use of bio.terra.externalcreds.ExternalCredsException in project terra-external-credentials-manager by DataBiosphere.
the class ProviderService method getRefreshedPassportsAndVisas.
private LinkedAccountWithPassportAndVisas getRefreshedPassportsAndVisas(LinkedAccount linkedAccount) {
var clientRegistration = providerClientCache.getProviderClient(linkedAccount.getProviderName()).orElseThrow(() -> new ExternalCredsException(String.format("Unable to find configs for the provider: %s", linkedAccount.getProviderName())));
var accessTokenResponse = oAuth2Service.authorizeWithRefreshToken(clientRegistration, new OAuth2RefreshToken(linkedAccount.getRefreshToken(), null));
// save the linked account with the new refresh token and extracted passport
var linkedAccountWithRefreshToken = Optional.ofNullable(accessTokenResponse.getRefreshToken()).map(refreshToken -> linkedAccountService.upsertLinkedAccount(linkedAccount.withRefreshToken(refreshToken.getTokenValue()))).orElse(linkedAccount);
// update the passport and visas
var userInfo = oAuth2Service.getUserInfo(clientRegistration, accessTokenResponse.getAccessToken());
return jwtUtils.enrichAccountWithPassportAndVisas(linkedAccountWithRefreshToken, userInfo);
}
use of bio.terra.externalcreds.ExternalCredsException in project terra-external-credentials-manager by DataBiosphere.
the class ProviderService method authAndRefreshPassport.
@VisibleForTesting
void authAndRefreshPassport(LinkedAccount linkedAccount) {
if (linkedAccount.getExpires().before(Timestamp.from(Instant.now()))) {
invalidateLinkedAccount(linkedAccount);
} else {
try {
var linkedAccountWithRefreshedPassport = getRefreshedPassportsAndVisas(linkedAccount);
linkedAccountService.upsertLinkedAccountWithPassportAndVisas(linkedAccountWithRefreshedPassport);
auditLogger.logEvent(new AuditLogEvent.Builder().auditLogEventType(AuditLogEventType.LinkRefreshed).providerName(linkedAccount.getProviderName()).userId(linkedAccount.getUserId()).build());
} catch (IllegalArgumentException iae) {
throw new ExternalCredsException(String.format("Could not contact issuer for provider %s", linkedAccount.getProviderName()), iae);
} catch (OAuth2AuthorizationException oauthEx) {
// if it looks like the refresh token will never work, delete the passport
if (unrecoverableOAuth2ErrorCodes.contains(getRootOAuth2ErrorCode(oauthEx))) {
log.info(String.format("Caught unrecoverable oauth2 error code refreshing passport for user id [%s].", linkedAccount.getUserId()), oauthEx);
if (linkedAccount.getId().isEmpty()) {
throw new ExternalCredsException("linked account id missing");
}
invalidateLinkedAccount(linkedAccount);
} else {
// log and try again later
throw new ExternalCredsException("Failed to refresh passport: ", oauthEx);
}
}
}
}
use of bio.terra.externalcreds.ExternalCredsException in project terra-external-credentials-manager by DataBiosphere.
the class EventPublisher method publishAuthorizationChangeEvent.
public void publishAuthorizationChangeEvent(AuthorizationChangeEvent event) {
authorizationChangeEventPublisher.ifPresent(publisher -> {
try {
var message = PubsubMessage.newBuilder().setData(ByteString.copyFromUtf8(objectMapper.writeValueAsString(event))).build();
var apiFuture = publisher.publish(message);
ApiFutures.addCallback(apiFuture, new ApiFutureCallback<>() {
@Override
public void onFailure(Throwable throwable) {
log.error("failure publishing authorization change event", throwable);
}
@Override
public void onSuccess(String messageId) {
}
}, MoreExecutors.directExecutor());
} catch (JsonProcessingException e) {
throw new ExternalCredsException("json exception writing authorization change event:" + event, e);
}
});
}
use of bio.terra.externalcreds.ExternalCredsException in project terra-external-credentials-manager by DataBiosphere.
the class OidcApiController method getUserIdFromSam.
private String getUserIdFromSam() {
try {
var header = request.getHeader("authorization");
if (header == null)
throw new UnauthorizedException("User is not authorized");
var accessToken = BearerTokenParser.parse(header);
return samService.samUsersApi(accessToken).getUserStatusInfo().getUserSubjectId();
} catch (ApiException e) {
throw new ExternalCredsException(e, e.getCode() == HttpStatus.NOT_FOUND.value() ? HttpStatus.FORBIDDEN : HttpStatus.INTERNAL_SERVER_ERROR);
}
}
use of bio.terra.externalcreds.ExternalCredsException in project terra-external-credentials-manager by DataBiosphere.
the class EventPublisher method shutdownPublisher.
@PreDestroy
void shutdownPublisher() {
authorizationChangeEventPublisher.ifPresent(publisher -> {
try {
publisher.shutdown();
publisher.awaitTermination(1, TimeUnit.MINUTES);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new ExternalCredsException("publisher shutdown interrupted", e);
}
});
}
Aggregations