ready to release

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portlets/user/my-vres@142111 82a268e6-3cf1-43bd-a215-b396298e98cf

.settings/org.eclipse.wst.common.component

@@ -5,7 +5,7 @@
     <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/target/generated-sources/gwt"/>
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
-        <dependent-module archiveName="gcube-widgets-2.1.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/gcube-widgets/gcube-widgets">
+        <dependent-module archiveName="gcube-widgets-2.2.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/gcube-widgets/gcube-widgets">
             <dependency-type>uses</dependency-type>
         </dependent-module>
     <property name="java-output-path" value="/${module}/target/www/WEB-INF/classes"/>

.tern-project

@@ -1 +1,17 @@
-{"ide":{"scriptPaths":[]},"plugins":{"aui":{},"liferay":{},"yui":{}},"libs":["ecma5","browser"]}
+{
+  "plugins": {
+    "aui": {
+      
+    },
+    "liferay": {
+      
+    },
+    "yui": {
+      
+    }
+  },
+  "libs": [
+    "ecma5",
+    "browser"
+  ]
+}

pom.xml

@@ -65,10 +65,29 @@
 			<groupId>org.gcube.dvos</groupId>
 			<artifactId>usermanagement-core</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>com.googlecode.json-simple</groupId>
+			<artifactId>json-simple</artifactId>
+			<version>1.1.1</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.3</version>
+			<scope>compile</scope>
+		</dependency>
 		<!-- FWS DEPS -->
 		<dependency>
 			<groupId>org.gcube.resources.discovery</groupId>
 			<artifactId>ic-client</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.portal.auth</groupId>
+			<artifactId>portal-auth-library</artifactId>
+			<version>[1.0.0-SNAPSHOT,)</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.gcube.core</groupId>

src/main/java/org/gcube/portlet/user/my_vres/client/MyVREs.java

@@ -18,11 +18,11 @@ import com.google.gwt.user.client.ui.RootPanel;
 public class MyVREs implements EntryPoint {
 	public static final String GET_REDIRECTURI_PARAMETER = "redirect_uri";
 	public static final String GET_STATE_PARAMETER = "state";
-	public static final String GET_CONTEXT_PARAMETER = "context";
+	public static final String GET_CONTEXT_PARAMETER = "scope";
 	public static final String GET_CLIENT_ID_PARAMETER = "client_id";
 	public static final String GET_CLIENT_SECRET_PARAMETER = "client_secret";
 	
-	public static final String GET_AUTH_TOKEN_PARAMETER = "gcube-token";
+	public static final String GET_AUTH_TOKEN_PARAMETER = "code";
 
 	private final MyVREsServiceAsync myVREsService = GWT.create(MyVREsService.class);
 
@@ -49,11 +49,11 @@ public class MyVREs implements EntryPoint {
 			RootPanel.get("myVREsDIV").add(new VresPanel(params));
 		}
 		else {
-			myVREsService.getUserToken(params.context, params.state, params.clientId, params.redirectURI, new AsyncCallback<AuthorizationBean>() {				
+			myVREsService.getUserQualifierToken(params.context, params.state, params.clientId, params.redirectURI, new AsyncCallback<AuthorizationBean>() {				
 				@Override
 				public void onSuccess(AuthorizationBean result) {
 					if (result.isSuccess()) {						
-						Location.assign(params.redirectURI+"?"+GET_AUTH_TOKEN_PARAMETER+"="+result.getToken()+"&"+GET_STATE_PARAMETER+"="+result.getState());
+						Location.assign(params.redirectURI+"?"+GET_AUTH_TOKEN_PARAMETER+"="+result.getOAuth2TemporaryCode()+"&"+GET_STATE_PARAMETER+"="+result.getState());
 					} else {
 						HTML message = new HTML("There were issues in managing this request: " + result.getErrorDescription());
 						message.setStyleName("portlet-msg-error");

src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsService.java

@@ -18,5 +18,5 @@ public interface MyVREsService extends RemoteService {
 	
 	String getSiteLandingPagePath();
 	
-	AuthorizationBean getUserToken(String context, String state, String clientId, String authorisedRedirectURL);
+	AuthorizationBean getUserQualifierToken(String context, String state, String clientId, String authorisedRedirectURL);
 }

src/main/java/org/gcube/portlet/user/my_vres/client/MyVREsServiceAsync.java

@@ -15,7 +15,7 @@ public interface MyVREsServiceAsync {
 
 	void getSiteLandingPagePath(AsyncCallback<String> callback);
 
