search

cloudendpoints / endpoints-java

A Java framework for building RESTful APIs on Google App Engine
Apache License 2.0
32 stars 35 forks source link

fix JWT + API key auth config generation #118

Closed tangiel closed 6 years ago

tangiel commented 6 years ago

Right now, if wishing to use JWT auth plus API keys, the OpenAPI config generator places the API key in a separate security requirement, which allows JWT auth OR API key. This change adds the API key to every existing security requirement to change OR to AND. If no current security requirements exist, a new one is created to solely allow API key validation.

codecov-io commented 6 years ago

Codecov Report

Merging #118 into master will increase coverage by 0.01%. The diff coverage is 100%.

Impacted file tree graph

@@             Coverage Diff             @@
##             master    #118      +/-   ##
===========================================
+ Coverage     79.68%   79.7%   +0.01%     
- Complexity     1643    1646       +3     
===========================================
  Files           156     156              
  Lines          5523    5528       +5     
  Branches        706     708       +2     
===========================================
+ Hits           4401    4406       +5     
  Misses          846     846              
  Partials        276     276
Impacted Files Coverage Δ Complexity Δ
...oogle/api/server/spi/swagger/SwaggerGenerator.java 77.82% <100%> (+0.47%) 56 <0> (+3) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 058d3ad...5f6c4b4. Read the comment docs.

Aardvarklord commented 6 years ago

Sorry for a stupid question but I'm still seeing this problem when using the "endpointsOpenApiDocs" gradle task (from within Eclipse) provided by the endpoints-framework-gradle-plugin

My build.gradle contains:

dependencies {
        classpath 'com.google.cloud.tools:endpoints-framework-gradle-plugin:1.0.2'
        classpath 'com.google.cloud.tools:appengine-gradle-plugin:1.3.4'
    }

dependencies {
    compile 'com.google.endpoints:endpoints-framework:2.0.10'
    compile 'com.google.endpoints:endpoints-management-control-appengine:1.0.6'
    compile 'com.google.endpoints:endpoints-framework-auth:1.0.6'   
    compile 'javax.inject:javax.inject:1'
    compile 'javax.servlet:servlet-api:2.5'
}

Will a new version of the endpoints-framework-gradle-plugin be required as well to fix the issue?

tangiel commented 6 years ago

Yes, possibly @loosebazooka

loosebazooka commented 6 years ago

@Aardvarklord yes a new release will have to be prepared to include this fix with the gradle plugin, since it depends on the 2.0.9 version of this library.

You can override the included version of the library in the meantime if you like by setting the endpoints-frameworks-tools dependency explicitly to 2.0.10:

I've added a bug to the gradle plugin https://github.com/GoogleCloudPlatform/endpoints-framework-gradle-plugin/issues/78 for tracking.

buildscript {
  dependencies {
        classpath 'com.google.endpoints:endpoints-frameworks-tools:2.0.10'
        classpath 'com.google.cloud.tools:endpoints-framework-gradle-plugin:1.0.2'
        classpath 'com.google.cloud.tools:appengine-gradle-plugin:1.3.4'
    }
}