Merge pull request #41 from ontoportal-lirmm/feature/add-multiprovide…

…r-auth

Feature: Add multi provider authentication

.dockerignore

@@ -9,3 +9,4 @@ tmp/*
 # Editor temp files
 *.swp
 *.swo
+test/solr

Gemfile

@@ -71,4 +71,5 @@ group :test do
   gem 'rack-test'
   gem 'simplecov', require: false
   gem 'simplecov-cobertura' # for codecov.io
+  gem 'webmock'
 end

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/ncbo/ncbo_ontology_recommender.git
-  revision: d0ac992c88bd417f2f2137ba62934c3c41b6db7c
+  revision: 83e835de368bc9f19da800a477982e0ad770900d
   branch: master
   specs:
     ncbo_ontology_recommender (0.0.1)
@@ -11,7 +11,7 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/goo.git
-  revision: cda6aff2338e2a2831e4e7bf716abdf8fa8483d2
+  revision: 1d78bde5a711d05475da0459308c7db074af5e21
   branch: development
   specs:
     goo (0.0.2)
@@ -53,8 +53,8 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/ontologies_linked_data.git
-  revision: e9b708c40b2b22b935fb48d18ed19de8148fca35
-  branch: development
+  revision: e4b3a6d9bf575c1420924d4dbe1490248040aff7
+  branch: feature/add-multi-provider-authentification
   specs:
     ontologies_linked_data (0.0.1)
       activesupport
@@ -103,16 +103,16 @@ GEM
     activesupport (3.2.22.5)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
-    addressable (2.8.1)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     airbrussh (1.4.1)
       sshkit (>= 1.6.1, != 1.7.0)
-    backports (3.23.0)
-    bcrypt (3.1.18)
+    backports (3.24.1)
+    bcrypt (3.1.19)
     bcrypt_pbkdf (1.1.0)
     bigdecimal (1.4.2)
     builder (3.2.4)
-    capistrano (3.17.1)
+    capistrano (3.17.3)
       airbrussh (>= 1.0.0)
       i18n
       rake (>= 10.0.0)
@@ -125,7 +125,9 @@ GEM
       capistrano (~> 3.1)
       sshkit (~> 1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.2.0)
+    concurrent-ruby (1.2.2)
+    crack (0.4.5)
+      rexml
     cube-ruby (0.0.3)
     dante (0.2.0)
     date (3.3.3)
@@ -160,9 +162,9 @@ GEM
     ffi (1.15.5)
     get_process_mem (0.2.7)
       ffi (~> 1.0)
-    google-apis-analytics_v3 (0.12.0)
-      google-apis-core (>= 0.9.1, < 2.a)
-    google-apis-core (0.11.0)
+    google-apis-analytics_v3 (0.13.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-apis-core (0.11.1)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
@@ -171,7 +173,7 @@ GEM
       retriable (>= 2.0, < 4.a)
       rexml
       webrick
-    googleauth (1.3.0)
+    googleauth (1.7.0)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
@@ -181,6 +183,7 @@ GEM
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt
+    hashdiff (1.0.1)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
@@ -191,9 +194,9 @@ GEM
     json-schema (2.8.1)
       addressable (>= 2.4)
     json_pure (2.6.3)
-    jwt (2.7.0)
+    jwt (2.7.1)
     kgio (2.11.4)
-    libxml-ruby (4.0.0)
+    libxml-ruby (4.1.1)
     logger (1.5.3)
     macaddr (1.7.2)
       systemu (~> 2.6.5)
@@ -215,7 +218,7 @@ GEM
     multi_json (1.15.0)
     multipart-post (2.3.0)
     net-http-persistent (2.9.4)
-    net-imap (0.3.4)
+    net-imap (0.3.7)
       date
       net-protocol
     net-pop (0.1.2)
@@ -226,9 +229,9 @@ GEM
       net-ssh (>= 2.6.5, < 8.0.0)
     net-smtp (0.3.3)
       net-protocol
-    net-ssh (7.0.1)
+    net-ssh (7.2.0)
     netrc (0.11.0)
-    newrelic_rpm (8.16.0)
+    newrelic_rpm (9.3.1)
     oj (2.18.5)
     omni_logger (0.1.4)
       logger
@@ -239,7 +242,7 @@ GEM
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.1)
+    public_suffix (5.0.3)
     rack (1.6.13)
     rack-accept (0.4.5)
       rack (>= 0.4)
@@ -249,7 +252,7 @@ GEM
       rack (>= 0.4)
     rack-cors (1.0.6)
       rack (>= 1.6.0)
-    rack-mini-profiler (3.0.0)
+    rack-mini-profiler (3.1.1)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
       rack
@@ -280,7 +283,7 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retriable (3.1.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
     rsolr (2.5.0)
       builder (>= 2.1.2)
       faraday (>= 0.9, < 3, != 2.0.0)
@@ -316,13 +319,13 @@ GEM
       rack-test
       sinatra (~> 1.4.0)
       tilt (>= 1.3, < 3)
-    sshkit (1.21.3)
+    sshkit (1.21.5)
       net-scp (>= 1.1.2)
       net-ssh (>= 2.8.0)
     systemu (2.6.5)
-    temple (0.10.0)
-    tilt (2.0.11)
-    timeout (0.3.2)
+    temple (0.10.2)
+    tilt (2.2.0)
+    timeout (0.4.0)
     trailblazer-option (0.1.2)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
@@ -338,9 +341,14 @@ GEM
       unicorn (>= 4, < 7)
     uuid (2.3.9)
       macaddr (~> 1.0)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webrick (1.8.1)
 
