Merge pull request #96 from ontoportal-lirmm/development

Merge to master: Release 2.3.6 - Security fixes, submission diff endpoint and portal configuration

Gemfile

@@ -19,7 +19,7 @@ gem 'json-ld'
 gem 'google-protobuf', '3.25.3'
 
 # Rack middleware
-gem 'ffi'
+gem 'ffi', '~> 1.16.3'
 gem 'rack-accept', '~> 0.4'
 gem 'rack-attack', '~> 6.6.1', require: 'rack/attack'
 gem 'rack-cache', '~> 1.13.0'

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/ncbo/ncbo_ontology_recommender.git
-  revision: 013abea4af3b10910ec661dbb358a4b6cae198a4
+  revision: 9dbd4f179e42c52095129d353a5ac584e9bd47f3
   branch: master
   specs:
     ncbo_ontology_recommender (0.0.1)
@@ -11,7 +11,7 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/goo.git
-  revision: a95245b8c964431505ca6315907440996c59a00d
+  revision: 6018b33373467b778744432ec78a6d814159d129
   branch: development
   specs:
     goo (0.0.2)
@@ -57,7 +57,7 @@ GIT
 
 GIT
   remote: https://github.com/ontoportal-lirmm/ontologies_linked_data.git
-  revision: 651d2f4226004c2311120e900a936101ee509865
+  revision: 0a456557bc0ae2a7d016000de9b57d3f9eca99a5
   branch: development
   specs:
     ontologies_linked_data (0.0.1)
@@ -141,7 +141,7 @@ GEM
     docile (1.4.1)
     domain_name (0.6.20240107)
     ed25519 (1.3.0)
-    faraday (1.10.3)
+    faraday (1.10.4)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -164,7 +164,7 @@ GEM
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    ffi (1.17.0)
+    ffi (1.16.3)
     gapic-common (0.21.1)
       faraday (>= 1.9, < 3.a)
       faraday-retry (>= 1.0, < 3.a)
@@ -202,9 +202,9 @@ GEM
       google-protobuf (>= 3.18, < 5.a)
       googleapis-common-protos-types (~> 1.7)
       grpc (~> 1.41)
-    googleapis-common-protos-types (1.15.0)
+    googleapis-common-protos-types (1.16.0)
       google-protobuf (>= 3.18, < 5.a)
-    googleauth (1.11.0)
+    googleauth (1.11.1)
       faraday (>= 1.0, < 3.a)
       google-cloud-env (~> 2.1)
       jwt (>= 1.4, < 3.0)
@@ -231,7 +231,7 @@ GEM
       rdf (>= 2.2.8, < 4.0)
     json-schema (2.8.1)
       addressable (>= 2.4)
-    jwt (2.8.2)
+    jwt (2.9.3)
       base64
     kgio (2.11.4)
     libxml-ruby (5.0.3)
@@ -245,9 +245,10 @@ GEM
       net-pop
       net-smtp
     method_source (1.1.0)
-    mime-types (3.5.2)
+    mime-types (3.6.0)
+      logger
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2024.0903)
+    mime-types-data (3.2024.1001)
     mini_mime (1.1.5)
     minitest (4.7.5)
     minitest-stub_any_instance (1.0.3)
@@ -258,7 +259,7 @@ GEM
     mutex_m (0.2.0)
     net-http-persistent (4.0.4)
       connection_pool (~> 2.2)
-    net-imap (0.4.16)
+    net-imap (0.4.17)
       date
       net-protocol
     net-pop (0.1.2)
@@ -271,9 +272,9 @@ GEM
       net-ssh (>= 5.0.0, < 8.0.0)
     net-smtp (0.5.0)
       net-protocol
-    net-ssh (7.2.3)
+    net-ssh (7.3.0)
     netrc (0.11.0)
-    newrelic_rpm (9.13.0)
+    newrelic_rpm (9.14.0)
     oj (3.16.1)
     omni_logger (0.1.4)
       logger
@@ -342,7 +343,7 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retriable (3.1.2)
-    rexml (3.3.7)
+    rexml (3.3.8)
     rsolr (2.6.0)
       builder (>= 2.1.2)
       faraday (>= 0.9, < 3, != 2.0.0)
@@ -378,7 +379,7 @@ GEM
       rack-test
       sinatra (~> 1.4.0)
       tilt (>= 1.3, < 3)
-    sshkit (1.23.1)
+    sshkit (1.23.2)
       base64
       net-scp (>= 1.1.2)
       net-sftp (>= 2.1.2)
@@ -419,7 +420,7 @@ DEPENDENCIES
   cube-ruby
   ed25519 (>= 1.2, < 2.0)
   faraday (~> 1.9)
-  ffi
+  ffi (~> 1.16.3)
   goo!
   google-protobuf (= 3.25.3)
   haml (~> 5.2.2)
@@ -464,4 +465,4 @@ DEPENDENCIES
   webmock (~> 3.19.1)
 
