TT-10797 Hex validation for long keys on TokenOrg #5876
Conversation
|
API Changes --- prev.txt 2023-12-18 09:05:45.705547420 +0000
+++ current.txt 2023-12-18 09:05:43.085571770 +0000
@@ -10086,6 +10086,7 @@
const B64JSONPrefix = "ey"
`{"` in base64
+const MongoBsonIdLength = 24
VARIABLES
|
PR Analysis
PR Feedback
How to useInstructions
|
Apply Sweep Rules to your PR?
|
|
API tests result: success ✅ |
|
API tests result: success ✅ |
|
API tests result - postgres15-murmur64 env: success ✅ DescriptionWhen Gateway try to extract the orgId of custom keys with len > 24 Related Issuehttps://tyktech.atlassian.net/browse/TT-10797 Motivation and ContextIf the custom key has more than 24 characters, it is get deleted from How This Has Been TestedScreenshots (if appropriate)Types of changes
Checklist
|
|
API tests result - postgres15-sha256 env: success ✅ DescriptionWhen Gateway try to extract the orgId of custom keys with len > 24 Related Issuehttps://tyktech.atlassian.net/browse/TT-10797 Motivation and ContextIf the custom key has more than 24 characters, it is get deleted from How This Has Been TestedScreenshots (if appropriate)Types of changes
Checklist
|
|
API tests result - mongo44-sha256 env: success ✅ DescriptionWhen Gateway try to extract the orgId of custom keys with len > 24 Related Issuehttps://tyktech.atlassian.net/browse/TT-10797 Motivation and ContextIf the custom key has more than 24 characters, it is get deleted from How This Has Been TestedScreenshots (if appropriate)Types of changes
Checklist
|
|
API tests result - mongo44-murmur64 env: success ✅ DescriptionWhen Gateway try to extract the orgId of custom keys with len > 24 Related Issuehttps://tyktech.atlassian.net/browse/TT-10797 Motivation and ContextIf the custom key has more than 24 characters, it is get deleted from How This Has Been TestedScreenshots (if appropriate)Types of changes
Checklist
|
|
API tests result: success ✅ |
|
API tests result: success ✅ |
|
|
API tests result: success ✅ |
|
/release to release-5-lts |
|
/release to release-5.2 |
|
Working on it! Note that it can take a few minutes. |
|
Working on it! Note that it can take a few minutes. |
<!-- Provide a general summary of your changes in the Title above --> ## Description When Gateway try to extract the orgId of custom keys with len > 24 characters, it will extract part of the custom key independent if it's the actual orgID or not. This PR adds a validation if the token > 24 and it's not a hex string ( orgId's are mongoId's ); it will return an empty string. <!-- Describe your changes in detail --> ## Related Issue <!-- This project only accepts pull requests related to open issues. --> <!-- If suggesting a new feature or change, please discuss it in an issue first. --> <!-- If fixing a bug, there should be an issue describing it with steps to reproduce. --> <!-- OSS: Please link to the issue here. Tyk: please create/link the JIRA ticket. --> https://tyktech.atlassian.net/browse/TT-10797 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> If the custom key has more than 24 characters, it is get deleted from Edge Redis on update. ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why (cherry picked from commit bfaf48c)
|
@tbuchaillot Succesfully merged PR |
<!-- Provide a general summary of your changes in the Title above --> ## Description When Gateway try to extract the orgId of custom keys with len > 24 characters, it will extract part of the custom key independent if it's the actual orgID or not. This PR adds a validation if the token > 24 and it's not a hex string ( orgId's are mongoId's ); it will return an empty string. <!-- Describe your changes in detail --> ## Related Issue <!-- This project only accepts pull requests related to open issues. --> <!-- If suggesting a new feature or change, please discuss it in an issue first. --> <!-- If fixing a bug, there should be an issue describing it with steps to reproduce. --> <!-- OSS: Please link to the issue here. Tyk: please create/link the JIRA ticket. --> https://tyktech.atlassian.net/browse/TT-10797 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> If the custom key has more than 24 characters, it is get deleted from Edge Redis on update. ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why (cherry picked from commit bfaf48c)
|
Still working... |
|
@tbuchaillot Succesfully merged PR |
…kenOrg (#5876) TT-10797 Hex validation for long keys on TokenOrg (#5876) <!-- Provide a general summary of your changes in the Title above --> ## Description When Gateway try to extract the orgId of custom keys with len > 24 characters, it will extract part of the custom key independent if it's the actual orgID or not. This PR adds a validation if the token > 24 and it's not a hex string ( orgId's are mongoId's ); it will return an empty string. <!-- Describe your changes in detail --> ## Related Issue <!-- This project only accepts pull requests related to open issues. --> <!-- If suggesting a new feature or change, please discuss it in an issue first. --> <!-- If fixing a bug, there should be an issue describing it with steps to reproduce. --> <!-- OSS: Please link to the issue here. Tyk: please create/link the JIRA ticket. --> https://tyktech.atlassian.net/browse/TT-10797 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> If the custom key has more than 24 characters, it is get deleted from Edge Redis on update. ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why
…nOrg (#5876) TT-10797 Hex validation for long keys on TokenOrg (#5876) <!-- Provide a general summary of your changes in the Title above --> ## Description When Gateway try to extract the orgId of custom keys with len > 24 characters, it will extract part of the custom key independent if it's the actual orgID or not. This PR adds a validation if the token > 24 and it's not a hex string ( orgId's are mongoId's ); it will return an empty string. <!-- Describe your changes in detail --> ## Related Issue <!-- This project only accepts pull requests related to open issues. --> <!-- If suggesting a new feature or change, please discuss it in an issue first. --> <!-- If fixing a bug, there should be an issue describing it with steps to reproduce. --> <!-- OSS: Please link to the issue here. Tyk: please create/link the JIRA ticket. --> https://tyktech.atlassian.net/browse/TT-10797 ## Motivation and Context <!-- Why is this change required? What problem does it solve? --> If the custom key has more than 24 characters, it is get deleted from Edge Redis on update. ## How This Has Been Tested <!-- Please describe in detail how you tested your changes --> <!-- Include details of your testing environment, and the tests --> <!-- you ran to see how your change affects other areas of the code, etc. --> <!-- This information is helpful for reviewers and QA. --> ## Screenshots (if appropriate) ## Types of changes <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply --> <!-- If there are no documentation updates required, mark the item as checked. --> <!-- Raise up any additional concerns not covered by the checklist. --> - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why
Description
When Gateway try to extract the orgId of custom keys with len > 24 characters, it will extract part of the custom key independent if it's the actual orgID or not.
This PR adds a validation if the token > 24 and it's not a hex string ( orgId's are mongoId's ); it will return an empty string.
Related Issue
https://tyktech.atlassian.net/browse/TT-10797
Motivation and Context
If the custom key has more than 24 characters, it is get deleted from Edge Redis on update.
How This Has Been Tested
Screenshots (if appropriate)
Types of changes
Checklist