RADAR-base · dennyverbeeck · Aug 29, 2018 · Jul 23, 2018 · Jul 23, 2018 · Jul 23, 2018
@@ -9,6 +9,7 @@ root = true
 # Change these settings to your own preference
 indent_style = space
 indent_size = 4
+continuation_indent_size = 8
 
 # We recommend you to keep these unchanged
 end_of_line = lf
@@ -22,3 +23,4 @@ trim_trailing_whitespace = false
 [{package,bower}.json]
 indent_style = space
 indent_size = 2
+
@@ -50,7 +50,6 @@ script:
   - ./gradlew generateJavaClient
   - killall java # stop running MP instance
   - ./src/test/bash/run-prod-e2e.sh
-  - ./src/test/bash/test-docker-build-on-release-branch.sh
   - echo "include 'managementportal-client'" >> settings.gradle # make this a sub-project so we can build artifacts and javadoc easily
 after_script:
   - ./gradlew sendCoverageToCodacy

@@ -103,6 +103,10 @@ for other options on overriding the default configuration.
 | `MANAGEMENTPORTAL_OAUTH_CHECKING_KEY_ALIASES_0`            | None                                                | Alias in the keystore of the public key to use for checking. Define multiple aliases by increasing number suffix (i.e. setting `MANAGEMENTPORTAL_OAUTH_CHECKING_KEY_ALIASES_1`, `MANAGEMENTPORTAL_OAUTH_CHECKING_KEY_ALIASES_2` etc.). If you do not set a list of checking key aliases, the public key of the signing keypair will be used for checking signatures. |
 | `MANAGEMENTPORTAL_CATALOGUE_SERVER_ENABLE_AUTO_IMPORT`     | `false`                                             | Wether to enable or disable auto import of sources from the catalogue server                           |
 | `MANAGEMENTPORTAL_CATALOGUE_SERVER_SERVER_URL`             | None                                                | URL to the catalogue server                                                                            |
+| `MANAGEMENTPORTAL_COMMON_BASE_URL`                         | None                                                | Resolvable baseUrl of the hosted platform                                                              |
+| `MANAGEMENTPORTAL_COMMON_MANAGEMENT_PORTAL_BASE_URL`       | None                                                | Resolvable baseUrl of this managementportal  instance                                                  |
+| `MANAGEMENTPORTAL_COMMON_PRIVACY_POLICY_URL`               | None                                                | Resolvable URL to the common privacy policy url                                                        |
+| `MANAGEMENTPORTAL_COMMON_ADMIN_PASSWORD`                   | None                                                | Admin password                                                                                         |
 | `JHIPSTER_SLEEP`                                           | `10`                                                | Time in seconds that the application should wait at bootup. Used to allow the database to become ready |
 | `JAVA_OPTS`                                                | `-Xmx512m`                                          | Options to pass on the JVM                                                                             |
 

@@ -32,7 +32,7 @@ plugins {
 allprojects {
     group 'org.radarcns'
 
-    version '0.4.1' // project version
+    version '0.5.0' // project version
 
     // The comment on the previous line is only there to identify the project version line easily
     // with a sed command, to auto-update the version number with the prepare-release-branch.sh

@@ -10,7 +10,7 @@ Quickstart:
 
 ```groovy
 dependencies {
-  compile group: 'org.radarcns', name: 'oauth-client-util', version: '0.4.1'
+  compile group: 'org.radarcns', name: 'oauth-client-util', version: '0.5.0'
 }
 ```
 

@@ -1,6 +1,6 @@
 {
   "name": "management-portal",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "Description for ManagementPortal",
   "private": true,
   "cacheDirectories": [
@@ -70,7 +70,7 @@
     "karma-sourcemap-loader": "0.3.7",
     "karma-webpack": "2.0.3",
     "lazypipe": "1.0.1",
-    "lodash": "4.17.4",
+    "lodash": "4.17.5",
     "map-stream": "0.0.7",
     "node-sass": "^4.5.0",
     "phantomjs-prebuilt": "2.1.14",
@@ -116,6 +116,6 @@
     "test": "yarn run lint && karma start src/test/javascript/karma.conf.js",
     "test:watch": "karma start --watch",
     "e2e": "protractor src/test/javascript/protractor.conf.js",
-    "postinstall": "webdriver-manager update && yarn run webpack:build"
+    "postinstall": "webdriver-manager update --gecko false && yarn run webpack:build"
   }
 }
@@ -10,7 +10,7 @@ Add the dependency to your project.
 
