Replaces the `schema`-attribute with the
attribute `schema_location`. That prevents
shadowing of pydantic's internal `schema`-attribute
and gets rid of pydantic-issues warnings.
Verify that incoming paths exist when a collection
is created a token has write-access to the
collection. Checks that incoming-label is set
for the token.
Add tests for incoming path validation.
Add scanner error detection to configuration loading. Raise
an error if the configuration YAML-file cannot be loaded.
Detect and reject token definitions with write permissions
and without incoming-labels or write access for
collections that do not define an incoming directory.
Rename `get_permissions` to `get_token_permissions`
This commit removes the option `--admin-token` and
adds the option `--admin-token-hash`, which accepts
a hashed token (sha256 in 64-digits hex representation).
Check the following two conditions when
new collections are created:
1. the name of the collection is not a
reserved name.
2. collections do not share incoming or
curated directories with other collections.
This is done to prevent data leaks, which
could happen when different collections
share directories.
Add a command that interprets configuration
files and creates the objects defined in the
configuration file in a service.
This command can be used to migrate from
old dump-things server to new dump-things
server, when the option --old-format is used.
Note that there are a few differences
between the old and the new format:
1. Keys in `tokens` are now token names,
that map to token configurations.
2. Token configurations now contain the
additional attributes `representation`
and `hashed`.
3. `schema` is now an attribute of a
collection. It is removed from
sqlite backend configurations.
When adding the plain admin token `t` via
`/admin_tokens`, `AdminTokenRequest.representation`
must contain `hash_token_representation(t)`.
The value of `AdminTokenRequest.representation`
is checked for the correct pattern (a 40-digit hex
number) and stored verbatim in the configuration.
To authenticate an administrator, the token
provided in the `x-dumpthings-token`-header is
hashed and compared to the stored values of
`AdminTokenRequest.representation`.
Test that endpoints of deleted collections are
removed from the openapi documentation and
generate 404-errors when accessed.
Adapt token listing test to the modified token
result structure, which does not contain the
token representation anymore.
By default the admin-token representation is hashed.
That means the request should contain the plain token,
unless the request-attribute `hashed` is set. In this
case, the `POST /admin-tokens` endpoint assumes that
the representation is already hashed. It will perform
a simple syntax verification to assure that the
representation is a 40-digit hex number.
