Page MenuHomePhabricator
Create Task
Maniphest T325264

🩹️ Temporarily remove/disable PATCH routes in Wikibase REST API
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Tentatively planned based on the timeline of the security readiness review of the Json Patch PHP library. (T316523)

PATCH method should not be available in the Wikibase REST API.
API specification and the autodocs should not mention unavailable routes.

Likely means moving the PATCH routes to a separate files so that routes.json will only contain routes that can be used in production environments, including WMF production environments. (Wikidata)

Related Objects
Search...

Event Timeline

WMDE-leszek created this task.Dec 15 2022, 8:42 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 15 2022, 8:42 AM
WMDE-leszek updated the task description. (Show Details)Dec 15 2022, 8:43 AM
WMDE-leszek updated the task description. (Show Details)Jan 3 2023, 11:00 AM
WMDE-leszek set the point value for this task to 5.Jan 3 2023, 11:05 AM
WMDE-leszek changed the point value for this task from 5 to 3.Jan 3 2023, 11:08 AM
WMDE-leszek updated the task description. (Show Details)Jan 3 2023, 11:12 AM
WMDE-leszek edited projects, added Wikibase Product Platform (v1) (Sprint 20); removed Wikibase Product Platform (v1).
Silvan_WMDE renamed this task from Temporarily remove/disable PATCH routes in Wikibase REST API to 🩹️ Temporarily remove/disable PATCH routes in Wikibase REST API.Jan 3 2023, 2:08 PM
Silvan_WMDE added a project: Story.
Silvan_WMDE added subscribers: Muhammad_Yasser_Jazirahly_WMDE, Ollie.Shotton_WMDE, Silvan_WMDE.Jan 3 2023, 2:54 PM

Task Breakdown Notes

  • edit files (@Ollie.Shotton_WMDE creates the task)
    • remove PATCH routes from existing rest-api/routes.json file
    • add PATCH routes to a new rest-api/routes.dev.json file
    • update CI configuration file repo/config/Wikibase.ci.php to take into account the new rest-api/routes.dev.json file
  • modify README.md to explain rest-api/routes.json and rest-api/routes.dev.json (@Muhammad_Yasser_Jazirahly_WMDE creates task)
    • one for production-ready routes
    • one for dev routes that are work-in-progress
  • modify OpenAPI docs (@Silvan_WMDE creates task)
    • Add a [WIP] marker to the summary of both PATCH endpoints
    • Add 'This endpoint is currently not available on wikidata.org' to the description of both PATCH endpoints
Muhammad_Yasser_Jazirahly_WMDE added a subtask: T326151: 🩹️ Modify README.md file.Jan 3 2023, 3:22 PM
Ollie.Shotton_WMDE changed the status of subtask T326153: 🩹️ Separate WIP and production ready routes into separate files from Open to In Progress.Jan 4 2023, 9:43 AM
Muhammad_Yasser_Jazirahly_WMDE changed the status of subtask T326151: 🩹️ Modify README.md file from Open to In Progress.Jan 4 2023, 9:44 AM
Muhammad_Yasser_Jazirahly_WMDE changed the status of subtask T326151: 🩹️ Modify README.md file from In Progress to Open.Jan 4 2023, 11:22 AM
Silvan_WMDE changed the status of subtask T326197: 🩹️ Mark PATCH endpoints as [WIP] in OpenAPI docs from Open to In Progress.Jan 4 2023, 2:01 PM
Silvan_WMDE changed the status of subtask T326197: 🩹️ Mark PATCH endpoints as [WIP] in OpenAPI docs from In Progress to Open.Jan 4 2023, 2:31 PM
Muhammad_Yasser_Jazirahly_WMDE changed the status of subtask T326153: 🩹️ Separate WIP and production ready routes into separate files from In Progress to Open.Jan 4 2023, 2:33 PM
Muhammad_Yasser_Jazirahly_WMDE moved this task from To Do to Product Verification on the Wikibase Product Platform (v1) (Sprint 20) board.Jan 4 2023, 3:39 PM
WMDE-leszek added a comment.Jan 5 2023, 1:31 PM

Looks good, thank you!

WMDE-leszek moved this task from Product Verification to Done on the Wikibase Product Platform (v1) (Sprint 20) board.Jan 5 2023, 1:31 PM
Ollie.Shotton_WMDE closed this task as Resolved.Jan 5 2023, 4:08 PM
Ollie.Shotton_WMDE claimed this task.
Ollie.Shotton_WMDE reopened this task as Open.Jan 5 2023, 4:11 PM
Ollie.Shotton_WMDE removed Ollie.Shotton_WMDE as the assignee of this task.
WMDE-leszek closed this task as Resolved.Jan 30 2023, 8:50 PM
WMDE-leszek claimed this task.
WMDE-leszek closed subtask T326197: 🩹️ Mark PATCH endpoints as [WIP] in OpenAPI docs as Resolved.
WMDE-leszek closed subtask T326153: 🩹️ Separate WIP and production ready routes into separate files as Resolved.
WMDE-leszek closed subtask T326151: 🩹️ Modify README.md file as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits