Examples with RequestContext org.sagebionetworks.bridge.RequestContext used on opensource projects

Example 1 with RequestContext

use of org.sagebionetworks.bridge.RequestContext in project BridgeServer2 by Sage-Bionetworks.

the class CRCController method httpBasicAuthentication.

/**
 * This is bound to specific “machine” accounts that are enumerated in the controller. Authentication is
 * session-less. The account itself has no administrative roles, so it can only execute these endpoints that
 * specifically allows it, in the app to which it is bound.
 */
App httpBasicAuthentication() {
    String value = request().getHeader(AUTHORIZATION);
    if (value == null || value.length() < 5) {
        throw new NotAuthenticatedException();
    }
    // Remove "Basic ";
    value = value.substring(5).trim();
    // Decode the credentials from base 64
    value = new String(Base64.getDecoder().decode(value), Charset.defaultCharset());
    // Split to username and password
    String[] credentials = value.split(":");
    if (credentials.length != 2) {
        throw new NotAuthenticatedException();
    }
    String appId = ACCOUNTS.get(credentials[0]);
    if (appId == null) {
        throw new NotAuthenticatedException();
    }
    SignIn.Builder signInBuilder = new SignIn.Builder().withAppId(appId).withPassword(credentials[1]);
    if (credentials[0].contains("@sagebase.org")) {
        signInBuilder.withEmail(credentials[0]);
    } else {
        signInBuilder.withExternalId(credentials[0]);
    }
    App app = appService.getApp(appId);
    // Verify the password
    SignIn signIn = signInBuilder.build();
    Account account = accountService.authenticate(app, signIn);
    // This method of verification sidesteps RequestContext initialization
    // through a session. Set up what is needed in the controller.
    Set<String> studies = BridgeUtils.collectStudyIds(account);
    RequestContext.Builder builder = new RequestContext.Builder().withCallerAppId(appId).withCallerRoles(account.getRoles()).withCallerUserId(account.getId()).withOrgSponsoredStudies(studies).withCallerOrgMembership(account.getOrgMembership());
    RequestContext.set(builder.build());
    return app;
}

Example 2 with RequestContext

use of org.sagebionetworks.bridge.RequestContext in project BridgeServer2 by Sage-Bionetworks.

the class BaseController method getLanguages.

/**
 * Once we acquire a language for a user, we save it and use that language going forward. Changing their
 * language in the host operating system will not change the language they are using (since changing the
 * language might change their consent state). If they change their language by updating their UserProfile,
 * then they may have to reconsent in the new language they are using for the app. Any warnings to
 * that effect will need to be included in the application.
 */
List<String> getLanguages(UserSession session) {
    StudyParticipant participant = session.getParticipant();
    if (!participant.getLanguages().isEmpty()) {
        return participant.getLanguages();
    }
    RequestContext reqContext = RequestContext.get();
    List<String> languages = reqContext.getCallerLanguages();
    if (!languages.isEmpty()) {
        AccountId accountId = AccountId.forHealthCode(session.getAppId(), session.getHealthCode());
        accountService.editAccount(accountId, account -> account.setLanguages(languages));
        CriteriaContext newContext = new CriteriaContext.Builder().withLanguages(languages).withClientInfo(reqContext.getCallerClientInfo()).withHealthCode(session.getHealthCode()).withUserId(session.getId()).withUserDataGroups(session.getParticipant().getDataGroups()).withUserStudyIds(session.getParticipant().getStudyIds()).withAppId(session.getAppId()).build();
        sessionUpdateService.updateLanguage(session, newContext);
    }
    return languages;
}

Example 3 with RequestContext

use of org.sagebionetworks.bridge.RequestContext in project BridgeServer2 by Sage-Bionetworks.

the class AuthenticationServiceTest method getSessionFromAccount.

