  • schema migration
    • adds integrations and api_keys tables
    • inserts Admin API Client role and permissions
  • adds Integration model
  • adds ApiKey model
    • creates default secret if not given
    • hardcodes associated role based on key type
      • admin = Admin API Client
      • content = no role

Split out from #9869 to make review easier.

@kirrg001
Copy link
Contributor

@kevinansfield When do you need a review on this? Let me know if it's blocking you.

@kevinansfield
Copy link
Member Author

@kirrg001 as soon as you have a moment would be 👍 I'm splitting more PRs out from #9869 but they all build on top of this one

@kirrg001
Copy link
Contributor

I am getting an error when running the migration

TypeError: Cannot read property 'name' of undefined
    at Object.addApiKeyRole (/Users/kirrg001/dev/ghost/ghost-workspace2/core/server/data/migrations/versions/2.2/2-add-integrations-and-api-key-tables.js:39:50)
    at _private.addIntegrationsTable.then.then (/Users/kirrg001/dev/ghost/ghost-workspace2/core/server/data/migrations/versions/2.2/2-add-integrations-and-api-key-tables.js:79:30)

🤷🏻‍♀️

@kevinansfield kevinansfield force-pushed the api-key/schema branch 2 times, most recently from ca559e8 to 7d626e1 Compare September 25, 2018 13:02
@kevinansfield
Copy link
Member Author

Oops, I pulled the role fixtures out for the tests but missed the relevant schema fixture. Should be fixed now 😅

kirrg001
kirrg001 reviewed Sep 25, 2018
View reviewed changes
Copy link
Contributor

@kirrg001 kirrg001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a first review round. Left some first comments. I need to continue with my tasks, will try to review again later :)

ES6: I know you are used to liberal let 😁but server uses constantly const. If we do two different stylings, it's confusing.

core/test/unit/models/api-key_spec.js Outdated
};

return models.ApiKey.add(attrs).then((api_key) => {
return models.ApiKey.where({id: api_key.id}).fetch({withRelated: ['role']})

This comment was marked as abuse.

Sign in to view

core/test/unit/models/api-key_spec.js Outdated
api_key.get('type').should.eql('admin');

// defaults
api_key.related('role').should.exist;

This comment was marked as abuse.

Sign in to view

core/server/data/migrations/versions/2.2/2-add-integrations-and-api-key-tables.js Outdated
});
};

module.exports.up = function setupIntegrations(options) {

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

core/server/data/migrations/versions/2.2/2-add-integrations-and-api-key-tables.js Outdated
logging.info(message);
}

logging.warn(`(${result.done}/${result.expected}) ${message}`);

This comment was marked as abuse.

Sign in to view

core/server/models/api-key.js Outdated
add(data, unfilteredOptions) {
const options = ApiKey.filterOptions(unfilteredOptions, 'add');

return ghostBookshelf.Model.add.call(this, data, options);

This comment was marked as abuse.

Sign in to view

core/server/models/api-key.js Show resolved Hide resolved
@kevinansfield
Copy link
Member Author

Updated, and ready for review again 😄

allouis
allouis reviewed Sep 26, 2018
View reviewed changes
Copy link
Contributor

@allouis allouis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, few minor tiny comments

core/server/data/migrations/versions/2.2/2-add-integrations-and-api-key-tables.js Show resolved Hide resolved
core/server/models/api-key.js Outdated
// - content key = no role
if (this.hasChanged('type')) {
if (this.get('type') === 'admin') {
tasks.setAdminRole = Role.findOne({name: 'Admin API Client'}, {columns: ['id']})

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

core/server/models/api-key.js Show resolved Hide resolved
core/server/models/integration.js Outdated
api_keys: function apiKeys() {
return this.hasMany('ApiKey');
}
}, {

This comment was marked as abuse.

Sign in to view

@kevinansfield kevinansfield force-pushed the api-key/schema branch 2 times, most recently from 1ea8e8e to b7026bb Compare September 26, 2018 15:52
@kevinansfield kevinansfield mentioned this pull request Sep 26, 2018
Closed
7 tasks
@kevinansfield
Copy link
Member Author

Rebased and resolved conflicts

kirrg001
kirrg001 reviewed Sep 27, 2018
View reviewed changes
core/server/data/migrations/versions/2.2/3-insert-admin-api-client-role.js Outdated
.invokeThen('destroy', options)
.then(() => role.destroy())
.then(() => {
logging.info(message);

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@kevinansfield kevinansfield force-pushed the api-key/schema branch 2 times, most recently from a8cc2c0 to cb983bb Compare October 2, 2018 10:32
allouis
allouis reviewed Oct 2, 2018
View reviewed changes
core/server/models/role.js
@@ -10,6 +10,12 @@ Role = ghostBookshelf.Model.extend({

tableName: 'roles',

relationships: ['permissions'],

This comment was marked as abuse.

