Add API authentication, key request and documentation #987

pombredanne · 2022-10-28T14:16:49Z

@tfranzel

pombredanne

pombredanne requested a review from TG1999 October 28, 2022 14:16

TG1999 force-pushed the api-authentication branch from 1e7cd95 to e33f79a Compare November 1, 2022 18:46

pombredanne and others added 28 commits November 4, 2022 19:14

Use environment variable to enable API auth

2152e8f

Setting VULNERABLECODEIO_REQUIRE_AUTHENTICATION will require auth with an API key Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Improve docstring for user signal

feb60c7

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Enable the admin

a27e3c3

This is handy for data browsing Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add new command to create API-only users

7fd756b

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add minimal command to create API-only users

b9ff165

Also add minimal API auth and configuration documentation Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Towards API request self service

f87efbc

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Move tos to the template dir for proper styling

948caeb

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Transform tos in a template

836a57f

* Use shared footer * Move navbar to base template to avoid duplication Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Remove outdated old API doc files

ca0cdc4

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add back drf-spectacular as a dependency

e1a3125

This will help generate an Open API documentation now that we do not have CDN issues anymore with: tfranzel/drf-spectacular#389 Referenced-by: #454 Thanks-you-to: T. Franzel @tfranzel Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add missing migration for ApiUser Proxy model

6ee0387

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Correct field help in VulnerabilitySeverity

e06047a

vulnerabilities.models.VulnerabilitySeverity "scoring_system" was invalid and had been damaged in a past search and replace in this commit: 4988452 This reparing this mistake. Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add missing type hint for is_vulnerable()

7fa13fd

This helps generate a better OpenAPI schema Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Adopt drf_spectacular for live API doc

a510aec

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Remove outdated/unused redoc deps

7b80064

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add missing ABOUT file for Bulma JS

89f70af

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add doc links to generate API docs

b2400c8

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Improve API doc and typing

335951c

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Remove outdated schema_view from views

e92e094

This is no longer needed as the OpenAPI schema is available directly though drf-spectacular Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Generate API documentation

d5811fa

And streamline urls Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Remove unused variables and imports

bbbd83b

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Improve API documentation

72f33ab

Override the swagger UI template Format and improve settings and ruls.py Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Doe not extras in pip constraints

bf69648

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Configire email settings

38f95b8

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Add ABOUT file for drf-spectacular files

d7bf6e9

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add back to app drf_spectacular

7fe3ca5

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Use psycopg2-binary for consistency

a25e629

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

pombredanne and others added 10 commits November 4, 2022 19:14

Streamline API key view documentation

10f0832

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Rename command as create_api_user

bcbe59b

Prefer underscore to dash Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>

Add success message for user creation

0b2c243

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Fix formatting tests

1bb9f3e

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Change error message

9edd7a0

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Fix formatting errors

b4d2340

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Rebase with latest changes and fix tests

352aed6

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Add EMAIL_HOST as env variable

fc052a8

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Rebase with latest changes and adjust tests

c040c79

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Add FROM_EMAIL in settings

86d5f86

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

TG1999 force-pushed the api-authentication branch from 3ce82f7 to 86d5f86 Compare November 4, 2022 13:55

pombredanne commented Nov 8, 2022

View reviewed changes

pombredanne merged commit c9f70a0 into main Nov 8, 2022

pombredanne deleted the api-authentication branch November 8, 2022 21:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add API authentication, key request and documentation #987

Add API authentication, key request and documentation #987

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Add API authentication, key request and documentation #987

Add API authentication, key request and documentation #987

Uh oh!

Conversation

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!