 BUNDLED WITH
-   2.3.23
+   2.4.22

config/environments/config.rb.sample

@@ -87,6 +87,37 @@ LinkedData.config do |config|
         link: 'https://www.googleapis.com/oauth2/v3/userinfo'
       }
     }
+        config.ui_name                       = 'Bioportal'
+        config.title                         = 'NCBO BioPortal'
+        config.description                   = "The world's most comprehensive repository of biomedical ontologies "
+        config.color                         = '#234979'
+        config.logo                          = ''
+        config.fundedBy                      = [
+            {
+              img_src: 'https://identity.stanford.edu/wp-content/uploads/sites/3/2020/07/block-s-right.png',
+              url: 'https://www.stanford.edu',
+
+            },
+            {
+              img_src: 'https://ontoportal.org/images/logo.png',
+              url: 'https://ontoportal.org/',
+            }
+        ]
+        config.federated_portals = {
+              'agroportal' => {
+                api: 'http://data.agroportal.lirmm.fr',
+                ui: 'http://agroportal.lirmm.fr',
+                apikey: '1cfae05f-9e67-486f-820b-b393dec5764b',
+                color: '#1e2251'
+              },
+              'bioportal' => {
+                      api: 'http://data.bioontology.org',
+                      ui: 'http://bioportal.bioontology.org',
+                      apikey: '4a5011ea-75fa-4be6-8e89-f45c8c84844e',
+                      color: '#234979'
+               },
+
+        }
 end
 
 Annotator.config do |config|

controllers/home_controller.rb

@@ -4,7 +4,7 @@
 class HomeController < ApplicationController
 
   CLASS_MAP = {
-      Property: "LinkedData::Models::ObjectProperty"
+    Property: "LinkedData::Models::ObjectProperty"
   }
 
   namespace "/" do
@@ -28,14 +28,22 @@ class HomeController < ApplicationController
         next if route.length < 3 || route.split("/").length > 2
         route_no_slash = route.gsub("/", "")
         context[route_no_slash] = route_to_class_map[route].type_uri.to_s if route_to_class_map[route] && route_to_class_map[route].respond_to?(:type_uri)
-        routes_hash[route_no_slash] = LinkedData.settings.rest_url_prefix+route_no_slash
+        routes_hash[route_no_slash] = LinkedData.settings.rest_url_prefix + route_no_slash
       end
-      routes_hash["@context"] = context
-      reply ({links: routes_hash})
+
+      config = LinkedData::Models::PortalConfig.current_portal_config
+
+      federated_portals = config.federated_portals
+      federated_portals. transform_values! { |v| v.delete(:apikey) ; v }
+      config.init_federated_portals_settings(federated_portals)
+      config.id = RDF::URI.new(LinkedData.settings.id_url_prefix)
+      config.class.link_to *routes_hash.map { |key, url| LinkedData::Hypermedia::Link.new(key, url, context[key]) }
+
+      reply config
     end
 
     get "documentation" do
-      @metadata_all = metadata_all.sort {|a,b| a[0].name <=> b[0].name}
+      @metadata_all = metadata_all.sort { |a, b| a[0].name <=> b[0].name }
       haml "documentation/documentation".to_sym, :layout => "documentation/layout".to_sym
     end
 

controllers/ontology_submissions_controller.rb

@@ -140,6 +140,25 @@ class OntologySubmissionsController < ApplicationController
       end
     end
 
+    get '/:ontology_submission_id/diff' do
+      acronym = params["acronym"]
+      submission_attributes = [:submissionId, :submissionStatus, :diffFilePath]
+      ont = Ontology.find(acronym).include(:submissions => submission_attributes).first
+      error 422, "You must provide an existing `acronym` to download" if ont.nil?
+      ont.bring(:viewingRestriction)
+      check_access(ont)
+      ont_restrict_downloads = LinkedData::OntologiesAPI.settings.restrict_download
+      error 403, "License restrictions on download for #{acronym}" if ont_restrict_downloads.include? acronym
+      submission = ont.submission(params['ontology_submission_id'].to_i)
+      error 404, "There is no such submission for download" if submission.nil?
+      file_path = submission.diffFilePath
+      if File.readable? file_path
+        reply submission.parse_diff_report
+      else
+        error 500, "Cannot read submission diff file: #{file_path}"
+      end
+    end
+
     ##
     # Download a submission diff file
     get '/:ontology_submission_id/download_diff' do

docker-compose.yml

@@ -49,7 +49,7 @@ services:
       - "9393:9393"
     volumes:
       # bundle volume for hosting gems installed by bundle; it speeds up gem install in local development
-      - app_api:/srv/ontoportal/ontologies_api
+      - .:/srv/ontoportal/ontologies_api
       - repository:/srv/ontoportal/data/repository
 
   ncbo_cron:

helpers/ontology_helper.rb

@@ -20,8 +20,13 @@ def create_submission(ont)
         ont_submission.submissionId = submission_id
 
         # Get file info
-        add_file_to_submission(ont, ont_submission)
-
+        filename, tmpfile = add_file_to_submission(ont, ont_submission)
+        # if no actual file was uploaded, we remove the file parameters
+        if filename.nil? && tmpfile.nil?
+          params.delete("uploadFilePath")
+          params.delete("diffFilePath")
+        end
+
         # Add new format if it doesn't exist
         if ont_submission.hasOntologyLanguage.nil?
           error 422, "You must specify the ontology format using the `hasOntologyLanguage` parameter" if params["hasOntologyLanguage"].nil? || params["hasOntologyLanguage"].empty?

helpers/users_helper.rb

@@ -40,7 +40,9 @@ def reset_password(email, username, token)
         user = LinkedData::Models::User.where(email: email, username: username).include(User.goo_attrs_to_load(includes_param)).first
 
         error 404, "User not found" unless user
-
+
+        user.bring(:resetToken)
+        user.bring(:passwordHash)
         user.show_apikey = true
 
         [user, token.eql?(user.resetToken)]

test/controllers/test_categories_controller.rb

@@ -117,4 +117,34 @@ def test_delete_category
     get "/categories/#{acronym}"
     assert last_response.status == 404
   end
-end
+
+  def test_parent_category
+    parent_category1 = LinkedData::Models::Category.new(
+      acronym: "PARENT1",
+      name: "Parent Category 1",
+      description: "Description for Parent Category 1."
+    )
+    parent_category1.save
+
+    parent_category2 = LinkedData::Models::Category.new(
+      acronym: "PARENT2",
+      name: "Parent Category 2",
+      description: "Description for Parent Category 2."
+    )
+    parent_category2.save
+
+    category_instance = LinkedData::Models::Category.new(
+      acronym: "CAT123",
+      name: "Sample Category",
+      description: "This is a sample category.",
+      parentCategory: [parent_category1, parent_category2]
+    )
+    category_instance.save
+
+    get '/categories/CAT123'
+    fetched_category = MultiJson.load(last_response.body)
+
+    assert_equal fetched_category["parentCategory"].first , parent_category1.id.to_s
+    assert_equal fetched_category["parentCategory"].last , parent_category2.id.to_s
+  end
+end

test/controllers/test_ontology_submissions_controller.rb

@@ -474,6 +474,16 @@ def test_submissions_param_include
     test_submissions_custom_includes
   end
 
+  def test_submission_diff
+    num_onts_created, created_ont_acronyms, onts = create_ontologies_and_submissions(ont_count: 1, submission_count: 2,
+                                                                                     process_submission: true,
+                                                                                     process_options: { process_rdf: true, extract_metadata: false, diff: true} )
+
+    ont = onts.first
+    sub = ont.latest_submission(status: :any)
+
+    get "/ontologies/#{ont.acronym}/submissions/#{sub.submissionId}/diff"
+  end
   private
   def submission_keys(sub)
     sub.to_hash.keys - %w[@id @type id]

test/controllers/test_users_controller.rb

@@ -148,6 +148,18 @@ def test_oauth_authentication
     end
   end
 
+  def test_hide_sensitive_data
+    user = @@users[0]
+    reset_token = "reset_password_token"
+    user.resetToken = reset_token
+    user.save
+    username = user.username
+    get "/users/#{username}?display=resetToken,passwordHash"
+    assert last_response.ok?
+    refute_includes MultiJson.load(last_response.body), 'resetToken', "resetToken should NOT be included in the response"
+    refute_includes MultiJson.load(last_response.body), 'passwordHash', "passwordHash should NOT be included in the response"
+  end
+
   private
   def _create_admin_user(apikey: nil)
     user = {email: "#{@@username}@example.org", password: "pass_the_word", role: ['ADMINISTRATOR']}