Register issueshttps://community.opengroup.org/osdu/platform/system/register/-/issues2021-08-27T21:34:31Zhttps://community.opengroup.org/osdu/platform/system/register/-/issues/27GET /subscription by notificationID should be restricted2021-08-27T21:34:31ZAliaksei DarafeyeuGET /subscription by notificationID should be restrictedRight now, to perform GET `/subscription?notificationId=X` operation user should has one of role (`users.datalake.ops`, `users.datalake.admins`, `users.datalake.editors`) but according security check access to this operation should be re...Right now, to perform GET `/subscription?notificationId=X` operation user should has one of role (`users.datalake.ops`, `users.datalake.admins`, `users.datalake.editors`) but according security check access to this operation should be restricted to only `users.datalake.ops`.ethiraj krishnamanaiduChris ZhangGary MurphyNitin-slbNeelesh ThakurRobert Chadwick [Schlumberger]ethiraj krishnamanaiduhttps://community.opengroup.org/osdu/platform/system/register/-/issues/43Provide clear "end to end" documentation of typical use case of Register service2024-01-29T10:51:46ZDebasis ChatterjeeProvide clear "end to end" documentation of typical use case of Register serviceSuggest creation of simple "Hello world" style example for real life utilization of this service.
Mention clearly if some steps cannot be tested from Postman (like other services) and will require some coding.
Also bring "notification"...Suggest creation of simple "Hello world" style example for real life utilization of this service.
Mention clearly if some steps cannot be tested from Postman (like other services) and will require some coding.
Also bring "notification" service in picture, if that is relevant.
For example, can this help in use case such as this? Data Manager is concerned about "Well" record in OSDU instance and would like to be notified if and when any user adds a new record, deletes an existing record or updates an existing record?
If yes, describe how one can implement this with Register service and possibly other related service.
If not, please pick a different, meaningful real life use case and describe the full implementation.
You may do this separately for two cases which are already documented - (a) Action service, (b) How to become DDMS.https://community.opengroup.org/osdu/platform/system/register/-/issues/45M18 GET and DELETE /api/register/v1/action/{id}2023-06-15T13:35:40ZShane HutchinsM18 GET and DELETE /api/register/v1/action/{id}Received a response with 5xx status code: 500
{"timestamp":"2023-06-14T14:29:55.655+00:00","status":500,"error":"Internal Server Error","path":"/api/register/v1/action/00%3B"}
Expected a 404 error or other 4xx.
Run this get curl comman...Received a response with 5xx status code: 500
{"timestamp":"2023-06-14T14:29:55.655+00:00","status":500,"error":"Internal Server Error","path":"/api/register/v1/action/00%3B"}
Expected a 404 error or other 4xx.
Run this get curl command to reproduce this failure:
curl -X GET -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' https://osdu.r3m18.preshiptesting.osdu.aws/api/register/v1/action/00%3B
Run this delete curl command to reproduce this failure:
curl -X DELETE -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' https://osdu.r3m18.preshiptesting.osdu.aws/api/register/v1/action/00%25
I was able to reproduce this on AWS and Azure.
DELETE /api/register/v1/action/{id}
curl -X DELETE -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: opendes' https://osdu-ship.msft-osdu-test.org/api/register/v1/action/00%25
GET /api/register/v1/action/{id}
curl -X GET -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: opendes' https://osdu-ship.msft-osdu-test.org/api/register/v1/action/00%3Bhttps://community.opengroup.org/osdu/platform/system/register/-/issues/44M18 GET and DELETE /api/register/v1/ddms/{id}2023-06-15T14:01:56ZShane HutchinsM18 GET and DELETE /api/register/v1/ddms/{id}Received a response with 5xx status code: 500
{"timestamp":"2023-06-14T14:29:41.188+00:00","status":500,"error":"Internal Server Error","path":"/api/register/v1/ddms/00%3B"}
This should have returned a 404 or maybe a 401, but not 500.
...Received a response with 5xx status code: 500
{"timestamp":"2023-06-14T14:29:41.188+00:00","status":500,"error":"Internal Server Error","path":"/api/register/v1/ddms/00%3B"}
This should have returned a 404 or maybe a 401, but not 500.
