Skip to content

Add alias to GET /conversations/{cnv} endpoint for LH devices #2682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
smatting merged 3 commits into from
Sep 9, 2022
Merged

Add alias to GET /conversations/{cnv} endpoint for LH devices #2682

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
81909e0
Add multiple endpoints to allowlist
smatting Sep 8, 2022
8bd698b
Add alias endpoint
smatting Sep 9, 2022
eef25f1
Allow LH devices access to alias
smatting Sep 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion charts/nginz/static/conf/zauth.acl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,5 @@ p (whitelist (path "/provider")
la (whitelist (path "/notifications")
(path "/assets/v3/**")
(path "/users")
(path "/users/**"))
(path "/users/**")
(path "/legalhold/conversations/*"))
3 changes: 3 additions & 0 deletions charts/nginz/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,9 @@ nginx_conf:
envs:
- all
doc: true
- path: /legalhold/conversations/(.*)
envs:
- all
- path: /teams$
envs:
- all
Expand Down
4 changes: 4 additions & 0 deletions deploy/services-demo/conf/nginz/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,10 @@ http {
proxy_pass http://galley;
}

location ~* /legalhold/conversations/(.*) {
include common_response_with_zauth.conf;
proxy_pass http://galley;
}

location /conversations {
include common_response_with_zauth.conf;
Expand Down
3 changes: 2 additions & 1 deletion deploy/services-demo/conf/nginz/zauth_acl.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,5 @@ p (whitelist (path "/provider")
la (whitelist (path "/notifications")
(path "/assets/v3/**")
(path "/users")
(path "/users/**"))
(path "/users/**")
(path "/legalhold/conversations/*"))
12 changes: 12 additions & 0 deletions libs/wire-api/src/Wire/API/Routes/Public/Galley.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,18 @@ type ConversationAPI =
:> Capture "cnv" ConvId
:> Get '[Servant.JSON] Conversation
)
:<|> Named
"get-unqualified-conversation-legalhold-alias"
-- This alias exists, so that it can be uniquely selected in zauth.acl
( Summary "Get a conversation by ID (Legalhold alias)"
:> CanThrow 'ConvNotFound
:> CanThrow 'ConvAccessDenied
:> ZLocalUser
:> "legalhold"
:> "conversations"
:> Capture "cnv" ConvId
:> Get '[Servant.JSON] Conversation
)
:<|> Named
"get-conversation"
( Summary "Get a conversation by ID"
Expand Down
8 changes: 8 additions & 0 deletions services/brig/test/integration/API/User/Auth.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ import Data.Handle (Handle (Handle))
import Data.Id
import Data.Misc (PlainTextPassword (..))
import Data.Proxy
import Data.Qualified (Qualified (qUnqualified))
import Data.Range (unsafeRange)
import qualified Data.Text as Text
import Data.Text.Ascii (AsciiChars (validate))
Expand All @@ -62,6 +63,7 @@ import Test.Tasty.HUnit
import qualified Test.Tasty.HUnit as HUnit
import UnliftIO.Async hiding (wait)
import Util
import Wire.API.Conversation (Conversation (..))
import qualified Wire.API.Team.Feature as Public
import Wire.API.User
import qualified Wire.API.User as Public
Expand Down Expand Up @@ -226,6 +228,10 @@ testNginzLegalHold b g n = do
cUsr = decodeCookie rsUsr
pure (c, t)

qconv <-
fmap cnvQualifiedId . responseJsonError
=<< createConversation g (userId alice) [] <!! const 201 === statusCode

-- ensure nginz allows passing legalhold cookies / tokens through to /access
post (n . path "/access" . cookie c . header "Authorization" ("Bearer " <> toByteString' t)) !!! do
const 200 === statusCode
Expand All @@ -235,6 +241,8 @@ testNginzLegalHold b g n = do
-- ensure legal hold tokens can fetch notifications
get (n . path "/notifications" . header "Authorization" ("Bearer " <> toByteString' t)) !!! const 200 === statusCode

get (n . paths ["legalhold", "conversations", toByteString' (qUnqualified qconv)] . header "Authorization" ("Bearer " <> toByteString' t)) !!! const 200 === statusCode

-- | Corner case for 'testNginz': when upgrading a wire backend from the old behavior (setting
-- cookie domain to eg. @*.wire.com@) to the new behavior (leaving cookie domain empty,
-- effectively setting it to the backend host), clients may start sending two cookies for a
Expand Down
1 change: 1 addition & 0 deletions services/galley/src/Galley/API/Public/Servant.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ servantSitemap =
where
conversations =
mkNamedAPI @"get-unqualified-conversation" getUnqualifiedConversation
<@> mkNamedAPI @"get-unqualified-conversation-legalhold-alias" getUnqualifiedConversation
<@> mkNamedAPI @"get-conversation" getConversation
<@> mkNamedAPI @"get-conversation-roles" getConversationRoles
<@> mkNamedAPI @"list-conversation-ids-unqualified" conversationIdsPageFromUnqualified
Expand Down