websocket cosmetic issue in dev portal #177
Labels
Milestone
Comments
|
Thanks for the heads up. Would an “API type” with “http(s)” and “wss(s)” choices be appropriate? Other types which would probably work? |
|
technically kong supports proxying a lot of different types now, it can do tls and tcp traffic, but from proto point of view, http(s) or wss(s) and you cannot intermix that, it will always start as http(s) and upgrade to ws(s) and stay there. I would say it either http or ws. |
santokhsingh
added a commit
to apim-haufe-io/wicked.api
that referenced
this issue
Mar 15, 2019
santokhsingh
added a commit
to apim-haufe-io/wicked.ui
that referenced
this issue
Mar 15, 2019
DonMartin76
pushed a commit
to apim-haufe-io/wicked.api
that referenced
this issue
Apr 1, 2019
* Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed issue Haufe-Lexware/wicked.haufe.io#179
DonMartin76
pushed a commit
to apim-haufe-io/wicked.ui
that referenced
this issue
Apr 1, 2019
* Feature to allow publishing of an api without having to require any authentication. * Don't show application related message for no-auth API * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed Haufe-Lexware/wicked.haufe.io#179
|
Fixed in 1.0.0-rc.4 |
maksimlikharev
pushed a commit
to clarivate/wicked.ui
that referenced
this issue
Apr 15, 2019
* Changes to use the client credentials flow with Kong to access to API anonymously * Work in progress: Adaptions to the Portal using OAuth2 to get access tokens, both anonymous and personalized. Started refactoring out the login process. * Launch configuration for VS code * Retrieve admin and approver status from wicked API * hide api endpoint for partner api (#27) * Feat/api tags filter (#19) * API category filtering * Fixing checkbox sidenav and grid column layout * Updating apis grid style and layout * Not all changes were pushed * Adding custom.css to layout.jade, changes are in global file, config * Updating media queries for responsive * Fixing condition were there are no categories in the eft column. * removing custom.css inclusion * New layout for API tags filtering * Fix package version * layout fix * version revert * Implement review comments * Make sure the layout looks good if no tags are used * Text Updates as per PPT (#25) * Bump to version 0.12.5 * Take out delete of subscription (will need to add this again later). * Redirect to correct host (from globals.json). * Updated dependencies * Set installing wicked-sdk straight * Refactor logging of wicked portal (use portal-env/winston) * Minor code cleanup in startup code * Wire the auth server endpoints on the API page UI * Updated dependencies * Updated dependencies * Updated dependencies * Add "put" function; refactor out all "var" * Use registration pool instead of user info end points; take out signup * Add link to verification on auth server * Remove forgot password and email validation from portal (now in portal-auth) * Debug message for "verify email link". * Make login buttons nicer using bootstrap-social * Take email and custom ID back in for the user list (they are also stored in the registrations now). * Also pass in callback URL to authorize call (needed in Auth Server by now) * Incorporate a link to managing application grants * Adaptions to breaking API changes ("items" instead of naked arrays) * Added implementation notes on how to proceed with the new /applications endpoint * More notes on how to use the extended backend API * UI enhancement: Better error message if an app ID is already taken. * Changelog (#37) * Added application description field * Initial Grid integration * Added server side pagination * Grid integration * Review comments * More review comments * Allow markdown in application description * Remove dead code * minor bug fix * JSGrid integration with user applications page * Grid integration to verifications page and user applications page * Minor bug fix: Use userId instead of registration ID (which is just for internal purposes). * Redirect after login works again (also in dev mode), some fixes to admin.js - Admin pages were no longer restricted to admin users - Now the redirect takes place if not logged in - And the 403 page is displayed if you are, but you don't have rights * Updated dependencies * Remove lots of unused auth related code (--> wicked.portal-auth) * Replace all 'var' with 'let' or 'const' * Swagger ui plugin upgrade * Support for "trusted" subscriptions, also for approving such subscriptions * Add support for setting the "confidental" flag for applications * Refactoring of pool properties to an array * Adaptions for refactoring of registrations in API * Only show authorization endpoints for the methods configured for an API * Refactoring of auth server loading, UI improvement(?) * Some improvements for Swagger UI; almost works, but not quite yet * Fix if you happen to have an app of the name swagger-ui * Updated dependencies * Updated dependencies * Bug fix: Swagger ui rendering for "View Swagger Definition" button * Updated dependencies * Updated dependencies * Make sure panel titles display a hand icon (button role) * Pull highlight.js completely from self * Portal assist Swagger Application Registration * In case authentication fails, propagate error message * Updated dependencies * Updated dependencies * Updated dependencies * Updated dependencies * Use the same class for the body as in portal-auth * Updated dependencies * Use the internal proxy port of Kong to retrieve tokens from the auth server - This fixes an issue with self signed certificates when getting tokens via Kong internally * Use the internal proxy URL as API URL instead of the externally visible one * Updated dependencies * Fix "undefined" in display of registration properties * Update to latest Swagger UI dist * Bug fix: Fix rendering of "All applications" page * Make it even easier to use the Swagger UI special application * Started help pages on OAuth2... * Clean up the API page regarding authentication and authorization * Remove commented code * Finished OAuth2 help pages * Updated dependencies * Updated swagger-ui to 3.18.2 (including fix of error messages) * Updated dependencies * MVP support for API bundling, also in the portal * Support for displaying multiple API URIs in the portal * Retry logic for the most API calls * Updated dependencies * Fix view Swagger UI without forUser parameter * Minor fixes to Swagger UI layout (better CSS, hosted jQuery) * Obey selected password strategy * Better checking of valid redirect URIs (according to spec and API) * Make the case nicer where the user does not have the right plans * Show description by default * Wire wicked API to /wicked instead of /api * Updated dependencies * Updated dependencies * Redirect from /signup to /login, Haufe-Lexware/wicked.haufe.io#136 * UI bits and help pages for Haufe-Lexware/wicked.haufe.io#138 * remove choice wording when not needed (#38) * Fix for the case that the API does not have any scopes * Fscksbgrbmbnmbgmnrg * Ability to pull subscriptions in paginated fashion * minor typo fix * Fix edge case "just one scope" * Fix XSS vulnerability via marked sanitize * Remove package-lock.json * Rename images (drop portal-, here: rename to "ui") * Better misconfiguration error message regarding schema and environment * Update to Bootstrap 3.4.0 * Better error message when trying to look at the internal portal user. * Adapted reverse build trigger * Tiny feature: Don't display auth method selection if only one is configured * Update of OAuth2 help texts, fixes Haufe-Lexware/wicked.haufe.io#157 * Portal UI part of Haufe-Lexware/wicked.haufe.io#159 - Support for more granular client types * Add a "reload configuration" button - Part of Haufe-Lexware/wicked.haufe.io#162, not quite finished yet * Ignore build_date file * Ignore git_* files * Bump to version 1.0.0-rc.1 * Remove versioning from portal-env.tgz * Enable local builds * Turn off build cache * Typo * More typo * Clarification on public/native clients * Bump to version 1.0.0-rc.2 * Implements wicked.ui part of Haufe-Lexware/wicked.haufe.io#172 - Filter auth methods (in UI) * Support for multiple redirect URIs Last part in the fix of Haufe-Lexware/wicked.haufe.io#178 * Fixes Haufe-Lexware/wicked.haufe.io#174 * Docs and help improvements * Bump to version 1.0.0-rc.3 * Bump to version 1.0.0-rc.4 * Simplify application init code somewhat * Linting + typo * Feat/no auth (#41) * Feature to allow publishing of an api without having to require any authentication. * Don't show application related message for no-auth API * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed Haufe-Lexware/wicked.haufe.io#179 * Audit Report or All subscriptions page for administrators and approvers (#40) * Integrate Audit Report * Initial Export to CSV feature * Added Status column (Prod team requested this) * Hyperlink user email address to user page * Minor fix * Implement review comments * Implement review comments * Update bootstrap * Update async and request * Short note on "none" auth APIs * Linting
maksimlikharev
pushed a commit
to clarivate/wicked.api
that referenced
this issue
Apr 15, 2019
