From 7c92f1c4b4e376787eeb8df6f918584e567e0f46 Mon Sep 17 00:00:00 2001 From: yoldas Date: Fri, 19 Sep 2025 10:28:24 +0100 Subject: [PATCH 1/9] Use sanger-jsonapi-resources version 0.1.2 --- Gemfile | 2 +- Gemfile.lock | 10 +++++----- .../api/v2/bait_library_layouts_controller.rb | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 4d1027b7ba..35c54544a3 100644 --- a/Gemfile +++ b/Gemfile @@ -72,7 +72,7 @@ group :default do # Version 0.1.1 was created from the [develop](https://github.com/sanger/jsonapi-resources/tree/develop) branch # published, and pinned for Sequencescape compatibility. # This version is tested and compatible with Rails 7.1/7.2 and Ruby 3.2/3.3. - gem 'sanger-jsonapi-resources', '~> 0.1.1' + gem 'sanger-jsonapi-resources', '~> 0.1.2' # gem 'sanger-jsonapi-resources', github: 'sanger/jsonapi-resources', branch: 'develop' gem 'csv', '~> 3.3' # Required by jsonapi-resources, previously part of ruby diff --git a/Gemfile.lock b/Gemfile.lock index b01a502360..e4ef7f0b7e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -324,11 +324,11 @@ GEM net-protocol netrc (0.11.0) nio4r (2.7.4) - nokogiri (1.18.9-arm64-darwin) + nokogiri (1.18.10-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.9-x86_64-darwin) + nokogiri (1.18.10-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.9-x86_64-linux-gnu) + nokogiri (1.18.10-x86_64-linux-gnu) racc (~> 1.4) ostruct (0.6.3) parallel (1.27.0) @@ -511,7 +511,7 @@ GEM logger ruby2_keywords (0.0.5) rubyzip (2.4.1) - sanger-jsonapi-resources (0.1.1) + sanger-jsonapi-resources (0.1.2) activerecord (>= 4.1) concurrent-ruby csv @@ -704,7 +704,7 @@ DEPENDENCIES rubocop-rspec_rails ruby-prof ruby-units - sanger-jsonapi-resources (~> 0.1.1) + sanger-jsonapi-resources (~> 0.1.2) sanger_barcode_format! sanger_warren selenium-webdriver (~> 4.1) diff --git a/app/controllers/api/v2/bait_library_layouts_controller.rb b/app/controllers/api/v2/bait_library_layouts_controller.rb index 126458681f..49871889b2 100644 --- a/app/controllers/api/v2/bait_library_layouts_controller.rb +++ b/app/controllers/api/v2/bait_library_layouts_controller.rb @@ -40,7 +40,7 @@ def preview private def respond_with_errors(title, details, status) - status_code = Rack::Utils::SYMBOL_TO_STATUS_CODE[status] + status_code = Rack::Utils.status_code(status) errors = details.map { |detail| { title: title, detail: detail, code: status_code, status: status_code } } From bb8ff54dc21954e00bb4959e5da559bc7958c7a8 Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 19:05:24 +0000 Subject: [PATCH 2/9] Update knapsack_pro to version 8.4.0 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index b01a502360..bdbf226f34 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -266,7 +266,7 @@ GEM railties (>= 4.1) jsonapi-resources-matchers (1.0.0) jsonapi-resources (>= 0.9.0) - knapsack_pro (8.3.3) + knapsack_pro (8.4.0) rake language_server-protocol (3.17.0.5) launchy (3.1.1) From ec3a6abbb767b4a257993679d7187b758396b337 Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 02:15:54 +0000 Subject: [PATCH 3/9] Update nokogiri to version 1.18.10 --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b01a502360..25988b21a6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -324,11 +324,11 @@ GEM net-protocol netrc (0.11.0) nio4r (2.7.4) - nokogiri (1.18.9-arm64-darwin) + nokogiri (1.18.10-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.9-x86_64-darwin) + nokogiri (1.18.10-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.9-x86_64-linux-gnu) + nokogiri (1.18.10-x86_64-linux-gnu) racc (~> 1.4) ostruct (0.6.3) parallel (1.27.0) From bcc8807fa4c77a6307433d7ddbb2047d7d2c4470 Mon Sep 17 00:00:00 2001 From: yoldas Date: Tue, 23 Sep 2025 20:58:49 +0100 Subject: [PATCH 4/9] Allow permissive param to include methods --- .../api/v2/concerns/api_key_authenticatable.rb | 10 +++++----- .../api/v2/concerns/api_key_authenticatable_spec.rb | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/controllers/api/v2/concerns/api_key_authenticatable.rb b/app/controllers/api/v2/concerns/api_key_authenticatable.rb index 6656517a78..ff01ff619f 100644 --- a/app/controllers/api/v2/concerns/api_key_authenticatable.rb +++ b/app/controllers/api/v2/concerns/api_key_authenticatable.rb @@ -3,10 +3,10 @@ module Api module V2 module Concerns # Provides the tools needed to confirm that a valid API key was provided for the header X-Sequencescape-Client-Id. - # - Skips the check if the endpoint specifies permissve GETs + # - Skips the check if the endpoint specifies permissive methods names. # - Where the API key is in the request and exists in among ApiApplication, allow the request to be served. # - Where the API key is in the request but does not exist, log the attempt and render an unauthorized response. - # - Where the API key is not in the request, respond normally (for now) and log the system that made the request. + # - Where the API key is not in the request, log the attempt and render an unauthorized response. module ApiKeyAuthenticatable extend ActiveSupport::Concern @@ -74,14 +74,14 @@ def render_unauthorized # Checks if the current request is a permissive route. # # A route is considered permissive if the 'permissive' path parameter is present in the request - # and the HTTP request method is 'GET'. + # and the HTTP request method is specified in the array of permissive methods. # Path parameters can be defined via defaults next to the route in routes.rb - # e.g. jsonapi_resources :samples, defaults: { permissive: true } + # e.g. jsonapi_resources :samples, defaults: { permissive: [:get, :post] } # # @return [Boolean] true if the route is permissive, false otherwise. def permissive_route # Use path_parameters as standard parameters are overridable by requesters - request.path_parameters.fetch(:permissive, false) && request.get? + request.path_parameters.fetch(:permissive, []).include?(request.method.downcase.to_sym) end end end diff --git a/spec/controllers/api/v2/concerns/api_key_authenticatable_spec.rb b/spec/controllers/api/v2/concerns/api_key_authenticatable_spec.rb index 51e61ccd10..7dd95f9f0e 100644 --- a/spec/controllers/api/v2/concerns/api_key_authenticatable_spec.rb +++ b/spec/controllers/api/v2/concerns/api_key_authenticatable_spec.rb @@ -7,9 +7,9 @@ end describe '#permissive_route' do - context 'when permissive param is present and request is GET' do + context 'when permissive param includes :get and request method is GET' do before do - allow(controller.request).to receive_messages(path_parameters: { permissive: true }, get?: true) + allow(controller.request).to receive_messages(path_parameters: { permissive: [:get] }, method: 'GET') end it 'returns true' do @@ -17,9 +17,9 @@ end end - context 'when permissive param is present but request is not GET' do + context 'when permissive param includes :get but request method is not GET' do before do - allow(controller.request).to receive_messages(path_parameters: { permissive: true }, get?: false) + allow(controller.request).to receive_messages(path_parameters: { permissive: [:get] }, method: 'POST') end it 'returns false' do @@ -29,7 +29,7 @@ context 'when permissive param is not present' do before do - allow(controller.request).to receive_messages(path_parameters: {}, get?: true) + allow(controller.request).to receive_messages(path_parameters: {}, method: 'GET') end it 'returns false' do From db0898ce7cc3a1014ca9f31f8467eeaf9dc9dd11 Mon Sep 17 00:00:00 2001 From: yoldas Date: Tue, 23 Sep 2025 21:02:35 +0100 Subject: [PATCH 5/9] Add interim permissive params in routes --- config/routes.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index 59f816877e..a17098980f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -36,9 +36,9 @@ jsonapi_resources :barcode_printers jsonapi_resources :bulk_transfers, except: %i[update] - jsonapi_resources :comments, defaults: { permissive: true } + jsonapi_resources :comments, defaults: { permissive: %i[post] } jsonapi_resources :custom_metadatum_collections - jsonapi_resources :labware, defaults: { permissive: true } + jsonapi_resources :labware, defaults: { permissive: %i[get] } jsonapi_resources :lanes jsonapi_resources :lot_types jsonapi_resources :lots @@ -57,7 +57,7 @@ jsonapi_resources :primer_panels jsonapi_resources :projects jsonapi_resources :purposes - jsonapi_resources :qc_assays, defaults: { permissive: true } + jsonapi_resources :qc_assays, defaults: { permissive: %i[post] } jsonapi_resources :qc_files, except: %i[update] jsonapi_resources :qc_results jsonapi_resources :qcables @@ -78,7 +78,7 @@ jsonapi_resources :submission_templates jsonapi_resources :submissions, except: %i[update] jsonapi_resources :tag_group_adapter_types - jsonapi_resources :tag_groups, defaults: { permissive: true } + jsonapi_resources :tag_groups, defaults: { permissive: %i[get] } jsonapi_resources :tag_sets, only: %i[index show] jsonapi_resources :tag_layout_templates jsonapi_resources :tag_layouts, except: %i[update] From 422fdd91c5d64680e1dfc7b2299ce4dede21c845 Mon Sep 17 00:00:00 2001 From: yoldas Date: Tue, 23 Sep 2025 21:49:02 +0100 Subject: [PATCH 6/9] Update shared examples for ApiKeyAuthenticatable with permissive params and feature flag --- .../api_key_authenticatable.rb | 27 ++++++++++++++++--- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/spec/requests/api/v2/shared_examples/api_key_authenticatable.rb b/spec/requests/api/v2/shared_examples/api_key_authenticatable.rb index 4e935ac028..21e0c1ff7c 100644 --- a/spec/requests/api/v2/shared_examples/api_key_authenticatable.rb +++ b/spec/requests/api/v2/shared_examples/api_key_authenticatable.rb @@ -5,14 +5,33 @@ shared_examples_for 'ApiKeyAuthenticatable' do let(:client_headers) { { 'User-Agent' => 'Test Agent', 'Origin' => 'Test Origin' } }.freeze let(:permissive_route) do - Rails.application.routes.recognize_path(base_endpoint, method: :get).fetch(:permissive, false) + Rails.application.routes.recognize_path(base_endpoint, method: :get).fetch(:permissive, []).include?(:get) end context 'without an API key' do - it 'gets a success response' do - api_get base_endpoint, headers: client_headers + context 'when feature flag is disabled' do + before { Flipper.disable :y25_442_make_api_key_mandatory } - expect(response).to have_http_status(:success) + it 'gets a success response' do + api_get base_endpoint, headers: client_headers + + expect(response).to have_http_status(:success) + end + end + + context 'when feature flag is enabled' do + before { Flipper.enable :y25_442_make_api_key_mandatory } + + it 'gets an unauthorized response' do + api_get base_endpoint, headers: client_headers + + # Permissive routes are successful without API keys + if permissive_route + expect(response).to have_http_status(:success) + else + expect(response).to have_http_status(:unauthorized) + end + end end it 'logs the request with client details' do From 82ccfa1654190e1d7d1325f7fbb1fe3b8eea9de3 Mon Sep 17 00:00:00 2001 From: "depfu[bot]" <23717796+depfu[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 00:00:39 +0000 Subject: [PATCH 7/9] Update Ruby to version 3.4.6 --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index f9892605c7..1cf8253024 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.4.4 +3.4.6 From 60b15876438aad86f96a45623bc0059c9835f6b1 Mon Sep 17 00:00:00 2001 From: yoldas Date: Wed, 24 Sep 2025 07:50:28 +0100 Subject: [PATCH 8/9] Allow get and post for comments and qc_assays --- config/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index a17098980f..034e9e3646 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -36,7 +36,7 @@ jsonapi_resources :barcode_printers jsonapi_resources :bulk_transfers, except: %i[update] - jsonapi_resources :comments, defaults: { permissive: %i[post] } + jsonapi_resources :comments, defaults: { permissive: %i[get post] } jsonapi_resources :custom_metadatum_collections jsonapi_resources :labware, defaults: { permissive: %i[get] } jsonapi_resources :lanes @@ -57,7 +57,7 @@ jsonapi_resources :primer_panels jsonapi_resources :projects jsonapi_resources :purposes - jsonapi_resources :qc_assays, defaults: { permissive: %i[post] } + jsonapi_resources :qc_assays, defaults: { permissive: %i[get post] } jsonapi_resources :qc_files, except: %i[update] jsonapi_resources :qc_results jsonapi_resources :qcables From 81f80e9db4f4e291b4a7e22b901edd03d1fce7c2 Mon Sep 17 00:00:00 2001 From: yoldas Date: Wed, 24 Sep 2025 14:30:27 +0100 Subject: [PATCH 9/9] Update .release-version to 14.78.2 --- .release-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release-version b/.release-version index 6fadc15357..ee3eb99fd3 100644 --- a/.release-version +++ b/.release-version @@ -1 +1 @@ -14.78.1 +14.78.2