Skip to content

Commit

Permalink
Shib: move getAffiliation from backing to service bean #2939
Browse files Browse the repository at this point in the history
  • Loading branch information
@pdurbin
pdurbin committed Mar 14, 2016
1 parent fe0d14d commit c76e67d
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 109 deletions.
94 changes: 6 additions & 88 deletions src/main/java/edu/harvard/iq/dataverse/Shib.java
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,10 @@
package edu.harvard.iq.dataverse;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo;
import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
import edu.harvard.iq.dataverse.authorization.UserIdentifier;
import edu.harvard.iq.dataverse.authorization.UserRecordIdentifier;
import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean;
import edu.harvard.iq.dataverse.authorization.groups.impl.shib.ShibGroupServiceBean;
import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser;
import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
import edu.harvard.iq.dataverse.authorization.providers.shib.ShibServiceBean;
Expand All @@ -17,13 +13,7 @@
import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
import edu.harvard.iq.dataverse.util.JsfHelper;
import edu.harvard.iq.dataverse.util.SystemConfig;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
Expand Down Expand Up @@ -55,12 +45,8 @@ public class Shib implements java.io.Serializable {
@EJB
ShibServiceBean shibService;
@EJB
ShibGroupServiceBean shibGroupService;
@EJB
SettingsServiceBean settingsService;
@EJB
SystemConfig systemConfig;
@EJB
DataverseServiceBean dataverseService;
@EJB
GroupServiceBean groupService;
Expand Down Expand Up @@ -186,7 +172,7 @@ public void init() {
* scary warnings quoted from official Shib docs in
* https://github.com/IQSS/dataverse/issues/2294
*/
useHeaders = systemConfig.isShibUseHeaders();
useHeaders = false;
if (useHeaders) {
printHeaders();
}
Expand Down Expand Up @@ -298,7 +284,11 @@ public void init() {
* the authenticateduser table.
*/
// String displayName = getDisplayName(displayNameAttribute, firstNameAttribute, lastNameAttribute);
String affiliation = getAffiliation();
String affiliation = shibService.getAffiliation(shibIdp, getDevShibAccountType());
if (affiliation != null) {
affiliationToDisplayAtConfirmation = affiliation;
friendlyNameForInstitution = affiliation;
}
// emailAddress = "willFailBeanValidation"; // for testing createAuthenticatedUser exceptions
displayInfo = new AuthenticatedUserDisplayInfo(firstName, lastName, emailAddress, affiliation, null);

Expand Down Expand Up @@ -379,78 +369,6 @@ public void init() {
logger.fine("redirectPage: " + redirectPage);
}

/**
* @todo Move this to the shib service bean.
*/
private String getAffiliation() {
JsonArray emptyJsonArray = new JsonArray();
String discoFeedJson = emptyJsonArray.toString();
String discoFeedUrl;
if (getDevShibAccountType().equals(DevShibAccountType.PRODUCTION)) {
discoFeedUrl = systemConfig.getDataverseSiteUrl() + "/Shibboleth.sso/DiscoFeed";
} else {
String devUrl = "http://localhost:8080/resources/dev/sample-shib-identities.json";
discoFeedUrl = devUrl;
}
logger.info("Trying to get affiliation from disco feed URL: " + discoFeedUrl);
URL url = null;
try {
url = new URL(discoFeedUrl);
} catch (MalformedURLException ex) {
logger.info(ex.toString());
return null;
}
if (url == null) {
logger.info("url object was null after parsing " + discoFeedUrl);
return null;
}
HttpURLConnection discoFeedRequest = null;
try {
discoFeedRequest = (HttpURLConnection) url.openConnection();
} catch (IOException ex) {
logger.info(ex.toString());
return null;
}
if (discoFeedRequest == null) {
logger.info("disco feed request was null");
return null;
}
try {
discoFeedRequest.connect();
} catch (IOException ex) {
logger.info(ex.toString());
return null;
}
JsonParser jp = new JsonParser();
JsonElement root = null;
try {
root = jp.parse(new InputStreamReader((InputStream) discoFeedRequest.getInputStream()));
} catch (IOException ex) {
logger.info(ex.toString());
return null;
}
if (root == null) {
logger.info("root was null");
return null;
}
JsonArray rootArray = root.getAsJsonArray();
if (rootArray == null) {
logger.info("Couldn't get JSON Array from URL");
return null;
}
discoFeedJson = rootArray.toString();
logger.fine("Dump of disco feed:" + discoFeedJson);
String affiliation = ShibUtil.getDisplayNameFromDiscoFeed(shibIdp, discoFeedJson);
if (affiliation != null) {
affiliationToDisplayAtConfirmation = affiliation;
friendlyNameForInstitution = affiliation;
return affiliation;
} else {
logger.info("Couldn't find an affiliation from " + shibIdp);
return null;
}
}

/**
* "Production" means "don't mess with the HTTP request".
*/
Expand Down
12 changes: 11 additions & 1 deletion src/main/java/edu/harvard/iq/dataverse/api/TestApi.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package edu.harvard.iq.dataverse.api;

import edu.harvard.iq.dataverse.DvObject;
import edu.harvard.iq.dataverse.EMailValidator;
import edu.harvard.iq.dataverse.Shib;
import edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo;
import edu.harvard.iq.dataverse.authorization.RoleAssignee;
import edu.harvard.iq.dataverse.authorization.UserIdentifier;
Expand Down Expand Up @@ -100,6 +102,7 @@ public String test( @PathParam("w1") String w1 ) {
@Path("user/convert/builtin2shib")
@PUT
public Response builtin2shib(String content) {
logger.info("entering builtin2shib...");
try {
AuthenticatedUser userToRunThisMethod = findAuthenticatedUserOrDie();
if (!userToRunThisMethod.isSuperuser()) {
Expand Down Expand Up @@ -149,11 +152,18 @@ public Response builtin2shib(String content) {
String overwriteFirstName = randomUser.get("firstName");
String overwriteLastName = randomUser.get("lastName");
String overwriteEmail = randomUser.get("email");
logger.info("overwriteEmail: " + overwriteEmail);
boolean validEmail = EMailValidator.isEmailValid(overwriteEmail, null);
if (!validEmail) {
// See https://github.com/IQSS/dataverse/issues/2998
return errorResponse(Response.Status.BAD_REQUEST, "invalid email: " + overwriteEmail);
}
/**
* @todo If affiliation is not null, put it in RoleAssigneeDisplayInfo
* constructor.
*/
String overwriteAffiliation = shibService.getFriendlyInstitutionName(idPEntityId);
String overwriteAffiliation = shibService.getAffiliation(idPEntityId, Shib.DevShibAccountType.RANDOM);
logger.info("overwriteAffiliation: " + overwriteAffiliation);
/**
* @todo Find a place to put "position" in the authenticateduser table:
* https://github.com/IQSS/dataverse/issues/1444#issuecomment-74134694
Expand Down
90 changes: 70 additions & 20 deletions src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibServiceBean.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package edu.harvard.iq.dataverse.authorization.providers.shib;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
Expand All @@ -13,6 +14,7 @@
import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser;
import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUserServiceBean;
import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
import edu.harvard.iq.dataverse.util.SystemConfig;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
Expand Down Expand Up @@ -40,6 +42,8 @@ public class ShibServiceBean {
AuthenticationServiceBean authSvc;
@EJB
BuiltinUserServiceBean builtinUserService;
@EJB
SystemConfig systemConfig;

public AuthenticatedUser findAuthUserByEmail(String emailToFind) {
return authSvc.getAuthenticatedUserByEmail(emailToFind);
Expand Down Expand Up @@ -103,26 +107,71 @@ public AuthenticatedUser canLogInAsBuiltinUser(String username, String password)
}
}

