Skip to content

Add authentication validation to the JSON schema #2646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 34 commits into
base: main
Choose a base branch
from
Open

Add authentication validation to the JSON schema #2646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
726a24b
First version of auth enum with conditional JWT
sander1095 Apr 5, 2025
076f5be
Add JWT validation. Sidenote: JWT properties are both required now, n…
sander1095 Apr 5, 2025
2ba4e93
Added validation for jwt being null when a non-jwt auth provider is u…
sander1095 Apr 5, 2025
2816e1a
remove duplicate, false rule
sander1095 Apr 5, 2025
7681aa7
Improve dab draft schema for not ommitting JWT
sander1095 Apr 9, 2025
2c8841f
Add unit tests
sander1095 Apr 9, 2025
46331b6
Added extra docs to the providers that need JWT, thanks to PR feedback
sander1095 Apr 14, 2025
8a24a84
Merge branch 'main' into add-auth-to-jsonschema
Aniruddh25 Apr 16, 2025
274103c
Merge branch 'main' into add-auth-to-jsonschema
RubenCerna2079 Apr 21, 2025
7d27a8d
Merge branch 'main' into add-auth-to-jsonschema
Aniruddh25 Apr 23, 2025
96cfc96
Merge branch 'main' into add-auth-to-jsonschema
RubenCerna2079 May 9, 2025
d983b89
Merge branch 'main' into add-auth-to-jsonschema
Aniruddh25 May 10, 2025
2d9f88e
Merge branch 'main' into add-auth-to-jsonschema
sander1095 May 15, 2025
22834dd
Rename method based on PR feedback
sander1095 May 15, 2025
2e46ae7
Workaround for failing test because NJsonSchema doesnt support oneof …
sander1095 May 15, 2025
2437f5e
Change schema url to http variant to be spec compliant
sander1095 May 15, 2025
d559f3f
Migrate from NJsonSchema to JsonSchema.Net
sander1095 May 15, 2025
c6a3e27
Reuse JSON deserilization options globally to prevent inconsistent de…
sander1095 May 15, 2025
22547af
Fix whitespace
sander1095 May 15, 2025
7252b73
Merge branch 'main' into add-auth-to-jsonschema
RubenCerna2079 May 27, 2025
73d9c5a
Update summary and fix typo
sander1095 May 27, 2025
0d24e0c
Add an extra test case
sander1095 May 27, 2025
5fc69f8
Migrate from JsonSchema.NET to Newtonsoft.Json.Schema
sander1095 May 27, 2025
6f8cce1
Remove limitation around NJsonSchema as this package isn't used anymore
sander1095 May 27, 2025
e0c0eeb
Fix whitespace
sander1095 May 27, 2025
9a0606b
Really fix whitespace
sander1095 May 27, 2025
eeb6052
Use 13.0.3-beta1 because Microsoft's private feeds do not have 13.0.3
sander1095 Jun 5, 2025
4c065b2
Merge branch 'main' into add-auth-to-jsonschema
Aniruddh25 Jun 5, 2025
00b2032
Fix tests
sander1095 Jun 10, 2025
55b525f
Downgrade NJS instead of using the NJ beta package as this is preferr…
sander1095 Jun 12, 2025
4120c6c
Fix integration tests
sander1095 Jun 12, 2025
6b0b7c4
Merge branch 'main' into add-auth-to-jsonschema
sander1095 Jun 12, 2025
327f051
Remove unnecessary NoWarn now that we keep NJ package the same version
sander1095 Jun 12, 2025
6d735c4
Merge remote-tracking branch 'origin/add-auth-to-jsonschema' into add…
sander1095 Jun 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion docs/design/dab-validate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,3 @@ The following types of validations are run on the config file (in the order spec

## Limitations
1. Currently the `validate` command support is limited to single datasource config file.
2. `NJsonSchema.Net` package currently has an open issue that overlooks/ ignores "if then else" conditions in json schema for attribute checks. (refer [here](https://github.com/RicoSuter/NJsonSchema/issues/1240))
53 changes: 49 additions & 4 deletions schemas/dab.draft.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "https://json-schema.org/draft-07/schema",
"$schema": "http://json-schema.org/draft-07/schema",
"$id": "https://github.com/Azure/data-api-builder/releases/download/vmajor.minor.patch/dab.draft.schema.json",
"title": "Data API builder",
"description": "Schema for Data API builder engine",
Expand Down Expand Up @@ -277,8 +277,33 @@
"additionalProperties": false,
"properties": {
"provider": {
"type": "string",
"description": "The name of authentication provider",
"oneOf": [
{
"const": "StaticWebApps",
"description": "Authentication provided by Azure Static Web Apps."
},
{
"const": "EntraID",
"description": "Authentication provided by Microsoft Entra ID (formerly Azure AD). Use the JWT property to configure this provider."
},
{
"const": "Simulator",
"description": "Simulated authentication for development and testing purposes."
},
{
"const": "AppService",
"description": "Authentication provided by Azure App Service."
},
{
"const": "AzureAD",
"description": "Synonymous with the EntraID value. Use the JWT property to configure this provider."
},
{
"const": "Custom",
"description": "Custom authentication provider defined by the user. Use the JWT property to configure the custom provider."
}
],
"default": "StaticWebApps"
},
"jwt": {
Expand All @@ -291,9 +316,29 @@
"issuer": {
"type": "string"
}
}
},
"required": ["audience", "issuer"]
}
}
},
"allOf": [
{
"$comment": "We want the user to provide the JWT property when the provider requires it, and omit JWT when the provider does not require it.",
"if": {
"properties": {
"provider": {
"anyOf": [
{ "const": "EntraID" },
{ "const": "AzureAD" },
{ "const": "Custom" }
]
}
},
"required": ["provider"]
},
"then": { "required": ["jwt"] },
"else": { "properties": { "jwt": false } }
}
]
}
}
},
Expand Down
1 change: 1 addition & 0 deletions src/Cli.Tests/ValidateConfigTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ public void TestValidateConfigFailsWithInvalidGraphQLDepthLimit(object? depthLim
[DataTestMethod]
[DataRow("AzureAD")]
[DataRow("EntraID")]
[DataRow("Custom")]
public void TestMissingJwtProperties(string authScheme)
{
string ConfigWithJwtAuthentication = $"{{{SAMPLE_SCHEMA_DATA_SOURCE}, {RUNTIME_SECTION_JWT_AUTHENTICATION_PLACEHOLDER}, \"entities\": {{ }}}}";
Expand Down
2 changes: 1 addition & 1 deletion src/Core/Azure.DataApiBuilder.Core.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
<PackageReference Include="HotChocolate.Types.NodaTime" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
<PackageReference Include="Microsoft.IdentityModel.Validators" />
<PackageReference Include="NJsonSchema" />
<PackageReference Include="Microsoft.Azure.Cosmos" />
<PackageReference Include="Microsoft.Data.SqlClient" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" />
Expand All @@ -28,6 +27,7 @@
<PackageReference Include="MSTest.TestFramework" />
<PackageReference Include="MySqlConnector" />
<PackageReference Include="Newtonsoft.Json" />
<PackageReference Include="Newtonsoft.Json.Schema" />
<PackageReference Include="Npgsql" />
<PackageReference Include="Polly" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerUI" />
Expand Down
15 changes: 8 additions & 7 deletions src/Core/Configurations/JsonConfigSchemaValidator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
using Azure.DataApiBuilder.Config.ObjectModel;
using Azure.DataApiBuilder.Core.Models;
using Microsoft.Extensions.Logging;
using NJsonSchema;
using NJsonSchema.Validation;
using Newtonsoft.Json.Linq;
using Newtonsoft.Json.Schema;

