Merge pull request #36 from RADAR-base/release-1.2.1

Release 1.2.1

README.md

@@ -29,4 +29,48 @@ To build and run this application from Docker:
 docker build -t radarbase/radar-rest-source-auth-backend:1.0.1 .
 
 docker run -p 8080:8080 radarbase/radar-rest-source-auth-backend:latest
-```
+```
+
+## Validation
+
+There is validation available for the properties of the subject entered by the user. These are currenlty validated using the details from the Management portal. You can configure this according to your requirements as follows -
+
+### If don't need validation
+Add the `REST_SOURCE_AUTHORIZER_VALIDATOR` env var to your docker-compose service to disable validation-
+```yaml
+  radar-rest-sources-backend:
+    image: radarbase/radar-rest-source-auth-backend:1.2.1
+...
+    environment:
+...
+      - REST_SOURCE_AUTHORIZER_VALIDATOR=""
+    volumes:
+      - ./etc/rest-source-authorizer/:/app-includes/
+...
+
+```
+**Note: This will only disable backend validation. The frontend validation(based on Regex) will still exist.**
+
+### Enable validation using Management Portal
+
+#### First Create a new oAuth client in Management Portal
+To add new OAuth clients, you can add at runtime through the UI on Management Portal, or you can add them to the OAuth clients file referenced by the MANAGEMENTPORTAL_OAUTH_CLIENTS_FILE configuration option. For more info, see [officail docs](https://github.com/RADAR-base/ManagementPortal#oauth-clients)
+
+#### Then add the following to your rest authoriser service
+Add the following env vars to your docker-compose service-
+```yaml
+  radar-rest-sources-backend:
+    image: radarbase/radar-rest-source-auth-backend:1.2.1
+...
+    environment:
+...
+      - REST_SOURCE_AUTHORIZER_VALIDATOR=managementportal
+      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_BASE_URL=http://managementportal-app:8080/managementportal/
+      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_OAUTH_CLIENT_ID=radar_rest_sources_auth
+      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_OAUTH_CLIENT_SECRET=secret
+    volumes:
+      - ./etc/rest-source-authorizer/:/app-includes/
+...
+```
+
+**Note**: Make sure to configure the client id and client secret as created in the Management portal

authorizer-app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "authorizer-app",
-  "version": "1.0.1",
+  "version": "1.2.1",
   "description": "Simple app to authorize to collect data from third party services ",
   "repository": {
     "type": "git",

build.gradle

@@ -16,9 +16,7 @@ apply plugin: 'org.springframework.boot'
 apply plugin: 'io.spring.dependency-management'
 
 group = 'org.radarcns'
-
-version = '1.2.0'
-
+version = '1.2.1'
 sourceCompatibility = 1.8
 
 repositories {

src/main/java/org/radarbase/authorizer/config/ManagementPortalProperties.java

@@ -20,6 +20,17 @@ public class ManagementPortalProperties {
   @NotNull
   private String oauthClientSecret;
 
+  @NotNull
+  private String tokenPath;
+
+  public String getTokenPath() {
+    return tokenPath;
+  }
+
+  public void setTokenPath(String tokenPath) {
+    this.tokenPath = tokenPath;
+  }
+
   public String getBaseUrl() {
     return baseUrl;
   }
@@ -80,4 +91,16 @@ public boolean equals(Object o) {
   public int hashCode() {
     return Objects.hash(baseUrl, projectsPath, subjectsPath, oauthClientId, oauthClientSecret);
   }
+
+  @Override
+  public String toString() {
+    return "ManagementPortalProperties{" +
+        "baseUrl='" + baseUrl + '\'' +
+        ", projectsPath='" + projectsPath + '\'' +
+        ", subjectsPath='" + subjectsPath + '\'' +
+        ", oauthClientId='" + oauthClientId + '\'' +
+        ", oauthClientSecret='" + oauthClientSecret + '\'' +
+        ", tokenPath='" + tokenPath + '\'' +
+        '}';
+  }
 }

src/main/java/org/radarbase/authorizer/service/managementportal/CachedManagementPortalClient.java

@@ -21,11 +21,13 @@
 import org.radarbase.authorizer.service.dto.managementportal.Project;
 import org.radarbase.authorizer.service.dto.managementportal.Subject;
 import org.radarcns.exception.TokenException;
+import org.radarcns.oauth.OAuth2AccessTokenDetails;
 import org.radarcns.oauth.OAuth2Client;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.http.HttpHeaders;
 import org.springframework.stereotype.Service;
 
