Problem/Motivation

The json api schema differs in many ways from rest's. JsonAPI schema does not define security or schemes for paths. These lists are not just left blank, but are left off completely. JsonAPI also does not define and root level securityDefinitions in schema either even when core's rest has basic_auth and csrf_token.

Proposed resolution

This should be standardized between rest and jsonapi. we may need to look at how jsonapi handles auth and lists controls valid auth options.

CommentFileSizeAuthor
#18 2940412-18-security-definitions.patch17.92 KBrichgerdes
#18 2940412-16-18-interdiff.txt897 bytesrichgerdes
#16 2940412-16-security-definitions.patch17.53 KBrichgerdes
#14 2940412-12-security-definitions.patch16.73 KBrichgerdes
#12 2940412-12-security-definitions.patch0 bytesrichgerdes
#12 2940412-11-12-interdiff.txt839 bytesrichgerdes
#11 2940412-11-security-definitions.patch16.73 KBrichgerdes
#11 2940412-10-11-interdiff.txt3.56 KBrichgerdes
#10 2940412-10-security-definitions.patch15.95 KBrichgerdes
#10 2940412-9-10-interdiff.txt1.14 KBrichgerdes
#9 2940412-9-security-definitions.patch16.14 KBrichgerdes
#7 2940412-6-security-definitions.patch13.13 KBrichgerdes
#6 2940412-5-security-definitions.patch13.13 KBrichgerdes
#5 2940412-4-security-definitions.patch12.96 KBrichgerdes
#4 2940412-3-security-definitions.patch12.83 KBrichgerdes
#3 2940412-2-security-definitions.patch12.83 KBrichgerdes

Comments

richgerdes created an issue. See original summary.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented

Following! :)

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-2-security-definitions.patch12.83 KB

Posting an initial patch for this, so tests can run.

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Title: Paths in JsonAPI schema don't have security or scheme data. » Schema don't have security definitions.
StatusFileSize
new 2940412-3-security-definitions.patch12.83 KB

I hate functions...

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-4-security-definitions.patch12.96 KB
richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-5-security-definitions.patch13.13 KB

Retest

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-6-security-definitions.patch13.13 KB

Fixed lint error

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Title: Schema don't have security definitions. » Schema don't have security definitions
richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-9-security-definitions.patch16.14 KB

Taking another pass at the patch.

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-9-10-interdiff.txt1.14 KB
new 2940412-10-security-definitions.patch15.95 KB

Fix invalid index for jsonurls

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
StatusFileSize
new 2940412-10-11-interdiff.txt3.56 KB
new 2940412-11-security-definitions.patch16.73 KB

CSRF token needs to be handled differently then other auth collectors since its not one....

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Status: Active » Needs review
StatusFileSize
new 2940412-11-12-interdiff.txt839 bytes
new 2940412-12-security-definitions.patch0 bytes

Match keys

Status: Needs review » Needs work

The last submitted patch, 12: 2940412-12-security-definitions.patch, failed testing. View results

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Status: Needs work » Needs review
StatusFileSize
new 2940412-12-security-definitions.patch16.73 KB

Correct version of #12.

Status: Needs review » Needs work

The last submitted patch, 14: 2940412-12-security-definitions.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Status: Needs work » Needs review
StatusFileSize
new 2940412-16-security-definitions.patch17.53 KB

Status: Needs review » Needs work

The last submitted patch, 16: 2940412-16-security-definitions.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Status: Needs work » Needs review
StatusFileSize
new 2940412-16-18-interdiff.txt897 bytes
new 2940412-18-security-definitions.patch17.92 KB

Using basic_auth apparently was a bad idea.... It enables nodes for rest, which is not desired and causes tests to fail. We will use csrf for routes then....

Status: Needs review » Needs work

The last submitted patch, 18: 2940412-18-security-definitions.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

  • richgerdes authored 6d2f4c6 on 8.x-1.x 
    Issue #2940412 by richgerdes: Schema don't have security definitions
richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Status: Needs work » Needs review

Tests failed as the result of other issues. See #2978465: Tests Fail.... Again.

richgerdes’s picture

richgerdes
he/him
Primary language English
Location New Jersey, USA
commented
Status: Needs review » Fixed

Patch has been committed and pushed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.