Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[TT-13422] Do not allow empty string in upstream auth configuration strings #6699

Merged
merged 1 commit into from
Nov 8, 2024

Conversation

jeffy-mathew
Copy link
Contributor

@jeffy-mathew jeffy-mathew commented Nov 8, 2024

User description

TT-13422
Summary Add validation rules on backend
Type Sub-task Sub-task
Status In Test
Points N/A
Labels QA_Fail

Description

This PR updates OAS schema to not allow empty string in string data type configurations.
It also removes unused headerName field from upstream OAuth client credentials.

Related Issue

https://tyktech.atlassian.net/browse/TT-13422

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

  • I ensured that the documentation is up to date
  • I explained why this PR updates go.mod in detail with reasoning why it's required
  • I would like a code coverage CI quality gate exception and have explained why

PR Type

enhancement, bug fix


Description

  • Removed the unused HeaderName field from the ClientCredentials struct in upstream.go.
  • Updated the OpenAPI Specification (OAS) schema to enforce non-empty strings by introducing a new definition X-Tyk-NonEmptyString.
  • Applied X-Tyk-NonEmptyString to relevant fields in the schema to prevent empty string configurations.

Changes walkthrough 📝

Relevant files
Enhancement
upstream.go
Remove unused HeaderName field from ClientCredentials struct

apidef/oas/upstream.go

  • Removed the unused HeaderName field from the ClientCredentials struct.

  • +0/-3     
    Bug fix
    x-tyk-api-gateway.json
    Enforce non-empty strings in OAS schema                                   

    apidef/oas/schema/x-tyk-api-gateway.json

  • Updated schema to use X-Tyk-NonEmptyString for string fields.
  • Added a new definition X-Tyk-NonEmptyString to enforce non-empty
    strings.
  • +15/-12 

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @buger
    Copy link
    Member

    buger commented Nov 8, 2024

    Knock Knock! 🔍

    Just thought I'd let you know that your PR title and story title look quite different. PR titles that closely resemble the story title make it easier for reviewers to understand the context of the PR.

    An easy-to-understand PR title a day makes the reviewer review away! 😛⚡️
    Story Title Add validation rules on backend
    PR Title [TT-13422] Do not allow empty string in upstream auth configuration strings

    Check out this guide to learn more about PR best-practices.

    Copy link
    Contributor

    github-actions bot commented Nov 8, 2024

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Schema Validation
    Ensure that the new JSON schema references ($ref) to X-Tyk-NonEmptyString are correctly validating non-empty strings as intended across various API configurations.

    Copy link
    Contributor

    github-actions bot commented Nov 8, 2024

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Enhancement
    Improve the regular expression to exclude all whitespace strings

    Ensure that the regular expression pattern for "X-Tyk-NonEmptyString" correctly
    excludes all whitespace strings, not just those composed entirely of whitespace.

    apidef/oas/schema/x-tyk-api-gateway.json [2145]

    -"pattern": "\\S+"
    +"pattern": "^(?!\\s*$).+"
    Suggestion importance[1-10]: 7

    Why: The suggestion improves the regular expression to ensure that any string containing only whitespace is not considered valid, enhancing data validation and preventing potential misuse or errors in data handling.

    7

    Copy link
    Contributor

    github-actions bot commented Nov 8, 2024

    API Changes

    --- prev.txt	2024-11-08 13:05:12.007205887 +0000
    +++ current.txt	2024-11-08 13:05:03.027118847 +0000
    @@ -3515,9 +3515,6 @@
     	TokenURL string `bson:"tokenUrl" json:"tokenUrl"`
     	// Scopes specifies optional requested permissions.
     	Scopes []string `bson:"scopes,omitempty" json:"scopes,omitempty"`
    -	// HeaderName is the custom header name to be used for OAuth client credential flow authentication.
    -	// Defaults to `Authorization`.
    -	HeaderName string `bson:"headerName" json:"headerName"`
     	// ExtraMetadata holds the keys that we want to extract from the token and pass to the upstream.
     	ExtraMetadata []string `bson:"extraMetadata" json:"extraMetadata,omitempty"`
     }

    @jeffy-mathew jeffy-mathew force-pushed the fix/TT-13422/do-not-allow-empty-values branch from dc55397 to 8d0454e Compare November 8, 2024 13:03
    @jeffy-mathew jeffy-mathew enabled auto-merge (squash) November 8, 2024 13:10
    @jeffy-mathew jeffy-mathew merged commit 6db3156 into master Nov 8, 2024
    26 of 39 checks passed
    @jeffy-mathew jeffy-mathew deleted the fix/TT-13422/do-not-allow-empty-values branch November 8, 2024 13:34
    Copy link

    sonarqubecloud bot commented Nov 8, 2024

    jeffy-mathew added a commit that referenced this pull request Nov 14, 2024
    …ration strings" (#6702)
    
    Reverts #6699
    temporary revert with common change for AuthSource
    tykbot bot pushed a commit that referenced this pull request Nov 14, 2024
    …ration strings" (#6702)
    