-	void getUserToken(String context, String state, String clientId, String authorisedRedirectURI,
+	void getUserQualifierToken(String context, String state, String clientId, String authorisedRedirectURI,
 			AsyncCallback<AuthorizationBean> callback);
 
 }

src/main/java/org/gcube/portlet/user/my_vres/client/widgets/ClickableVRE.java

@@ -62,11 +62,11 @@ public class ClickableVRE extends HTML {
 		if (params != null) {
 			addClickHandler(new ClickHandler() {
 				public void onClick(ClickEvent event) {
-					myVREsService.getUserToken(vre.getContext(), params.getState(), params.getClientId(), params.getRedirectURI(), new AsyncCallback<AuthorizationBean>() {				
+					myVREsService.getUserQualifierToken(vre.getContext(), params.getState(), params.getClientId(), params.getRedirectURI(), new AsyncCallback<AuthorizationBean>() {				
 						@Override
 						public void onSuccess(AuthorizationBean result) {
 							if (result.isSuccess()) {						
-								Location.assign(params.getRedirectURI()+"?"+MyVREs.GET_AUTH_TOKEN_PARAMETER+"="+result.getToken()+"&"+MyVREs.GET_STATE_PARAMETER+"="+result.getState());
+								Location.assign(params.getRedirectURI()+"?"+MyVREs.GET_AUTH_TOKEN_PARAMETER+"="+result.getOAuth2TemporaryCode()+"&"+MyVREs.GET_STATE_PARAMETER+"="+result.getState());
 							} else {
 								HTML message = new HTML("There were issues in managing this request: " + result.getErrorDescription());
 								message.setStyleName("portlet-msg-error");

src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java

@@ -1,27 +1,29 @@
 package org.gcube.portlet.user.my_vres.server;
 
-import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
-import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
-
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.UUID;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.params.HttpClientParams;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
 import org.gcube.common.portal.GCubePortalConstants;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
-import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
+import org.gcube.portal.auth.AuthUtil;
-import org.gcube.common.resources.gcore.utils.Group;
-import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.portlet.user.my_vres.client.MyVREsService;
 import org.gcube.portlet.user.my_vres.shared.AuthorizationBean;
 import org.gcube.portlet.user.my_vres.shared.UserBelonging;
 import org.gcube.portlet.user.my_vres.shared.VRE;
-import org.gcube.resources.discovery.client.api.DiscoveryClient;
-import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
 import org.gcube.vomanagement.usermanagement.GroupManager;
 import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
 import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
@@ -32,6 +34,7 @@ import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
 import org.gcube.vomanagement.usermanagement.model.GCubeUser;
 import org.gcube.vomanagement.usermanagement.model.VirtualGroup;
 import org.gcube.vomanagement.usermanagement.util.ManagementUtils;
+import org.json.simple.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -260,16 +263,27 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 	}
 
