From ce4f7b9dcf440cf1fd3e2881f613d651d545175d Mon Sep 17 00:00:00 2001
From: Syphax Bouazzouni <gs_bouazzouni@esi.dz>
Date: Tue, 5 Sep 2023 18:02:09 +0200
Subject: [PATCH] Merge pull request #41 from
 ontoportal-lirmm/feature/add-multiprovider-auth

Feature: Add multi provider authentication
---
 .dockerignore                                 |  1 +
 Gemfile                                       |  2 +
 Gemfile.lock                                  | 84 +++++++++++--------
 config/environments/test.rb                   | 18 ++++
 controllers/users_controller.rb               | 48 ++++-------
 docker-compose.yml                            | 16 +++-
 helpers/search_helper.rb                      |  1 +
 helpers/users_helper.rb                       | 49 +++++++++++
 .../controllers/test_ontologies_controller.rb |  4 +-
 .../test_ontology_submissions_controller.rb   |  9 +-
 test/controllers/test_search_controller.rb    | 27 ++++--
 test/controllers/test_users_controller.rb     | 36 ++++++++
 .../thesaurusINRAE_nouv_structure.rdf         |  2 +-
 test/middleware/test_rack_attack.rb           |  6 +-
 .../configsets/term_search/conf/schema.xml    | 41 +++++++--
 test/test_case.rb                             |  2 +
 16 files changed, 257 insertions(+), 89 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index cf76ed57..3b15d33c 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -9,3 +9,4 @@ tmp/*
 # Editor temp files
 *.swp
 *.swo
+test/solr
diff --git a/Gemfile b/Gemfile
index 5ff855ea..6a075a44 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,6 +13,7 @@ gem 'rake', '~> 10.0'
 gem 'sinatra', '~> 1.0'
 gem 'sinatra-advanced-routes'
 gem 'sinatra-contrib', '~> 1.0'
+gem 'request_store'
 
