Merge remote-tracking branch 'origin/feature/add-psama' into ALS-5514…

…-AuthN
hms-dbmi · Jan 25, 2024 · a2748f9 · a2748f9
2 parents 9e098bb + 93dcd86
commit a2748f9
Show file tree

Hide file tree

Showing 5 changed files with 213 additions and 139 deletions.
diff --git a/pic-sure-auth-services/pom.xml b/pic-sure-auth-services/pom.xml
@@ -11,11 +11,11 @@
 	<artifactId>pic-sure-auth-services</artifactId>
 	<packaging>war</packaging>
 	<properties>
-		<!--<jackson.version>1.8.6</jackson.version> -->
 		<jackson.version>2.10.0</jackson.version>
 		<xml.bind.version>2.3.0</xml.bind.version>
 	</properties>
 	<dependencies>
+
 		<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
 		<dependency>
 			<groupId>edu.harvard.hms.dbmi.avillach</groupId>
@@ -79,16 +79,6 @@
 			<artifactId>hibernate-envers</artifactId>
 			<version>5.2.5.Final</version>
 		</dependency>
-		<!--<dependency> -->
-		<!--<groupId>org.apache.cxf</groupId> -->
-		<!--<artifactId>cxf-rt-frontend-jaxrs</artifactId> -->
-		<!--<version>3.2.6</version> -->
-		<!--</dependency> -->
-		<!--<dependency> -->
-		<!--<groupId>org.apache.cxf</groupId> -->
-		<!--<artifactId>cxf-rt-rs-client</artifactId> -->
-		<!--<version>3.2.6</version> -->
-		<!--</dependency> -->
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
@@ -99,21 +89,6 @@
 			<artifactId>jackson-databind</artifactId>
 			<version>${jackson.version}</version>
 		</dependency>
-		<!--<dependency> -->
-		<!--<groupId>org.codehaus.jackson</groupId> -->
-		<!--<artifactId>jackson-core-asl</artifactId> -->
-		<!--<version>${jackson.version}</version> -->
-		<!--</dependency> -->
-		<!--<dependency> -->
-		<!--<groupId>org.codehaus.jackson</groupId> -->
-		<!--<artifactId>jackson-mapper-asl</artifactId> -->
-		<!--<version>${jackson.version}</version> -->
-		<!--</dependency> -->
-		<!--<dependency> -->
-		<!--<groupId>org.codehaus.jackson</groupId> -->
-		<!--<artifactId>jackson-jaxrs</artifactId> -->
-		<!--<version>${jackson.version}</version> -->
-		<!--</dependency> -->
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-web</artifactId>
@@ -152,6 +127,12 @@
             <version>2.23.4</version>
             <scope>test</scope>
         </dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.core</groupId>
+			<artifactId>jersey-server</artifactId>
+			<version>2.3.1</version>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>com.github.spullara.mustache.java</groupId>
 			<artifactId>compiler</artifactId>
@@ -175,6 +156,11 @@
 			<artifactId>javax.mail-api</artifactId>
 			<version>1.6.2</version>
 		</dependency>
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
+			<version>33.0.0-jre</version>
+		</dependency>
 