    Reverts #6699
    temporary revert with common change for AuthSource
    
    (cherry picked from commit f0fcb3f)
    tykbot bot pushed a commit that referenced this pull request Nov 14, 2024
    …ration strings" (#6702)
    
    Reverts #6699
    temporary revert with common change for AuthSource
    
    (cherry picked from commit f0fcb3f)
    jeffy-mathew added a commit that referenced this pull request Nov 14, 2024
    …in upstream auth configuration strings" (#6702) (#6703)
    
    ### **User description**
    Revert "[TT-13422] Do not allow empty string in upstream auth
    configuration strings" (#6702)
    
    Reverts #6699
    temporary revert with common change for AuthSource
    
    [TT-13422]:
    https://tyktech.atlassian.net/browse/TT-13422?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
    
    
    ___
    
    ### **PR Type**
    enhancement, bug fix
    
    
    ___
    
    ### **Description**
    - Reverted the enforcement of non-empty strings for certain fields in
    the OpenAPI Specification (OAS) schema.
    - Introduced a new definition `X-Tyk-UpstreamAuthSource` to replace
    `X-Tyk-AuthSource` in specific schema fields.
    - Updated schema references to use `X-Tyk-UpstreamAuthSource` instead of
    `X-Tyk-AuthSource`.
    
    
    
    ___
    
    
    
    ### **Changes walkthrough** 📝
    <table><thead><tr><th></th><th align="left">Relevant
    files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
    <tr>
      <td>
        <details>
    <summary><strong>x-tyk-api-gateway.json</strong><dd><code>Revert
    non-empty string enforcement and update auth source
    references</code></dd></summary>
    <hr>
    
    apidef/oas/schema/x-tyk-api-gateway.json
    
    <li>Reverted the use of <code>X-Tyk-NonEmptyString</code> for certain
    fields.<br> <li> Introduced a new definition
    <code>X-Tyk-UpstreamAuthSource</code>.<br> <li> Updated references from
    <code>X-Tyk-AuthSource</code> to
    <code>X-Tyk-UpstreamAuthSource</code>.<br>
    
    
    </details>
    
    
      </td>
    <td><a
    href="https://github.com/TykTechnologies/tyk/pull/6703/files#diff-78828969c0c04cc1a776dfc93a8bad3c499a8c83e6169f83e96d090bed3e7dd0">+15/-4</a>&nbsp;
    &nbsp; </td>
    
    </tr>
    </table></td></tr></tr></tbody></table>
    
    ___
    
    > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull
    request to receive relevant information
    
    Co-authored-by: Jeffy Mathew <[email protected]>
    jeffy-mathew added a commit that referenced this pull request Nov 14, 2024
    …g in upstream auth configuration strings" (#6702) (#6704)
    
    ### **User description**
    Revert "[TT-13422] Do not allow empty string in upstream auth
    configuration strings" (#6702)
    
    Reverts #6699
    temporary revert with common change for AuthSource
    
    [TT-13422]:
    https://tyktech.atlassian.net/browse/TT-13422?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
    
    
    ___
    
    ### **PR Type**
    enhancement, bug fix
    
    
    ___
    
    ### **Description**
    - Reverted changes that enforced non-empty strings in the OpenAPI
    Specification (OAS) schema, specifically for the `name` property in
    `X-Tyk-AuthSource`.
    - Adjusted references for `header` properties in various authentication
    objects to use `X-Tyk-UpstreamAuthSource`.
    - Reintroduced the `X-Tyk-UpstreamAuthSource` definition to align with
    previous configurations.
    
    
    
    ___
    
    
    
    ### **Changes walkthrough** 📝
    <table><thead><tr><th></th><th align="left">Relevant
    files</th></tr></thead><tbody><tr><td><strong>Bug
    fix</strong></td><td><table>
    <tr>
      <td>
        <details>
    <summary><strong>x-tyk-api-gateway.json</strong><dd><code>Revert
    non-empty string enforcement and adjust AuthSource
    references</code></dd></summary>
    <hr>
    
    apidef/oas/schema/x-tyk-api-gateway.json
    
    <li>Reverted the <code>name</code> property in
    <code>X-Tyk-AuthSource</code> to use <code>type: string</code>
    <br>instead of <code>X-Tyk-NonEmptyString</code>.<br> <li> Changed
    <code>$ref</code> for <code>header</code> in
    <code>X-Tyk-UpstreamBasicAuthentication</code> and other <br>sections to
    <code>X-Tyk-UpstreamAuthSource</code>.<br> <li> Reintroduced
    <code>X-Tyk-UpstreamAuthSource</code> definition with <code>name</code>
    as a string <br>type.<br>
    
    
    </details>
    
    
      </td>
    <td><a
    href="https://github.com/TykTechnologies/tyk/pull/6704/files#diff-78828969c0c04cc1a776dfc93a8bad3c499a8c83e6169f83e96d090bed3e7dd0">+15/-4</a>&nbsp;
    &nbsp; </td>
    
    </tr>
    </table></td></tr></tr></tbody></table>
    
    ___
    
    > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull
    request to receive relevant information
    
    Co-authored-by: Jeffy Mathew <[email protected]>
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    3 participants