-
-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance badge API to require authorization #4059
Merged
nscuro
merged 12 commits into
DependencyTrack:master
from
SaberStrat:feature/3596-enhance-badges-to-require-api-authorization
Sep 29, 2024
Merged
Enhance badge API to require authorization #4059
nscuro
merged 12 commits into
DependencyTrack:master
from
SaberStrat:feature/3596-enhance-badges-to-require-api-authorization
Sep 29, 2024
Commits on Sep 11, 2024
-
Change badges access from checkbox to permission
Replace enabling of unauthenticaed access to badges via admin config checkbox with an api authentication with a new dedicated permission "VIEW_BADGES". Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 002c6f4 - Browse repository at this point
Copy the full SHA 002c6f4View commit details -
Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for f7cdc28 - Browse repository at this point
Copy the full SHA f7cdc28View commit details -
Remove config property constant for badge enabling
Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 309dc39 - Browse repository at this point
Copy the full SHA 309dc39View commit details -
Modify tests to accomodate badge changes
Add new badge permission to tests. Remove tests for badge disabling. Add tests testing authentication, permission and ACL access. Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for d1067c2 - Browse repository at this point
Copy the full SHA d1067c2View commit details -
Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 1931654 - Browse repository at this point
Copy the full SHA 1931654View commit details -
Enable auth via URI query param for badge API
Allows API authentication via URI query param for badge requests as an alternative to header authentication because typical use cases for badges do not easily allow header injection. Requires stevespringett/Alpine#641 Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 60ffaaf - Browse repository at this point
Copy the full SHA 60ffaafView commit details -
Update badge resource tests to auth via URI query
Update tests to focus on API authentication via URI query parameter, but keep some tests that test header authentication as that remains an option. Requires stevespringett/Alpine#641 Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 11, 2024 Configuration menu - View commit details
-
Copy full SHA for 8c40c9a - Browse repository at this point
Copy the full SHA 8c40c9aView commit details
Commits on Sep 22, 2024
-
Add a default team for viewing badges for new DBs. Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 22, 2024 Configuration menu - View commit details
-
Copy full SHA for 0e3e576 - Browse repository at this point
Copy the full SHA 0e3e576View commit details
Commits on Sep 29, 2024
-
Resurrect enable badges setting for deprecation
To make the removal of unauthenticated access to badges not be a breaking change after all, the enable badges config property is kept in after all, but repurposed into a setting to enable unauthenticated access to the badges resource. If it is disabled, then the badges api remains accessible to authenticated and authorized requests. Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 29, 2024 Configuration menu - View commit details
-
Copy full SHA for 4665b53 - Browse repository at this point
Copy the full SHA 4665b53View commit details -
Add tests for enabled unauthenticated badge access
Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 29, 2024 Configuration menu - View commit details
-
Copy full SHA for f265b35 - Browse repository at this point
Copy the full SHA f265b35View commit details -
Update documentation for globally configurable unauthenticated access to badges. Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 29, 2024 Configuration menu - View commit details
-
Copy full SHA for 02a44ac - Browse repository at this point
Copy the full SHA 02a44acView commit details -
Fix tests to take into account new default team
Signed-off-by: Kirill.Sybin <kirill.sybin@lex-com.net>
Kirill.Sybin committedSep 29, 2024 Configuration menu - View commit details
-
Copy full SHA for efb2504 - Browse repository at this point
Copy the full SHA efb2504View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.