 	@Override
-	public AuthorizationBean getUserToken(String context, String state, String clientId, String redirectURL) {
+	public AuthorizationBean getUserQualifierToken(String context, String state, String clientId, String redirectURL) {
+		String infraName = PortalContext.getConfiguration().getInfrastructureName();
 		if (clientId == null || clientId.compareTo("")== 0) {
 			return new AuthorizationBean(null, null, false, "client_id is null, you MUST register your application to allow users connect with their D4Science Credentials");
 		}
 		if (redirectURL == null || redirectURL.compareTo("")== 0) {
 			return new AuthorizationBean(null, null, false, "authorised redirect URL is null, you MUST pass the authorisedRedirectURI related to your client_id registered application to allow users connect with their D4Science Credentials");
 		}
-		List<String> authorisedRedirectURLs = getAuthorisedRedirectURLsFromIs(clientId);
+		ServiceEndpoint authorisedApp = null;
+		try {
+			authorisedApp = AuthUtil.getAuthorisedApplicationInfoFromIsICClient(infraName, clientId);
+		} catch (Exception e1) {
+			e1.printStackTrace();
+			return new AuthorizationBean(null, null, false, "Ops!, we failed to check if ("+ clientId + ") is a valid clientId, some error occurred, please try in a few minutes. If the problem persists please open an incident ticket");
+		}
+		if (authorisedApp == null) {
+			return new AuthorizationBean(null, null, false, "Your application ("+ clientId + ") is not authorized in the infrastructure");
+		}
+		List<String> authorisedRedirectURLs = AuthUtil.getAuthorisedRedirectURLsFromIs(authorisedApp);
 		if (authorisedRedirectURLs == null || authorisedRedirectURLs.isEmpty()) {
-			return new AuthorizationBean(null, null, false, "Your application ("+ clientId + ") is not registered or there are no authorised redirect URLs registered for your application");
+			return new AuthorizationBean(null, null, false, "Your application ("+ clientId + ") have no authorised redirect URLs");
 		}
 		boolean urlAuthorised = false;
 		for (String authorisedURL : authorisedRedirectURLs) 
@@ -310,63 +324,70 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 			_log.error("Something wrong in retrieving the user");
 			return new AuthorizationBean(null, null, false, "Something wrong in retrieving the logged in user, is session expired?");
 		}
-		String token = pContext.getCurrentUserToken(context, username);
+		//no errors, proceed to step 2
-		if (token == null) {
+		String userToken = pContext.getCurrentUserToken(context, username);
-			_log.error("Something wrong in retrieving the user token in this context: " + context + " username="+username);
+		String appName = authorisedApp.profile().name();
-			return new AuthorizationBean(null, null, false, "Something wrong in retrieving the user token in this context: " + context + " username="+username);
+		String qToken = AuthUtil.generateAuthorizationQualifierToken(appName, userToken);
+		_log.info("Received qualifier token for useer " + username + "=" + qToken);
+		if (qToken == null) {
+			_log.error("Something wrong in retrieving the user qualifier token in this context: " + context + " username="+username);
+			return new AuthorizationBean(null, null, false, "Something wrong in retrieving the user qualifier token in this context: " + context + " username="+username);
 		}
-		_log.debug("Authorisation OAUTH returning user token in this context: " + context + " username="+username);
+		String tempCode = UUID.randomUUID().toString();
-		return new AuthorizationBean(token, state, true, null);
+		if (! authorizeApplication(infraName, qToken, tempCode, clientId, redirectURL)) {
+			_log.error("Something wrong in authorizing this application in this context: " + context );
+			return new AuthorizationBean(null, null, false, "Something wrong in authorizing this application in this context: " + context + " an error occurred in the oAuth Service");
+		}
+		
+		_log.debug("Authorisation OAUTH 2 OK returning temporary code in this context: " + context + " username="+username);
+		return new AuthorizationBean(tempCode, state, true, null);
+	}
+	/**
+	 * we post to the auth service a temporary code to be used within seconds from the application
+	 * @param qToken the user qualifier token
+	 * @param tempCode the temporary code
+	 * @param clientId tha app id
+	 * @param redirectURI the authorised redirect URI
+	 * @return
+	 */
+	@SuppressWarnings("unchecked")
+	private boolean authorizeApplication(String infrastructureName, String qToken, String tempCode, String clientId, String redirectURL) {
+		
+		String fullPath2oAuthService = null;
+		try {
+			fullPath2oAuthService = AuthUtil.getOAuthServiceEndPoint(infrastructureName) + 
+					"/v2/push-authentication-code?gcube-token=" + qToken;
+		} catch (Exception e1) {
+			_log.error("failed to discover oauth service endpoint ");
+			return false;			
+		}
+		fullPath2oAuthService = fullPath2oAuthService.replaceAll("http", "https");
+		fullPath2oAuthService = fullPath2oAuthService.replaceAll("80", "443");
+		
+		JSONObject object = new JSONObject();
+		object.put("code", tempCode);
+		object.put("redirect_uri", redirectURL);
+		object.put("client_id", clientId);
+		
+		try (CloseableHttpClient httpClient = HttpClientBuilder.create().setRedirectStrategy(new LaxRedirectStrategy()).build()) {
+			HttpPost httpPostRequest = new HttpPost(fullPath2oAuthService);
+			httpPostRequest.addHeader("Content-type", "application/json");
+			StringEntity params = new StringEntity(object.toJSONString(), ContentType.APPLICATION_JSON);
+			httpPostRequest.setEntity(params);
+			HttpResponse response = httpClient.execute(httpPostRequest);
+			if (response.getStatusLine().getStatusCode() < 200 || response.getStatusLine().getStatusCode() >= 300) {
+				_log.error("failed to patch the product. response status line from "
+						+ fullPath2oAuthService + " was: " + response.getStatusLine());
+				return false;				
+			}
+			
+		}catch(Exception e){
+			_log.error("Failed to perform request", e);
+		}
+		
+		return true;
 	}
 
