Skip to content

Commit

Permalink
Merge pull request #100 from polygloton/issue-#98
Browse files Browse the repository at this point in the history 
API key is not required when allow-all is the auth service being used
  • Loading branch information
@polygloton
polygloton committed Mar 11, 2016
2 parents b75e1f0 + 77f2eb4 commit 9349318
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 38 deletions.
1 change: 1 addition & 0 deletions src/cia/auth.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
(allowed-capability? [this capability]))

(defprotocol IAuth
(require-login? [this])
(identity-for-token [this token]))

(defonce auth-service (atom nil))
Expand Down
4 changes: 3 additions & 1 deletion src/cia/auth/allow_all.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,6 @@
(defrecord AuthService []
IAuth
(identity-for-token [_ _]
identity-singleton))
identity-singleton)
(require-login? [_]
false))
3 changes: 2 additions & 1 deletion src/cia/auth/middleware.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@
(assoc-in [:headers "api_key"] api_key))))))

(defn require-capability! [granting-capabilities id]
(if granting-capabilities
(if (and granting-capabilities
(auth/require-login? @auth/auth-service))
(cond
(nil? id)
(http-response/forbidden! {:message "Only authenticated users allowed"})
Expand Down
4 changes: 3 additions & 1 deletion src/cia/auth/threatgrid.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,9 @@
:role role
:capabilities (->> (str/lower-case role)
keyword
(get auth/default-capabilities))})))))
(get auth/default-capabilities))}))))
(require-login? [_]
true))

