Merge pull request #976 from joyent/ether/v3-b5-fixes

v3 b5 fixes
joyent · Jan 17, 2020 · 85e5d45 · 85e5d45
2 parents b99fbff + 182914d
commit 85e5d45
Show file tree

Hide file tree

Showing 64 changed files with 923 additions and 570 deletions.
diff --git a/conch.conf.dist b/conch.conf.dist
@@ -5,10 +5,12 @@
     # old ones.
     secrets => ["hunter2"],
 
-    jwt => {
-        # time in seconds for a JWT to be valid before requiring refresh or re-auth
+    authentication => {
+        # time in seconds for a login token and/or persistent session cookie to be valid before requiring refresh or re-auth
         system_admin_expiry => 2592000, # 30 days
         normal_expiry => 86400, # 1 day
+
+        # used for api tokens only
         custom_token_expiry => 86400*365*5, # 5 years
     },
 

diff --git a/cpanfile b/cpanfile
@@ -33,7 +33,7 @@ requires 'Net::DNS';    # not used directly, but Email::Valid sometimes demands
 requires 'experimental', '0.020';
 
 # mojolicious and networking
-requires 'Mojolicious', '8.15';
+requires 'Mojolicious', '8.31';
 requires 'Mojo::Pg';
 requires 'Mojo::JWT';
 requires 'Mojolicious::Plugin::Util::RandomString', '0.07'; # memory leak: https://rt.cpan.org/Ticket/Display.html?id=125981

diff --git a/cpanfile.snapshot b/cpanfile.snapshot
@@ -2679,8 +2679,8 @@ DISTRIBUTIONS
       Mojolicious 8.03
       SQL::Abstract 1.86
       perl 5.010001
-  Mojolicious-8.26
-    pathname: S/SR/SRI/Mojolicious-8.26.tar.gz
+  Mojolicious-8.31
+    pathname: S/SR/SRI/Mojolicious-8.31.tar.gz
     provides:
       Mojo undef
       Mojo::Asset undef
@@ -2749,7 +2749,7 @@ DISTRIBUTIONS
       Mojo::UserAgent::Transactor undef
       Mojo::Util undef
       Mojo::WebSocket undef
-      Mojolicious 8.26
+      Mojolicious 8.31
       Mojolicious::Command undef
       Mojolicious::Command::Author::cpanify undef
       Mojolicious::Command::Author::generate undef

diff --git a/docs/index.md b/docs/index.md
@@ -35,13 +35,13 @@ The majority of our endpoints consume and respond with JSON documents that
 conform to a set of JSON schema. These schema can be found in the [json-schema](json-schema)
 directory in the main repository, as well as on this documentation site.
 
-Successful (http 2xx code) response structures are as described for each endpoint.
+Successful (HTTP 2xx code) response structures are as described for each endpoint.
 
 Error responses will use:
 
-- failure to validate query parameters: http 400, [response.json#/definitions/QueryParamsValidationError](json-schema/response.json#/definitions/QueryParamsValidationError)
-- failure to validate request body payload: http 400, [response.json#/definitions/RequestValidationError](json-schema/response.json#/definitions/RequestValidationError)
-- all other errors, unless specified: http 4xx, [response.json#/definitions/Error](json-schema/response.json#/definitions/Error)
+- failure to validate query parameters: HTTP 400, [response.json#/definitions/QueryParamsValidationError](json-schema/response.json#/definitions/QueryParamsValidationError)
+- failure to validate request body payload: HTTP 400, [response.json#/definitions/RequestValidationError](json-schema/response.json#/definitions/RequestValidationError)
+- all other errors, unless specified: HTTP 4xx, [response.json#/definitions/Error](json-schema/response.json#/definitions/Error)
 