-//TODO: check the query, it doesn work
+	
-	private List<ServiceEndpoint> getPortalConfigurationFromIS(String infrastructureName, String clientId) throws Exception  {
-		String scope = "/" + infrastructureName;
-		String currScope = 	ScopeProvider.instance.get();
-		ScopeProvider.instance.set(scope);
-		SimpleQuery query = queryFor(ServiceEndpoint.class);
-		query.addCondition("$resource/Profile/Category/text() eq '"+ SERVICE_ENDPOINT_CATEGORY +"'");
-		query.addCondition("$resource/Profile/Name/text() eq '"+ clientId +"'");
-		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
-		List<ServiceEndpoint> toReturn = client.submit(query);
-		ScopeProvider.instance.set(currScope);
-		return toReturn;
-	}	
-	/**
-	 * look for the clientId AccessEndpoint passes as parameter
-	 * @param gatewayName
-	 * @param clientId
-	 * @return the client secret related to the id, or null if non existent
-	 */
-	private List<String> getAuthorisedRedirectURLsFromIs(String clientId) {
-		PortalContext pContext = PortalContext.getConfiguration();		
-		String scope = "/"+pContext.getInfrastructureName();
-		List<String> autRedirectURLs = new ArrayList<>();
-		try {
-			List<ServiceEndpoint> list = getPortalConfigurationFromIS(pContext.getInfrastructureName(), clientId);
-			if (list.size() > 1) {
-				_log.error("Too many Service Endpoints having name " + clientId +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY);
-			}
-			else if (list.size() == 0){
-				_log.warn("There is no Service Endpoint having name " + clientId +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope);
-			}
-			else {
-				for (ServiceEndpoint res : list) {
-					Group<AccessPoint> apGroup =  res.profile().accessPoints();
-					AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
-					for (int i = 0; i < accessPoints.length; i++) {
-						if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
-							AccessPoint found = accessPoints[i];
-							autRedirectURLs.add(found.address());
-						}
-					}
-				}
-			}
-		} catch (Exception e) {
-			e.printStackTrace();
-			return null;
-		}
-		return autRedirectURLs;
-	}
 
 }

src/main/java/org/gcube/portlet/user/my_vres/server/portlet/MyVREsPortlet.java

@@ -13,6 +13,8 @@ import javax.portlet.PortletRequestDispatcher;
 import javax.portlet.RenderRequest;
 import javax.portlet.RenderResponse;
 
+import org.gcube.common.portal.PortalContext;
+
 import com.liferay.portal.kernel.log.Log;
 import com.liferay.portal.kernel.log.LogFactoryUtil;
 
@@ -36,7 +38,7 @@ public class MyVREsPortlet extends GenericPortlet {
 
 	protected void include(String path, RenderRequest renderRequest, RenderResponse renderResponse)	throws IOException, PortletException {
 		PortletRequestDispatcher portletRequestDispatcher =	getPortletContext().getRequestDispatcher(path);
-
+		PortalContext.setUserInSession(renderRequest);
 		if (portletRequestDispatcher == null) {
 			_log.error(path + " is not a valid include");
 		}

src/main/java/org/gcube/portlet/user/my_vres/shared/AuthorizationBean.java

@@ -4,30 +4,29 @@ import java.io.Serializable;
 
 @SuppressWarnings("serial")
 public class AuthorizationBean implements Serializable {
-	private String token;
+	private String oAuth2TemporaryCode;
 	private String state;
 	private boolean success;
 	private String errorDescription;
 	
 	public AuthorizationBean() {
 		super();
-		// TODO Auto-generated constructor stub
 	}
 
-	public AuthorizationBean(String token, String state, boolean success, String errorDescription) {
+	public AuthorizationBean(String oAuth2TemporaryCode, String state, boolean success, String errorDescription) {
 		super();
-		this.token = token;
+		this.oAuth2TemporaryCode = oAuth2TemporaryCode;
 		this.state = state;
 		this.success = success;
 		this.errorDescription = errorDescription;
 	}
 
-	public String getToken() {
+	public String getOAuth2TemporaryCode() {
-		return token;
+		return oAuth2TemporaryCode;
 	}
 
-	public void setToken(String token) {
+	public void seOAuth2TemporaryCode(String oAuth2TemporaryCode) {
-		this.token = token;
+		this.oAuth2TemporaryCode = oAuth2TemporaryCode;
 	}
 
 	public String getState() {
@@ -56,7 +55,7 @@ public class AuthorizationBean implements Serializable {
 
 	@Override
 	public String toString() {
-		return "AuthorizationBean [token=" + token + ", state=" + state + ", success=" + success + ", errorDescription="
+		return "AuthorizationBean [oAuth2TemporaryCode=" + oAuth2TemporaryCode + ", state=" + state + ", success=" + success + ", errorDescription="
 				+ errorDescription + "]";
 	}