[openstreetmap/openstreetmap-website] API key dispenser (#2145)

Roland Olbricht notifications at github.com
Fri Feb 15 06:00:35 UTC 2019

This is an implementation of the API key dispenser intended to help with GDPR requirements.

It is as minimal as possible:
- OSM users can register services by submitting an URI for the service.
- OSM users can request an API key for each registered service.
- For a registered service there is a stream of new and revoked keys with a similar mechanism to the minute updates via the new API endpoint _third_party_services/keys_

The data held on the Main Db is
- a table of services where the URI is unique
- a ledger of keys, implemented as two tables where _third_party_keys_ hold the actual data and _third_party_key_events_ is used as a PG sequence to properly sort out create and revoke events

Tests with full coverage have been added. Please take the whole thing still with a grain of salt: I have little Rails experience. For example, _CanCan_ did insist in various error messages I should add _skip_authorization_check_ to every controller, but this does sound like the proper solution.
You can view, comment on, or merge this pull request online at:


-- Commit Summary --

  * Patch to introduce an API keys service
  * Added emergency fix to deal with CanCan; proper solution unknown.

-- File Changes --

    A app/controllers/third_party_keys_controller.rb (115)
    A app/controllers/third_party_services_controller.rb (106)
    A app/models/third_party_key.rb (42)
    A app/models/third_party_key_event.rb (10)
    A app/models/third_party_service.rb (21)
    A app/views/third_party_keys/edit.html.erb (49)
    A app/views/third_party_keys/index.html.erb (33)
    A app/views/third_party_keys/new.html.erb (59)
    A app/views/third_party_keys/show.html.erb (31)
    A app/views/third_party_services/edit.html.erb (38)
    A app/views/third_party_services/index.html.erb (15)
    A app/views/third_party_services/new.html.erb (31)
    A app/views/third_party_services/show.html.erb (32)
    M app/views/users/account.html.erb (2)
    M config/locales/en.yml (40)
    M config/routes.rb (20)
    A db/migrate/20190213050630_create_third_party_keys_structures.rb (26)
    M lib/osm.rb (22)
    A test/controllers/third_party_keys_controller_test.rb (193)
    A test/controllers/third_party_services_controller_test.rb (375)

-- Patch Links --


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190214/74207e90/attachment-0001.html>

More information about the rails-dev mailing list