 Gradle:
 ```groovy
-compile group: 'org.radarcns', name: 'radar-auth', version: '0.4.1'
+compile group: 'org.radarcns', name: 'radar-auth', version: '0.5.0'
 ```
 
 The library expects the identity server configuration in a file called `radar-is.yml`. Either set 

@@ -9,6 +9,8 @@
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Collection;
+import java.util.stream.Stream;
 import org.radarcns.auth.config.ServerConfig;
 import org.radarcns.auth.config.YamlServerConfig;
 import org.radarcns.auth.exception.TokenValidationException;
@@ -175,18 +177,14 @@ private List<JWTVerifier> loadVerifiers() throws TokenValidationException {
             lastFetch = Instant.now();
         }
 
-        List<Algorithm> algorithms = new LinkedList<>();
-        if (config.getPublicKeyEndpoints() != null) {
-            algorithms.addAll(config.getPublicKeyEndpoints().stream()
-                    .map(this::algorithmFromServerPublicKey).collect(Collectors.toList()));
-        }
-        if (config.getPublicKeys() != null) {
-            algorithms.addAll(config.getPublicKeys().stream()
-                    .map(this::algorithmFromString).collect(Collectors.toList()));
-        }
+        Stream<Algorithm> endpointKeys = streamEmptyIfNull(config.getPublicKeyEndpoints())
+                .map(this::algorithmFromServerPublicKey);
+
+        Stream<Algorithm> stringKeys = streamEmptyIfNull(config.getPublicKeys())
+                .map(this::algorithmFromString);
 
         // Create a verifier for each signature verification algorithm we created
-        return algorithms.stream()
+        return Stream.concat(endpointKeys, stringKeys)
                 .map(alg -> JWT.require(alg)
                         .withAudience(config.getResourceName())
                         .build())
@@ -206,8 +204,8 @@ private Algorithm algorithmFromServerPublicKey(URI serverUri) throws TokenValida
                 String alg = publicKeyInfo.get("alg").asText();
                 String pk = publicKeyInfo.get("value").asText();
                 return algorithmList.stream()
-                        .filter(algorithm -> algorithm.getJwtAlgorithm().equals(alg))
-                        .filter(algorithm -> pk.startsWith(algorithm.getKeyHeader()))
+                        .filter(algorithm -> algorithm.getJwtAlgorithm().equals(alg)
+                                && pk.startsWith(algorithm.getKeyHeader()))
                         .findFirst()
                         .orElseThrow(() -> new TokenValidationException("The identity server "
                                 + "reported an unsupported signing algorithm: " + alg))
@@ -226,4 +224,8 @@ private Algorithm algorithmFromString(String publicKey) {
                         + publicKey))
                 .getAlgorithm(publicKey);
     }
+
+    private static <T> Stream<T> streamEmptyIfNull(Collection<T> collection) {
+        return collection != null ? collection.stream() : Stream.empty();
+    }
 }
@@ -74,4 +74,27 @@ public static void checkPermissionOnSubject(RadarToken token, Permission permiss
                     permission.toString(), subjectName, projectName));
         }
     }
+
+    /**
+     * Similar to {@link RadarToken#hasPermissionOnSource(Permission, String, String, String)}, but
+     * this method throws an exception rather than returning a boolean. Useful in combination with,
+     * e.g., Spring's controllers and exception translators.
+     * @param token The token of the logged in user
+     * @param permission The permission to check
+     * @param projectName The project for which to check the permission
+     * @param subjectName The name of the subject to check
+     * @param sourceId The source ID to check
+     * @throws NotAuthorizedException if the supplied token does not have the permission in the
+     *     given project for the given subject and source.
+     */
+    public static void checkPermissionOnSource(RadarToken token, Permission permission,
+            String projectName, String subjectName, String sourceId) throws NotAuthorizedException {
+        log.debug("Checking permission {} for user {} on source {} of subject {} in project {}",
+                permission.toString(), token.getSubject(), sourceId, subjectName, projectName);
+        if (!token.hasPermissionOnSource(permission, projectName, subjectName, sourceId)) {
+            throw new NotAuthorizedException(String.format("Client %s does not have "
+                            + "permission %s on source %s of subject %s in project %s",
+                    token.getSubject(), permission.toString(), sourceId, subjectName, projectName));
+        }
+    }
 }
@@ -7,6 +7,7 @@ public final class Constants {
 
