Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix security schemes in OpenAPI definitions #1772

Merged
merged 9 commits into from
Apr 9, 2024
Merged

Fix security schemes in OpenAPI definitions #1772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ae4e837
Add more variants of the security schemes for the client-server API
zecakeh Mar 29, 2024
6e9ecd1
Fix import of securitySchemes in client-server API
zecakeh Mar 29, 2024
e5b67f8
Fix definition of application-service API security scheme
zecakeh Mar 29, 2024
2fab7f7
Fix import of securitySchemes in application-service API
zecakeh Mar 29, 2024
173240d
Add `Authorization: Bearer` variant of security schemes for identity API
zecakeh Mar 29, 2024
7da22f0
Fix import of securitySchemes in identity API
zecakeh Mar 29, 2024
d9767cf
Fix definition of server-server API security scheme
zecakeh Mar 29, 2024
b55d359
Fix import of securitySchemes in server-server API
zecakeh Mar 29, 2024
fb1e174
Add changelogs
zecakeh Mar 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelogs/application_service/newsfragments/1772.clarification
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix the OpenAPI definition of the security schemes.
1 change: 1 addition & 0 deletions changelogs/client_server/newsfragments/1772.clarification
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix the OpenAPI definition of the security schemes.
1 change: 1 addition & 0 deletions changelogs/identity_service/newsfragments/1772.clarification
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix the OpenAPI definition of the security schemes.
1 change: 1 addition & 0 deletions changelogs/server_server/newsfragments/1772.clarification
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix the OpenAPI definition of the security schemes.
5 changes: 2 additions & 3 deletions data/api/application-service/definitions/security.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
homeserverAccessToken:
type: apiKey
name: Authorization
in: header
type: http
scheme: bearer
description: The `Bearer` `hs_token` provided by the application service's registration.
3 changes: 2 additions & 1 deletion data/api/application-service/ping.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,5 @@ servers:
default: /_matrix/app/v1
components:
securitySchemes:
$ref: definitions/security.yaml
homeserverAccessToken:
$ref: definitions/security.yaml#/homeserverAccessToken
3 changes: 2 additions & 1 deletion data/api/application-service/protocols.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,4 +339,5 @@ servers:
default: /_matrix/app/v1
components:
securitySchemes:
$ref: definitions/security.yaml
homeserverAccessToken:
$ref: definitions/security.yaml#/homeserverAccessToken
3 changes: 2 additions & 1 deletion data/api/application-service/query_room.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,4 +103,5 @@ servers:
default: /_matrix/app/v1
components:
securitySchemes:
$ref: definitions/security.yaml
homeserverAccessToken:
$ref: definitions/security.yaml#/homeserverAccessToken
3 changes: 2 additions & 1 deletion data/api/application-service/query_user.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,4 +100,5 @@ servers:
default: /_matrix/app/v1
components:
securitySchemes:
$ref: definitions/security.yaml
homeserverAccessToken:
$ref: definitions/security.yaml#/homeserverAccessToken
3 changes: 2 additions & 1 deletion data/api/application-service/transactions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,4 +88,5 @@ servers:
default: /_matrix/app/v1
components:
securitySchemes:
$ref: definitions/security.yaml
homeserverAccessToken:
$ref: definitions/security.yaml#/homeserverAccessToken
17 changes: 12 additions & 5 deletions data/api/client-server/account-data.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ paths:
[/sync](#get_matrixclientv3sync).
operationId: setAccountData
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: userId
Expand Down Expand Up @@ -117,7 +118,8 @@ paths:
that set the account data.
operationId: getAccountData
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: userId
Expand Down Expand Up @@ -186,7 +188,8 @@ paths:
clients in the per-room entries via [/sync](#get_matrixclientv3sync).
operationId: setAccountDataPerRoom
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: userId
Expand Down Expand Up @@ -285,7 +288,8 @@ paths:
visible to the user that set the account data.
operationId: getAccountDataPerRoom
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: userId
Expand Down Expand Up @@ -379,4 +383,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
8 changes: 6 additions & 2 deletions data/api/client-server/admin.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ paths:
specified in this document.
operationId: getWhoIs
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: userId
Expand Down Expand Up @@ -120,4 +121,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
23 changes: 16 additions & 7 deletions data/api/client-server/administrative_contact.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ paths:
identifiers that it will accept to reset the user's account password.
operationId: getAccount3PIDs
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
responses:
"200":
description: The lookup was successful.
Expand Down Expand Up @@ -101,7 +102,8 @@ paths:
operationId: post3PIDs
deprecated: true
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -201,7 +203,8 @@ paths:
already been added to another user's account on the homeserver.
operationId: add3PID
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -263,7 +266,8 @@ paths:
Homeservers should track successful binds so they can be unbound later.
operationId: bind3PID
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -324,7 +328,8 @@ paths:
identity server instead.
operationId: delete3pidFromAccount
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -393,7 +398,8 @@ paths:
identity server instead.
operationId: unbind3pidFromAccount
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -584,4 +590,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
11 changes: 6 additions & 5 deletions data/api/client-server/appservice_ping.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ paths:
example: mautrix-go_1683636478256400935_123
required: true
security:
# again, this is the appservice's token - not a typical client's
- accessToken: []
- appserviceAccessTokenQuery: []
- appserviceAccessTokenBearer: []
responses:
"200":
description: The ping was successful.
Expand Down Expand Up @@ -177,6 +177,7 @@ servers:
default: /_matrix/client/v1
components:
securitySchemes:
# Note: this is the same access_token definition used elsewhere in the client
# server API, however this expects an access token for an application service.
$ref: definitions/security.yaml
appserviceAccessTokenQuery:
$ref: definitions/security.yaml#/appserviceAccessTokenQuery
appserviceAccessTokenBearer:
$ref: definitions/security.yaml#/appserviceAccessTokenBearer
11 changes: 6 additions & 5 deletions data/api/client-server/appservice_room_directory.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ paths:
- visibility
required: true
security:
# again, this is the appservice's token - not a typical client's
- accessToken: []
- appserviceAccessTokenQuery: []
- appserviceAccessTokenBearer: []
responses:
"200":
description: The room's directory visibility has been updated.
Expand All @@ -95,6 +95,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
# Note: this is the same access_token definition used elsewhere in the client
# server API, however this expects an access token for an application service.
$ref: definitions/security.yaml
appserviceAccessTokenQuery:
$ref: definitions/security.yaml#/appserviceAccessTokenQuery
appserviceAccessTokenBearer:
$ref: definitions/security.yaml#/appserviceAccessTokenBearer
11 changes: 8 additions & 3 deletions data/api/client-server/banning.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ paths:
The caller must have the required power level in order to perform this operation.
operationId: ban
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: roomId
Expand Down Expand Up @@ -96,7 +97,8 @@ paths:
The caller must have the required power level in order to perform this operation.
operationId: unban
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: path
name: roomId
Expand Down Expand Up @@ -169,4 +171,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
8 changes: 6 additions & 2 deletions data/api/client-server/capabilities.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ paths:
and other relevant capabilities.
operationId: getCapabilities
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
responses:
"200":
description: The capabilities of the server.
Expand Down Expand Up @@ -120,4 +121,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
17 changes: 12 additions & 5 deletions data/api/client-server/content-repo.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ paths:
summary: Upload some content to the content repository.
operationId: uploadContent
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: header
name: Content-Type
Expand Down Expand Up @@ -234,7 +235,8 @@ paths:
operationId: createContent
x-addedInMatrixVersion: "1.7"
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
# empty json object
responses:
"200":
Expand Down Expand Up @@ -741,7 +743,8 @@ paths:
being shared should also not be shared with the homeserver.
operationId: getUrlPreview
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
parameters:
- in: query
name: url
Expand Down Expand Up @@ -816,7 +819,8 @@ paths:
than is advertised by the server on this endpoint.
operationId: getConfig
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
responses:
"200":
description: The public content repository configuration for the matrix server.
Expand Down Expand Up @@ -859,4 +863,7 @@ servers:
default: /_matrix
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
8 changes: 6 additions & 2 deletions data/api/client-server/create_room.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ paths:
`creation_content`.
operationId: createRoom
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -290,4 +291,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
11 changes: 8 additions & 3 deletions data/api/client-server/cross_signing.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ paths:
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
operationId: uploadCrossSigningKeys
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -155,7 +156,8 @@ paths:
property, which contains the new signature(s) to add.
operationId: uploadCrossSigningSignatures
security:
- accessToken: []
- accessTokenQuery: []
- accessTokenBearer: []
requestBody:
content:
application/json:
Expand Down Expand Up @@ -262,4 +264,7 @@ servers:
default: /_matrix/client/v3
components:
securitySchemes:
$ref: definitions/security.yaml
accessTokenQuery:
$ref: definitions/security.yaml#/accessTokenQuery
accessTokenBearer:
$ref: definitions/security.yaml#/accessTokenBearer
Loading
Loading