Search in sources :

Example 1 with OauthProfile

use of edu.sdsc.globusauth.model.OauthProfile in project COSMIC-CryoEM-Gateway by cianfrocco-lab.

the class ProfileManager method load.

public OauthProfile load(String identityId) {
    OauthProfile profile = null;
    // getCurrentSession();
    Session session = HibernateUtil.getSessionFactory().openSession();
    session.beginTransaction();
    Query query = session.createQuery("FROM OauthProfile WHERE identityId = :identity");
    query.setParameter("identity", identityId);
    List<OauthProfile> profiles = query.list();
    if (profiles != null && profiles.size() > 0)
        profile = (OauthProfile) profiles.get(0);
    session.getTransaction().commit();
    return profile;
}
Also used : Query(org.hibernate.query.Query) OauthProfile(edu.sdsc.globusauth.model.OauthProfile) Session(org.hibernate.Session)

Example 2 with OauthProfile

use of edu.sdsc.globusauth.model.OauthProfile in project COSMIC-CryoEM-Gateway by cianfrocco-lab.

the class ProfileAction method execute.

public String execute() throws Exception {
    // User profile information. Assocated with a Globus Auth identity.
    if (request.getMethod().equals(OauthConstants.HTTP_GET)) {
        String identity_id = (String) getSession().get(OauthConstants.PRIMARY_IDENTITY);
        logger.info("Profile: " + identity_id);
        OauthProfile db_profile = profileManager.load(identity_id);
        if (db_profile == null) {
            profileManager.add(profile);
        } else {
            getSession().put(OauthConstants.EMAIL, db_profile.getEmail());
            getSession().put(OauthConstants.FIRST_NAME, db_profile.getFirstName());
            getSession().put(OauthConstants.LAST_NAME, db_profile.getLastName());
            getSession().put(OauthConstants.INSTITUTION, db_profile.getInstitution());
        }
        return SUCCESS;
    } else if (request.getMethod().equals(OauthConstants.HTTP_POST)) {
        if (validateProfile()) {
            OauthProfile form_profile = getProfile();
            getSession().put(OauthConstants.EMAIL, form_profile.getEmail());
            getSession().put(OauthConstants.FIRST_NAME, form_profile.getFirstName());
            getSession().put(OauthConstants.LAST_NAME, form_profile.getLastName());
            getSession().put(OauthConstants.INSTITUTION, form_profile.getInstitution());
            form_profile.setIdentityId((String) getSession().get(OauthConstants.PRIMARY_IDENTITY));
            // form_profile.setUserName((String) getSession().get(OauthConstants.PRIMARY_USERNAME));
            logger.info(form_profile);
            try {
                profileManager.update(form_profile);
                // profileManager.updateUser(form_profile);
                if (updateUserInfo(form_profile)) {
                    reportUserMessage((String) getSession().get(OauthConstants.PRIMARY_USERNAME) + " was updated.");
                } else {
                    reportUserError((String) getSession().get(OauthConstants.PRIMARY_USERNAME) + " was not updated.");
                }
            } catch (Exception e) {
                reportError(e, (String) getSession().get(OauthConstants.PRIMARY_USERNAME) + " was not updated.");
            // e.printStackTrace();
            }
        }
        return SUCCESS;
    } else {
        return "failure";
    }
}
Also used : OauthProfile(edu.sdsc.globusauth.model.OauthProfile)

Example 3 with OauthProfile

use of edu.sdsc.globusauth.model.OauthProfile in project COSMIC-CryoEM-Gateway by cianfrocco-lab.

the class AuthCallbackAction method globuslogin.