* wip - preparation to run API via Kong * Some minor adaptions, added registration pools (still not finished) * Various changes to adapt for accessing via OAuth2. * Monster check in: Refactor entire data access code into a DAO for JSON in preparation for the Postgres/Cassandra DAO; all unit tests pass again. Other adaptions for the portal using OAuth2, but not finished quite yet. Still missing: Moving authorization to scopes, taking out loading the user all the time, except where needed. * Remove the outdated integration tests from this repository; they have been in a separate repo for a long time (wicked.portal-test). * Finished first (almost) complete implementation of the Postgres DAO. All integration tests in wicked.portal-test actually pass now! * Work in progress - minor fixes to user entities * Bump version to 0.12.3 * Bump to 1.0.0 for this branch * Ignore IntelliJ files for now * Minor fixes of the approval feature which went bust during the merge * Added missing implementation of delete webhook event * Refactored core.sql ingest to add meta information by node code instead of SQL * partner api flag (#11) * introducing partner API flag filtering * additional fix for partner api access check * WIP - registrations API * Bump to version 0.12.5 * Some rework on the webhooks - use Postgres notifications to speed up * Some rework on webhook notifications - missing bits * Updated dependencies * VS Code launch configuration based on the wicked-sample-config * Both JSON and Postgres environments * Minor fix in error message * Eliminate var --> const and let * Fix faulty sync-to-async pattern; the callback must go OUTSIDE of the try-catch. * Add a retry counter for connecting to Postgres * Lint * Also check for "Postgres starting up" error code, and retry subsequently * Updated logging/debugging component to using winston (from portal-env) * Draft implementation JSON DAO for Registrations * Registration endpoints - JSON and generic implementation * Refactor out 'var' from utils.js * Added pools utilities and endpoints * Validation logic for pool definitions * Add scope verification for registration end points * Draft implementation of the Grants entity (JSON DAO only until now) * Minor fixes in the grants code (from tests) * Suppress jshint warning for predicate * Sanity check DAO implementation - parameter naming match - Plus fixing some issues this showed... * Postgres DAO for registrations * Clean up comments * Grants DAO implementation for Postgres * Huge refactoring - enable OAuth2 scope checking over all end points * Endpoint for creating machine users (backend admin users) * Updated dependencies * Added mandatory verification link to verification entity * Sync defined auth methods for portal with the portal-api's apis.json * Inject the authorize and token end points to the authMethod config if not present * Also add email and customId to registration records * Allow http:// for redirects if NODE_ENV contains 'local' * Remove firstName and lastName from user --> registration * Add a link to the "grants" endpoint * Write offset/limit with API where necessary; update Swagger - Add a "count" return value where arrays are returned - Breaking API change - almost never are just arrays returned, but instead an object * Add option no_cache to counting registrations; fixes a regression in the tests * Filtering and ordering for the registrations endpoint - This will also be applied to the applications endpoint * Pagin/filtering/sorting endpoint for applications; some refactorings * Minor refactoring - move getDynamicDir() to JSON utils (it belongs there). * Refcatoring: Make DAO a class which can be instantiated multiple times if needed * Refactoring - also PG now has a DAO class for encapsulation * Some fixes for special queries (applications); filtering now working... - also for "id" and "ownerEmail"/"ownerUserId" * Migration of data to/from JSON and Postgres - Minor refactorings to make migration easier - Still hard coded source and target configuration for migration - Docs and surrounding scripting still missing * Changelog (#16) * Added additional "application description" field * Bug fix: Allow approvers to decline an approval request. Approver was getting "403" while declining an approval request * bug fix * Application description field changes * Re-apply application description change * Description field * Review comments * Re-apply changes after resolving merge conflicts * Updated dependencies * Postgres verification reconciliation implementation * Principal election mechanism - only one instance should fire events * Update dependencies * Migration: When migrating legacy data, create registrations for wicked pool - Minor refactorings regarding JSON metadata files - Improve migrate CLI, can now write a sample config, plus takes config JSON file * Swagger UI plugin upgrade * Refactoring - move loading of auth servers to the utils.js file * Add support for trusted subscriptions; addt'l approvals/:id endpoint * Initialize initial users with lower case email addresses * Update Swagger spec for upcoming changes * Change behaviour due to changed specs of pools * Refactoring of registrations/namespaces - Add entity "namespaces" - Allow multiple registrations per pool (one per namespace) * Minor fixes to namespaces DAO for postgres * Remove authServers from portal-api apis.json entry; not needed * Improvements for Swagger UI; Implicit Grant and Auth Code work now - For some reason, client_credentials flow does *not* * Recreate swagger.json from YAML files at startup * First adaptions to scopes for OAuth2 APIs * Updated