Commit Graph

66 Commits

Author SHA1 Message Date
Marion Schleifer
1ff660d7d6
docs: clarify unauthenticated access configuration (close #2528) (#5217) 2020-06-29 18:20:06 +05:30
Marion Schleifer
527530704d
docs/console: clarify usage of "query" vs "request" , change allowed queries to allow list (close #4053) (#5182) 2020-06-24 23:00:08 +05:30
Marion Schleifer
268aa46df2
docs: add minor docs improvements (#5106) 2020-06-18 15:36:34 +05:30
Brandon Simmons
5e37350561 Refactor and unit test authentication code paths (closes #4736)
The bulk of changes here is some shifting of code around and a little
parameterizing of functions for easier testing.

Also: comments, some renaming for clarity/less-chance-for-misue.
2020-06-08 13:10:58 -04:00
Mads Nedergaard
e914fcf5e8
Fixes dead link in docs - close #4914 (#4915)
After #4885, the link to `/firebase/webhook` example is no longer working - this PR updates the link.
2020-05-28 18:27:47 +05:30
Marion Schleifer
3727184593
docs: add note to permissions page regarding Hasura vs PG roles (#4834) 2020-05-21 15:14:59 +05:30
Rikin Kachhia
dcab20a5ee
docs: update image paths (#4649) 2020-05-05 09:22:08 +05:30
Rikin Kachhia
35a50bb28b
docs: update actions documentation (#4586) 2020-04-29 13:16:02 +05:30
Rakesh Emmadi
d52bfcda4e
backend only insert permissions (rfc #4120) (#4224)
* move user info related code to Hasura.User module

* the RFC #4120 implementation; insert permissions with admin secret

* revert back to old RoleName based schema maps

An attempt made to avoid duplication of schema contexts in types
if any role doesn't possess any admin secret specific schema

* fix compile errors in haskell test

* keep 'user_vars' for session variables in http-logs

* no-op refacto

* tests for admin only inserts

* update docs for admin only inserts

* updated CHANGELOG.md

* default behaviour when admin secret is not set

* fix x-hasura-role to X-Hasura-Role in pytests

* introduce effective timeout in actions async tests

* update docs for admin-secret not configured case

* Update docs/graphql/manual/api-reference/schema-metadata-api/permission.rst

Co-Authored-By: Marion Schleifer <marion@hasura.io>

* Apply suggestions from code review

Co-Authored-By: Marion Schleifer <marion@hasura.io>

* a complete iteration

backend insert permissions accessable via 'x-hasura-backend-privilege'
session variable

* console changes for backend-only permissions

* provide tooltip id; update labels and tooltips;

* requested changes

* requested changes

- remove className from Toggle component
- use appropriate function name (capitalizeFirstChar -> capitalize)

* use toggle props from definitelyTyped

* fix accidental commit

* Revert "introduce effective timeout in actions async tests"

This reverts commit b7a59c19d6.

* generate complete schema for both 'default' and 'backend' sessions

* Apply suggestions from code review

Co-Authored-By: Marion Schleifer <marion@hasura.io>

* remove unnecessary import, export Toggle as is

* update session variable in tooltip

* 'x-hasura-use-backend-only-permissions' variable to switch

* update help texts

* update docs

* update docs

* update console help text

* regenerate package-lock

* serve no backend schema when backend_only: false and header set to true

- Few type name refactor as suggested by @0x777

* update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* fix a merge bug where a certain entity didn't get removed

Co-authored-by: Marion Schleifer <marion@hasura.io>
Co-authored-by: Rishichandra Wawhal <rishi@hasura.io>
Co-authored-by: rikinsk <rikin.kachhia@gmail.com>
Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 14:40:53 +05:30
Karthikeyan Chinnakonda
a26bc80496
accept a new argument claims_namespace_path in JWT config (#4365)
* add new optional field `claims_namespace_path` in JWT config

* return value when empty array is found in executeJSONPath

* update the docs related to claims_namespace_path

* improve encodeJSONPath, add property tests for parseJSONPath

* throw error if both claims_namespace_path and claims_namespace are set

* refactor the Data.Parser.JsonPath to Data.Parser.JSONPathSpec

* update the JWT docs

Co-Authored-By: Marion Schleifer <marion@hasura.io>

Co-authored-by: Marion Schleifer <marion@hasura.io>
Co-authored-by: rakeshkky <12475069+rakeshkky@users.noreply.github.com>
Co-authored-by: Tirumarai Selvan <tirumarai.selvan@gmail.com>
2020-04-16 12:15:21 +05:30
Tirumarai Selvan
76fbe90b60
type is not required for jwk_url in JWT config (#4334)
* type is not required for jwk_url

* remove type from JWTConfig

* Omit type field in JWTConfig serialization if jwk_url is provided

* remove type from jwk_url test suite

* add changelog

* fix docs with new format

Co-authored-by: Alexis King <lexi.lambda@gmail.com>
2020-04-10 19:25:59 +05:30
Antoine Leblanc
5b54f9d766
server: add support for webhook connection expiration (#4196)
* add expiry time to webhook user info

This also adds an optional message to webhook errors: if we fail to
parse an expiry time, we will log a warning with the parse error.

* refactored Auth

This change had one main goal: put in common all expiry time
extraction code between the JWT and WebHook parts of the
code. Furthermore, this change also moves all WebHook specific code to
its own module, similarly to what is done for JWT.

* Remove dependency on string-conversions in favor of text-conversions

string-conversions silently uses UTF8 instead of being explicit about
it, and it uses lenientDecode when decoding ByteStrings when it’s
usually better to reject invalid UTF8 input outright. text-conversions
solves both those problems.

Co-authored-by: Alexis King <lexi.lambda@gmail.com>
2020-04-02 19:00:13 -05:00
Marion Schleifer
e031e99d73
docs: replace doc with ref (close #4054) (#4068) 2020-03-12 01:12:36 +05:30
Praveen Durairaju
5387ba0c44
revert auth heading changes in docs (#3992) 2020-03-02 16:54:19 +05:30
Praveen Durairaju
865b150c82
noop: replace subdomain links with subpath (#3869)
Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com>
2020-02-27 15:43:07 +05:30
Anon Ray
c6e34baad8
fix parsing JWK expiry time from headers on startup (fix #3655) (#3779) 2020-02-05 12:37:30 +05:30
Rikin Kachhia
5702881d5c
docs: misc updates (#3700)
* added example for select_by_pk query
* improved notes on _or and _and behaviour
* improve distinct and order_by usage note
2020-01-20 17:17:49 +05:30
Marion Schleifer
265cf7f12e docs: add meta descriptions to pages (#3631) 2020-01-14 18:27:45 +05:30
Marion Schleifer
28914022fc docs: add alt tags for all images (#3634) 2020-01-08 18:50:18 +05:30
Rikin Kachhia
3a7a3bf6bf
refactor docs schema section (#3489) 2019-12-26 17:35:37 +05:30
Tirumarai Selvan
eeb0c7acdd add note about abac to auth docs (#3537) 2019-12-17 14:01:33 +05:30
Marion Schleifer
f265ab1060 add docs example for the _exists operator (#3402) 2019-12-10 19:01:20 +05:30
Rikin Kachhia
fcf03919de
add docs page for setting up unauthenticated acess (#3231) 2019-10-28 11:46:25 +05:30
Shivam175
aa6947a608 fix grammar in docs (#3065) 2019-10-26 09:43:38 +05:30
Marion Schleifer
480b34ea5e fix typos in documentation (#2562) 2019-09-11 12:47:14 +05:30
Rikin Kachhia
d511e2006f
fix auth permission example table syntax (#2756) 2019-08-21 14:04:31 +05:30
Marion Schleifer
2c108daef8 update docs footer + sample apps content (#2734) 2019-08-20 18:09:57 +05:30
Rikin Kachhia
e3f68dbb67
add support for column comparision operators in permissions builder (close #2040) (#2606) 2019-07-29 14:58:27 +05:30
Anon Ray
a3e7a20a44 add notices in jwt docs regarding audience check (#2557)
- also update firebase sample-app README with correct JWT conf
2019-07-16 11:13:00 +00:00
Anon Ray
f2f14e727b Merge pull request from GHSA-2j98-fw5g-j43v
* fix bug in audience check while verifying JWT

  - previously the check was converting the audience type into a string
  and then comparing with the conf value. all audience types (as it is a
  string or URI) will convert to plain strings
  - use the Audience type from the jose library for comparing

* add docs for audience

* add issuer check as well

* docs minor syntax fix

* skip audience check if not given in conf

* minor docs update

* qualify import jose library
2019-07-11 09:58:39 +00:00
Vamshi Surabhi
f1cf6d0b17
allow session variables in operators which expect array input (#2475) 2019-07-10 15:49:58 +05:30
Anon Ray
d2867cea0c add docs for JWT audience and issuer (#2496) 2019-07-09 15:09:32 +00:00
Rikin Kachhia
9675e036ea
update jwt spec info (#2457) 2019-07-05 14:13:02 +05:30
dsandip
6a5f17c3a0 update auth docs (#1796) 2019-05-17 17:33:35 +05:30
Anon Ray
81bdfafd69 ignore content-type header in auth webhook (#2197) 2019-05-16 14:41:15 +05:30
Anon Ray
a21f6cd648 introduce v1/graphql (fix #1368) (#2064)
Changes compared to `/v1alpha1/graphql`

* Changed all graphql responses in **/v1/graphql** endpoint to be 200. All graphql clients expect responses to be HTTP 200. Non-200 responses are considered transport layer errors. 

* Errors in http and websocket layer are now consistent and have similar structure.
2019-05-10 11:35:10 +05:30
Gordon Johnston
a7eabe034c mention required key length for HMAC encryption to user (#1956)
Following on from a discussion in discord, a small tweak to make the required key length for a HMAC key more obvious
2019-04-06 08:20:16 +05:30
samuela
0f57e4cb4d update jwt docs (#1850) 2019-03-27 14:02:47 +05:30
Rikin Kachhia
6c2f64b68a
update docs (#1748)
* increase roles TOC depth
* update enum docs page
* open external links in docs in new tabs
* update nested object sort docs
2019-03-13 15:34:40 +05:30
Rikin Kachhia
c753426934
add image zoom in docs (close #1483) (#1752) 2019-03-13 15:33:45 +05:30
Rikin Kachhia
c35753932f
update docs (#1696) 2019-03-06 14:28:04 +05:30
Rikin Kachhia
75674859b3
update console permissions (close #1503, #1529, #1567, #1470) (#1605)
* show roles from all tables/views in the schema
* show operators and set values based on field type in permission builder
* add support for jsonb and postgis operators in permission builder
* add note for permissions for relationships
* enable only one Save permissions button if apply to other roles is selected
2019-02-17 16:06:29 +05:30
nizar-m
f83a8e591f rename access-key to admin-secret (close #1347) (#1540)
Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret.

Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 15:07:47 +05:30
Rikin Kachhia
e8e0168da7 docs update (#1535) 2019-02-06 12:09:36 +05:30
Anon Ray
4f6462e98f add config for stringified hasura claims in JWT (fix #1176) (#1538) 2019-02-05 17:34:16 +05:30
samuela
37da1c14a6 Update jwt.rst (#1405) 2019-01-21 17:38:32 +05:30
Tirumarai Selvan
aa36fc68d7 update docs community urls (#1402) 2019-01-17 19:02:56 +05:30
Rikin Kachhia
66b67cfe22
misc docs update (#1374) 2019-01-15 16:19:58 +05:30
Rishichandra Wawhal
a9e2326ea8 remove auth0 webhook ref from docs and community (#1341) 2019-01-08 16:36:16 +05:30
Rishichandra Wawhal
97c4cf0e2a update auth docs (#1305)
* fix broken auth example links

* add jwt examples

* misc auth docs changes
2019-01-04 19:31:18 +05:30