public String globuslogin() throws Exception {
    // Handles the interaction with Globus Auth and does oauth flow
    // checks for errors, if so redirects back to home
    Enumeration<String> paramNames = request.getParameterNames();
    if (paramNames != null) {
        while (paramNames.hasMoreElements()) {
            if (paramNames.nextElement().contains(OauthConstants.ERROR)) {
                logger.error("You could not be logged into the portal: " + request.getParameter(OauthConstants.ERROR));
                // response.sendRedirect("");
                return "failure";
            }
        }
    }
    // Set up our Globus Auth/OAuth2 state
    config = OauthUtils.getConfig(OauthConstants.OAUTH_PORPS);
    String scopeString = config.getProperty(OauthConstants.SCOPES);
    List<String> scopes = Arrays.asList(scopeString.split(","));
    String auth_uri = config.getProperty(OauthConstants.AUTH_URI);
    GenericUrl token_server_url = new GenericUrl(config.getProperty(OauthConstants.TOKEN_SERVER_URL));
    String client_id = config.getProperty(OauthConstants.CLIENT_ID);
    String client_secret = config.getProperty(OauthConstants.CLIENT_SECRET);
    String dataset_endpoint_id = config.getProperty(OauthConstants.DATASET_ENDPOINT_ID);
    String dataset_endpoint_base = config.getProperty(OauthConstants.DATASET_ENDPOINT_BASE);
    String dataset_endpoint_name = config.getProperty(OauthConstants.DATASET_ENDPOINT_NAME);
    String endpoint_activation_uri = config.getProperty(OauthConstants.ENDPOINT_ACTIVATION_URI);
    // creates builder for flow object, necessary for oauth flow
    AuthorizationCodeFlow.Builder flowBuilder = new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), new NetHttpTransport(), jsonFactory, token_server_url, new BasicAuthentication(client_id, client_secret), client_id, auth_uri).setScopes(scopes);
    // checks if user logged in or signed up, if signed up then adds "?signup=1" to the url
    if (Boolean.valueOf(request.getParameter(OauthConstants.SIGNUP))) {
        flowBuilder.setAuthorizationServerEncodedUrl(flowBuilder.getAuthorizationServerEncodedUrl() + OauthConstants.SIGNUP_PARAM);
    }
    // Create the flow object which mediates the Oauth flow steps
    AuthorizationCodeFlow flow = flowBuilder.build();
    String redirect_uri = config.getProperty(OauthConstants.REDIRECT_URI);
    // If there's no 'code' query string parameter, we're in this route starting a Globus Auth login
    // flow
    paramNames = request.getParameterNames();
    boolean codename_check = false;
    if (paramNames != null) {
        while (paramNames.hasMoreElements()) {
            if (paramNames.nextElement().contains(OauthConstants.CODE)) {
                codename_check = true;
                break;
            }
        }
    }
    if (!codename_check) {
        // String state = UUID.randomUUID().toString();
        String state = new BigInteger(130, new SecureRandom()).toString(32);
        // This is building the step 1: requesting a code
        authurl = flow.newAuthorizationUrl().setState(state).setRedirectUri(redirect_uri).build();
        // Remembers the random UUID to ensure that the same login flow continues once
        // redirected back to the client
        getSession().put(OauthConstants.OAUTH2_STATE, state);
        // response.sendRedirect(url);
        reportUserMessage("Redirect auth url: " + authurl);
        return "authredirect";
    } else {
        // If we do have a "code" param, we're coming back from Globus Auth
        // and can start the process of exchanging an auth code for a token.
        String passed_state = request.getParameter(OauthConstants.STATE);
        // client
        if (!passed_state.isEmpty() && passed_state.equals(getSession().get(OauthConstants.OAUTH2_STATE))) {
            String code = request.getParameter(OauthConstants.CODE);
            TokenResponse tokenResponse = null;
            Boolean isErrorFree = true;
            try {
                // This is step 2: exchanging the code for an Auth Token
                tokenResponse = flow.newTokenRequest(code).setRedirectUri(redirect_uri).execute();
            } catch (IOException e) {
                isErrorFree = false;
                logger.error("Caught: " + e);
                logger.error("Details: " + ((TokenResponseException) e).getDetails());