(defn make-auth-service
([whoami-service]
Expand Down
70 changes: 35 additions & 35 deletions src/cia/handler.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@
(PUT "/:id" []
:return StoredActor
:body [actor NewActor {:description "an updated Actor"}]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:summary "Updates an Actor"
:path-params [id :- s/Str]
:capabilities #{:create-actor :admin}
Expand All @@ -127,7 +127,7 @@
:return (s/maybe StoredActor)
:summary "Gets an Actor by ID"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-actor :admin}
(if-let [d (read-actor @actor-store id)]
(ok d)
Expand All @@ -136,7 +136,7 @@
:no-doc true
:path-params [id :- s/Str]
:summary "Deletes an Actor"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:delete-actor :admin}
(if (delete-actor @actor-store id)
(no-content)
Expand All @@ -148,7 +148,7 @@
:return StoredCampaign
:body [campaign NewCampaign {:description "a new campaign"}]
:summary "Adds a new Campaign"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-campaign :admin}
:login login
(ok (create-campaign @campaign-store login campaign)))
Expand All @@ -157,15 +157,15 @@
:body [campaign NewCampaign {:description "an updated campaign"}]
:summary "Updates a campaign"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-campaign :admin}
:login login
(ok (update-campaign @campaign-store id login campaign)))
(GET "/:id" []
:return (s/maybe StoredCampaign)
:summary "Gets a Campaign by ID"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-campaign :admin}
(if-let [d (read-campaign @campaign-store id)]
(ok d)
Expand All @@ -174,7 +174,7 @@
:no-doc true
:path-params [id :- s/Str]
:summary "Deletes a Campaign"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:delete-campaign :admin}
(if (delete-campaign @campaign-store id)
(no-content)
Expand All @@ -186,7 +186,7 @@
:return StoredExploitTarget
:body [exploit-target NewExploitTarget {:description "a new exploit target"}]
:summary "Adds a new ExploitTarget"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-exploit-target :admin}
:login login
(ok (create-exploit-target @exploit-target-store login exploit-target)))
Expand All @@ -197,15 +197,15 @@
{:description "an updated exploit target"}]
:summary "Updates an exploit target"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-exploit-target :admin}
:login login
(ok (update-exploit-target @exploit-target-store id login exploit-target)))
(GET "/:id" []
:return (s/maybe StoredExploitTarget)
:summary "Gets an ExploitTarget by ID"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-exploit-target :admin}
(if-let [d (read-exploit-target @exploit-target-store id)]
(ok d)
Expand All @@ -214,7 +214,7 @@
:no-doc true
:path-params [id :- s/Str]
:summary "Deletes an ExploitTarget"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:delete-exploit-target :admin}
(if (delete-exploit-target @exploit-target-store id)
(no-content)
Expand All @@ -226,7 +226,7 @@
:return StoredCOA
:body [coa NewCOA {:description "a new COA"}]
:summary "Adds a new COA"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-coa :admin}
:login login
(ok (create-coa @coa-store login coa)))
Expand All @@ -235,15 +235,15 @@
:body [coa NewCOA {:description "an updated COA"}]
:summary "Updates a COA"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-coa :admin}
:login login
(ok (update-coa @coa-store id login coa)))
(GET "/:id" []
:return (s/maybe StoredCOA)
:summary "Gets a COA by ID"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-coa :admin}
(if-let [d (read-coa @coa-store id)]
(ok d)
Expand All @@ -252,7 +252,7 @@
:no-doc true
:path-params [id :- s/Str]
:summary "Deletes a COA"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:delete-coa :admin}
(if (delete-coa @coa-store id)
(no-content)
Expand All @@ -264,7 +264,7 @@
:return StoredIncident
:body [incident NewIncident {:description "a new incident"}]
:summary "Adds a new Incident"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-incident :admin}
:login login
(ok (create-incident @incident-store login incident)))
Expand All @@ -273,15 +273,15 @@
:body [incident NewIncident {:description "an updated incident"}]
:summary "Updates an Incident"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-incident :admin}
:login login
(ok (update-incident @incident-store id login incident)))
(GET "/:id" []
:return (s/maybe StoredIncident)
:summary "Gets an Incident by ID"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities :read-incident
(if-let [d (read-incident @incident-store id)]
(ok d)
Expand All @@ -290,7 +290,7 @@
:no-doc true
:path-params [id :- s/Str]
:summary "Deletes an Incident"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:delete-incident :admin}
(if (delete-incident @incident-store id)
(no-content)
Expand All @@ -301,7 +301,7 @@
(POST "/" []
:return StoredJudgement
:body [judgement NewJudgement {:description "a new Judgement"}]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:summary "Adds a new Judgement"
:capabilities #{:create-judgement :admin}
:login login
Expand All @@ -311,7 +311,7 @@
:return StoredFeedback
:path-params [judgement-id :- s/Str]
:body [feedback NewFeedback {:description "a new Feedback on a Judgement"}]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:summary "Adds a Feedback to a Judgement"
:capabilities #{:create-feedback :admin}
:login login
Expand All @@ -320,7 +320,7 @@
:tags ["Feedback"]
:return (s/maybe [StoredFeedback])
:path-params [judgement-id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-feedback :admin}
:summary "Gets all Feedback for this Judgement."
(if-let [d (list-feedback @feedback-store {:judgement judgement-id})]
Expand All @@ -341,7 +341,7 @@
(GET "/:id" []
:return (s/maybe StoredJudgement)
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:summary "Gets a Judgement by ID"
:capabilities #{:read-judgement :admin}
(if-let [d (read-judgement @judgement-store id)]
Expand All @@ -350,7 +350,7 @@
(DELETE "/:id" []
:no-doc true
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:summary "Deletes a Judgement"
:capabilities #{:delete-judgement :admin}
(if (delete-judgement @judgement-store id)
Expand Down Expand Up @@ -390,7 +390,7 @@
:return StoredIndicator
:body [indicator NewIndicator {:description "a new Indicator"}]
:summary "Adds a new Indicator"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-indicator :admin}
:login login
(ok (create-indicator @indicator-store login indicator)))
Expand All @@ -399,15 +399,15 @@
:body [indicator NewIndicator {:description "an updated Indicator"}]
:summary "Updates an Indicator"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-indicator :admin}
:login login
(ok (update-indicator @indicator-store id login indicator)))
(GET "/:id" []
:return (s/maybe StoredIndicator)
:summary "Gets an Indicator by ID"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-indicator :admin}
;; :description "This is a little decription"
;; :query-params [{offset :- Long {:summary "asdads" :default 0}}
Expand All @@ -428,7 +428,7 @@
:return StoredTTP
:body [ttp NewTTP {:description "a new TTP"}]
:summary "Adds a new TTP"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-ttp :admin}
:login login
(ok (create-ttp @ttp-store login ttp)))
Expand All @@ -437,14 +437,14 @@
:body [ttp NewTTP {:description "an updated TTP"}]
:summary "Updated a TTP"
:path-params [id :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:create-ttp :admin}
:login login
(ok (update-ttp @ttp-store id login ttp)))
(GET "/:id" []
:return (s/maybe StoredTTP)
:summary "Gets a TTP by ID"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:read-ttp :admin}
;;:description "This is a little description"
;; :query-params [{offset :- Long 0}
Expand All @@ -463,7 +463,7 @@
:no-doc true
:path-params [id :- s/Str]
:summary "Deletes a TTP"
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:delete-ttp :admin}
(if (delete-ttp @ttp-store id)
(no-content)
Expand Down Expand Up @@ -520,7 +520,7 @@
observable_value :- s/Str]
:return (s/maybe [StoredJudgement])
:summary "Returns all the Judgements associated with the specified observable."
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:list-judgements-by-observable :admin}
(ok
(some->> {:type observable_type
Expand All @@ -539,7 +539,7 @@
observable_value :- s/Str]
:return (s/maybe [StoredIndicator])
:summary "Returns all the Indiators associated with the specified observable."
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:list-indicators-by-observable :admin}
(ok
(some->> {:type observable_type
Expand All @@ -557,7 +557,7 @@
{source :- s/Str nil}]
:path-params [observable_type :- ObservableType
observable_value :- s/Str]
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:list-sightings-by-observable :admin}
:return (s/maybe [StoredSighting])
:summary "Returns all the Sightings associated with the specified observable."
Expand All @@ -574,7 +574,7 @@
observable_value :- s/Str]
:return (s/maybe Verdict)
:summary "Returns the current Verdict associated with the specified observable."
:header-params [api_key :- s/Str]
:header-params [api_key :- (s/maybe s/Str)]
:capabilities #{:get-verdict :admin}
(if-let [d (calculate-verdict @judgement-store {:type observable_type
:value observable_value})]
Expand Down

0 comments on commit 9349318

Please sign in to comment.