// Most of the other behaviors are tested in other methods. This test specifically tests the session created has
// the correct attributes.
@Test
public void getSessionFromAccount() {
    // Create inputs.
    App app = App.create();
    app.setIdentifier(TEST_APP_ID);
    app.setReauthenticationEnabled(true);
    setIpAddress(IP_ADDRESS);
    CriteriaContext context = new CriteriaContext.Builder().withAppId(TEST_APP_ID).build();
    Account account = Account.create();
    account.setId(TEST_USER_ID);
    StudyParticipant participant = new StudyParticipant.Builder().copyOf(PARTICIPANT).withOrgMembership(TEST_ORG_ID).build();
    // Mock pre-reqs.
    when(participantService.getParticipant(any(), any(Account.class), anyBoolean())).thenReturn(participant);
    when(config.getEnvironment()).thenReturn(Environment.LOCAL);
    when(consentService.getConsentStatuses(any(), any())).thenReturn(CONSENTED_STATUS_MAP);
    when(service.generateReauthToken()).thenReturn(REAUTH_TOKEN);
    when(sponsorService.getSponsoredStudyIds(TEST_APP_ID, TEST_ORG_ID)).thenReturn(USER_STUDY_IDS);
    // Execute and validate.
    UserSession session = service.getSessionFromAccount(app, context, account);
    assertSame(session.getParticipant(), participant);
    assertNotNull(session.getSessionToken());
    assertNotNull(session.getInternalSessionToken());
    assertTrue(session.isAuthenticated());
    assertEquals(session.getEnvironment(), Environment.LOCAL);
    assertEquals(session.getIpAddress(), IP_ADDRESS);
    assertEquals(session.getAppId(), TEST_APP_ID);
    assertEquals(session.getReauthToken(), REAUTH_TOKEN);
    assertEquals(session.getConsentStatuses(), CONSENTED_STATUS_MAP);
    verify(accountSecretDao).createSecret(AccountSecretType.REAUTH, TEST_USER_ID, REAUTH_TOKEN);
    RequestContext retValue = RequestContext.updateFromSession(session, sponsorService);
    assertEquals(retValue.getCallerAppId(), TEST_APP_ID);
    assertEquals(retValue.getOrgSponsoredStudies(), USER_STUDY_IDS);
    assertEquals(retValue.getCallerUserId(), TEST_USER_ID);
    assertEquals(retValue.getCallerOrgMembership(), TEST_ORG_ID);
}

Example 4 with RequestContext

use of org.sagebionetworks.bridge.RequestContext in project BridgeServer2 by Sage-Bionetworks.

the class EnrollmentService method getEnrollmentsForUser.

public List<EnrollmentDetail> getEnrollmentsForUser(String appId, @Nullable String studyId, String userIdToken) {
    checkNotNull(appId);
    checkNotNull(userIdToken);
    // verify the study exists if it is passed in
    if (studyId != null) {
        studyService.getStudy(appId, studyId, true);
    }
    // Developers accessing production accounts will be prevented by getAccount()
    AccountId accountId = BridgeUtils.parseAccountId(appId, userIdToken);
    Account account = accountService.getAccount(accountId).orElseThrow(() -> new EntityNotFoundException(Account.class));
    // Study-scoped users must have access to the study, roles like developer/researcher/admin are also OK
    CAN_EDIT_ENROLLMENTS.checkAndThrow(STUDY_ID, studyId, USER_ID, account.getId());
    // Global roles can see all enrollments, but study-scoped roles only see studies they are associated to
    RequestContext context = RequestContext.get();
    Set<String> studyIds = context.isInRole(ImmutableSet.of(DEVELOPER, RESEARCHER, ADMIN)) ? ImmutableSet.of() : context.getOrgSponsoredStudies();
    return enrollmentDao.getEnrollmentsForUser(appId, studyIds, account.getId());
}

Example 5 with RequestContext

use of org.sagebionetworks.bridge.RequestContext in project BridgeServer2 by Sage-Bionetworks.

the class StudyService method deleteStudyPermanently.

public void deleteStudyPermanently(String appId, String studyId) {
    checkNotNull(appId);
    checkNotNull(studyId);
    Study existing = getStudy(appId, studyId, true);
    RequestContext context = RequestContext.get();
    if (!CAN_DELETE_STUDY.contains(existing.getPhase()) && !context.isInRole(ADMIN)) {
        throw new BadRequestException("Study cannot be deleted during phase " + existing.getPhase().label());
    }
    String scheduleGuid = existing.getScheduleGuid();
    studyDao.deleteStudyPermanently(appId, studyId);
    if (scheduleGuid != null) {
        scheduleService.deleteSchedulePermanently(appId, scheduleGuid);
    }
    CacheKey cacheKey = CacheKey.publicStudy(appId, studyId);
    cacheProvider.removeObject(cacheKey);
}