            }
            boolean redirect_flag = true;
            if (isErrorFree) {
                getSession().remove(OauthConstants.OAUTH2_STATE);
                // Parsing about the user
                logger.info("Token: " + tokenResponse.toPrettyString());
                IdToken id_token = IdToken.parse(jsonFactory, (String) tokenResponse.get(OauthConstants.ID_TOKEN));
                logger.info("Id token: " + id_token.toString());
                logger.info("Other tokens: " + tokenResponse.get("other_tokens"));
                ArrayList<ArrayMap> otokens = (ArrayList<ArrayMap>) tokenResponse.get("other_tokens");
                // for (ArrayMap js: jp) {
                // for (Object k: js.keySet())
                // logger.info("JS key: "+(String)k+" value: "+ js.get(k));
                // }
                String name = (String) id_token.getPayload().get(OauthConstants.NAME);
                String[] names = name.split(" ");
                String username = (String) id_token.getPayload().get(OauthConstants.PREFERRED_USERNAME);
                String email = (String) id_token.getPayload().get(OauthConstants.EMAIL);
                String identity = (String) id_token.getPayload().get(OauthConstants.SUB);
                String linkusername = null;
                // Step 3: Create the Credential object, which stores the Auth Token
                // Credential credentials = flow.createAndStoreCredential(tokenResponse, name);
                // logger.info("Credential: " + credentials.refreshToken());
                // logger.info("Credential: "+credentials.getJsonFactory().toPrettyString("other_tokens"));
                // String accesstoken = credentials.getAccessToken();
                String accesstoken = (String) ((ArrayMap) otokens.get(0)).get("access_token");
                // Stores the Credential and information about user as well as flags that the user has
                // been authenticated/logged in
                // getSession().put(OauthConstants.CREDENTIALS, credentials);
                /*
                    //create user directory on XSEDE repository
                    TransferAction txaction = new TransferAction(accesstoken,username);
                    logger.info("XSEDE Endpoint status......");
                    if (!txaction.endpointStatus(dataset_endpoint_id)) {
                        logger.info("XSEDE Endpoint activation....");
                        if (!txaction.delegateProxyActivation(dataset_endpoint_id)) {
                            logger.error("Unable to auto activate XSEDE endpoint, exiting");
                            return "failure";
                        }
                    }
                    txaction.createUserDir(dataset_endpoint_id, dataset_endpoint_base + username);
                    */
                OauthProfile db_profile = profileManager.load(identity);
                if (db_profile == null) {
                    // profile.setUserId(00001L);
                    profile.setUsername(username);
                    profile.setLinkUsername(username);
                    profile.setIdentityId(identity);
                    profile.setFirstName(names[0]);
                    profile.setLastName(names[1]);
                    profile.setEmail(email);
                    profile.setInstitution("");
                    // profile = profileManager.add(profile);
                    long userid = registerUser();
                    if (userid == -1L)
                        return "failure";
                    profile.setUserId(userid);
                    profileManager.addUser(profile);
                    getSession().put("user_id", userid);
                    getSession().put(OauthConstants.EMAIL, email);
                    getSession().put(OauthConstants.FIRST_NAME, names[0]);
                    getSession().put(OauthConstants.LAST_NAME, names[1]);
                    getSession().put(OauthConstants.INSTITUTION, "");
                } else {
                    // transfer
                    redirect_flag = false;
                    profile.setEmail(db_profile.getEmail());
                    profile.setIdentityId(db_profile.getIdentityId());
                    if (!activateLogin(null, db_profile.getLinkUsername()))
                        return "failure";
                    getSession().put("user_id", db_profile.getUserId());