dependencies * Handle Open API 3.0 specifications in swagger * Add a built in echo server for testing purposes * Refactored the swagger related helper methods to swagger-utils file to remove clutter from apis.js file * Minor fixes to Swagger found during SDK creation * Updated dependencies * Document passhtrough* properties of APIs * Migration: Add ID for approvals if not present. * Permission fix in docker case * Added debug message for already present file list * Updated dependencies * Remove group scope injection from the API, this is done in the Kong Adapter * Echo Server: Support listening to a different port than 3009 - Needed for integration testing locally * Canonicalize URLs for upstream URLs for APIs * Some minor bugfixes - Make sure ordering of webhook events remains the same - Use users.loadUser when performing roles checking * Retry connecting to PG in case of unexpected termination * Restructure PG init and make it more robust (hopefully) * Update to pg 7.4.3 (latest version) * Take out explicit owner of things; use the logged in user * Take out disturbing collate calls * Add error checking after creating initial schema. * Add support for creating users with pre-hashed passwords * Support checking meteor style password hashes as well * Updated dependencies * Map prefix "internal" correctly when migrating * Some additional information on the Echo API. * Nicer description of the Portal API. * Add support for patching user passwords with pre-hashed passwords * Allow "passwords" >24 chars if already hashed * Fix for rewriting meteor style passwords (sent answers twice). * Add basic prometheus metrics * Track open connect Ids * Tweaking of Postgres to prevent deadlocks with full connection pools * Change how authenticated user id is expected (using sub=<user id>). * Lower number of connections to Postgres (Azure cannot take it) * Enable custom database name for wicked database Fixes Haufe-Lexware/wicked.haufe.io#118 (API part) * Support for external API scopes * Error handling and Postgres metrics for Prometheus * Log errors if getting swagger from remote fails * Make OpenAPI Authorization injection more robust * Fixing some minor bugs with OpenAPI 3 support, make it more robust - Additionally support multiple request URIs * Support for templated CSS files * Use pluggable and configurable password validation mechanism * Support storing "must change password" * Added some debug messages * Be somewhat less restrictive regarding redirect URIs (allow custom scheme) * Allow requiring a user group to access echo and portal-api APIs * If Swagger didn't contain securityDefinitions, the swagger endpoint crashed * Fixes Haufe-Lexware/wicked.haufe.io#121 - Regression from feature "custom wicked database" * Enable the PgDao to be instanciated twice (for migrations). * Remove health API, move portal-api to /wicked and echo to /wicked-echo * Rule out invalid email addresses when creating a user * Updated dependencies * Missing feature: Drop database always dropped "wicked", not the specified one. * Updated dependencies * variable substitution for the migration (#17) * Preparations for Haufe-Lexware/wicked.haufe.io#138 - Support for allowedScopesMode and allowedScopes on subscriptions - Minor refactorings * Approval ability to read applications/subscriptions (#18) * variable substitution for the migration * allow approver to read applications * modifying subscriptions as well * Forgotten bug fix check in * Ability to paginated subscriptions for administrators and approvers * Tab to space * Remove old bash tests script * Test to see whether commits are linked to my account again * Remove package-lock.json * Don't return a 500 for certain things in JSON mode, return 501 instead. * Rename images (drop portal-). * More adaptions to image renaming. * Correct upstream project * Simple script for development purposes * Pass back the NODE_ENV in the globals. * Clean up some superfluous logging to console * Fixes Haufe-Lexware/wicked.haufe.io#146 (hopefully) * Fix flaky integration tests (mostly on Jenkins) - Don't send the result of the add subscription until also the approval has been persisted * Support a more granular client type (not only confidential/public) - API Implementation of Haufe-Lexware/wicked.haufe.io#159 * Enable /kill for admins; needed to reload the configuration * Debug messages; restart_api scope added * Persist current config hash in Metadata, Check every 15 seconds for updated hashes (from secondary apis instances) * If kongProxyUrl is set, use that instead of external URL * Ignore build_date file * Bump to version 1.0.0-rc.1 * Remove versioning from portal-env.tgz * Enable local builds; use su-exec instead of gosu on Alpine * Turn off docker build caching * Bump to version 1.0.0-rc.2 * Try out SonarQube * More sonar testing * Added sonar project properties file * Ignore SonarQube if not on branch "next" * Tpyo * Declarative