From 3ecc11a039005b2d5ba36095af9d84fdd4bc329d Mon Sep 17 00:00:00 2001 From: Jonas Kellerer Date: Wed, 21 Feb 2024 14:23:52 +0100 Subject: [PATCH] feat: use multiple access keys --- .../auth/DataOpennessAuthorizationFilter.kt | 4 ++-- .../genspectrum/lapis/config/AccessKeys.kt | 2 +- .../auth/ProtectedDataAuthorizationTest.kt | 22 +++++++++++++++++++ .../lapis/config/AccessKeysReaderTest.kt | 20 +++++++++++++---- .../test/resources/config/testAccessKeys.yaml | 8 +++++-- 5 files changed, 47 insertions(+), 9 deletions(-) diff --git a/lapis2/src/main/kotlin/org/genspectrum/lapis/auth/DataOpennessAuthorizationFilter.kt b/lapis2/src/main/kotlin/org/genspectrum/lapis/auth/DataOpennessAuthorizationFilter.kt index f5f3ef436..8277fe520 100644 --- a/lapis2/src/main/kotlin/org/genspectrum/lapis/auth/DataOpennessAuthorizationFilter.kt +++ b/lapis2/src/main/kotlin/org/genspectrum/lapis/auth/DataOpennessAuthorizationFilter.kt @@ -131,11 +131,11 @@ private class ProtectedDataAuthorizationFilter( val accessKey = request.getStringField(ACCESS_KEY_PROPERTY) ?: return AuthorizationResult.failure("An access key is required to access $path.") - if (accessKeys.fullAccessKey == accessKey) { + if (accessKeys.fullAccessKeys.contains(accessKey)) { return AuthorizationResult.success() } - if (accessKeys.aggregatedDataAccessKey == accessKey && endpointServesAggregatedData(request)) { + if (accessKeys.aggregatedDataAccessKeys.contains(accessKey) && endpointServesAggregatedData(request)) { return AuthorizationResult.success() } diff --git a/lapis2/src/main/kotlin/org/genspectrum/lapis/config/AccessKeys.kt b/lapis2/src/main/kotlin/org/genspectrum/lapis/config/AccessKeys.kt index 25eed585b..5d6697896 100644 --- a/lapis2/src/main/kotlin/org/genspectrum/lapis/config/AccessKeys.kt +++ b/lapis2/src/main/kotlin/org/genspectrum/lapis/config/AccessKeys.kt @@ -20,4 +20,4 @@ class AccessKeysReader( } } -data class AccessKeys(val fullAccessKey: String, val aggregatedDataAccessKey: String) +data class AccessKeys(val fullAccessKeys: List, val aggregatedDataAccessKeys: List) diff --git a/lapis2/src/test/kotlin/org/genspectrum/lapis/auth/ProtectedDataAuthorizationTest.kt b/lapis2/src/test/kotlin/org/genspectrum/lapis/auth/ProtectedDataAuthorizationTest.kt index 1be593d3a..43770e156 100644 --- a/lapis2/src/test/kotlin/org/genspectrum/lapis/auth/ProtectedDataAuthorizationTest.kt +++ b/lapis2/src/test/kotlin/org/genspectrum/lapis/auth/ProtectedDataAuthorizationTest.kt @@ -112,6 +112,17 @@ class ProtectedDataAuthorizationTest( verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) } } + @Test + fun `given second valid access key for agg data in GET request to protected instance, then access is granted`() { + mockMvc.perform( + getSample("$validRoute?accessKey=testAggregatedDataAccessKey2&field1=value1"), + ) + .andExpect(status().isOk) + .andExpect(content().contentType(MediaType.APPLICATION_JSON)) + + verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) } + } + @Test fun `given valid access key for aggregated data in POST request to protected instance, then access is granted`() { mockMvc.perform( @@ -247,6 +258,17 @@ class ProtectedDataAuthorizationTest( verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) } } + @Test + fun `given second valid access key for full access in GET request to protected instance, then access is granted`() { + mockMvc.perform( + getSample("$validRoute?accessKey=testFullAccessKey2&field1=value1"), + ) + .andExpect(status().isOk) + .andExpect(content().contentType(MediaType.APPLICATION_JSON)) + + verify { siloQueryModelMock.getAggregated(sequenceFilterRequest()) } + } + @Test fun `given valid access key for full access in POST request to protected instance, then access is granted`() { mockMvc.perform( diff --git a/lapis2/src/test/kotlin/org/genspectrum/lapis/config/AccessKeysReaderTest.kt b/lapis2/src/test/kotlin/org/genspectrum/lapis/config/AccessKeysReaderTest.kt index a19edac6b..2c5765ec3 100644 --- a/lapis2/src/test/kotlin/org/genspectrum/lapis/config/AccessKeysReaderTest.kt +++ b/lapis2/src/test/kotlin/org/genspectrum/lapis/config/AccessKeysReaderTest.kt @@ -1,8 +1,7 @@ package org.genspectrum.lapis.config import org.hamcrest.MatcherAssert.assertThat -import org.hamcrest.Matchers.equalTo -import org.hamcrest.Matchers.`is` +import org.hamcrest.Matchers.contains import org.junit.jupiter.api.Test import org.junit.jupiter.api.assertThrows import org.springframework.beans.factory.annotation.Autowired @@ -18,8 +17,21 @@ class AccessKeysReaderTest { fun `given access keys file path as property then should successfully read access keys`() { val result = underTest.read() - assertThat(result.fullAccessKey, `is`(equalTo("testFullAccessKey"))) - assertThat(result.aggregatedDataAccessKey, `is`(equalTo("testAggregatedDataAccessKey"))) + assertThat( + result.fullAccessKeys, + contains( + "testFullAccessKey", + "testFullAccessKey2", + ), + ) + + assertThat( + result.aggregatedDataAccessKeys, + contains( + "testAggregatedDataAccessKey", + "testAggregatedDataAccessKey2", + ), + ) } } diff --git a/lapis2/src/test/resources/config/testAccessKeys.yaml b/lapis2/src/test/resources/config/testAccessKeys.yaml index 505988abb..68aea6603 100644 --- a/lapis2/src/test/resources/config/testAccessKeys.yaml +++ b/lapis2/src/test/resources/config/testAccessKeys.yaml @@ -1,2 +1,6 @@ -fullAccessKey: testFullAccessKey -aggregatedDataAccessKey: testAggregatedDataAccessKey +fullAccessKeys: + - testFullAccessKey + - testFullAccessKey2 +aggregatedDataAccessKeys: + - testAggregatedDataAccessKey + - testAggregatedDataAccessKey2