                    getSession().put(OauthConstants.EMAIL, db_profile.getEmail());
                    getSession().put(OauthConstants.FIRST_NAME, db_profile.getFirstName());
                    getSession().put(OauthConstants.LAST_NAME, db_profile.getLastName());
                    getSession().put(OauthConstants.INSTITUTION, db_profile.getInstitution());
                    // update transfer record
                    List<String> tr = profileManager.loadRecord(db_profile.getUserId());
                    if (tr != null && tr.size() > 0) {
                        TransferAction txaction = new TransferAction(accesstoken, username);
                        for (String taskid : tr) profileManager.updateRecord(txaction.updateTask(taskid, null));
                    }
                // return "transfer";
                }
                linkusername = profile.getLinkUsername();
                getSession().put(OauthConstants.CREDENTIALS, accesstoken);
                getSession().put(OauthConstants.ID_TOKEN, id_token);
                getSession().put(OauthConstants.IS_AUTHENTICATED, true);
                getSession().put(OauthConstants.PRIMARY_USERNAME, username);
                // getSession().put("link_username", linkusername);
                getSession().put(OauthConstants.PRIMARY_IDENTITY, identity);
                getSession().put(OauthConstants.ENDPOINT_ACTIVATION_URI, endpoint_activation_uri);
                // initial setup for source and destination endpoint
                getSession().put(OauthConstants.DATASET_ENDPOINT_ID, dataset_endpoint_id);
                getSession().put(OauthConstants.DATASET_ENDPOINT_BASE, dataset_endpoint_base + linkusername + "/");
                getSession().put(OauthConstants.DATASET_ENDPOINT_NAME, dataset_endpoint_name);
                getSession().put(OauthConstants.DEST_BOOKMARK_ID, "XSERVER");
                getSession().put(OauthConstants.DEST_ENDPOINT_ID, dataset_endpoint_id);
                getSession().put(OauthConstants.DEST_ENDPOINT_PATH, dataset_endpoint_base + linkusername + "/");
                getSession().put(OauthConstants.DEST_ENDPOINT_NAME, dataset_endpoint_name);
                getSession().put(OauthConstants.DEST_DISP_NAME, dataset_endpoint_name);
                // in case, the source is Comet
                /*
                    getSession().put(OauthConstants.SRC_BOOKMARK_ID,"XSERVER");
                    getSession().put(OauthConstants.SRC_ENDPOINT_ID,dataset_endpoint_id);
                    getSession().put(OauthConstants.SRC_ENDPOINT_PATH,dataset_endpoint_base+linkusername+"/");
                    getSession().put(OauthConstants.SRC_ENDPOINT_NAME,dataset_endpoint_name);
                    getSession().put(OauthConstants.SRC_DISP_NAME,dataset_endpoint_name);
                    */
                EndpointListAction iplistaction = new EndpointListAction(accesstoken, username);
                // iplistaction.my_endpoint_list();
                // List<Map<String,Object>> bookmarklist = iplistaction.getBookmarklist();
                List<Map<String, Object>> bookmarklist = iplistaction.my_bookmark_list();
                if (bookmarklist != null && bookmarklist.size() > 0) {
                    boolean flag = false;
                    for (int i = 0; i < bookmarklist.size(); i++) {
                        Map<String, Object> bmmap = bookmarklist.get(i);
                        String bname = (String) bmmap.get("name");
                        String[] bnamea = bname.split("::");
                        if (bnamea.length == 2) {
                            flag = true;
                            if (bnamea[1].equals("SOURCE")) {
                                // in case the source is Comet
                                /*
                                    getSession().put(OauthConstants.SRC_BOOKMARK_ID, (String) bmmap.get("id"));
                                    getSession().put(OauthConstants.SRC_ENDPOINT_ID, (String) bmmap.get("endpoint_id"));
                                    getSession().put(OauthConstants.SRC_ENDPOINT_NAME, bname);
                                    getSession().put(OauthConstants.SRC_DISP_NAME, bname.split("::")[0]);
                                    getSession().put(OauthConstants.SRC_ENDPOINT_PATH, (String) bmmap.get("path"));