 		<!-- swagger -->
 		<dependency>
@@ -193,30 +179,6 @@
 			<artifactId>swagger-jaxrs2-servlet-initializer</artifactId>
 			<version>2.0.0</version>
 		</dependency>
-
-		<!-- https://mvnrepository.com/artifact/org.glassfish.jersey.containers/jersey-container-servlet -->
-		<!--&lt;!&ndash; https://mvnrepository.com/artifact/com.sun.jersey/jersey-servlet 
-			&ndash;&gt; -->
-		<!--<dependency> -->
-		<!--<groupId>com.sun.jersey</groupId> -->
-		<!--<artifactId>jersey-servlet</artifactId> -->
-		<!--<version>1.19.4</version> -->
-		<!--</dependency> -->
-
-		<!-- https://mvnrepository.com/artifact/org.glassfish.jersey.containers/jersey-container-servlet -->
-		<!--<dependency> -->
-		<!--<groupId>org.glassfish.jersey.containers</groupId> -->
-		<!--<artifactId>jersey-container-servlet</artifactId> -->
-		<!--<version>2.26</version> -->
-		<!--</dependency> -->
-		<!--&lt;!&ndash; https://mvnrepository.com/artifact/org.glassfish.jersey.ext/jersey-bean-validation 
-			&ndash;&gt; -->
-		<!--<dependency> -->
-		<!--<groupId>org.glassfish.jersey.ext</groupId> -->
-		<!--<artifactId>jersey-bean-validation</artifactId> -->
-		<!--<version>2.26</version> -->
-		<!--</dependency> -->
-
 	</dependencies>
 	<build>
 		<finalName>${project.artifactId}</finalName>
@@ -237,34 +199,6 @@
 						<failOnMissingWebXml>false</failOnMissingWebXml>
 					</configuration>
 				</plugin>
-				<!--<plugin> -->
-				<!--<groupId>org.apache.tomcat.maven</groupId> -->
-				<!--<artifactId>tomcat7-maven-plugin</artifactId> -->
-				<!--<version>2.0</version> -->
-				<!--<executions> -->
-				<!--<execution> -->
-				<!--<id>default-cli</id> -->
-				<!--<goals> -->
-				<!--<goal>run</goal> -->
-				<!--</goals> -->
-				<!--<configuration> -->
-				<!--<port>13000</port> -->
-				<!--<path>/jaxrs-service</path> -->
-				<!--<useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader> -->
-				<!--</configuration> -->
-				<!--</execution> -->
-				<!--</executions> -->
-				<!--</plugin> -->
-				<!--<plugin> -->
-				<!--<groupId>org.apache.maven.plugins</groupId> -->
-				<!--<artifactId>maven-eclipse-plugin</artifactId> -->
-				<!--<configuration> -->
-				<!--<projectNameTemplate>[artifactId]-[version]</projectNameTemplate> -->
-				<!--<wtpmanifest>true</wtpmanifest> -->
-				<!--<wtpapplicationxml>true</wtpapplicationxml> -->
-				<!--<wtpversion>2.0</wtpversion> -->
-				<!--</configuration> -->
-				<!--</plugin> -->
 			</plugins>
 		</pluginManagement>
 		<plugins>
@@ -313,59 +247,6 @@
 					</execution>
 				</executions>
 			</plugin>
-			<!--<plugin> -->
-			<!--<groupId>org.apache.tomcat.maven</groupId> -->
-			<!--<artifactId>tomcat7-maven-plugin</artifactId> -->
-			<!--<executions> -->
-			<!--<execution> -->
-			<!--<id>start-tomcat</id> -->
-			<!--<goals> -->
-			<!--<goal>run-war</goal> -->
-			<!--</goals> -->
-			<!--<phase>pre-integration-test</phase> -->
-			<!--<configuration> -->
-			<!--<port>${test.server.port}</port> -->
-			<!--<path>/jaxrs-service</path> -->
-			<!--<fork>true</fork> -->
-			<!--<useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader> -->
-			<!--</configuration> -->
-			<!--</execution> -->
-			<!--<execution> -->
-			<!--<id>stop-tomcat</id> -->
-			<!--<goals> -->
-			<!--<goal>shutdown</goal> -->
-			<!--</goals> -->
-			<!--<phase>post-integration-test</phase> -->
-			<!--<configuration> -->
-			<!--<path>/jaxrs-service</path> -->
-			<!--</configuration> -->
-			<!--</execution> -->
-			<!--</executions> -->
-			<!--</plugin> -->
-			<!--<plugin> -->
-			<!--<groupId>org.apache.maven.plugins</groupId> -->
-			<!--<artifactId>maven-failsafe-plugin</artifactId> -->
-			<!--<version>2.8.1</version> -->
-			<!--<executions> -->
-			<!--<execution> -->
-			<!--<id>integration-test</id> -->
-			<!--<goals> -->
-			<!--<goal>integration-test</goal> -->
-			<!--</goals> -->
-			<!--<configuration> -->
-			<!--<systemPropertyVariables> -->
-			<!--<service.url>http://localhost:${test.server.port}/jaxrs-service</service.url> -->
-			<!--</systemPropertyVariables> -->
-			<!--</configuration> -->
-			<!--</execution> -->
-			<!--<execution> -->
-			<!--<id>verify</id> -->
-			<!--<goals> -->
-			<!--<goal>verify</goal> -->
-			<!--</goals> -->
-			<!--</execution> -->
-			<!--</executions> -->
-			<!--</plugin> -->
 		</plugins>
 	</build>
 </project>
diff --git a/...ices/src/main/java/edu/harvard/hms/dbmi/avillach/auth/data/repository/UserRepository.java b/...ices/src/main/java/edu/harvard/hms/dbmi/avillach/auth/data/repository/UserRepository.java
@@ -5,6 +5,7 @@
 import edu.harvard.hms.dbmi.avillach.auth.data.entity.Role;
 import edu.harvard.hms.dbmi.avillach.auth.data.entity.TermsOfService;
 import edu.harvard.hms.dbmi.avillach.auth.data.entity.User;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,6 +43,19 @@ public User findBySubject(String subject) {
                 .getSingleResult();
     }
 
