Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue-73: reworking API key display logic and ways for sysadmin to access it #74

Merged
merged 5 commits into from
Aug 1, 2024
Merged

issue-73: reworking API key display logic and ways for sysadmin to access it #74

merged 5 commits into from
Aug 1, 2024

Conversation

mKowalski256
Copy link
Contributor

@mKowalski256 mKowalski256 commented Jul 31, 2024
edited
Loading

Solution to #73.
This PR consists of multiple changes that should make retrieval of API key more secure and traceable.

The changes in behaviour:

  • for user who generated API key the value of their key is no longer sent to front-end whenever 'My Profile' page is displayed, but only after user explicitly clicks on 'Show Key' link
  • when System Admin user 'operates as' they can no longer see user's API key ('Show Key' returns an error); System Admin can still generate new API key or revoke the old one, as there may be valid reasons for these actions (similarly how we do allow System Admin to reset user's password)
  • the /apiKeyInfo/all endpoint within UserDetailsSysAdminApi is now only available when deployment property sysadmin.apikey.access is set to true (it's false by default)

@mKowalski256
blocking & removing 'Manage Api Key' fragment of my profile page for …
83feade 
…sysadmin 'operating as'; guarding API endpoint for apiKey retrieval with new deployment property 'sysadmin.apikey.access' which must be explicitly changed to 'true'
@mKowalski256
update the UI logic, api key is no longer implicitly loaded on 'my pr…
c069f15 
…ofile' page; also it should be fine for sysadmin to regenerate/revoke the key, just not to see pre-existing one
@mKowalski256
add empty defaults back, they can stay
e97a77e
@mKowalski256
minor fixes
0ab6858
@mKowalski256
Copy link
Contributor Author

test AWS build running at https://issue-73-api-key-6.researchspace.com

@mKowalski256 mKowalski256 requested a review from rs-fraser July 31, 2024 13:24
rs-fraser
rs-fraser approved these changes Jul 31, 2024
View reviewed changes
Copy link
Contributor

@rs-fraser rs-fraser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good.

Tested on the AWS build and it's all working fine. Added 1 small suggestion but happy to approve as is too.

@mKowalski256 mKowalski256 merged commit 73ae18d into rspace-os:main Aug 1, 2024
2 checks passed
@mKowalski256 mKowalski256 deleted the issue-73-api-key branch August 1, 2024 08:39
@github-actions github-actions bot locked and limited conversation to collaborators Aug 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rs-fraser rs-fraser rs-fraser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mKowalski256 @rs-fraser