                                    getSession().put(OauthConstants.DEST_BOOKMARK_ID, "XSERVER");
                                    getSession().put(OauthConstants.DEST_ENDPOINT_ID, dataset_endpoint_id);
                                    getSession().put(OauthConstants.DEST_ENDPOINT_NAME, dataset_endpoint_name);
                                    getSession().put(OauthConstants.DEST_DISP_NAME, dataset_endpoint_name);
                                    getSession().put(OauthConstants.DEST_ENDPOINT_PATH, dataset_endpoint_base + linkusername + "/");
                                    */
                                getSession().put(OauthConstants.SRC_BOOKMARK_ID, (String) bmmap.get("id"));
                                getSession().put(OauthConstants.SRC_ENDPOINT_ID, (String) bmmap.get("endpoint_id"));
                                getSession().put(OauthConstants.SRC_ENDPOINT_NAME, bname);
                                getSession().put(OauthConstants.SRC_DISP_NAME, bname.split("::")[0]);
                                getSession().put(OauthConstants.SRC_ENDPOINT_PATH, (String) bmmap.get("path"));
                            } else {
                                getSession().put(OauthConstants.SRC_BOOKMARK_ID, "XSERVER");
                                getSession().put(OauthConstants.SRC_ENDPOINT_ID, dataset_endpoint_id);
                                getSession().put(OauthConstants.SRC_ENDPOINT_NAME, dataset_endpoint_name);
                                getSession().put(OauthConstants.SRC_DISP_NAME, dataset_endpoint_name);
                                getSession().put(OauthConstants.SRC_ENDPOINT_PATH, dataset_endpoint_base + linkusername + "/");
                                getSession().put(OauthConstants.DEST_BOOKMARK_ID, (String) bmmap.get("id"));
                                getSession().put(OauthConstants.DEST_ENDPOINT_ID, (String) bmmap.get("endpoint_id"));
                                getSession().put(OauthConstants.DEST_ENDPOINT_PATH, (String) bmmap.get("path"));
                                getSession().put(OauthConstants.DEST_ENDPOINT_NAME, bname);
                                getSession().put(OauthConstants.DEST_DISP_NAME, bname.split("::")[0]);
                            // in case, the source is Comet
                            /*
                                    getSession().put(OauthConstants.DEST_BOOKMARK_ID, (String) bmmap.get("id"));
                                    getSession().put(OauthConstants.DEST_ENDPOINT_ID, (String) bmmap.get("endpoint_id"));
                                    getSession().put(OauthConstants.DEST_ENDPOINT_PATH, (String) bmmap.get("path"));
                                    getSession().put(OauthConstants.DEST_ENDPOINT_NAME, bname);
                                    getSession().put(OauthConstants.DEST_DISP_NAME, bname.split("::")[0]);
                                    */
                            }
                            break;
                        }
                    }
                    if (!flag) {
                        Map<String, Object> bmmap = bookmarklist.get(0);
                        String bm_id = (String) bmmap.get("id");
                        String bname = (String) bmmap.get("name");
                        // in case, the destination is Comet
                        /*
                            bname += "::DEST";
                            logger.info("update bookmark: "+bm_id);
                            iplistaction.updateBookmark(bm_id,bname);
                            getSession().put(OauthConstants.DEST_BOOKMARK_ID, bm_id);
                            getSession().put(OauthConstants.DEST_ENDPOINT_ID, (String) bmmap.get("endpoint_id"));
                            getSession().put(OauthConstants.DEST_ENDPOINT_NAME, bname);
                            getSession().put(OauthConstants.DEST_DISP_NAME, (String) bmmap.get("disp_name"));
                            getSession().put(OauthConstants.DEST_ENDPOINT_PATH, (String) bmmap.get("path"));
                            */
                        bname += "::SOURCE";
                        logger.info("update bookmark: " + bm_id);
                        iplistaction.updateBookmark(bm_id, bname);
                        getSession().put(OauthConstants.SRC_BOOKMARK_ID, bm_id);
                        getSession().put(OauthConstants.SRC_ENDPOINT_ID, (String) bmmap.get("endpoint_id"));
                        getSession().put(OauthConstants.SRC_ENDPOINT_NAME, bname);
                        getSession().put(OauthConstants.SRC_DISP_NAME, (String) bmmap.get("disp_name"));
                        getSession().put(OauthConstants.SRC_ENDPOINT_PATH, (String) bmmap.get("path"));
                    }
                } else {
                    // return "dataendpoints";
                    return "transfer";
                }
            }
            if (redirect_flag) {
                return "profileredirect";
            } else {
                return SUCCESS;
            }
        } else {
            OAuthSystemException oauth_ex = new OAuthSystemException("Mismatching Oauth States");
            reportError(oauth_ex, "Mismatching Oauth States");
            return "failure";
        // Something went wrong with state value matching
        // throw new OAuthSystemException("Mismatching Oauth States");
        }
    }
}
Also used : JsonString(com.google.api.client.json.JsonString) GenericUrl(com.google.api.client.http.GenericUrl) NetHttpTransport(com.google.api.client.http.javanet.NetHttpTransport) IdToken(com.google.api.client.auth.openidconnect.IdToken) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) SecureRandom(java.security.SecureRandom) ArrayMap(com.google.api.client.util.ArrayMap) IOException(java.io.IOException) BasicAuthentication(com.google.api.client.http.BasicAuthentication) BigInteger(java.math.BigInteger) OauthProfile(edu.sdsc.globusauth.model.OauthProfile) ArrayMap(com.google.api.client.util.ArrayMap)

Aggregations

OauthProfile (edu.sdsc.globusauth.model.OauthProfile)3 IdToken (com.google.api.client.auth.openidconnect.IdToken)1 BasicAuthentication (com.google.api.client.http.BasicAuthentication)1 GenericUrl (com.google.api.client.http.GenericUrl)1 NetHttpTransport (com.google.api.client.http.javanet.NetHttpTransport)1 JsonString (com.google.api.client.json.JsonString)1 ArrayMap (com.google.api.client.util.ArrayMap)1 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 SecureRandom (java.security.SecureRandom)1 OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1 Session (org.hibernate.Session)1 Query (org.hibernate.query.Query)1