 # Rack middleware
 gem 'ffi'
@@ -71,4 +72,5 @@ group :test do
   gem 'rack-test'
   gem 'simplecov', require: false
   gem 'simplecov-cobertura' # for codecov.io
+  gem 'webmock'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 46b2a605..0c4e1b60 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/ncbo/ncbo_ontology_recommender.git
-  revision: d0ac992c88bd417f2f2137ba62934c3c41b6db7c
+  revision: 83e835de368bc9f19da800a477982e0ad770900d
   branch: master
   specs:
     ncbo_ontology_recommender (0.0.1)
@@ -11,7 +11,7 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/goo.git
-  revision: cda6aff2338e2a2831e4e7bf716abdf8fa8483d2
+  revision: ddb95e427950fde3ac715aec340394208c8166fe
   branch: development
   specs:
     goo (0.0.2)
@@ -53,7 +53,7 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/ontologies_linked_data.git
-  revision: e9b708c40b2b22b935fb48d18ed19de8148fca35
+  revision: 4c89c8346766d23e09b24c8e29750bf3a91e6b53
   branch: development
   specs:
     ontologies_linked_data (0.0.1)
@@ -103,16 +103,16 @@ GEM
     activesupport (3.2.22.5)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
-    addressable (2.8.1)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
-    airbrussh (1.4.1)
+    airbrussh (1.4.2)
       sshkit (>= 1.6.1, != 1.7.0)
-    backports (3.23.0)
-    bcrypt (3.1.18)
+    backports (3.24.1)
+    bcrypt (3.1.19)
     bcrypt_pbkdf (1.1.0)
     bigdecimal (1.4.2)
     builder (3.2.4)
-    capistrano (3.17.1)
+    capistrano (3.17.3)
       airbrussh (>= 1.0.0)
       i18n
       rake (>= 10.0.0)
@@ -125,7 +125,10 @@ GEM
       capistrano (~> 3.1)
       sshkit (~> 1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.2.0)
+    concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
+    crack (0.4.5)
+      rexml
     cube-ruby (0.0.3)
     dante (0.2.0)
     date (3.3.3)
@@ -160,9 +163,9 @@ GEM
     ffi (1.15.5)
     get_process_mem (0.2.7)
       ffi (~> 1.0)
-    google-apis-analytics_v3 (0.12.0)
-      google-apis-core (>= 0.9.1, < 2.a)
-    google-apis-core (0.11.0)
+    google-apis-analytics_v3 (0.13.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-apis-core (0.11.1)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
@@ -171,7 +174,7 @@ GEM
       retriable (>= 2.0, < 4.a)
       rexml
       webrick
-    googleauth (1.3.0)
+    googleauth (1.7.0)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
@@ -181,6 +184,7 @@ GEM
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt
+    hashdiff (1.0.1)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
@@ -191,9 +195,9 @@ GEM
     json-schema (2.8.1)
       addressable (>= 2.4)
     json_pure (2.6.3)
-    jwt (2.7.0)
+    jwt (2.7.1)
     kgio (2.11.4)
-    libxml-ruby (4.0.0)
+    libxml-ruby (4.1.1)
     logger (1.5.3)
     macaddr (1.7.2)
       systemu (~> 2.6.5)
@@ -204,10 +208,10 @@ GEM
       net-smtp
     memoist (0.16.2)
     method_source (1.0.0)
-    mime-types (3.4.1)
+    mime-types (3.5.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
-    mini_mime (1.1.2)
+    mime-types-data (3.2023.0808)
+    mini_mime (1.1.5)
     minitest (4.7.5)
     minitest-stub_any_instance (1.0.3)
     mlanett-redis-lock (0.2.7)
@@ -215,7 +219,7 @@ GEM
     multi_json (1.15.0)
     multipart-post (2.3.0)
     net-http-persistent (2.9.4)
-    net-imap (0.3.4)
+    net-imap (0.3.7)
       date
       net-protocol
     net-pop (0.1.2)
@@ -226,9 +230,9 @@ GEM
       net-ssh (>= 2.6.5, < 8.0.0)
     net-smtp (0.3.3)
       net-protocol
-    net-ssh (7.0.1)
+    net-ssh (7.2.0)
     netrc (0.11.0)
-    newrelic_rpm (8.16.0)
+    newrelic_rpm (9.4.2)
     oj (2.18.5)
     omni_logger (0.1.4)
       logger
@@ -239,48 +243,53 @@ GEM
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.1)
+    public_suffix (5.0.3)
     rack (1.6.13)
     rack-accept (0.4.5)
       rack (>= 0.4)
     rack-attack (6.6.1)
       rack (>= 1.0, < 3)
-    rack-cache (1.13.0)
+    rack-cache (1.14.0)
       rack (>= 0.4)
     rack-cors (1.0.6)
       rack (>= 1.6.0)
-    rack-mini-profiler (3.0.0)
+    rack-mini-profiler (3.1.1)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
       rack
-    rack-test (2.0.2)
+    rack-test (2.1.0)
       rack (>= 1.3)
     rack-timeout (0.6.3)
-    raindrops (0.20.0)
+    raindrops (0.20.1)
     rake (10.5.0)
     rdf (1.0.8)
       addressable (>= 2.2)
     redcarpet (3.6.0)
-    redis (4.8.1)
+    redis (5.0.7)
+      redis-client (>= 0.9.0)
     redis-activesupport (5.3.0)
       activesupport (>= 3, < 8)
       redis-store (>= 1.3, < 2)
+    redis-client (0.16.0)
+      connection_pool
     redis-rack-cache (2.2.1)
       rack-cache (>= 1.10, < 2)
       redis-store (>= 1.6, < 2)
-    redis-store (1.9.1)
-      redis (>= 4, < 5)
+    redis-store (1.9.2)
+      redis (>= 4, < 6)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
+    request_store (1.5.1)
+      rack (>= 1.4)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retriable (3.1.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
     rsolr (2.5.0)
       builder (>= 2.1.2)
       faraday (>= 0.9, < 3, != 2.0.0)
@@ -316,13 +325,13 @@ GEM
       rack-test
       sinatra (~> 1.4.0)
       tilt (>= 1.3, < 3)
-    sshkit (1.21.3)
+    sshkit (1.21.5)
       net-scp (>= 1.1.2)
       net-ssh (>= 2.8.0)
     systemu (2.6.5)
-    temple (0.10.0)
-    tilt (2.0.11)
-    timeout (0.3.2)
+    temple (0.10.2)
+    tilt (2.2.0)
+    timeout (0.4.0)
     trailblazer-option (0.1.2)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
@@ -338,9 +347,14 @@ GEM
       unicorn (>= 4, < 7)
     uuid (2.3.9)
       macaddr (~> 1.0)
+    webmock (3.19.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webrick (1.8.1)
 
 PLATFORMS
+  x86_64-darwin-21
   x86_64-linux
 
 DEPENDENCIES
@@ -383,6 +397,7 @@ DEPENDENCIES
   redis
   redis-activesupport
   redis-rack-cache (~> 2.0)
+  request_store
   shotgun!
   simplecov
   simplecov-cobertura
@@ -392,6 +407,7 @@ DEPENDENCIES
   sparql-client!
   unicorn
   unicorn-worker-killer
+  webmock
 
 BUNDLED WITH
    2.3.23
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 0f421dec..16bf407a 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -55,6 +55,24 @@
       "apikey" => "1cfae05f-9e67-486f-820b-b393dec5764b"
     }
   }
+  config.oauth_providers = {
+    github: {
+      check: :access_token,
+      link: 'https://api.github.com/user'
+    },
+    keycloak: {
+      check: :jwt_token,
+      cert: 'KEYCLOAK_SECRET_KEY'
+    },
+    orcid: {
+      check: :access_token,
+      link: 'https://pub.orcid.org/v3.0/me'
+    },
+    google: {
+      check: :access_token,
+      link: 'https://www.googleapis.com/oauth2/v3/userinfo'
+    }
+  }
 end
 
 Annotator.config do |config|
diff --git a/controllers/users_controller.rb b/controllers/users_controller.rb
index 00b6e732..09a1835b 100644
--- a/controllers/users_controller.rb
+++ b/controllers/users_controller.rb
@@ -1,14 +1,17 @@
 class UsersController < ApplicationController
   namespace "/users" do
     post "/authenticate" do
-      user_id       = params["user"]
-      user_password = params["password"]
+
       # Modify params to show all user attributes
       params["display"] = User.attributes.join(",")
-      user = User.find(user_id).include(User.goo_attrs_to_load(includes_param) + [:passwordHash]).first
-      authenticated = user.authenticate(user_password) unless user.nil?
-      error 401, "Username/password combination invalid" unless authenticated
-      user.show_apikey = true
+
+      if params["access_token"]
+        user = oauth_authenticate(params)
+        user.bring(*User.goo_attrs_to_load(includes_param))
+      else
+        user = login_password_authenticate(params)
+      end
+      user.show_apikey = true unless user.nil?
       reply user
     end
 
@@ -20,17 +23,13 @@ class UsersController < ApplicationController
     post "/create_reset_password_token" do
       email    = params["email"]
       username = params["username"]
-      user = LinkedData::Models::User.where(email: email, username: username).include(LinkedData::Models::User.attributes).first
-      error 404, "User not found" unless user
-      reset_token = token(36)
-      user.resetToken = reset_token
+      user = send_reset_token(email, username)
+
       if user.valid?
-        user.save(override_security: true)
-        LinkedData::Utils::Notifications.reset_password(user, reset_token)
+        halt 204
       else
         error 422, user.errors
       end
-      halt 204
     end
 
     ##
@@ -42,11 +41,11 @@ class UsersController < ApplicationController
       email             = params["email"] || ""
       username          = params["username"] || ""
       token             = params["token"] || ""
+
       params["display"] = User.attributes.join(",") # used to serialize everything via the serializer
-      user = LinkedData::Models::User.where(email: email, username: username).include(User.goo_attrs_to_load(includes_param)).first
-      error 404, "User not found" unless user
-      if token.eql?(user.resetToken)
-        user.show_apikey = true
+
+      user, token_accepted = reset_password(email, username, token)
+      if token_accepted
         reply user
       else
         error 403, "Password reset not authorized with this token"
@@ -98,12 +97,6 @@ class UsersController < ApplicationController
 
     private
 
-    def token(len)
-      chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
-      token = ""
-      1.upto(len) { |i| token << chars[rand(chars.size-1)] }
-      token
-    end
 
     def create_user
       params ||= @params
@@ -111,14 +104,7 @@ def create_user
       error 409, "User with username `#{params["username"]}` already exists" unless user.nil?
       user = instance_from_params(User, params)
       if user.valid?
-        user.save
-        # Send an email to the administrator to warn him about the newly created user
-        begin
-          if !LinkedData.settings.admin_emails.nil? && !LinkedData.settings.admin_emails.empty?
-            LinkedData::Utils::Notifications.new_user(user)
-          end
-        rescue Exception => e
-        end
+        user.save(send_notifications: false)
       else
         error 422, user.errors
       end
diff --git a/docker-compose.yml b/docker-compose.yml
index de084081..5cb64963 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -75,10 +75,14 @@ services:
 
   redis-ut:
     image: redis
+    ports:
+      - 6379:6379
 
   4store-ut:
     image: bde2020/4store
     #volume: fourstore:/var/lib/4store
+    ports:
+      - 9000:9000
     command: >
       bash -c "4s-backend-setup --segments 4 ontoportal_kb
       && 4s-backend ontoportal_kb
@@ -88,10 +92,20 @@ services:
 
 
   solr-ut:
-    image: ontoportal/solr-ut:0.1
+    image: solr:8
+    volumes:
+      - ./test/solr/configsets:/configsets:ro
+    ports:
+      - "8983:8983"
+    command: >
+      bash -c "precreate-core term_search_core1 /configsets/term_search
+      && precreate-core prop_search_core1 /configsets/property_search
+      && solr-foreground"
 
   mgrep-ut:
     image: ontoportal/mgrep-ncbo:0.1
+    ports:
+      - "55556:55555"
 
   agraph-ut:
     image: franzinc/agraph:v7.3.0
diff --git a/helpers/search_helper.rb b/helpers/search_helper.rb
index 10de14c0..5d37d884 100644
--- a/helpers/search_helper.rb
+++ b/helpers/search_helper.rb
@@ -345,6 +345,7 @@ def populate_classes_from_search(classes, ontology_acronyms=nil)
           doc[:submission] = old_class.submission
           doc[:properties] = MultiJson.load(doc.delete(:propertyRaw)) if include_param_contains?(:properties)
           instance = LinkedData::Models::Class.read_only(doc)
+          instance.prefLabel =  instance.prefLabel.first if instance.prefLabel.is_a?(Array)
           classes_hash[ont_uri_class_uri] = instance
         end
 
diff --git a/helpers/users_helper.rb b/helpers/users_helper.rb
index 5d4266c1..e2c69e60 100644
--- a/helpers/users_helper.rb
+++ b/helpers/users_helper.rb
@@ -17,6 +17,55 @@ def filter_for_user_onts(obj)
 
         obj
       end
+
+      def send_reset_token(email, username)
+        user = LinkedData::Models::User.where(email: email, username: username).include(LinkedData::Models::User.attributes).first
+        error 404, "User not found" unless user
+        reset_token = token(36)
+        user.resetToken = reset_token
+
+        return user if user.valid?
+
+        user.save(override_security: true)
+        LinkedData::Utils::Notifications.reset_password(user, reset_token)
+        user
+      end
+      
+      def token(len)
+        chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
+        token = ""
+        1.upto(len) { |i| token << chars[rand(chars.size-1)] }
+        token
+      end
+
+      def reset_password(email, username, token)
+        user = LinkedData::Models::User.where(email: email, username: username).include(User.goo_attrs_to_load(includes_param)).first
+
+        error 404, "User not found" unless user
+
+        user.show_apikey = true
+
+        [user, token.eql?(user.resetToken)]
+      end
+
+      def oauth_authenticate(params)
+        access_token  = params["access_token"]
+        provider  = params["token_provider"]
+        user = LinkedData::Models::User.oauth_authenticate(access_token, provider)
+        error 401, "Access token invalid"if user.nil?
+        user
+      end
+
+      def login_password_authenticate(params)
+        user_id       = params["user"]
+        user_password = params["password"]
+        user = User.find(user_id).include(User.goo_attrs_to_load(includes_param) + [:passwordHash]).first
+        authenticated = false
+        authenticated = user.authenticate(user_password) unless user.nil?
+        error 401, "Username/password combination invalid" unless authenticated
+
+        user
+      end
     end
   end
 end
diff --git a/test/controllers/test_ontologies_controller.rb b/test/controllers/test_ontologies_controller.rb
index 4713b699..dc79359b 100644
--- a/test/controllers/test_ontologies_controller.rb
+++ b/test/controllers/test_ontologies_controller.rb
@@ -217,13 +217,13 @@ def test_download_acl_only
     begin
       allowed_user = User.new({
         username: "allowed",
-        email: "test@example.org",
+        email: "test1@example.org",
         password: "12345"
       })
       allowed_user.save
       blocked_user = User.new({
         username: "blocked",
-        email: "test@example.org",
+        email: "test2@example.org",
         password: "12345"
       })
       blocked_user.save
diff --git a/test/controllers/test_ontology_submissions_controller.rb b/test/controllers/test_ontology_submissions_controller.rb
index 7500dce4..c233721e 100644
--- a/test/controllers/test_ontology_submissions_controller.rb
+++ b/test/controllers/test_ontology_submissions_controller.rb
@@ -18,7 +18,10 @@ def self._set_vars
       administeredBy: "tim",
       "file" => Rack::Test::UploadedFile.new(@@test_file, ""),
       released: DateTime.now.to_s,
-      contact: [{name: "test_name", email: "test@example.org"}]
+      contact: [{name: "test_name", email: "test3@example.org"}],
+      URI: 'https://test.com/test',
+      status: 'production',
+      description: 'ontology description'
     }
     @@status_uploaded = "UPLOADED"
     @@status_rdf = "RDF"
@@ -156,13 +159,13 @@ def test_download_acl_only
     begin
       allowed_user = User.new({
         username: "allowed",
-        email: "test@example.org",
+        email: "test4@example.org",
         password: "12345"
       })
       allowed_user.save
       blocked_user = User.new({
         username: "blocked",
-        email: "test@example.org",
+        email: "test5@example.org",
         password: "12345"
       })
       blocked_user.save
diff --git a/test/controllers/test_search_controller.rb b/test/controllers/test_search_controller.rb
index 44c67c7e..21a3dd18 100644
--- a/test/controllers/test_search_controller.rb
+++ b/test/controllers/test_search_controller.rb
@@ -85,7 +85,7 @@ def test_search_ontology_filter
     assert last_response.ok?
     results = MultiJson.load(last_response.body)
     doc = results["collection"][0]
-    assert_equal "cell line", doc["prefLabel"]
+    assert_equal "cell line", doc["prefLabel"].first
     assert doc["links"]["ontology"].include? acronym
     results["collection"].each do |doc|
       acr = doc["links"]["ontology"].split('/')[-1]
@@ -103,7 +103,8 @@ def test_search_other_filters
     get "search?q=data&require_definitions=true"
     assert last_response.ok?
     results = MultiJson.load(last_response.body)
-    assert_equal 26, results["collection"].length
+    assert results["collection"].all? {|doc| !doc["definition"].nil? && doc.values.flatten.join(" ").include?("data") }
+    #assert_equal 26, results["collection"].length
 
     get "search?q=data&require_definitions=false"
     assert last_response.ok?
@@ -115,10 +116,14 @@ def test_search_other_filters
 
     get "search?q=Integration%20and%20Interoperability&ontologies=#{acronym}"
     results = MultiJson.load(last_response.body)
-    assert_equal 22, results["collection"].length
+
+    assert results["collection"].all? { |x| !x["obsolete"] }
+    count = results["collection"].length
+
     get "search?q=Integration%20and%20Interoperability&ontologies=#{acronym}&also_search_obsolete=false"
     results = MultiJson.load(last_response.body)
-    assert_equal 22, results["collection"].length
+    assert_equal count, results["collection"].length
+
     get "search?q=Integration%20and%20Interoperability&ontologies=#{acronym}&also_search_obsolete=true"
     results = MultiJson.load(last_response.body)
     assert_equal 29, results["collection"].length
@@ -134,8 +139,14 @@ def test_search_other_filters
     # testing cui and semantic_types flags
     get "search?q=Funding%20Resource&ontologies=#{acronym}&include=prefLabel,synonym,definition,notation,cui,semanticType"
     results = MultiJson.load(last_response.body)
-    assert_equal 35, results["collection"].length
-    assert_equal "Funding Resource", results["collection"][0]["prefLabel"]
+    #assert_equal 35, results["collection"].length
+    assert results["collection"].all? do |r|
+      ["prefLabel", "synonym", "definition", "notation", "cui", "semanticType"].map {|x| r[x]}
+                                                                               .flatten
+                                                                               .join(' ')
+                                                                               .include?("Funding Resource")
+    end
+    assert_equal "Funding Resource", results["collection"][0]["prefLabel"].first
     assert_equal "T028", results["collection"][0]["semanticType"][0]
     assert_equal "X123456", results["collection"][0]["cui"][0]
 
@@ -190,7 +201,7 @@ def test_search_provisional_class
     assert_equal 10, results["collection"].length
     provisional = results["collection"].select {|res| assert_equal ontology_type, res["ontologyType"]; res["provisional"]}
     assert_equal 1, provisional.length
-    assert_equal @@test_pc_root.label, provisional[0]["prefLabel"]
+    assert_equal @@test_pc_root.label, provisional[0]["prefLabel"].first
 
     # subtree root with provisional class test
     get "search?ontology=#{acronym}&subtree_root_id=#{CGI::escape(@@cls_uri.to_s)}&also_search_provisional=true"
@@ -199,7 +210,7 @@ def test_search_provisional_class
 
     provisional = results["collection"].select {|res| res["provisional"]}
     assert_equal 1, provisional.length
-    assert_equal @@test_pc_child.label, provisional[0]["prefLabel"]
+    assert_equal @@test_pc_child.label, provisional[0]["prefLabel"].first
   end
 
 end
diff --git a/test/controllers/test_users_controller.rb b/test/controllers/test_users_controller.rb
index 337da52e..3710b503 100644
--- a/test/controllers/test_users_controller.rb
+++ b/test/controllers/test_users_controller.rb
@@ -100,4 +100,40 @@ def test_authentication
     assert user["username"].eql?(@@usernames.first)
   end
 
+  def test_oauth_authentication
+    fake_responses = {
+      github: {
+        id: 123456789,
+        login: 'github_user',
+        email: 'github_user@example.com',
+        name: 'GitHub User',
+        avatar_url: 'https://avatars.githubusercontent.com/u/123456789'
+      },
+      google: {
+        sub: 'google_user_id',
+        email: 'google_user@example.com',
+        name: 'Google User',
+        given_name: 'Google',
+        family_name: 'User',
+        picture: 'https://lh3.googleusercontent.com/a-/user-profile-image-url'
+      },
+      orcid: {
+        orcid: '0000-0002-1825-0097',
+        email: 'orcid_user@example.com',
+        name: {
+          "family-name": 'ORCID',
+          "given-names": 'User'
+        }
+      }
+    }
+
+    fake_responses.each do |provider, data|
+      WebMock.stub_request(:get, LinkedData::Models::User.oauth_providers[provider][:link])
+             .to_return(status: 200, body: data.to_json, headers: { 'Content-Type' => 'application/json' })
+      post "/users/authenticate", {access_token:'jkooko', token_provider: provider.to_s}
+      assert last_response.ok?
+      user = MultiJson.load(last_response.body)
+      assert data[:email], user["email"]
+    end
+  end
 end
diff --git a/test/data/ontology_files/thesaurusINRAE_nouv_structure.rdf b/test/data/ontology_files/thesaurusINRAE_nouv_structure.rdf
index 8353d82f..ca303834 100644
--- a/test/data/ontology_files/thesaurusINRAE_nouv_structure.rdf
+++ b/test/data/ontology_files/thesaurusINRAE_nouv_structure.rdf
@@ -30,7 +30,7 @@
 <owl:NamedIndividual rdf:about="http://aims.fao.org/aos/agrovoc/xl_tr_1331561625299">
         <rdf:type rdf:resource="http://www.w3.org/2008/05/skos-xl#Label"/>
         <skos:notation rdf:datatype="http://aims.fao.org/aos/agrovoc/AgrovocCode">1331561625299</skos:notation>
-        <skos-xl:literalForm xml:lang="tr">aktivite</skos-xl:literalForm>
+        <skos-xl:literalForm >aktivite</skos-xl:literalForm>
         <terms:created rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2012-03-12T22:13:45Z</terms:created>
         <terms:modified rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2017-09-22T14:09:06Z</terms:modified>
         <void:inDataset rdf:resource="http://aims.fao.org/aos/agrovoc/void.ttl#Agrovoc"/>
diff --git a/test/middleware/test_rack_attack.rb b/test/middleware/test_rack_attack.rb
index 43143080..0b10c9e1 100644
--- a/test/middleware/test_rack_attack.rb
+++ b/test/middleware/test_rack_attack.rb
@@ -18,14 +18,14 @@ def self.before_suite
     LinkedData::OntologiesAPI.settings.req_per_second_per_ip = 1
     LinkedData::OntologiesAPI.settings.safe_ips = Set.new(["1.2.3.4", "1.2.3.5"])
 
-    @@user = LinkedData::Models::User.new({username: "user", password: "test_password", email: "test_email@example.org"})
+    @@user = LinkedData::Models::User.new({username: "user", password: "test_password", email: "test_email1@example.org"})
     @@user.save
 
-    @@bp_user = LinkedData::Models::User.new({username: "ncbobioportal", password: "test_password", email: "test_email@example.org"})
+    @@bp_user = LinkedData::Models::User.new({username: "ncbobioportal", password: "test_password", email: "test_email2@example.org"})
     @@bp_user.save
 
     admin_role = LinkedData::Models::Users::Role.find("ADMINISTRATOR").first
-    @@admin = LinkedData::Models::User.new({username: "admin", password: "test_password", email: "test_email@example.org", role: [admin_role]})
+    @@admin = LinkedData::Models::User.new({username: "admin", password: "test_password", email: "test_email3@example.org", role: [admin_role]})
     @@admin.save
 
     # Redirect output or we get a bunch of noise from Rack (gets reset in the after_suite method).
diff --git a/test/solr/configsets/term_search/conf/schema.xml b/test/solr/configsets/term_search/conf/schema.xml
index 6b18a2a1..fa95e127 100644
--- a/test/solr/configsets/term_search/conf/schema.xml
+++ b/test/solr/configsets/term_search/conf/schema.xml
@@ -128,11 +128,20 @@
     <field name="resource_id"           type="string"             indexed="true"  stored="true"  multiValued="false" required="true" />
 
     <!-- searchable fields -->
-    <field name="prefLabel"             type="text_general"       indexed="true"  stored="true"  multiValued="false" />
-    <field name="prefLabelExact"        type="string_ci"          indexed="true"  stored="true"  multiValued="false" />
-    <field name="prefLabelSuggest"      type="text_suggest"       indexed="true"  stored="true"  omitNorms="true" />
-    <field name="prefLabelSuggestEdge"  type="text_suggest_edge"  indexed="true"  stored="true" />
-    <field name="prefLabelSuggestNgram" type="text_suggest_ngram" indexed="true"  stored="true"  omitNorms="true" />
+    <!-- all languages fields -->
+    <field name="prefLabel"             type="text_general"       indexed="true"  stored="true"  multiValued="true" />
+    <field name="prefLabelExact"        type="string_ci"          indexed="true"  stored="true"  multiValued="true" />
+    <field name="prefLabelSuggest"      type="text_suggest"       indexed="true"  stored="true"  multiValued="true"  omitNorms="true" />
+    <field name="prefLabelSuggestEdge"  type="text_suggest_edge"  indexed="true"  stored="true"  multiValued="true"  />
+    <field name="prefLabelSuggestNgram" type="text_suggest_ngram" indexed="true"  stored="true"  multiValued="true"  omitNorms="true" />
+
+    <!--  language specific fields  (e.g prefLabel_en or prefLabel_fr) -->
+    <dynamicField name="prefLabel_*" type="text_general" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="prefLabelExact_*" type="string_ci" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="prefLabelSuggest_*" type="text_suggest" indexed="true" stored="true" omitNorms="true" multiValued="true" />
+    <dynamicField name="prefLabelSuggestEdge_*" type="text_suggest_edge" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="prefLabelSuggestNgram_*" type="text_suggest_ngram" indexed="true" stored="true" omitNorms="true" multiValued="true" />
+
 
     <field name="synonym"               type="text_general"       indexed="true"  stored="true"  multiValued="true" />
     <field name="synonymExact"          type="string_ci"          indexed="true"  stored="true"  multiValued="true" />
@@ -140,9 +149,18 @@
     <field name="synonymSuggestEdge"    type="text_suggest_edge"  indexed="true"  stored="true"  multiValued="true" />
     <field name="synonymSuggestNgram"   type="text_suggest_ngram" indexed="true"  stored="true"  omitNorms="true" multiValued="true" />
 
+    <dynamicField name="synonym_*" type="text_general" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="synonymExact_*" type="string_ci" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="synonymSuggest_*" type="text_suggest" indexed="true" stored="true" omitNorms="true" multiValued="true" />
+    <dynamicField name="synonymSuggestEdge_*" type="text_suggest_edge" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="synonymSuggestNgram_*" type="text_suggest_ngram" indexed="true" stored="true" omitNorms="true" multiValued="true" />
+
+
     <field name="notation"              type="text_general"       indexed="true"  stored="true"  multiValued="false" />
 
-    <field name="definition"            type="string"             indexed="true"  stored="true"  multiValued="true" />
+    <field name="definition" type="string" indexed="true" stored="true" multiValued="true" />
+    <dynamicField name="definition_*" type="string" indexed="true" stored="true" multiValued="true" />
+
     <field name="submissionAcronym"     type="string"             indexed="true"  stored="true"  multiValued="false" />
     <field name="parents"               type="string"             indexed="true"  stored="true"  multiValued="true" />
     <field name="ontologyType"          type="ontologyType"       indexed="true"  stored="true"  multiValued="false" />
@@ -251,6 +269,17 @@
     <copyField source="synonym" dest="synonymSuggestEdge" />
     <copyField source="synonym" dest="synonymSuggestNgram" />
 
+    <copyField source="prefLabel_*" dest="prefLabelExact_*" />
+    <copyField source="prefLabel_*" dest="prefLabelSuggest_*" />
+    <copyField source="prefLabel_*" dest="prefLabelSuggestEdge_*" />
+    <copyField source="prefLabel_*" dest="prefLabelSuggestNgram_*" />
+
+
+    <copyField source="synonym_*" dest="synonymExact_*" />
+    <copyField source="synonym_*" dest="synonymSuggest_*" />
+    <copyField source="synonym_*" dest="synonymSuggestEdge_*" />
+    <copyField source="synonym_*" dest="synonymSuggestNgram_*" />
+
     <copyField source="notation" dest="_text_"/>
 
 
diff --git a/test/test_case.rb b/test/test_case.rb
index 7d3d0716..be162d5e 100644
--- a/test/test_case.rb
+++ b/test/test_case.rb
@@ -21,7 +21,9 @@
 require_relative 'test_log_file'
 require_relative '../app'
 require 'minitest/unit'
+require 'webmock/minitest'
 MiniTest::Unit.autorun
+WebMock.allow_net_connect!
 require 'rack/test'
 require 'multi_json'
 require 'oj'