Sign in to view

allouis
allouis reviewed Oct 2, 2018
View reviewed changes
Copy link
Contributor

@allouis allouis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 comment and 1 question 👍

core/test/unit/models/role_spec.js Outdated
const should = require('should');

describe('Unit: models/role', function () {
before(function () {

This comment was marked as abuse.

Sign in to view

core/test/unit/models/role_spec.js
models.init();
});

before(testUtils.teardown);

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

kirrg001
kirrg001 reviewed Oct 2, 2018
View reviewed changes
core/server/data/schema/fixtures/fixtures.json Outdated
"description": "Blog Owner"
},
{
"name": "Admin API Client",

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

kirrg001
kirrg001 reviewed Oct 2, 2018
View reviewed changes
core/server/data/migrations/versions/2.2/3-insert-admin-api-client-role.js Outdated
from: relations.from,
to: relations.to,
entries: {
'Admin API Client': relations.entries['Admin API Client']

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@kevinansfield
Copy link
Member Author

@kirrg001 do you have any insight on the integration test that has started to fail here? https://travis-ci.org/TryGhost/Ghost/jobs/436072806#L4875

It seems as though using bookshelf-relations is changing the toJSON output after destroy is called. I don't know have enough context to know if that's fine and the test should be fixed or if I need to find a way to get the output to match what the test is expecting.

kirrg001
kirrg001 reviewed Oct 2, 2018
View reviewed changes
core/test/utils/fixtures/data-generator.js
{
id: ObjectId.generate(),
type: 'admin'
// integration_id: DataGenerator.Content.integrations[0].id

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@kirrg001
Copy link
Contributor

kirrg001 commented Oct 2, 2018
edited
Loading

@kirrg001 do you have any insight on the integration test that has started to fail here? https://travis-ci.org/TryGhost/Ghost/jobs/436072806#L4875
It seems as though using bookshelf-relations is changing the toJSON output after destroy is called. I don't know have enough context to know if that's fine and the test should be fixed or if I need to find a way to get the output to match what the test is expecting.

Bookshelf relation does not change the JSON output, it modifies the model.
e.g. if you edit relations e.g. tags, you expect to get the relation endresult back. I agree, for deleting it's maybe a little unexpected to receive role.permissions = [], but it proofs that no more relations exist. The destroy API endpoints return null anyway. Soo i would ignore this for now, because it's an internal behaviour?

@kevinansfield
Copy link
Member Author

Soo i would ignore this for now, because it's an internal behaviour?

👍 ok, I'll update the test to match the internal behaviour we expect in this case. Thanks!

@kirrg001
Copy link
Contributor

kirrg001 commented Oct 2, 2018

@kevinansfield Pls let me know when the PR is ready for final test

@kevinansfield
Setup schema and models for API Key authentication
8bc2add 
refs TryGhost#9865
- schema migrations
  - adds `integrations` and `api_keys` tables
  - inserts `integration` and `api_key` permissions and Administrator role relationships
  - inserts `Admin Integration` role and permissions
- adds `Integration` model
- adds `ApiKey` model
  - creates default secret if not given
  - hardcodes associated role based on key type
    - `admin` = `Admin API Client`
    - `content` = no role
- updates `Role` model to use bookshelf-relationships for auto cleanup of relationships on destroy
@kevinansfield
Copy link
Member Author

@kirrg001 good for final test 🙂

@kirrg001 kirrg001 mentioned this pull request Oct 2, 2018
Merged
kirrg001
kirrg001 reviewed Oct 2, 2018
View reviewed changes
core/server/data/schema/fixtures/fixtures.json
"integration": "all",
"api_key": "all"
},
"Admin Integration": {

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

kirrg001
kirrg001 reviewed Oct 2, 2018
View reviewed changes
Copy link
Contributor

@kirrg001 kirrg001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kevinansfield Feel free to self merge 👍

@kevinansfield kevinansfield merged commit 1db3aef into TryGhost:master Oct 2, 2018
@kevinansfield kevinansfield deleted the api-key/schema branch October 2, 2018 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@allouis allouis allouis approved these changes

@kirrg001 kirrg001 kirrg001 left review comments

Assignees

@kirrg001 kirrg001

@allouis allouis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinansfield @kirrg001 @allouis