Closed dcs3spp closed 1 month ago
API Changes
--- prev.txt 2024-07-03 13:43:13.368605032 +0000
+++ current.txt 2024-07-03 13:43:10.456564528 +0000
@@ -3669,7 +3669,7 @@
// Tyk classic API definition: `openid_options.segregate_by_client`.
SegregateByClientId bool `bson:"segregateByClientId,omitempty" json:"segregateByClientId,omitempty"`
- // Providers contains a list of authorised providers, their Client IDs and matched policies.
+ // Providers contains a list of authorized providers, their Client IDs and matched policies.
//
// Tyk classic API definition: `openid_options.providers`.
Providers []Provider `bson:"providers,omitempty" json:"providers,omitempty"`
@@ -5568,7 +5568,7 @@
// "override_messages": {
// "oauth.auth_field_missing" : {
// "code": 401,
- // "message": "Token is not authorised"
+ // "message": "Token is not authorized"
// }
// }
// ```
@@ -6054,7 +6054,7 @@
// Your organisation ID to connect to the MDCB installation.
RPCKey string `json:"rpc_key"`
- // This the API key of a user used to authenticate and authorise the Gateway’s access through MDCB.
+ // This the API key of a user used to authenticate and authorize the Gateway’s access through MDCB.
// The user should be a standard Dashboard user with minimal privileges so as to reduce any risk if the user is compromised.
// The suggested security settings are read for Real-time notifications and the remaining options set to deny.
APIKey string `json:"api_key"`
⏱️ Estimated effort to review [1-5] | 1 |
🧪 Relevant tests | No |
🔒 Security concerns | No |
⚡ Key issues to review | None |
Category | Suggestion | Score |
Maintainability |
Improve the grammar and conciseness of the APIKey comment___ **The comment "This the API key of a user used to authenticate and authorize the Gateway’saccess through MDCB" contains a grammatical error and could be more concise.** [config/config.go [328]](https://github.com/TykTechnologies/tyk/pull/6383/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17R328-R328) ```diff -// This the API key of a user used to authenticate and authorize the Gateway’s access through MDCB. +// This API key is used to authenticate and authorize the Gateway’s access through MDCB. ``` Suggestion importance[1-10]: 9Why: Correcting the grammatical error and making the comment more concise improves readability and maintainability of the code documentation. | 9 |
Security |
Clarify the minimal privileges required for the Dashboard user in the APIKey comment___ **The comment forAPIKey should clarify the specific minimal privileges required for the Dashboard user. This will enhance security guidelines and ensure proper configuration.** [config/config.go [329]](https://github.com/TykTechnologies/tyk/pull/6383/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17R329-R329) ```diff -// The user should be a standard Dashboard user with minimal privileges so as to reduce any risk if the user is compromised. +// The user should be a standard Dashboard user with minimal privileges (e.g., read-only access to specific resources) to reduce any risk if the user is compromised. ``` Suggestion importance[1-10]: 8Why: Clarifying the specific minimal privileges enhances security guidelines and ensures proper configuration, which is important for maintaining secure access. | 8 |
Best practice |
Add a comment to explain the use of the
___
**Consider adding a comment to explain the significance of the | 7 |
Enhancement |
Explain the context of the 'message' field in the JSON configuration___ **The comment for themessage field in the JSON configuration should explain the context in which this message is used, to provide clarity on its application.** [config/config.go [1049]](https://github.com/TykTechnologies/tyk/pull/6383/files#diff-fe44f09c4d5977b5f5eaea29170b6a0748819c9d02271746a20d81a5f3efca17R1049-R1049) ```diff -// "message": "Token is not authorized" +// "message": "Token is not authorized" // This message is displayed when the token provided is invalid or lacks necessary permissions. ``` Suggestion importance[1-10]: 6Why: Providing context for the 'message' field enhances clarity, but it is a minor improvement and not essential for understanding the code. | 6 |
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
User description
Description
Replace authorise with authorize for PR raised in docs by @Roeegg2
Related Issue
DX-1473
Motivation and Context
uk -> us spelling update
How This Has Been Tested
Screenshots (if appropriate)
Types of changes
Checklist
PR Type
enhancement
Description
apidef/oas/authentication.go
andconfig/config.go
files.Changes walkthrough 📝
authentication.go
Update spelling from 'authorised' to 'authorized' in comments
apidef/oas/authentication.go
authorised
withauthorized
in the comment for theProviders
field.
config.go
Update spelling from 'authorise' to 'authorize' in comments and
examples
config/config.go
authorise
withauthorize
in the comment for theAPIKey
field.authorized
instead ofauthorised
.