Run this get curl command to reproduce this failure:
curl -X GET -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' https://osdu.r3m18.preshiptesting.osdu.aws/api/register/v1/ddms/00%3B
Run this delete curl command to reproduce this failure:
curl -X DELETE -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' https://osdu.r3m18.preshiptesting.osdu.aws/api/register/v1/ddms/00%0A
Was able to produce this issue in AWS and Azure.
GET /api/register/v1/ddms/{id}
Run this curl command to reproduce this failure:
curl -X GET -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: opendes' https://osdu-ship.msft-osdu-test.org/api/register/v1/ddms/00%3B
curl -X DELETE -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: opendes' https://osdu-ship.msft-osdu-test.org/api/register/v1/ddms/00%0Ahttps://community.opengroup.org/osdu/platform/system/register/-/issues/46Use Secret service for storing and fetching subscriber secrets.2023-11-08T12:11:40ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comUse Secret service for storing and fetching subscriber secrets.Rustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comhttps://community.opengroup.org/osdu/platform/system/register/-/issues/47Integration test core pom references core-lib-gc2023-08-21T18:40:26ZAlok JoshiIntegration test core pom references core-lib-gchttps://community.opengroup.org/osdu/platform/system/register/-/blob/master/testing/register-test-core/pom.xml
There is a dependency reference to core-lib-gc inside the core dependencies for integration test. This violates the principal...https://community.opengroup.org/osdu/platform/system/register/-/blob/master/testing/register-test-core/pom.xml
There is a dependency reference to core-lib-gc inside the core dependencies for integration test. This violates the principal of having only non-CSP logic in the core module.https://community.opengroup.org/osdu/platform/system/register/-/issues/48Subscription Verification Request Incorrectly Encoded2023-10-30T21:06:16ZDerek HudsonSubscription Verification Request Incorrectly EncodedSubscription verification request (the request that the Register service sends to verify that a Push endpoint is valid) improperly encodes the `hmac` query string parameter, which allows raw `=` in the `hmac` query string parameter, whic...Subscription verification request (the request that the Register service sends to verify that a Push endpoint is valid) improperly encodes the `hmac` query string parameter, which allows raw `=` in the `hmac` query string parameter, which in tern can cause subscription creation to fail.
Testing a fix locally before publishing.M21 - Release 0.24Derek HudsonDerek Hudsonhttps://community.opengroup.org/osdu/platform/system/register/-/issues/49Register Service API Enhancement: Introducing Subscription State Handling for...2023-12-08T08:27:16ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRegister Service API Enhancement: Introducing Subscription State Handling for Resource OptimizationTBDTBDRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comhttps://community.opengroup.org/osdu/platform/system/register/-/issues/59HMAC secret validation doesn't verify if secret is hexadecimal2024-02-12T12:31:37ZIzabela KulakowskaHMAC secret validation doesn't verify if secret is hexadecimalThe HMAC secret provided as a parameter in the payload for [API operation to create the subscription](https://community.opengroup.org/osdu/platform/system/register/-/blob/master/register-core/src/main/java/org/opengroup/osdu/register/api...The HMAC secret provided as a parameter in the payload for [API operation to create the subscription](https://community.opengroup.org/osdu/platform/system/register/-/blob/master/register-core/src/main/java/org/opengroup/osdu/register/api/SubscriberApi.java?ref_type=heads#L100) needs to be in a hexadecimal number format, but SecretValidator class allows it to be any even length string matching regex ^[a-zA-Z0-9]{8,30}+$.
If provided secret matches the requirements from SecretValidator but is not hexadecimal number then creating the subscription causes an exception in Register Service when trying to [get the signed signature](https://community.opengroup.org/osdu/platform/system/register/-/blob/master/register-core/src/main/java/org/opengroup/osdu/register/subscriber/services/ChallengeResponseCheck.java?ref_type=heads#L108), more precisely [parsing the secret in SignatureService class](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/blob/master/src/main/java/org/opengroup/osdu/core/common/cryptographic/SignatureService.java?ref_type=heads#L122).
The API user gets an [error](https://community.opengroup.org/osdu/platform/system/register/-/blob/master/register-core/src/main/java/org/opengroup/osdu/register/subscriber/services/CreateSubscription.java?ref_type=heads#L72) “Failed challenge response check to GET <push endpoint>” which doesn’t indicate an issue with the provided secret.