/**
* @todo Move the getAffiliation method from the Shib JSF backing bean to
* here.
*/
public String getFriendlyInstitutionName(String entityId) {
/**
* @todo Look for the entityId (i.e.
* "https://idp.testshib.org/idp/shibboleth") for find "TestShib Test
* IdP" in (for example)
* https://demo.dataverse.org/Shibboleth.sso/DiscoFeed
*
* It looks something like this: [ { "entityID":
* "https://idp.testshib.org/idp/shibboleth", "DisplayNames": [ {
* "value": "TestShib Test IdP", "lang": "en" } ], "Descriptions": [ {
* "value": "TestShib IdP. Use this as a source of attributes\n for your
* test SP.", "lang": "en" } ], "Logos": [ { "value":
* "https://www.testshib.org/testshibtwo.jpg", "height": "88", "width":
* "253" } ] } ]
*/
return null;
public String getAffiliation(String shibIdp, Shib.DevShibAccountType devShibAccountType) {
JsonArray emptyJsonArray = new JsonArray();
String discoFeedJson = emptyJsonArray.toString();
String discoFeedUrl;
if (devShibAccountType.equals(Shib.DevShibAccountType.PRODUCTION)) {
discoFeedUrl = systemConfig.getDataverseSiteUrl() + "/Shibboleth.sso/DiscoFeed";
} else {
String devUrl = "http://localhost:8080/resources/dev/sample-shib-identities.json";
discoFeedUrl = devUrl;
}
logger.info("Trying to get affiliation from disco feed URL: " + discoFeedUrl);
URL url = null;
try {
url = new URL(discoFeedUrl);
} catch (MalformedURLException ex) {
logger.info(ex.toString());
return null;
}
if (url == null) {
logger.info("url object was null after parsing " + discoFeedUrl);
return null;
}
HttpURLConnection discoFeedRequest = null;
try {
discoFeedRequest = (HttpURLConnection) url.openConnection();
} catch (IOException ex) {
logger.info(ex.toString());
return null;
}
if (discoFeedRequest == null) {
logger.info("disco feed request was null");
return null;
}
try {
discoFeedRequest.connect();
} catch (IOException ex) {
logger.info(ex.toString());
return null;
}
JsonParser jp = new JsonParser();
JsonElement root = null;
try {
root = jp.parse(new InputStreamReader((InputStream) discoFeedRequest.getInputStream()));
} catch (IOException ex) {
logger.info(ex.toString());
return null;
}
if (root == null) {
logger.info("root was null");
return null;
}
JsonArray rootArray = root.getAsJsonArray();
if (rootArray == null) {
logger.info("Couldn't get JSON Array from URL");
return null;
}
discoFeedJson = rootArray.toString();
logger.fine("Dump of disco feed:" + discoFeedJson);
String affiliation = ShibUtil.getDisplayNameFromDiscoFeed(shibIdp, discoFeedJson);
if (affiliation != null) {
return affiliation;
} else {
logger.info("Couldn't find an affiliation from " + shibIdp);
return null;
}
}

/**
Expand Down Expand Up @@ -192,4 +241,5 @@ public Map<String, String> getRandomUser() throws JsonSyntaxException, JsonIOExc
fakeUser.put("eppn", salt.getAsString());
return fakeUser;
}

}
4 changes: 4 additions & 0 deletions src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ public void testConvertShibUserToBuiltin() throws Exception {

Response makeShibUser = migrateBuiltinToShib(data, superuserApiToken);
makeShibUser.prettyPrint();
/**
* @todo Expect a non-OK response if the Shib user has an invalid email
* address: https://github.com/IQSS/dataverse/issues/2998
*/
makeShibUser.then().assertThat().statusCode(OK.getStatusCode());

Response shibToBuiltinAnon = migrateShibToBuiltin(Long.MAX_VALUE, "", "");
Expand Down

0 comments on commit c76e67d

Please sign in to comment.