 PLATFORMS
+  x86_64-darwin-21
   x86_64-linux
 
 DEPENDENCIES
@@ -392,6 +400,7 @@ DEPENDENCIES
   sparql-client!
   unicorn
   unicorn-worker-killer
+  webmock
 
 BUNDLED WITH
    2.3.23

config/environments/test.rb

@@ -55,6 +55,24 @@
       "apikey" => "1cfae05f-9e67-486f-820b-b393dec5764b"
     }
   }
+  config.oauth_providers = {
+    github: {
+      check: :access_token,
+      link: 'https://api.github.com/user'
+    },
+    keycloak: {
+      check: :jwt_token,
+      cert: 'KEYCLOAK_SECRET_KEY'
+    },
+    orcid: {
+      check: :access_token,
+      link: 'https://pub.orcid.org/v3.0/me'
+    },
+    google: {
+      check: :access_token,
+      link: 'https://www.googleapis.com/oauth2/v3/userinfo'
+    }
+  }
 end
 
 Annotator.config do |config|

controllers/users_controller.rb

@@ -1,14 +1,17 @@
 class UsersController < ApplicationController
   namespace "/users" do
     post "/authenticate" do
-      user_id       = params["user"]
-      user_password = params["password"]
+
       # Modify params to show all user attributes
       params["display"] = User.attributes.join(",")
-      user = User.find(user_id).include(User.goo_attrs_to_load(includes_param) + [:passwordHash]).first
-      authenticated = user.authenticate(user_password) unless user.nil?
-      error 401, "Username/password combination invalid" unless authenticated
-      user.show_apikey = true
+
+      if params["access_token"]
+        user = oauth_authenticate(params)
+        user.bring(*User.goo_attrs_to_load(includes_param))
+      else
+        user = login_password_authenticate(params)
+      end
+      user.show_apikey = true unless user.nil?
       reply user
     end
 
@@ -20,17 +23,13 @@ class UsersController < ApplicationController
     post "/create_reset_password_token" do
       email    = params["email"]
       username = params["username"]
-      user = LinkedData::Models::User.where(email: email, username: username).include(LinkedData::Models::User.attributes).first
-      error 404, "User not found" unless user
-      reset_token = token(36)
-      user.resetToken = reset_token
+      user = send_reset_token(email, username)
+
       if user.valid?
-        user.save(override_security: true)
-        LinkedData::Utils::Notifications.reset_password(user, reset_token)
+        halt 204
       else
         error 422, user.errors
       end
-      halt 204
     end
 
     ##
@@ -42,11 +41,11 @@ class UsersController < ApplicationController
       email             = params["email"] || ""
       username          = params["username"] || ""
       token             = params["token"] || ""
+
       params["display"] = User.attributes.join(",") # used to serialize everything via the serializer
-      user = LinkedData::Models::User.where(email: email, username: username).include(User.goo_attrs_to_load(includes_param)).first
-      error 404, "User not found" unless user
-      if token.eql?(user.resetToken)
-        user.show_apikey = true
+
+      user, token_accepted = reset_password(email, username, token)
+      if token_accepted
         reply user
       else
         error 403, "Password reset not authorized with this token"
@@ -98,27 +97,14 @@ class UsersController < ApplicationController
 
     private
 
-    def token(len)
-      chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
-      token = ""
-      1.upto(len) { |i| token << chars[rand(chars.size-1)] }
-      token
-    end
 
     def create_user
       params ||= @params
       user = User.find(params["username"]).first
       error 409, "User with username `#{params["username"]}` already exists" unless user.nil?
       user = instance_from_params(User, params)
       if user.valid?
-        user.save
-        # Send an email to the administrator to warn him about the newly created user
-        begin
-          if !LinkedData.settings.admin_emails.nil? && !LinkedData.settings.admin_emails.empty?
-            LinkedData::Utils::Notifications.new_user(user)
-          end
-        rescue Exception => e
-        end
+        user.save(send_notifications: false)
       else
         error 422, user.errors
       end

docker-compose.yml

@@ -75,10 +75,14 @@ services:
 
   redis-ut:
     image: redis
+    ports:
+      - 6379:6379
 
   4store-ut:
     image: bde2020/4store
     #volume: fourstore:/var/lib/4store
+    ports:
+      - 9000:9000
     command: >
       bash -c "4s-backend-setup --segments 4 ontoportal_kb
       && 4s-backend ontoportal_kb
@@ -88,10 +92,20 @@ services:
 
 
   solr-ut:
-    image: ontoportal/solr-ut:0.1
+    image: solr:8
+    volumes:
+      - ./test/solr/configsets:/configsets:ro
+    ports:
+      - "8983:8983"
+    command: >
+      bash -c "precreate-core term_search_core1 /configsets/term_search
+      && precreate-core prop_search_core1 /configsets/property_search
+      && solr-foreground"
 
   mgrep-ut:
     image: ontoportal/mgrep-ncbo:0.1
+    ports:
+      - "55556:55555"
 
   agraph-ut:
     image: franzinc/agraph:v7.3.0

helpers/search_helper.rb

@@ -345,6 +345,7 @@ def populate_classes_from_search(classes, ontology_acronyms=nil)
           doc[:submission] = old_class.submission
           doc[:properties] = MultiJson.load(doc.delete(:propertyRaw)) if include_param_contains?(:properties)
           instance = LinkedData::Models::Class.read_only(doc)
+          instance.prefLabel =  instance.prefLabel.first if instance.prefLabel.is_a?(Array)
           classes_hash[ont_uri_class_uri] = instance
         end