Pipeline with docker agent * I love Jenkins * I crave fixing Jenkinsfile problems * This looks wrong, Jenkins. Why do your docs suck so much? * Let's persuade Jenkins to use root * Fix SonarQube "bugs" * Take out root:root; use the right user * Hello Jenkins, my old friend. I've come to fight with you again. * One more try to convince Jenkins to do the right thing. * Try out --group-add instead of -u * WTF * Don't run build script as root + fixing of temp files belonging to root * Temporarily run as root to fix permissions... * Final(?) version of build scripts * ESLint round 1 - let/const/var * ESLint pass 2: No single line for/if statements (force curly) * ESLint part 2b, forgot some files (curly if) * SonarQube BLOCKERS * SonarQube fixes of Blocker/Critical topics * Support in the API for multiple redirect_uris - Part of Haufe-Lexware/wicked.haufe.io#178 * Filter out empty redirectUris from array * Tyoe check redirectUri; fixes crash if passed in array * Fixes Haufe-Lexware/wicked.haufe.io#186 * Bump to version 1.0.0-rc.3 * Bump to version 1.0.0-rc.4 * Update morgan to 1.9.1 * Fixes Haufe-Lexware/wicked.haufe.io#190 - Does not take the .git repo into account when hashing the static config * Fixes Haufe-Lexware/wicked.haufe.io#191 * crlf fix * Fixed issue Haufe-Lexware/wicked.haufe.io#177 (#21) * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed issue Haufe-Lexware/wicked.haufe.io#179 * Haufe-Lexware/wicked.haufe.io#176 (#20) * Initial DB layer for Audit Report * Initial commit for Audit Report * Optional addition field for subscription API * Using inner join to filter out internal api subscriptions * Added status column * Return userid of the owners * Schema change * Fix conflict issue * Partial review comments implented * More review comments implementation * Only run the populate the api group in step number 3 * Swagger signatures for /subscriptions api * Minor fixes and linting * Update async and request * Minor nit pick on a special error messafe * Fixes Haufe-Lexware/wicked.haufe.io#190
DonMartin76
pushed a commit
to apim-haufe-io/wicked.ui
that referenced
this issue
Apr 29, 2019
* Feature to allow publishing of an api without having to require any authentication. * Don't show application related message for no-auth API * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed Haufe-Lexware/wicked.haufe.io#179 * Fix help file for password grant referesh_token curl sample
maksimlikharev
pushed a commit
to clarivate/wicked.ui
that referenced
this issue
May 10, 2019
* Fix help file for password grant referesh_token curl sample (#42) * Feature to allow publishing of an api without having to require any authentication. * Don't show application related message for no-auth API * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed Haufe-Lexware/wicked.haufe.io#179 * Fix help file for password grant referesh_token curl sample * Update jQuery to 3.4.1
maksimlikharev
pushed a commit
to clarivate/wicked.ui
that referenced
this issue
Jun 7, 2019
* Fix help file for password grant referesh_token curl sample (#42) * Feature to allow publishing of an api without having to require any authentication. * Don't show application related message for no-auth API * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed Haufe-Lexware/wicked.haufe.io#179 * Fix help file for password grant referesh_token curl sample * Update jQuery to 3.4.1 * Bump to version 1.0.0-rc.5 * Bump to version 1.0.0-rc.6 * Allow loading of Javascript in static content (#44)
maksimlikharev
pushed a commit
to clarivate/wicked.ui
that referenced
this issue
Jul 29, 2019
* Fix help file for password grant referesh_token curl sample (#42) * Feature to allow publishing of an api without having to require any authentication. * Don't show application related message for no-auth API * Fixed issue Haufe-Lexware/wicked.haufe.io#177 * Fixed Haufe-Lexware/wicked.haufe.io#179 * Fix help file for password grant referesh_token curl sample * Update jQuery to 3.4.1 * Bump to version 1.0.0-rc.5 * Bump to version 1.0.0-rc.6 * Allow loading of Javascript in static content (#44) * Fixes Haufe-Lexware/wicked.haufe.io#210 - Protected auth methods aren't displayed if they aren't given as a request parameter * Add short note to login if there are other auth methods * Bump to version 1.0.0-rc.7 * Bump to version 1.0.0-rc.8 * Slight misstatement in the help page * Added ajax calls on approve/decline action (#50) * Fix of Haufe-Lexware/wicked.haufe.io#215 - Don't check host in UI (it's checked in the backend)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
when I define WS API, API Settings in API URL: shows http:// or https://
it should really show WS:// or WSS://
there might be not cosmetic issues with swagger, best approach is to disable it or maybe play with pluggable transports.
but defining and using WS API works.
The text was updated successfully, but these errors were encountered: