From 6db3156323240ee2837b1dcc96ab47c6b595917c Mon Sep 17 00:00:00 2001 From: Jeffy Mathew Date: Fri, 8 Nov 2024 14:34:15 +0100 Subject: [PATCH] [TT-13422] Do not allow empty string in upstream auth configuration strings (#6699) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### **User description**
TT-13422
Summary Add validation rules on backend
Type Sub-task Sub-task
Status In Test
Points N/A
Labels QA_Fail
--- ## Description This PR updates OAS schema to not allow empty string in string data type configurations. It also removes unused `headerName` field from upstream OAuth client credentials. ## Related Issue https://tyktech.atlassian.net/browse/TT-13422 ## Motivation and Context ## How This Has Been Tested ## Screenshots (if appropriate) ## Types of changes - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why ___ ### **PR Type** enhancement, bug fix ___ ### **Description** - Removed the unused `HeaderName` field from the `ClientCredentials` struct in `upstream.go`. - Updated the OpenAPI Specification (OAS) schema to enforce non-empty strings by introducing a new definition `X-Tyk-NonEmptyString`. - Applied `X-Tyk-NonEmptyString` to relevant fields in the schema to prevent empty string configurations. ___ ### **Changes walkthrough** 📝
Relevant files
Enhancement
upstream.go
Remove unused HeaderName field from ClientCredentials struct
apidef/oas/upstream.go
  • Removed the unused HeaderName field from the ClientCredentials struct.

    		•  +0/-3     
    Bug fix
    x-tyk-api-gateway.json
    Enforce non-empty strings in OAS schema                                   
    apidef/oas/schema/x-tyk-api-gateway.json
  • Updated schema to use X-Tyk-NonEmptyString for string fields.
  • Added a new definition X-Tyk-NonEmptyString to enforce non-empty
    strings.
    		•  +15/-12 
    ___ > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull request to receive relevant information --- apidef/oas/schema/x-tyk-api-gateway.json | 27 +++++++++++++----------- apidef/oas/upstream.go | 3 --- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/apidef/oas/schema/x-tyk-api-gateway.json b/apidef/oas/schema/x-tyk-api-gateway.json index f99f7fb6a05..2efd81bc2ec 100644 --- a/apidef/oas/schema/x-tyk-api-gateway.json +++ b/apidef/oas/schema/x-tyk-api-gateway.json @@ -96,7 +96,7 @@ "type": "boolean" }, "name": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" } }, "required": [ @@ -2026,10 +2026,10 @@ "$ref": "#/definitions/X-Tyk-AuthSource" }, "username": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "password": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" } }, "required": [ @@ -2062,13 +2062,13 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "clientSecret": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "tokenUrl": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "scopes": { "type": [ @@ -2096,13 +2096,13 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "clientSecret": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "tokenUrl": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "scopes": { "type": [ @@ -2111,10 +2111,10 @@ ] }, "username": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "password": { - "type": "string" + "$ref": "#/definitions/X-Tyk-NonEmptyString" }, "header": { "$ref": "#/definitions/X-Tyk-AuthSource" @@ -2139,7 +2139,10 @@ "enabled", "allowedAuthorizeTypes" ] + }, + "X-Tyk-NonEmptyString": { + "type": "string", + "pattern": "\\S+" } - } } \ No newline at end of file diff --git a/apidef/oas/upstream.go b/apidef/oas/upstream.go index aa1264299a5..84e503a6061 100644 --- a/apidef/oas/upstream.go +++ b/apidef/oas/upstream.go @@ -694,9 +694,6 @@ type ClientCredentials struct { TokenURL string `bson:"tokenUrl" json:"tokenUrl"` // Scopes specifies optional requested permissions. Scopes []string `bson:"scopes,omitempty" json:"scopes,omitempty"` - // HeaderName is the custom header name to be used for OAuth client credential flow authentication. - // Defaults to `Authorization`. - HeaderName string `bson:"headerName" json:"headerName"` // ExtraMetadata holds the keys that we want to extract from the token and pass to the upstream. ExtraMetadata []string `bson:"extraMetadata" json:"extraMetadata,omitempty"` }