     //Regex for acceptable logins
     public static final String ENTITY_ID_REGEX = "^[_'.@A-Za-z0-9- ]*$";
+    public static final String TOKEN_NAME_REGEX = "^[A-Za-z0-9]*$";
 
     public static final String SYSTEM_ACCOUNT = "system";
     public static final String ANONYMOUS_USER = "anonymoususer";

@@ -1,11 +1,5 @@
 package org.radarcns.auth.config;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
-import org.radarcns.auth.exception.ConfigurationException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -16,6 +10,12 @@
 import java.util.List;
 import java.util.Objects;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import org.radarcns.auth.exception.ConfigurationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
  * Created by dverbeec on 14/06/2017.
  */
@@ -26,42 +26,40 @@ public class YamlServerConfig implements ServerConfig {
     private String resourceName;
     private List<String> publicKeys = new LinkedList<>();
 
-    private static YamlServerConfig config;
-    private final Logger log = LoggerFactory.getLogger(YamlServerConfig.class);
-
-
+    private static final Logger log = LoggerFactory.getLogger(YamlServerConfig.class);
 
     /**
      * Read the configuration from file. This method will first check if the environment variable
      * <code>RADAR_IS_CONFIG_LOCATION</code> is set. If not set, it will look for a file called
      * <code>radar_is.yml</code> on the classpath. The configuration will be kept in a static field,
-     * so subsequent calls to this method will return the same object. Use {@link #reloadConfig()}
-     * to forcibly reload the configuration from the configuration file.
+     * so subsequent calls to this method will return the same object.
      * @return The initialized configuration object based on the contents of the configuration file
      * @throws ConfigurationException If there is any problem loading the configuration
      */
     public static YamlServerConfig readFromFileOrClasspath() {
-        if (config != null) {
-            return config;
-        }
-        Logger log = LoggerFactory.getLogger(YamlServerConfig.class);
         String customLocation = System.getenv(LOCATION_ENV);
         URL configFile;
-        try {
-            if (customLocation != null) {
-                log.info(LOCATION_ENV + " environment variable set, loading config from {}",
-                        customLocation);
+        if (customLocation != null) {
+            log.info(LOCATION_ENV + " environment variable set, loading config from {}",
+                    customLocation);
+            try {
                 configFile = new File(customLocation).toURI().toURL();
-            } else {
-                // if config location not defined, look for it on the classpath
-                log.info(LOCATION_ENV + " environment variable not set, looking for it on"
-                        + " the classpath");
-                configFile = YamlServerConfig.class.getClassLoader().getResource(CONFIG_FILE_NAME);
-                log.info("Config file found at {}", configFile.getPath());
+            } catch (MalformedURLException ex) {
+                throw new ConfigurationException(ex);
+            }
+        } else {
+            // if config location not defined, look for it on the classpath
+            log.info(LOCATION_ENV
+                    + " environment variable not set, looking for it on the classpath");
+            configFile = YamlServerConfig.class.getClassLoader().getResource(CONFIG_FILE_NAME);
+
+            if (configFile == null) {
+                throw new ConfigurationException("Cannot find " + CONFIG_FILE_NAME
+                        + " file in classpath. ");
             }
-        } catch (MalformedURLException ex) {
-            throw new ConfigurationException(ex);
         }
+        log.info("Config file found at {}", configFile.getPath());
+
         ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
         try (InputStream stream = configFile.openStream()) {
             return mapper.readValue(stream, YamlServerConfig.class);
@@ -70,16 +68,7 @@ public static YamlServerConfig readFromFileOrClasspath() {
         }
     }
 
-    /**
-     * Forcibly reload the configuration from file, and reinitialize the static field holding the
-     * configuration with the new object.
-     * @return The new configuration
-     * @throws ConfigurationException If there is any problem loading the configuration
-     */
-    public static YamlServerConfig reloadConfig() {
-        config = null;
-        return readFromFileOrClasspath();
-    }
+
 
     public List<URI> getPublicKeyEndpoints() {
         return publicKeyEndpoints;