namespace Azure.DataApiBuilder.Core.Configurations;

Expand Down Expand Up @@ -38,21 +38,22 @@ public JsonConfigSchemaValidator(ILogger<JsonConfigSchemaValidator> jsonSchemaVa
/// <param name="jsonData">The JSON data to validate.</param>
/// <returns>A tuple containing a boolean indicating
/// if the validation was successful and a collection of validation errors if there were any.</returns>
public async Task<JsonSchemaValidationResult> ValidateJsonConfigWithSchemaAsync(string jsonSchema, string jsonData)
public JsonSchemaValidationResult ValidateJsonConfigWithSchema(string jsonSchema, string jsonData)
{
try
{
JsonSchema schema = await JsonSchema.FromJsonAsync(jsonSchema);
ICollection<ValidationError> validationErrors = schema.Validate(jsonData, SchemaType.JsonSchema);
JSchema schema = JSchema.Parse(jsonSchema);
JToken json = JToken.Parse(jsonData, new() { CommentHandling = CommentHandling.Ignore });
bool isValid = json.IsValid(schema, out IList<ValidationError> errors);

if (!validationErrors.Any())
if (isValid)
{
_logger!.LogInformation("The config satisfies the schema requirements.");
return new(isValid: true, errors: null);
}
else
{
return new(isValid: false, errors: validationErrors);
return new(isValid: false, errors: errors);
}
}
catch (Exception e)
Expand Down
2 changes: 1 addition & 1 deletion src/Core/Configurations/RuntimeConfigValidator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ public async Task<JsonSchemaValidationResult> ValidateConfigSchema(RuntimeConfig
return new JsonSchemaValidationResult(isValid: false, errors: null);
}

return await jsonConfigSchemaValidator.ValidateJsonConfigWithSchemaAsync(jsonSchema, jsonData);
return jsonConfigSchemaValidator.ValidateJsonConfigWithSchema(jsonSchema, jsonData);
}

/// <summary>
Expand Down
4 changes: 2 additions & 2 deletions src/Core/Models/JsonSchemaValidationResult.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

using NJsonSchema.Validation;
using Newtonsoft.Json.Schema;

namespace Azure.DataApiBuilder.Core.Models;

Expand Down Expand Up @@ -34,7 +34,7 @@ public JsonSchemaValidationResult(bool isValid, ICollection<ValidationError>? er
private static string FormatSchemaValidationErrorMessage(ICollection<ValidationError> validationErrors)
{
return $"> Total schema validation errors: {validationErrors.Count}\n" +
string.Join("", validationErrors.Select(e => $"> {e} at " +
string.Join("", validationErrors.Select(e => $"> {e.Message} at " +
$"{e.LineNumber}:{e.LinePosition}\n\n"));
}
}
6 changes: 5 additions & 1 deletion src/Directory.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,13 @@
<PackageVersion Include="MSTest.TestFramework" Version="3.3.1" />
<PackageVersion Include="MySqlConnector" Version="2.1.5" />
<PackageVersion Include="Newtonsoft.Json" Version="13.0.2" />
<!--
We use an older version of Newtonsoft.Json.Schema because newer versions depend on Newtonsoft.Json >=13.0.3
which is not (and can not be made) available in Microsoft Private Nuget Feeds
-->
<PackageVersion Include="Newtonsoft.Json.Schema" Version="3.0.14" />
<PackageVersion Include="Npgsql" Version="8.0.3" />
<PackageVersion Include="Polly" Version="7.2.3" />
<PackageVersion Include="NJsonSchema" Version="10.9.0" />
<PackageVersion Include="Swashbuckle.AspNetCore.SwaggerUI" Version="6.5.0" />
<PackageVersion Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
<PackageVersion Include="System.Drawing.Common" Version="8.0.3" />
Expand Down
Loading
Loading