Closed overheadhunter closed 5 months ago
[!WARNING]
Rate Limit Exceeded
@overheadhunter has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 20 minutes and 16 seconds before requesting another review.
How to resolve this issue?
After the wait time has elapsed, a review can be triggered using the `@coderabbitai review` command as a PR comment. Alternatively, push new commits to this PR. We recommend that you space out your commits to avoid hitting the rate limit.How do rate limits work?
CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our [FAQ](https://coderabbit.ai/docs/faq) for further information.Commits
Files that changed from the base of the PR and between c7a2d7030c8d4f0918c5d34784a1ee87b8de641a and 58ff0d684ba1eda836320430e58b44b48029baff.
The recent updates involve enhancing the management of legacy access tokens and user-specific vault key handling. Key changes include the introduction of methods to list and update legacy tokens, the addition of new imports to support these functionalities, and the adjustment of methods to include user authentication. Test cases have been added and updated to ensure the correct behavior of the new and modified endpoints.
File Path | Change Summary |
---|---|
.../api/DeviceResource.java .../entities/LegacyAccessToken.java |
Added imports, deprecated method for legacy tokens, LegacyAccessTokenDto record, and modified methods to include user authentication and owner details. |
.../api/UsersResource.java |
New imports and updateMyAccessTokens method for vault key updates. |
.../api/DeviceResourceTest.java .../api/UsersResourceTest.java |
Added/updated test methods. Updated imports and matchers in UsersResourceTest . |
In the code where secrets nest, A rabbit hopped to the devs' behest. Tokens old, and keys anew, 🐇 Patched and tested, through and through. 🌟
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
This adds two new API endpoints:
GET /api/devices/{deviceId}/legacy-access-tokens
(to be removed after all users migrated from 1.2.x)POST /api/users/me/access-tokens
The response body of the former and the request body of the latter are both JSON objects with these key-value-pairs:
The difference is that the deprecated legacy access tokens are encrypted using the device key, while the current access tokens posted to the users resource shall be encrypted using the user key.
Both endpoints are accessible to all users, as they only expose information owned by the currently logged in user.
Summary by CodeRabbit
Summary by CodeRabbit
New Features
Bug Fixes
Tests