From dfbab611c03b6af431cb74d41534ad0f902fa03b Mon Sep 17 00:00:00 2001 From: Steve Sloan Date: Fri, 11 Mar 2016 09:14:32 -0800 Subject: [PATCH] API key is not required when allow-all is the auth service being used --- src/cia/auth.clj | 1 + src/cia/auth/allow_all.clj | 4 ++- src/cia/auth/middleware.clj | 3 +- src/cia/auth/threatgrid.clj | 4 ++- src/cia/handler.clj | 70 ++++++++++++++++++------------------- 5 files changed, 44 insertions(+), 38 deletions(-) diff --git a/src/cia/auth.clj b/src/cia/auth.clj index a168184d65..62ccd50923 100644 --- a/src/cia/auth.clj +++ b/src/cia/auth.clj @@ -6,6 +6,7 @@ (allowed-capability? [this capability])) (defprotocol IAuth + (require-login? [this]) (identity-for-token [this token])) (defonce auth-service (atom nil)) diff --git a/src/cia/auth/allow_all.clj b/src/cia/auth/allow_all.clj index 769edd965e..83e847a1c6 100644 --- a/src/cia/auth/allow_all.clj +++ b/src/cia/auth/allow_all.clj @@ -18,4 +18,6 @@ (defrecord AuthService [] IAuth (identity-for-token [_ _] - identity-singleton)) + identity-singleton) + (require-login? [_] + false)) diff --git a/src/cia/auth/middleware.clj b/src/cia/auth/middleware.clj index 65ec42a6d1..c9ff08e915 100644 --- a/src/cia/auth/middleware.clj +++ b/src/cia/auth/middleware.clj @@ -15,7 +15,8 @@ (assoc-in [:headers "api_key"] api_key)))))) (defn require-capability! [granting-capabilities id] - (if granting-capabilities + (if (and granting-capabilities + (auth/require-login? @auth/auth-service)) (cond (nil? id) (http-response/forbidden! {:message "Only authenticated users allowed"}) diff --git a/src/cia/auth/threatgrid.clj b/src/cia/auth/threatgrid.clj index 05eef0c6dc..ea02b1e0dd 100644 --- a/src/cia/auth/threatgrid.clj +++ b/src/cia/auth/threatgrid.clj @@ -69,7 +69,9 @@ :role role :capabilities (->> (str/lower-case role) keyword - (get auth/default-capabilities))}))))) + (get auth/default-capabilities))})))) + (require-login? [_] + true)) (defn make-auth-service ([whoami-service] diff --git a/src/cia/handler.clj b/src/cia/handler.clj index e0a2f0674b..548506827d 100644 --- a/src/cia/handler.clj +++ b/src/cia/handler.clj @@ -114,7 +114,7 @@ (PUT "/:id" [] :return StoredActor :body [actor NewActor {:description "an updated Actor"}] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :summary "Updates an Actor" :path-params [id :- s/Str] :capabilities #{:create-actor :admin} @@ -124,7 +124,7 @@ :return (s/maybe StoredActor) :summary "Gets an Actor by ID" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-actor :admin} (if-let [d (read-actor @actor-store id)] (ok d) @@ -133,7 +133,7 @@ :no-doc true :path-params [id :- s/Str] :summary "Deletes an Actor" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:delete-actor :admin} (if (delete-actor @actor-store id) (no-content) @@ -145,7 +145,7 @@ :return StoredCampaign :body [campaign NewCampaign {:description "a new campaign"}] :summary "Adds a new Campaign" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-campaign :admin} :login login (ok (create-campaign @campaign-store login campaign))) @@ -154,7 +154,7 @@ :body [campaign NewCampaign {:description "an updated campaign"}] :summary "Updates a campaign" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-campaign :admin} :login login (ok (update-campaign @campaign-store id login campaign))) @@ -162,7 +162,7 @@ :return (s/maybe StoredCampaign) :summary "Gets a Campaign by ID" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-campaign :admin} (if-let [d (read-campaign @campaign-store id)] (ok d) @@ -171,7 +171,7 @@ :no-doc true :path-params [id :- s/Str] :summary "Deletes a Campaign" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:delete-campaign :admin} (if (delete-campaign @campaign-store id) (no-content) @@ -183,7 +183,7 @@ :return StoredExploitTarget :body [exploit-target NewExploitTarget {:description "a new exploit target"}] :summary "Adds a new ExploitTarget" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-exploit-target :admin} :login login (ok (create-exploit-target @exploit-target-store login exploit-target))) @@ -194,7 +194,7 @@ {:description "an updated exploit target"}] :summary "Updates an exploit target" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-exploit-target :admin} :login login (ok (update-exploit-target @exploit-target-store id login exploit-target))) @@ -202,7 +202,7 @@ :return (s/maybe StoredExploitTarget) :summary "Gets an ExploitTarget by ID" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-exploit-target :admin} (if-let [d (read-exploit-target @exploit-target-store id)] (ok d) @@ -211,7 +211,7 @@ :no-doc true :path-params [id :- s/Str] :summary "Deletes an ExploitTarget" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:delete-exploit-target :admin} (if (delete-exploit-target @exploit-target-store id) (no-content) @@ -223,7 +223,7 @@ :return StoredCOA :body [coa NewCOA {:description "a new COA"}] :summary "Adds a new COA" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-coa :admin} :login login (ok (create-coa @coa-store login coa))) @@ -232,7 +232,7 @@ :body [coa NewCOA {:description "an updated COA"}] :summary "Updates a COA" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-coa :admin} :login login (ok (update-coa @coa-store id login coa))) @@ -240,7 +240,7 @@ :return (s/maybe StoredCOA) :summary "Gets a COA by ID" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-coa :admin} (if-let [d (read-coa @coa-store id)] (ok d) @@ -249,7 +249,7 @@ :no-doc true :path-params [id :- s/Str] :summary "Deletes a COA" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:delete-coa :admin} (if (delete-coa @coa-store id) (no-content) @@ -261,7 +261,7 @@ :return StoredIncident :body [incident NewIncident {:description "a new incident"}] :summary "Adds a new Incident" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-incident :admin} :login login (ok (create-incident @incident-store login incident))) @@ -270,7 +270,7 @@ :body [incident NewIncident {:description "an updated incident"}] :summary "Updates an Incident" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-incident :admin} :login login (ok (update-incident @incident-store id login incident))) @@ -278,7 +278,7 @@ :return (s/maybe StoredIncident) :summary "Gets an Incident by ID" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities :read-incident (if-let [d (read-incident @incident-store id)] (ok d) @@ -287,7 +287,7 @@ :no-doc true :path-params [id :- s/Str] :summary "Deletes an Incident" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:delete-incident :admin} (if (delete-incident @incident-store id) (no-content) @@ -298,7 +298,7 @@ (POST "/" [] :return StoredJudgement :body [judgement NewJudgement {:description "a new Judgement"}] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :summary "Adds a new Judgement" :capabilities #{:create-judgement :admin} :login login @@ -308,7 +308,7 @@ :return StoredFeedback :path-params [judgement-id :- s/Str] :body [feedback NewFeedback {:description "a new Feedback on a Judgement"}] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :summary "Adds a Feedback to a Judgement" :capabilities #{:create-feedback :admin} :login login @@ -317,14 +317,14 @@ :tags ["Feedback"] :return [StoredFeedback] :path-params [judgement-id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-feedback :admin} :summary "Gets all Feedback for this Judgement." (ok (list-feedback @feedback-store {:judgement judgement-id}))) (GET "/:id" [] :return (s/maybe StoredJudgement) :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :summary "Gets a Judgement by ID" :capabilities #{:read-judgement :admin} (if-let [d (read-judgement @judgement-store id)] @@ -333,7 +333,7 @@ (DELETE "/:id" [] :no-doc true :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :summary "Deletes a Judgement" :capabilities #{:delete-judgement :admin} (if (delete-judgement @judgement-store id) @@ -373,7 +373,7 @@ :return StoredIndicator :body [indicator NewIndicator {:description "a new Indicator"}] :summary "Adds a new Indicator" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-indicator :admin} :login login (ok (create-indicator @indicator-store login indicator))) @@ -382,7 +382,7 @@ :body [indicator NewIndicator {:description "an updated Indicator"}] :summary "Updates an Indicator" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-indicator :admin} :login login (ok (update-indicator @indicator-store id login indicator))) @@ -390,7 +390,7 @@ :return (s/maybe StoredIndicator) :summary "Gets an Indicator by ID" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-indicator :admin} ;; :description "This is a little decription" ;; :query-params [{offset :- Long {:summary "asdads" :default 0}} @@ -411,7 +411,7 @@ :return StoredTTP :body [ttp NewTTP {:description "a new TTP"}] :summary "Adds a new TTP" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-ttp :admin} :login login (ok (create-ttp @ttp-store login ttp))) @@ -420,14 +420,14 @@ :body [ttp NewTTP {:description "an updated TTP"}] :summary "Updated a TTP" :path-params [id :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:create-ttp :admin} :login login (ok (update-ttp @ttp-store id login ttp))) (GET "/:id" [] :return (s/maybe StoredTTP) :summary "Gets a TTP by ID" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:read-ttp :admin} ;;:description "This is a little description" ;; :query-params [{offset :- Long 0} @@ -446,7 +446,7 @@ :no-doc true :path-params [id :- s/Str] :summary "Deletes a TTP" - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:delete-ttp :admin} (if (delete-ttp @ttp-store id) (no-content) @@ -470,7 +470,7 @@ observable_value :- s/Str] :return [StoredJudgement] :summary "Returns all the Judgements associated with the specified observable." - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:list-judgements-by-observable :admin} (ok (list-judgements @judgement-store {[:observable :type] observable_type @@ -488,7 +488,7 @@ observable_value :- s/Str] :return [StoredIndicator] :summary "Returns all the Indiators associated with the specified observable." - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:list-judgements-by-indicator :admin} (ok (list-indicators-by-observable @indicator-store @judgement-store @@ -505,7 +505,7 @@ {source :- s/Str nil}] :path-params [observable_type :- ObservableType observable_value :- s/Str] - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:list-sightings-by-indicator :admin} :return [Sighting] :summary "Returns all the Sightings associated with the specified observable." @@ -520,7 +520,7 @@ observable_value :- s/Str] :return (s/maybe Verdict) :summary "Returns the current Verdict associated with the specified observable." - :header-params [api_key :- s/Str] + :header-params [api_key :- (s/maybe s/Str)] :capabilities #{:get-verdict :admin} (ok (calculate-verdict @judgement-store {:type observable_type :value observable_value})))))