 Available routes are:
 

diff --git a/docs/json-schema/request.json b/docs/json-schema/request.json
@@ -657,6 +657,10 @@
         "password" : {
           "$ref" : "common.json#/definitions/non_empty_string"
         },
+        "set_session" : {
+          "default" : false,
+          "type" : "boolean"
+        },
         "user_id" : {
           "$ref" : "common.json#/definitions/uuid"
         }
@@ -1085,6 +1089,30 @@
       },
       "type" : "object"
     },
+    "UserIdOrEmail" : {
+      "additionalProperties" : true,
+      "oneOf" : [
+        {
+          "required" : [
+            "user_id"
+          ]
+        },
+        {
+          "required" : [
+            "email"
+          ]
+        }
+      ],
+      "properties" : {
+        "email" : {
+          "$ref" : "common.json#/definitions/email_address"
+        },
+        "user_id" : {
+          "$ref" : "common.json#/definitions/uuid"
+        }
+      },
+      "type" : "object"
+    },
     "UserPassword" : {
       "additionalProperties" : false,
       "properties" : {

diff --git a/docs/modules/Conch::Controller::Login.md b/docs/modules/Conch::Controller::Login.md
@@ -14,9 +14,8 @@ Create a response containing a login JWT, which the user should later present in
 Handle the details of authenticating the user, with one of the following options:
 
 ```
-* existing session for the user
 * signed JWT in the Authorization Bearer header
-* Old 'conch' session cookie
+* existing session for the user (using the 'conch' session cookie)
 ```
 
 Does not terminate the connection if authentication is successful, allowing for chaining to
@@ -29,11 +28,11 @@ Response uses the Login json schema, containing a JWT.
 
 ## logout
 
-Logs a user out by expiring their session
+Logs a user out by expiring their JWT and user session
 
 ## refresh\_token
 
-Refresh a user's JWT token. Deletes the old token and expires the session.
+Refresh a user's JWT token and persistent user session, deleting the old token.
 
 # LICENSING
 

diff --git a/docs/modules/Conch::DB::Result::ValidationResult.md b/docs/modules/Conch::DB::Result::ValidationResult.md
@@ -93,6 +93,19 @@ size: 16
 
 - ["id"](#id)
 
+# UNIQUE CONSTRAINTS
+
+## `validation_result_all_columns_key`
+
+- ["device\_id"](#device_id)
+- ["hardware\_product\_id"](#hardware_product_id)
+- ["validation\_id"](#validation_id)
+- ["message"](#message)
+- ["hint"](#hint)
+- ["status"](#status)
+- ["category"](#category)
+- ["component"](#component)
+
 # RELATIONS
 
 ## device

diff --git a/docs/modules/Conch::Plugin::DeprecatedAction.md b/docs/modules/Conch::Plugin::DeprecatedAction.md
@@ -12,7 +12,7 @@ Mojo plugin to detect and report the usage of deprecated controller actions.
 
 Sets the `X-Deprecated` header in the response.
 
-Also sends a message to rollbar when a deprecated action is invoked, if the
+Also sends a message to Rollbar when a deprecated action is invoked, if the
 `report_deprecated_actions` feature is enabled.
 
 # LICENSING

diff --git a/docs/modules/Conch::Route.md b/docs/modules/Conch::Route.md
@@ -12,93 +12,108 @@ Set up all the routes for the Conch Mojo application.
 
 Set up the full route structure
 
+# SHORTCUTS
+
+These are available on the root router. See ["Shortcuts" in Mojolicious::Guides::Routing](https://metacpan.org/pod/Mojolicious%3A%3AGuides%3A%3ARouting#shortcuts).
+
+## require\_system\_admin
+
+Chainable route that aborts with HTTP 403 if the user is not a system admin.
+
+## find\_user\_from\_payload
+
+Chainable route that looks up the user by `user_id` or `email` in the JSON payload,
+aborting with HTTP 410 or HTTP 404 if not found.
+
+# ROUTE ENDPOINTS
+
 Unless otherwise specified, all routes require authentication.
 
 Full access is granted to system admin users, regardless of workspace, build or other role
 entries.
 
-Successful (http 2xx code) response structures are as described for each endpoint.
+Successful (HTTP 2xx code) response structures are as described for each endpoint.
 
