New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add @loopback/security #3551

Merged

jannyHou merged 3 commits into master from feat/security

Aug 20, 2019

Contributor

jannyHou commented Aug 15, 2019 •

edited

Loading

Implements #2900
cherry-picked from #2902

Create a shared layer for @loopback/authentication and @loopback/authorization, which defines the security information(context) and binding keys for Subject and its members.

For reviewers:

This PR is migrated from draft #2902.
It contains a comprehensive design of the security system (now@loopback/authentication and @loopback/authorization only share interface UserProfile)

So we have different plans for implementing the security module:

Plan 1:
- If we agree on the design, let's improve and land this PR, then release it
Plan 2:
- If it takes time to discuss and agree on the comprehensive design, I can only include interface Principle and UserProfile(which extends Principle) in this PR.
- Then incrementally add other pieces in other PRs
Plan 3:
- If we couldn't agree on interface Principle, let's at least extract the existing UserProfile interface here as the first release.

Checklist

👉 Read and sign the CLA (Contributor License Agreement) 👈

npm test passes on your machine
New tests added or existing tests modified to cover all changes
Code conforms with the style guide
API Documentation in code was updated
Documentation in /docs/site was updated
Affected artifact templates in packages/cli were updated
Affected example projects in examples/* were updated

👉 Check out how to submit a PR 👈

jannyHou requested review from bajtos and raymondfeng as code owners

August 15, 2019 19:15

jannyHou self-assigned this

jannyHou changed the title ~~Add @loopback/security~~ [WIP]Add @loopback/security

jannyHou changed the title ~~[WIP]Add @loopback/security~~ Add @loopback/security

Member

dhmlau commented Aug 16, 2019

@jannyHou, for the decreased in code coverage, is there something we can do about it? Thanks.

Contributor

raymondfeng commented Aug 16, 2019

See https://coveralls.io/builds/25161357/source?filename=packages%2Fsecurity%2Fsrc%2Ftypes.ts#L30

raymondfeng reviewed

View reviewed changes

packages/security/src/__tests__/unit/subject.unit.ts

+                  subject.addUser(user);
+                  expect(subject.user).to.eql(user);
+                });
+              });

Contributor

raymondfeng Aug 16, 2019

Let's add tests for addApplication and addCredential etc.

Contributor Author

jannyHou commented Aug 16, 2019

@dhmlau @raymondfeng Tests added :)

raymondfeng reviewed

View reviewed changes

packages/security/docs.json Outdated

+                  "src/**/*.ts"
+                ],
+                "codeSectionDepth": 4
+              }

Contributor

raymondfeng Aug 19, 2019

This file should be removed as we no longer use strong-docs.

raymondfeng reviewed

View reviewed changes

packages/security/package.json Outdated

+                  "build": "lb-tsc",
+                  "clean": "lb-clean loopback-authorization*.tgz dist package *.tsbuildinfo",
+                  "integration": "lb-mocha \"dist/__tests__/integration/**/*.js\"",
+                  "prepublishOnly": "npm run build && npm run build:apidocs",

Contributor

raymondfeng Aug 19, 2019

This line should be removed.

raymondfeng reviewed

View reviewed changes

packages/security/package.json Outdated

+                "scripts": {
+                  "acceptance": "lb-mocha \"dist/__tests__/acceptance/**/*.js\"",
+                  "build": "lb-tsc",
+                  "clean": "lb-clean loopback-authorization*.tgz dist package *.tsbuildinfo",

Contributor

raymondfeng Aug 19, 2019

It should be:

"clean": "lb-clean loopback-security*.tgz dist package *.tsbuildinfo",

raymondfeng reviewed

View reviewed changes

packages/security/package.json Outdated

+                  "@loopback/build": "^1.5.2",
+                  "@loopback/testlab": "^1.2.7",
+                  "@types/debug": "^4.1.4",
+                  "@types/node": "10.14.15",

Contributor

raymondfeng Aug 19, 2019

Should it be a range?

Contributor Author

jannyHou Aug 19, 2019

good catch 👍

raymondfeng reviewed

View reviewed changes

packages/security/package.json Outdated

+                ],
+                "repository": {
+                  "type": "git",
+                  "url": "https://github.com/strongloop/loopback-next.git"

Contributor

raymondfeng Aug 19, 2019

Add "directory": "packages/security"

raymondfeng reviewed

View reviewed changes

packages/security/package.json

+                  "type": "git",
+                  "url": "https://github.com/strongloop/loopback-next.git"
+                }
+              }

Contributor

raymondfeng Aug 19, 2019

Let's compare with an existing module such as @loopback/context to make sure the package.json is consistent.


          feat(security): add @loopback/security for common interfaces/types

1b7632a

jannyHou force-pushed the feat/security branch from 444d889 to e03fc39 Compare

August 20, 2019 14:05

raymondfeng approved these changes

View reviewed changes

jannyHou added 2 commits

August 20, 2019 14:07


          feat(security): add diagram

63c69ef


          test(security): add more tests

3aebb9a

jannyHou force-pushed the feat/security branch from e03fc39 to 3aebb9a Compare

August 20, 2019 18:11

jannyHou merged commit 770dd5a into master

jannyHou deleted the feat/security branch

August 20, 2019 20:13

raymondfeng mentioned this pull request

[WIP] feat(security): add @loopback/security for common interfaces/types #2902

Closed

7 tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet