Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEVS: new API tokens #4637

Merged
merged 39 commits into from Apr 5, 2024
Merged

DEVS: new API tokens #4637

merged 39 commits into from Apr 5, 2024

Conversation

kevinpapst
Copy link
Member

@kevinpapst kevinpapst commented Feb 14, 2024
edited

Description

This introduces a new way of API authentication using a single Authorization: Bearer 123xyz456 header.

  •  Add new token handler for authentication
  • Add entity and repository
  • UI to handle multiple named API tokens with expiration dates
  • I updated the documentation, see https://github.com/kimai/www.kimai.org/pull/390/files
  • Support expiration dates
  • Store "last usage" and display in profile

All apps using the API need to be adjusted, as the old authentication way will be removed sooner than later.
By now it will ONLY trigger a deprecation on every API call.

The main focus was increasing the speed of every API:

  • Old authentication: ~ 0.7s
  • New authentication: ~ 0.1s

Fixes #4563

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • I verified that my code applies to the guidelines (composer code-check)
  • I agree that this code is used in Kimai (see license)

@kevinpapst kevinpapst added this to the 3.0 - Planned features milestone Feb 14, 2024
@kevinpapst kevinpapst mentioned this pull request Feb 14, 2024
Closed
3 tasks
@codecov Codecov
Copy link

codecov bot commented Feb 14, 2024
edited

Codecov Report

Attention: Patch coverage is 56.15385% with 57 lines in your changes are missing coverage. Please review.

Project coverage is 88.02%. Comparing base (dd51c8d) to head (16e66d4).

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #4637      +/-   ##
============================================
- Coverage     88.19%   88.02%   -0.17%     
- Complexity     8879     8910      +31     
============================================
  Files           789      792       +3     
  Lines         29129    29226      +97     
============================================
+ Hits          25689    25726      +37     
- Misses         3440     3500      +60
Files Coverage Δ
src/API/ActionsController.php 100.00% <ø> (ø)
src/API/ActivityController.php 97.32% <ø> (ø)
src/API/Authentication/AccessTokenHandler.php 100.00% <100.00%> (ø)
src/API/Authentication/ApiRequestMatcher.php 100.00% <100.00%> (ø)
src/API/Authentication/TokenAuthenticator.php 97.67% <100.00%> (+2.80%) ⬆️
src/API/ConfigurationController.php 100.00% <ø> (ø)
src/API/CustomerController.php 99.00% <ø> (ø)
src/API/ProjectController.php 94.61% <ø> (ø)
src/API/StatusController.php 90.90% <ø> (ø)
src/API/TagController.php 96.00% <ø> (ø)
... and 9 more

... and 3 files with indirect coverage changes

This was referenced Feb 15, 2024
Merged
Merged
@kevinpapst kevinpapst mentioned this pull request Feb 22, 2024
Closed
3 tasks
@kevinpapst kevinpapst modified the milestones: 2.14.0, 2.15.0 Apr 4, 2024
@kevinpapst
Merge branch 'main' into api-tokens
ea13c43 
# Conflicts:
#	composer.lock
#	src/API/ActivityController.php
#	src/API/CustomerController.php
#	src/API/ProjectController.php
@kevinpapst
support delete tokens, translated new messages
3482eaf
@kevinpapst
removed security setting, which broke the docs
06484e1
@kevinpapst
set last usage only once per minute
386639c
@kevinpapst kevinpapst modified the milestones: 2.15.0, 2.14.0 Apr 5, 2024
@kevinpapst kevinpapst marked this pull request as ready for review April 5, 2024 17:26
@kevinpapst kevinpapst merged commit afe0656 into main Apr 5, 2024
5 checks passed
@kevinpapst kevinpapst deleted the api-tokens branch April 5, 2024 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
API feature request security
Milestone
2.14.0
Development

Successfully merging this pull request may close these issues.

API-Authentication slow
1 participant
@kevinpapst