Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: revoke personal access token #2422

Merged
merged 63 commits into from
Jun 10, 2022
Merged

feat: revoke personal access token #2422

merged 63 commits into from
Jun 10, 2022

Conversation

achmelo
Copy link
Member

@achmelo achmelo commented Jun 8, 2022
edited by taban03
Loading

Description

Added personal access token revokation. The revoked token is stored in the Caching Service (Infinispan).
Linked to #2306

Type of change

Please delete options that are not relevant.

  • (fix) Bug fix (non-breaking change which fixes an issue)
  • (feat) New feature (non-breaking change which adds functionality)
  • (docs) Change in a documentation
  • (refactor) Refactor the code
  • (chore) Chore, repository cleanup, updates the dependencies.
  • (BREAKING CHANGE or !) Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

For more details about how should the code look like read the Contributing guideline

achmelo and others added 30 commits June 1, 2022 11:09
@achmelo
controller and apiml PAT provider
d018e22 
Signed-off-by: achmelo <[email protected]>
@achmelo
cachingservice client to support token operations
4a66c7d 
Signed-off-by: achmelo <[email protected]>
@achmelo
list invalidated tokens
d1fa2da 
Signed-off-by: achmelo <[email protected]>
@achmelo
new cache storage operation test
79e2621 
Signed-off-by: achmelo <[email protected]>
@achmelo
remove unused import
4a21d2b 
Signed-off-by: achmelo <[email protected]>
@achmelo
validate token against stored list
b4bdaa7 
Signed-off-by: achmelo <[email protected]>
@achmelo
remove unused import
9793028 
Signed-off-by: achmelo <[email protected]>
@achmelo
deserialize response body
aecb1b0 
Signed-off-by: achmelo <[email protected]>
@taban03
Include utils folder for coverage
fce26f5 
Signed-off-by: at670475 <[email protected]>
@taban03
Add method to retrieve invalidated tokens
89e5e58 
Signed-off-by: at670475 <[email protected]>
@taban03
Add unit tests
b717a47 
Signed-off-by: at670475 <[email protected]>
@taban03
Change endpoint path
a651541 
Signed-off-by: at670475 <[email protected]>
@taban03
Fix null pointer exc. and add conflict exception
6c75ad2 
Signed-off-by: at670475 <[email protected]>
@taban03
fix path in the it
cfbe2d8 
Signed-off-by: at670475 <[email protected]>
@taban03
add unit test
65f781a 
Signed-off-by: at670475 <[email protected]>
@achmelo
object mapper config
740818c 
Signed-off-by: achmelo <[email protected]>
@achmelo
Merge remote-tracking branch 'origin/rip/GH2306/revoke_access_token' …
7c421e0 
…into rip/GH2306/revoke_access_token
@taban03
Address review comments
703195f 
Signed-off-by: at670475 <[email protected]>
@taban03
Unit test
30f518f 
Signed-off-by: at670475 <[email protected]>
@achmelo
argon2 hash, validate tokens
4688b20 
Signed-off-by: achmelo <[email protected]>
@achmelo
Merge remote-tracking branch 'origin/rip/GH2306/revoke_access_token' …
2af1424 
…into rip/GH2306/revoke_access_token

# Conflicts:
#	caching-service/src/main/java/org/zowe/apiml/caching/service/infinispan/storage/InfinispanStorage.java
@achmelo
revoke token through GW test
ce343dc 
Signed-off-by: achmelo <[email protected]>
@achmelo
add licence info
c351944 
Signed-off-by: achmelo <[email protected]>
@achmelo
remove unused imports
64c053e 
Signed-off-by: achmelo <[email protected]>
@achmelo
fix styles
e4d830b 
Signed-off-by: achmelo <[email protected]>
@achmelo
exclude infinispan storage tests from base
961d43b 
Signed-off-by: achmelo <[email protected]>
@achmelo
cs list path
05bc44c 
Signed-off-by: achmelo <[email protected]>
@taban03
Use synchronized and add it
04b66f5 
Signed-off-by: at670475 <[email protected]>
@taban03
Add it
e81e0d1 
Signed-off-by: at670475 <[email protected]>
@achmelo
check for array size
b792b40 
Signed-off-by: achmelo <[email protected]>
@zowe-robot zowe-robot added the Sensitive Sensitive change that requires peer review label Jun 8, 2022
taban03 and others added 10 commits June 9, 2022 17:09
@taban03
Fix unit tests and integration tests
732e94b 
Signed-off-by: at670475 <[email protected]>
@taban03
Remove configuration for the transaction manager as not used
4c8eb80 
Signed-off-by: at670475 <[email protected]>
@achmelo
chore
8206050 
Signed-off-by: achmelo <[email protected]>
@achmelo
Merge remote-tracking branch 'origin/rip/GH2306/revoke_access_token' …
43daa49 
…into rip/GH2306/revoke_access_token
@achmelo
Revert "Remove configuration for the transaction manager as not used"
beecf84 
This reverts commit 4c8eb80.
@achmelo
replace lambda
e732ba4 
Signed-off-by: achmelo <[email protected]>
@taban03
Fix unit tests
7d251b8 
Signed-off-by: at670475 <[email protected]>
@taban03
Add unit test and fix code smells
83bdf47 
Signed-off-by: at670475 <[email protected]>
@taban03
fix code smells
9250c8b 
Signed-off-by: at670475 <[email protected]>
@taban03
Merge branch 'v2.x.x' into rip/GH2306/revoke_access_token
82c1b35
weinfurt
weinfurt reviewed Jun 10, 2022
View reviewed changes
gateway-service/src/main/java/org/zowe/apiml/gateway/cache/CachingServiceClient.java Outdated
}
}

public Map<String,String> readInvalidatedTokens(String key) throws CachingServiceClientException {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the usage of key parameter? I see that it is used only in exceptions... Also the usage of this method shows that actual token is provided as key parameter. Is it intended?

weinfurt
weinfurt approved these changes Jun 10, 2022
View reviewed changes
Copy link
Contributor

@weinfurt weinfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments, but overall it looks good.

taban03 and others added 4 commits June 10, 2022 12:26
@sonarcloud
Copy link

sonarcloud bot commented Jun 10, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

83.2% 83.2% Coverage
0.0% 0.0% Duplication

@taban03 taban03 merged commit c7f79d5 into v2.x.x Jun 10, 2022
@delete-merged-branch delete-merged-branch bot deleted the rip/GH2306/revoke_access_token branch June 10, 2022 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taban03 taban03 taban03 left review comments

@weinfurt weinfurt weinfurt approved these changes

Assignees
No one assigned
Labels
Sensitive Sensitive change that requires peer review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@achmelo @weinfurt @taban03 @zowe-robot