Merge remote-tracking branch 'ecoportal/master' into ecoportal-ontopo…

…rtal-reset

Gemfile

@@ -19,7 +19,7 @@ gem 'json-ld'
 
 
 # Rack middleware
-gem 'ffi'
+gem 'ffi', '~> 1.15.5'
 gem 'rack-accept', '~> 0.4'
 gem 'rack-attack', '~> 6.6.1', require: 'rack/attack'
 gem 'rack-cache', '~> 1.13.0'
@@ -52,6 +52,7 @@ gem 'goo', github: 'ontoportal-lirmm/goo', branch: 'development'
 gem 'sparql-client', github: 'ontoportal-lirmm/sparql-client', branch: 'development'
 gem 'ontologies_linked_data', git: 'https://github.com/lifewatch-eric/ontologies_linked_data.git', branch: 'master'
 gem 'ncbo_cron', git: 'https://github.com/lifewatch-eric/ncbo_cron.git', branch: 'master'
+gem 'request_store'
 
 group :development do
   # bcrypt_pbkdf and ed35519 is required for capistrano deployments when using ed25519 keys; see https://github.com/miloserdow/capistrano-deploy/issues/42

Gemfile.lock

@@ -426,7 +426,7 @@ DEPENDENCIES
   cube-ruby
   ed25519 (>= 1.2, < 2.0)
   faraday (~> 1.9)
-  ffi
+  ffi (~> 1.15.5)
   goo!
   haml (~> 5.2.2)
   json-ld

config/deploy/production.rb

@@ -1,39 +1,13 @@
-# Simple Role Syntax
-# ==================
-# Supports bulk-adding hosts to roles, the primary
-# server in each group is considered to be the first
-# unless any hosts have the primary property set.
-# Don't declare `role :all`, it's a meta role
-role :app, %w{[email protected]}
-role :web, %w{[email protected]}
-role :db,  %w{[email protected]}
+set :branch, 'master'
+set :server, 'ecoportal.lifewatch.eu'
 
-# Extended Server Syntax
-# ======================
-# This can be used to drop a more detailed server
-# definition into the server list. The second argument
-# something that quacks like a hash can be used to set
-# extended properties on the server.
-server 'example.com', user: 'deploy', roles: %w{web app}, my_property: :my_value
+server fetch(:server), user: fetch(:user), roles: %w{web app}
 
-# you can set custom ssh options
-# it's possible to pass any option but you need to keep in mind that net/ssh understand limited list of options
-# you can see them in [net/ssh documentation](http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start)
-# set it globally
-#  set :ssh_options, {
-#    keys: %w(/home/rlisowski/.ssh/id_rsa),
-#    forward_agent: false,
-#    auth_methods: %w(password)
-#  }
-# and/or per server
-# server 'example.com',
-#   user: 'user_name',
-#   roles: %w{web app},
-#   ssh_options: {
-#     user: 'user_name', # overrides user setting above
-#     keys: %w(/home/user_name/.ssh/id_rsa),
-#     forward_agent: false,
-#     auth_methods: %w(publickey password)
-#     # password: 'please use keys'
-#   }
-# setting per server overrides global ssh_options
+set :ssh_options, {
+  user: 'ontoportal',
+  forward_agent: 'true',
+  #keys: %w(config/deploy_id_rsa),
+  #auth_methods: %w(publickey),
+  # use ssh proxy if UI servers are on a private network
+  #proxy: Net::SSH::Proxy::Command.new('ssh [email protected] -W %h:%p')
+}

controllers/users_controller.rb

@@ -1,17 +1,17 @@
-require 'jwt'
-
 class UsersController < ApplicationController
   namespace "/users" do
     post "/authenticate" do
+
       # Modify params to show all user attributes
       params["display"] = User.attributes.join(",")
-      if $SSO_ENABLED
-        user = sso_auth
+
+      if params["access_token"]
+        user = oauth_authenticate(params)
+        user.bring(*User.goo_attrs_to_load(includes_param))
       else
-        user = password_auth
+        user = login_password_authenticate(params)
       end
-
-      user.show_apikey = true
+      user.show_apikey = true unless user.nil?
       reply user
     end
 
@@ -98,71 +98,19 @@ class UsersController < ApplicationController
 
     private
 
-    def password_auth
-      user_id = params["user"]
-      user_password = params["password"]
-      user = User.find(user_id).include(User.goo_attrs_to_load(includes_param) + [:passwordHash]).first
-      authenticated = user.authenticate(user_password) unless user.nil?
-      error 401, "Username/password combination invalid" unless authenticated
-      user
-    end
-
-    def sso_auth
-      bearer_token = params["token"]
-      error 401, "No bearer token provided" unless bearer_token
-
-      begin
-        decoded_token = LinkedData::Security::Authorization.decodeJWT(bearer_token)
-      rescue JWT::DecodeError => e
-        error 401, "Failed to decode JWT token: " + e.message
-      end
-      token_payload = decoded_token[0]
-
-      user_id = token_payload[LinkedData.settings.oauth2_username_claim]
-      given_name = token_payload[LinkedData.settings.oauth2_given_name_claim]
-      family_name = token_payload[LinkedData.settings.oauth2_family_name_claim]
-      email = token_payload[LinkedData.settings.oauth2_email_claim]
-
-      user = User.find(user_id).include(User.goo_attrs_to_load(includes_param)).first
-
-      if user.nil? # first-time access, register new user
-        user_creation_params = {
-          username: user_id,
-          firstName: given_name,
-          lastName: family_name,
-          email: email,
-          password: SecureRandom.hex(16)
-        }
-
-        user = instance_from_params(User, user_creation_params)
-        save_user(user)
-      end
-      user
-    end
-
-    def token(len)
-      chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
-      token = ""
-      1.upto(len) { |i| token << chars[rand(chars.size-1)] }
-      token
-    end
 
     def create_user(send_notifications: true)
       params ||= @params
       user = User.find(params["username"]).first
       error 409, "User with username `#{params["username"]}` already exists" unless user.nil?
       params.delete("role") unless current_user.admin?
       user = instance_from_params(User, params)
-      save_user(user)
-      reply 201, user
-    end
-
-    def save_user(user)
       if user.valid?
         user.save(send_notifications: send_notifications)
       else
         error 422, user.errors
       end
+      reply 201, user
     end
   end
-end
+end

test/controllers/test_identifier_request_controller.rb

@@ -21,7 +21,7 @@ def setup
                                           hasOntologyLanguage: LinkedData::Models::OntologyFormat.find('OWL').first,
                                           contact: [LinkedData::Models::Contact.new(email: '[email protected]', name: 'test').save],
                                            released: DateTime.now, uploadFilePath: '',
-                                           URI: 'https://test.com/test',
+                                           URI: RDF::URI.new('https://test.com/test'),
                                            status: 'production',
                                            description: 'ontology description' ).save
     end