+    public User findByEmailAndConnection(String email, String connectionId) {
+        CriteriaQuery<User> query = em.getCriteriaBuilder().createQuery(User.class);
+        Root<User> queryRoot = query.from(User.class);
+        query.select(queryRoot);
+        CriteriaBuilder cb = cb();
+        return em.createQuery(query
+            .where(
+                cb.equal(queryRoot.join("connection")
+                        .get("id"), connectionId),
+                eq(cb, queryRoot, "email", email)))
+            .getSingleResult();
+    }
+
     public User findBySubjectAndConnection(String subject, String connectionId) {
         CriteriaQuery<User> query = em.getCriteriaBuilder().createQuery(User.class);
         Root<User> queryRoot = query.from(User.class);
@@ -86,8 +100,20 @@ public User findOrCreate(User inputUser) {
                     + ", subject: " + user.getSubject());
         } catch (NoResultException e) {
             logger.debug("findOrCreate() subject " + subject +
-                    " could not be found by `entityManager`, going to create a new user.");
-            user = createUser(inputUser);
+                    " could not be found by `entityManager`, checking by email and connection");
+           try {
+               // If the user isn't found by subject then check by email and connection just
+               // in case they were created by jenkins
+               user = findByEmailAndConnection(inputUser.getEmail(), inputUser.getConnection().getId());
+               if (StringUtils.isEmpty(user.getSubject())) {
+                   user.setSubject(inputUser.getSubject());
+                   user.setGeneralMetadata(inputUser.getGeneralMetadata());
+               }
+           } catch (NoResultException ex) {
+               logger.debug("findOrCreate() email " + inputUser.getEmail() +
+                       " could not be found by `entityManager`, creating a new user");
+               user = createUser(inputUser);
+           }
         } catch (NonUniqueResultException e) {
             logger.error("findOrCreate() " + e.getClass().getSimpleName() + ": " + e.getMessage());
         }

diff --git a/...th-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/StudyAccessService.java b/...th-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/rest/StudyAccessService.java
@@ -0,0 +1,88 @@
+package edu.harvard.hms.dbmi.avillach.auth.rest;
+
+import edu.harvard.hms.dbmi.avillach.auth.data.entity.Role;
+import edu.harvard.hms.dbmi.avillach.auth.data.repository.RoleRepository;
+import edu.harvard.hms.dbmi.avillach.auth.service.auth.FENCEAuthenticationService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.annotation.security.RolesAllowed;
+import javax.inject.Inject;
+import javax.transaction.Transactional;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import java.util.Map;
+
+import static edu.harvard.hms.dbmi.avillach.auth.utils.AuthNaming.AuthRoleNaming.SUPER_ADMIN;
+
+/**
+ * <p>Endpoint for service handling business logic for adding all the auth
+ * rules for a given study</p>
+ * <p>Note: Only users with the super admin role can access this endpoint.</p>
+ */
+@Api
+@Path("/studyAccess")
+public class StudyAccessService {
+    Logger logger = LoggerFactory.getLogger(StudyAccessService.class);
+
+    public static final String MANUAL = "MANUAL_";
+    public static final String STUDY_IDENTIFIER = "study_identifier";
+    public static final String CONSENT_GROUP_CODE = "consent_group_code";
+
+    @Inject
+    FENCEAuthenticationService fenceAuthenticationService;
+
+    @ApiOperation(value = "POST a single study and it creates the role, privs, and rules for it, requires SUPER_ADMIN role")
+    @Transactional
+    @POST
+    @RolesAllowed(SUPER_ADMIN)
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Path("/")
+    public Response addStudyAccess(@ApiParam(value="The Study Identifier of the new study from the metadata.json") String studyIdentifier) {
+
+        if (StringUtils.isBlank(studyIdentifier)) {
+            return Response.status(Response.Status.BAD_REQUEST).entity("Study identifier cannot be blank").build();
+        }
+
+        Map fenceMappingForStudy = null;
+
+        try {
+            Map<String, Map> fenceMapping = fenceAuthenticationService.getFENCEMapping();
+            if (fenceMapping == null) {
+                throw new Exception("Fence mapping is null");
+            }
+            fenceMappingForStudy = fenceMapping.get(studyIdentifier);
+        } catch(Exception ex) {
+            logger.error(ex.toString());
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Error occurred while fetching FENCE mapping").build();
+        }
+
+        if (fenceMappingForStudy == null || fenceMappingForStudy.isEmpty()) {
+            logger.error("addStudyAccess - Could not find study: " + studyIdentifier + " in FENCE mapping");
+            return Response.status(Response.Status.BAD_REQUEST).entity("Could not find study with the provided identifier").build();
+        }
+
+        String projectId = (String) fenceMappingForStudy.get(STUDY_IDENTIFIER);
+        String consentCode = (String) fenceMappingForStudy.get(CONSENT_GROUP_CODE);
+        String newRoleName = StringUtils.isNotBlank(consentCode) ? MANUAL+projectId+"_"+consentCode : MANUAL+projectId;
+
+        logger.debug("addStudyAccess - New manual PSAMA role name: "+newRoleName);
+
+        if (fenceAuthenticationService.upsertRole(null, newRoleName, MANUAL + " role "+newRoleName)) {
+            logger.info("addStudyAccess - Updated user role. Now it includes `"+newRoleName+"`");
+             return Response.ok("Role '" + newRoleName + "' successfully created").build();
+        } else {
+            logger.error("addStudyAccess - could not add " + newRoleName + " role to to database");
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
+                           .entity("Could not add role '" + newRoleName + "' to database").build();
+        }
+    }
+}