Merge branch 'development' into feature/add-agent-crud-endpoint

.dockerignore

@@ -9,3 +9,4 @@ tmp/*
 # Editor temp files
 *.swp
 *.swo
+test/solr

Gemfile

@@ -73,4 +73,5 @@ group :test do
   gem 'rack-test'
   gem 'simplecov', require: false
   gem 'simplecov-cobertura' # for codecov.io
+  gem 'webmock'
 end

Gemfile.lock

@@ -53,8 +53,8 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/ontologies_linked_data.git
-  revision: ec1e02def3ad2480e08322f65c564ffb731bda6a
-  branch: development
+  revision: e4b3a6d9bf575c1420924d4dbe1490248040aff7
+  branch: feature/add-multi-provider-authentificationt
   specs:
     ontologies_linked_data (0.0.1)
       activesupport
@@ -103,7 +103,7 @@ GEM
     activesupport (3.2.22.5)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
-    addressable (2.8.4)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     airbrussh (1.4.1)
       sshkit (>= 1.6.1, != 1.7.0)
@@ -126,6 +126,8 @@ GEM
       sshkit (~> 1.3)
     coderay (1.1.3)
     concurrent-ruby (1.2.2)
+    crack (0.4.5)
+      rexml
     cube-ruby (0.0.3)
     dante (0.2.0)
     date (3.3.3)
@@ -181,6 +183,7 @@ GEM
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt
+    hashdiff (1.0.1)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
@@ -249,7 +252,7 @@ GEM
       rack (>= 0.4)
     rack-cors (1.0.6)
       rack (>= 1.6.0)
-    rack-mini-profiler (3.1.0)
+    rack-mini-profiler (3.1.1)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
       rack
@@ -340,6 +343,10 @@ GEM
       unicorn (>= 4, < 7)
     uuid (2.3.9)
       macaddr (~> 1.0)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webrick (1.8.1)
 
 PLATFORMS
@@ -397,6 +404,7 @@ DEPENDENCIES
   sparql-client!
   unicorn
   unicorn-worker-killer
+  webmock
 
 BUNDLED WITH
    2.3.23

config/environments/test.rb

@@ -55,6 +55,24 @@
       "apikey" => "1cfae05f-9e67-486f-820b-b393dec5764b"
     }
   }
+  config.oauth_providers = {
+    github: {
+      check: :access_token,
+      link: 'https://api.github.com/user'
+    },
+    keycloak: {
+      check: :jwt_token,
+      cert: 'KEYCLOAK_SECRET_KEY'
+    },
+    orcid: {
+      check: :access_token,
+      link: 'https://pub.orcid.org/v3.0/me'
+    },
+    google: {
+      check: :access_token,
+      link: 'https://www.googleapis.com/oauth2/v3/userinfo'
+    }
+  }
 end
 
 Annotator.config do |config|

controllers/users_controller.rb

@@ -1,14 +1,17 @@
 class UsersController < ApplicationController
   namespace "/users" do
     post "/authenticate" do
-      user_id       = params["user"]
-      user_password = params["password"]
+
       # Modify params to show all user attributes
       params["display"] = User.attributes.join(",")
-      user = User.find(user_id).include(User.goo_attrs_to_load(includes_param) + [:passwordHash]).first
-      authenticated = user.authenticate(user_password) unless user.nil?
-      error 401, "Username/password combination invalid" unless authenticated
-      user.show_apikey = true
+
+      if params["access_token"]
+        user = oauth_authenticate(params)
+        user.bring(*User.goo_attrs_to_load(includes_param))
+      else
+        user = login_password_authenticate(params)
+      end
+      user.show_apikey = true unless user.nil?
       reply user
     end
 
@@ -20,17 +23,13 @@ class UsersController < ApplicationController
     post "/create_reset_password_token" do
       email    = params["email"]
       username = params["username"]
-      user = LinkedData::Models::User.where(email: email, username: username).include(LinkedData::Models::User.attributes).first
-      error 404, "User not found" unless user
-      reset_token = token(36)
-      user.resetToken = reset_token
+      user = send_reset_token(email, username)
+
       if user.valid?
-        user.save(override_security: true)
-        LinkedData::Utils::Notifications.reset_password(user, reset_token)
+        halt 204
       else
         error 422, user.errors
       end
-      halt 204
     end
 
     ##
@@ -42,11 +41,11 @@ class UsersController < ApplicationController
       email             = params["email"] || ""
       username          = params["username"] || ""
       token             = params["token"] || ""
+
       params["display"] = User.attributes.join(",") # used to serialize everything via the serializer
-      user = LinkedData::Models::User.where(email: email, username: username).include(User.goo_attrs_to_load(includes_param)).first
-      error 404, "User not found" unless user
-      if token.eql?(user.resetToken)
-        user.show_apikey = true
+
+      user, token_accepted = reset_password(email, username, token)
+      if token_accepted
         reply user
       else
         error 403, "Password reset not authorized with this token"
@@ -98,27 +97,14 @@ class UsersController < ApplicationController
 
     private
 
-    def token(len)
-      chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
-      token = ""
-      1.upto(len) { |i| token << chars[rand(chars.size-1)] }
-      token
-    end
 