 Error responses will use:
 
-- failure to validate query parameters: http 400, [response.json#/definitions/QueryParamsValidationError](../json-schema/response.json#/definitions/QueryParamsValidationError)
-- failure to validate request body payload: http 400, [response.json#/RequestValidationError](../json-schema/response.json#/RequestValidationError)
-- all other errors, unless specified: http 4xx, [response.json#/Error](../json-schema/response.json#/Error)
+- failure to validate query parameters: HTTP 400, [response.json#/definitions/QueryParamsValidationError](../json-schema/response.json#/definitions/QueryParamsValidationError)
+- failure to validate request body payload: HTTP 400, [response.json#/RequestValidationError](../json-schema/response.json#/RequestValidationError)
+- all other errors, unless specified: HTTP 4xx, [response.json#/Error](../json-schema/response.json#/Error)
 
-### `GET /ping`
+## `GET /ping`
 
 - Does not require authentication.
 - Response: [response.json#/definitions/Ping](../json-schema/response.json#/definitions/Ping)
 
-### `GET /version`
+## `GET /version`
 
 - Does not require authentication.
 - Response: [response.json#/definitions/Version](../json-schema/response.json#/definitions/Version)
 
-### `POST /login`
+## `POST /login`
 
 - Request: [request.json#/definitions/Login](../json-schema/request.json#/definitions/Login)
 - Response: [response.json#/definitions/Login](../json-schema/response.json#/definitions/Login)
 
-### `POST /logout`
+## `POST /logout`
 
 - Does not require authentication.
 - Response: `204 NO CONTENT`
 
-### `GET /workspace/:workspace/device-totals`
+## `GET /workspace/:workspace/device-totals`
 
-### `GET /workspace/:workspace/device-totals.circ`
+## `GET /workspace/:workspace/device-totals.circ`
 
 - Does not require authentication.
 - Response: [response.json#/definitions/DeviceTotals](../json-schema/response.json#/definitions/DeviceTotals)
 - Response (Circonus): [response.json#/definitions/DeviceTotalsCirconus](../json-schema/response.json#/definitions/DeviceTotalsCirconus)
 
-### `POST /refresh_token`
+## `POST /refresh_token`
 
 - Request: [request.json#/definitions/Null](../json-schema/request.json#/definitions/Null)
 - Response: [response.json#/definitions/Login](../json-schema/response.json#/definitions/Login)
 
-### `* /dc`, `* /room`, `* /rack_role`, `* /rack`, `* /layout`
+## `* /dc`, `* /room`, `* /rack_role`, `* /rack`, `* /layout`
 
 See ["routes" in Conch::Route::Datacenter](../modules/Conch%3A%3ARoute%3A%3ADatacenter#routes)
 
-### `* /device`
+## `* /device`
 
 See ["routes" in Conch::Route::Device](../modules/Conch%3A%3ARoute%3A%3ADevice#routes)
 
-### `* /device_report`
+## `* /device_report`
 
 See ["routes" in Conch::Route::DeviceReport](../modules/Conch%3A%3ARoute%3A%3ADeviceReport#routes)
 
-### `* /hardware_product`
+## `* /hardware_product`
 
 See ["routes" in Conch::Route::HardwareProduct](../modules/Conch%3A%3ARoute%3A%3AHardwareProduct#routes)
 
-### `* /hardware_vendor`
+## `* /hardware_vendor`
 
 See ["routes" in Conch::Route::HardwareVendor](../modules/Conch%3A%3ARoute%3A%3AHardwareVendor#routes)
 
-### `* /organization`
+## `* /organization`
 
 See ["routes" in Conch::Route::Organization](../modules/Conch%3A%3ARoute%3A%3AOrganization#routes)
 
-### `* /relay`
+## `* /relay`
 
 See ["routes" in Conch::Route::Relay](../modules/Conch%3A%3ARoute%3A%3ARelay#routes)
 
-### `* /schema`
+## `* /schema`
 
 See ["routes" in Conch::Route::Schema](../modules/Conch%3A%3ARoute%3A%3ASchema#routes)
 
-### `* /user`
+## `* /user`
 
 See ["routes" in Conch::Route::User](../modules/Conch%3A%3ARoute%3A%3AUser#routes)
 
-### `* /validation`, `* /validation_plan`, `* /validation_state`
+## `* /validation`, `* /validation_plan`, `* /validation_state`
 
 See ["routes" in Conch::Route::Validation](../modules/Conch%3A%3ARoute%3A%3AValidation#routes)
 
-### `* /workspace`
+## `* /workspace`
 
 See ["routes" in Conch::Route::Workspace](../modules/Conch%3A%3ARoute%3A%3AWorkspace#routes)