Skip to content

Commit

Permalink
add auth and resulting error responses
Browse files Browse the repository at this point in the history
This adds a global security scheme "bearerAuth" (which is optional) and
error responses to resources which can be affected. It provides a way
for users who are already authenticated (e.g. through OAuth or other
ways to become the "Bearer" of a token) to present their credentials. It
does not provide a solution for "Callers using cookie-based
authentication" as seen in the action API or mentioned in [0].

Generally, editing is possible as anonymous, but some resources (e.g.
[semi-protected] "pages"/entities) require elevated privileges and
attempts to manipulate their resources can lead to
authentication/authorization errors.

In contrast, to my knowledge, there is no existing way to read-protect
only some entities - consequently possible authentication/authorization
errors were only added to manipulations of resources.

See
https://swagger.io/docs/specification/authentication/bearer-authentication/

[0]: https://www.mediawiki.org/wiki/API:REST_API/Reference#Create_page
  • Loading branch information
wiese authored and addshore committed Sep 17, 2020
1 parent 6a7d506 commit c077573
Show file tree
Hide file tree
Showing 16 changed files with 76 additions and 1 deletion.
16 changes: 16 additions & 0 deletions specs/global/responses.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,22 @@
}
}
},
"UnauthenticatedError": {
"description": "An authentication error has occurred. This can happen due to missing authentication (i.e. no token presented) on resources which require it.",
"content": {
"application/json": {
"schema": { "$ref": "./schemas.json#/Error" }
}
}
},
"UnauthorizedError": {
"description": "An authorization error has occurred. This can happen if an authenticated user has insufficient privileges.",
"content": {
"application/json": {
"schema": { "$ref": "./schemas.json#/Error" }
}
}
},
"Entity": {
"description": "A single wikibase entity",
"headers": {
Expand Down
11 changes: 10 additions & 1 deletion specs/openapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@
},
"schemas": {
"$ref": "./global/schemas.json"
},
"securitySchemes": {
"bearerAuth": {
"type": "http",
"scheme": "bearer"
}
}
},
"tags": [
Expand Down Expand Up @@ -46,5 +52,8 @@
],
"paths": {
"$ref": "./paths/index.json"
}
},
"security": [
{ "bearerAuth": [] }
]
}
2 changes: 2 additions & 0 deletions specs/paths/entities/aliases/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/EntityAliasesList" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
6 changes: 6 additions & 0 deletions specs/paths/entities/aliases/singleLang.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/EntityDescription" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -45,6 +47,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/EntityAliases" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -60,6 +64,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/OK" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
4 changes: 4 additions & 0 deletions specs/paths/entities/descriptions/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
"200": { "$ref": "../../../global/responses.json#/EntityDescriptionList" },
"304": { "$ref": "../../../global/responses.json#/NotModified" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -29,6 +31,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/EntityDescriptionList" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
4 changes: 4 additions & 0 deletions specs/paths/entities/descriptions/singleLang.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/EntityDescription" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -43,6 +45,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/OK" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
2 changes: 2 additions & 0 deletions specs/paths/entities/items/sitelinks/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@
"responses": {
"200": { "$ref": "../../../../global/responses.json#/SitelinkList" },
"404": { "$ref": "../../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
4 changes: 4 additions & 0 deletions specs/paths/entities/items/sitelinks/single.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
"responses": {
"200": { "$ref": "../../../../global/responses.json#/Sitelink" },
"404": { "$ref": "../../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -40,6 +42,8 @@
"responses": {
"200": { "$ref": "../../../../global/responses.json#/OK" },
"404": { "$ref": "../../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
2 changes: 2 additions & 0 deletions specs/paths/entities/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/Entity" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
6 changes: 6 additions & 0 deletions specs/paths/entities/single.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/Entity" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -41,6 +43,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/Entity" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -55,6 +59,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/OK" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
2 changes: 2 additions & 0 deletions specs/paths/statements/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/Statement" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
2 changes: 2 additions & 0 deletions specs/paths/statements/qualifiers/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/QualifierHash" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
4 changes: 4 additions & 0 deletions specs/paths/statements/qualifiers/single.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/QualifierHash" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -44,6 +46,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/OK" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
2 changes: 2 additions & 0 deletions specs/paths/statements/references/list.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/ReferenceHash" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
4 changes: 4 additions & 0 deletions specs/paths/statements/references/single.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/ReferenceHash" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -44,6 +46,8 @@
"responses": {
"200": { "$ref": "../../../global/responses.json#/OK" },
"404": { "$ref": "../../../global/responses.json#/NotFound" },
"501": { "$ref": "../../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../../global/responses.json#/UnexpectedError" }
}
}
Expand Down
6 changes: 6 additions & 0 deletions specs/paths/statements/single.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/Statement" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -39,6 +41,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/Statement" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
},
Expand All @@ -53,6 +57,8 @@
"responses": {
"200": { "$ref": "../../global/responses.json#/OK" },
"404": { "$ref": "../../global/responses.json#/NotFound" },
"501": { "$ref": "../../global/responses.json#/UnauthenticatedError" },
"503": { "$ref": "../../global/responses.json#/UnauthorizedError" },
"default": { "$ref": "../../global/responses.json#/UnexpectedError" }
}
}
Expand Down

0 comments on commit c077573

Please sign in to comment.