     def create_user
       params ||= @params
       user = User.find(params["username"]).first
       error 409, "User with username `#{params["username"]}` already exists" unless user.nil?
       user = instance_from_params(User, params)
       if user.valid?
-        user.save
-        # Send an email to the administrator to warn him about the newly created user
-        begin
-          if !LinkedData.settings.admin_emails.nil? && !LinkedData.settings.admin_emails.empty?
-            LinkedData::Utils::Notifications.new_user(user)
-          end
-        rescue Exception => e
-        end
+        user.save(send_notifications: false)
       else
         error 422, user.errors
       end

docker-compose.yml

@@ -75,10 +75,14 @@ services:
 
   redis-ut:
     image: redis
+    ports:
+      - 6379:6379
 
   4store-ut:
     image: bde2020/4store
     #volume: fourstore:/var/lib/4store
+    ports:
+      - 9000:9000
     command: >
       bash -c "4s-backend-setup --segments 4 ontoportal_kb
       && 4s-backend ontoportal_kb
@@ -88,10 +92,20 @@ services:
 
 
   solr-ut:
-    image: ontoportal/solr-ut:0.1
+    image: solr:8
+    volumes:
+      - ./test/solr/configsets:/configsets:ro
+    ports:
+      - "8983:8983"
+    command: >
+      bash -c "precreate-core term_search_core1 /configsets/term_search
+      && precreate-core prop_search_core1 /configsets/property_search
+      && solr-foreground"
 
   mgrep-ut:
     image: ontoportal/mgrep-ncbo:0.1
+    ports:
+      - "55556:55555"
 
   agraph-ut:
     image: franzinc/agraph:v7.3.0

helpers/search_helper.rb

@@ -345,6 +345,7 @@ def populate_classes_from_search(classes, ontology_acronyms=nil)
           doc[:submission] = old_class.submission
           doc[:properties] = MultiJson.load(doc.delete(:propertyRaw)) if include_param_contains?(:properties)
           instance = LinkedData::Models::Class.read_only(doc)
+          instance.prefLabel =  instance.prefLabel.first if instance.prefLabel.is_a?(Array)
           classes_hash[ont_uri_class_uri] = instance
         end
 

helpers/users_helper.rb

@@ -17,6 +17,55 @@ def filter_for_user_onts(obj)
 
         obj
       end
+
+      def send_reset_token(email, username)
+        user = LinkedData::Models::User.where(email: email, username: username).include(LinkedData::Models::User.attributes).first
+        error 404, "User not found" unless user
+        reset_token = token(36)
+        user.resetToken = reset_token
+
+        return user if user.valid?
+
+        user.save(override_security: true)
+        LinkedData::Utils::Notifications.reset_password(user, reset_token)
+        user
+      end
+
+      def token(len)
+        chars = ("a".."z").to_a + ("A".."Z").to_a + ("1".."9").to_a
+        token = ""
+        1.upto(len) { |i| token << chars[rand(chars.size-1)] }
+        token
+      end
+
+      def reset_password(email, username, token)
+        user = LinkedData::Models::User.where(email: email, username: username).include(User.goo_attrs_to_load(includes_param)).first
+
+        error 404, "User not found" unless user
+
+        user.show_apikey = true
+
+        [user, token.eql?(user.resetToken)]
+      end
+
+      def oauth_authenticate(params)
+        access_token  = params["access_token"]
+        provider  = params["token_provider"]
+        user = LinkedData::Models::User.oauth_authenticate(access_token, provider)
+        error 401, "Access token invalid"if user.nil?
+        user
+      end
+
+      def login_password_authenticate(params)
+        user_id       = params["user"]
+        user_password = params["password"]
+        user = User.find(user_id).include(User.goo_attrs_to_load(includes_param) + [:passwordHash]).first
+        authenticated = false
+        authenticated = user.authenticate(user_password) unless user.nil?
+        error 401, "Username/password combination invalid" unless authenticated
+
+        user
+      end
     end
   end
 end

test/controllers/test_ontologies_controller.rb

@@ -217,13 +217,13 @@ def test_download_acl_only
     begin
       allowed_user = User.new({
         username: "allowed",
-        email: "test@example.org",
+        email: "test1@example.org",
         password: "12345"
       })
       allowed_user.save
       blocked_user = User.new({
         username: "blocked",
-        email: "test@example.org",
+        email: "test2@example.org",
         password: "12345"
       })
       blocked_user.save

test/controllers/test_ontology_submissions_controller.rb

@@ -18,7 +18,7 @@ def self._set_vars
       administeredBy: "tim",
       "file" => Rack::Test::UploadedFile.new(@@test_file, ""),
       released: DateTime.now.to_s,
-      contact: [{name: "test_name", email: "test@example.org"}],
+      contact: [{name: "test_name", email: "test3@example.org"}],
       URI: 'https://test.com/test',
       status: 'production',
       description: 'ontology description'
@@ -159,13 +159,13 @@ def test_download_acl_only
     begin
       allowed_user = User.new({
         username: "allowed",
-        email: "test@example.org",
+        email: "test4@example.org",
         password: "12345"
       })
       allowed_user.save
       blocked_user = User.new({
         username: "blocked",
-        email: "test@example.org",
+        email: "test5@example.org",
         password: "12345"
       })
       blocked_user.save