Skip to content

Commit

Permalink
feat: use multiple access keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@JonasKellerer @fengelniederhammer
JonasKellerer authored and fengelniederhammer committed Feb 21, 2024
1 parent 837e474 commit 3ecc11a
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 9 deletions.
4 changes: 2 additions & 2 deletions lapis2/src/main/kotlin/org/genspectrum/lapis/auth/DataOpennessAuthorizationFilter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,11 +131,11 @@ private class ProtectedDataAuthorizationFilter(
val accessKey = request.getStringField(ACCESS_KEY_PROPERTY)
?: return AuthorizationResult.failure("An access key is required to access $path.")

if (accessKeys.fullAccessKey == accessKey) {
if (accessKeys.fullAccessKeys.contains(accessKey)) {
return AuthorizationResult.success()
}

if (accessKeys.aggregatedDataAccessKey == accessKey && endpointServesAggregatedData(request)) {
if (accessKeys.aggregatedDataAccessKeys.contains(accessKey) && endpointServesAggregatedData(request)) {
return AuthorizationResult.success()
}

Expand Down
2 changes: 1 addition & 1 deletion lapis2/src/main/kotlin/org/genspectrum/lapis/config/AccessKeys.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ class AccessKeysReader(
}
}

data class AccessKeys(val fullAccessKey: String, val aggregatedDataAccessKey: String)
data class AccessKeys(val fullAccessKeys: List<String>, val aggregatedDataAccessKeys: List<String>)
22 changes: 22 additions & 0 deletions lapis2/src/test/kotlin/org/genspectrum/lapis/auth/ProtectedDataAuthorizationTest.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,17 @@ class ProtectedDataAuthorizationTest(
verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) }
}

@Test
fun `given second valid access key for agg data in GET request to protected instance, then access is granted`() {
mockMvc.perform(
getSample("$validRoute?accessKey=testAggregatedDataAccessKey2&field1=value1"),
)
.andExpect(status().isOk)
.andExpect(content().contentType(MediaType.APPLICATION_JSON))

verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) }
}

@Test
fun `given valid access key for aggregated data in POST request to protected instance, then access is granted`() {
mockMvc.perform(
Expand Down Expand Up @@ -247,6 +258,17 @@ class ProtectedDataAuthorizationTest(
verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) }
}

@Test
fun `given second valid access key for full access in GET request to protected instance, then access is granted`() {
mockMvc.perform(
getSample("$validRoute?accessKey=testFullAccessKey2&field1=value1"),
)
.andExpect(status().isOk)
.andExpect(content().contentType(MediaType.APPLICATION_JSON))

verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) }
}

@Test
fun `given valid access key for full access in POST request to protected instance, then access is granted`() {
mockMvc.perform(
Expand Down
20 changes: 16 additions & 4 deletions lapis2/src/test/kotlin/org/genspectrum/lapis/config/AccessKeysReaderTest.kt
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
package org.genspectrum.lapis.config

import org.hamcrest.MatcherAssert.assertThat
import org.hamcrest.Matchers.equalTo
import org.hamcrest.Matchers.`is`
import org.hamcrest.Matchers.contains
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.assertThrows
import org.springframework.beans.factory.annotation.Autowired
Expand All @@ -18,8 +17,21 @@ class AccessKeysReaderTest {
fun `given access keys file path as property then should successfully read access keys`() {
val result = underTest.read()

assertThat(result.fullAccessKey, `is`(equalTo("testFullAccessKey")))
assertThat(result.aggregatedDataAccessKey, `is`(equalTo("testAggregatedDataAccessKey")))
assertThat(
result.fullAccessKeys,
contains(
"testFullAccessKey",
"testFullAccessKey2",
),
)

assertThat(
result.aggregatedDataAccessKeys,
contains(
"testAggregatedDataAccessKey",
"testAggregatedDataAccessKey2",
),
)
}
}

Expand Down
8 changes: 6 additions & 2 deletions lapis2/src/test/resources/config/testAccessKeys.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,6 @@
fullAccessKey: testFullAccessKey
aggregatedDataAccessKey: testAggregatedDataAccessKey
fullAccessKeys:
- testFullAccessKey
- testFullAccessKey2
aggregatedDataAccessKeys:
- testAggregatedDataAccessKey
- testAggregatedDataAccessKey2

0 comments on commit 3ecc11a

Please sign in to comment.