Adds in per user api keys to the backend of lemur.
the basics are:
- API Keys are really just JWTs with custom second length TTLs.
- API Keys are provided in the exact same ways JWTs are now.
- API Keys can be revoked/unrevoked at any time by their creator
as well as have their TTL Change at anytime.
- Users can create/view/list their own API Keys at will, and
an admin role has permission to modify all api keys in the
instance.
Adds in support for lemur api keys to the frontend of lemur.
doing this required a few changes to the backend as well, but it is
now all working (maybe not the best way though, review will determine
that).
- fixes inconsistency in moduleauthor name I inputted during the
first commit.
- Allows the revoke schema to optionally allow a full api_key object.
- Adds `/users/:user_id/api_keys/:api_key` and `/users/:user_id/api_keys`
endpoints.
- normalizes use of `userId` vs `userId`
- makes `put` call respond with a JWT so the frontend can show
the token on updating.
- adds in the API Key views for clicking "API Keys" on the main nav.
- adds in the API Key views for clicking into a users edit page.
- adds tests for the API Key backend views I added.
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.
The filter() function allowed guessing the content of password hashes
one character at a time.
The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
* Initial work on certificate rotation.
* Adding ability to get additional certificate info.
* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
Curtis Castrapel
Eric
Marti Raudsepp
kevgliss
kevgliss