 @Service
@@ -80,9 +82,30 @@ private void init() throws MalformedURLException {
 
     this.oAuth2Client = new OAuth2Client.Builder()
         .credentials(properties.getOauthClientId(), properties.getOauthClientSecret())
-        .endpoint(new URL(properties.getBaseUrl()), "/oauth/token")
+        .endpoint(new URL(properties.getBaseUrl()), this.properties.getTokenPath())
         .httpClient(httpClient)
         .build();
+
+    LOGGER.info(this.properties.toString());
+    LOGGER
+        .info("Trying to get a Token and check if it has required permissions at the endpoint: {}",
+            this.oAuth2Client.getTokenEndpoint());
+    try {
+      OAuth2AccessTokenDetails accessToken = this.oAuth2Client.getValidToken();
+      if (accessToken.getScope().contains("PROJECT.READ") && accessToken.getScope()
+          .contains("SUBJECT.READ")) {
+        LOGGER.info("The client has sufficient privileges. Proceeding normally...");
+      } else {
+        throw new IllegalStateException(
+            "The configured oAuth client [" + this.properties.getOauthClientId() + ", "
+                + this.properties.getOauthClientSecret()
+                + "] does not have sufficient privileges on Management portal."
+                + " Please update it on Management portal or use a different client.");
+      }
+    } catch (TokenException exc) {
+      throw new IllegalStateException(
+          "There was a problem getting the oAuth token from the server: " + exc);
+    }
   }
 
   @Override
@@ -137,7 +160,7 @@ public Set<Project> getAllProjects() throws IOException, TokenException {
 
   private Subject querySubject(String subjectId) throws IOException, TokenException {
     Subject subject = queryEntity(
-        properties.getBaseUrl() + "/api" + properties.getSubjectsPath() + "/" + subjectId,
+        properties.getBaseUrl() + properties.getSubjectsPath() + "/" + subjectId,
         new TypeReference<Subject>() {
         });
     this.subjects.add(subject);
@@ -146,7 +169,7 @@ private Subject querySubject(String subjectId) throws IOException, TokenExceptio
 
   private Project queryProject(String projectId) throws IOException, TokenException {
     Project project = queryEntity(
-        properties.getBaseUrl() + "/api" + properties.getProjectsPath() + "/" + projectId,
+        properties.getBaseUrl() + properties.getProjectsPath() + "/" + projectId,
         new TypeReference<Project>() {
         });
 
@@ -157,7 +180,8 @@ private Project queryProject(String projectId) throws IOException, TokenExceptio
   private <T> T queryEntity(String url, TypeReference<T> t)
       throws TokenException, IOException {
     Request request = new Request.Builder()
-        .addHeader("Authorization", "Bearer " + oAuth2Client.getValidToken().getAccessToken())
+        .addHeader(HttpHeaders.AUTHORIZATION,
+            "Bearer " + oAuth2Client.getValidToken().getAccessToken())
         .url(new URL(url))
         .get()
         .build();
@@ -173,14 +197,14 @@ private <T> T queryEntity(String url, TypeReference<T> t)
 
   private Set<Subject> queryAllSubjects() throws IOException, TokenException {
     // get subjects from MP
-    return queryEntity(properties.getBaseUrl() + "/api" + properties.getSubjectsPath(),
+    return queryEntity(properties.getBaseUrl() + properties.getSubjectsPath(),
         new TypeReference<Set<Subject>>() {
         });
   }
 
   private Set<Project> queryAllProjects() throws IOException, TokenException {
     // get projects from MP
-    return queryEntity(properties.getBaseUrl() + "/api" + properties.getProjectsPath(),
+    return queryEntity(properties.getBaseUrl() + properties.getProjectsPath(),
         new TypeReference<Set<Project>>() {
         });
   }

src/main/resources/application.yml

@@ -25,8 +25,9 @@ rest-source-authorizer:
 
   validator: managementportal
   management-portal:
-    base-url: "http://localhost:8081"
-    projects-path: "/projects"
-    subjects-path: "/subjects"
+    base-url: "http://localhost:8081/"
+    projects-path: "api/projects"
+    subjects-path: "api/subjects"
+    token_path: "oauth/token"
     oauth-client-id: "radar_rest_sources_auth"
     oauth-client-secret: "secret"

src/main/resources/db/changelog/changes/00000000000000_initial_schema.xml

@@ -10,11 +10,11 @@
     <property name="now" value="current_timestamp" dbms="postgresql"/>
     <property name="autoIncrement" value="true"/>
 
-    <changeSet id="00000000000000" author="nivethika@thehyve.nl" dbms="postgresql,oracle,h2">
+    <changeSet id="00000000000000" logicalFilePath="db/changelog/changes/00000000000000_initial_schema.xml" author="nivethika@thehyve.nl" dbms="postgresql,oracle,h2">
         <createSequence sequenceName="hibernate_sequence" startValue="1000" incrementBy="50"/>
     </changeSet>
 
-    <changeSet id="00000000000001" author="nivethika@thehyve.nl">
+    <changeSet id="00000000000001" logicalFilePath="db/changelog/changes/00000000000000_initial_schema.xml" author="nivethika@thehyve.nl">
         <createTable tableName="rest_source_user">
             <column name="id" type="bigint" autoIncrement="${autoIncrement}">
                 <constraints primaryKey="true" nullable="false"/>

src/main/resources/db/changelog/db.changelog-master.yaml

@@ -1,3 +1,3 @@
 databaseChangeLog:
-    - includeAll:
-        path: db/changelog/changes/
+    - include:
+       file: db/changelog/changes/00000000000000_initial_schema.xml