Access token management changes and Docker issue fix

65a91b9f · Sonia Zorba · zonia3000 · f0ea301c · 65a91b9f · 65a91b9f
Commit 65a91b9f authored Mar 19, 2020 by Sonia Zorba Committed by zonia3000 Mar 19, 2020
--- a/README.md
+++ b/README.md
@@ -20,6 +20,14 @@ To run:

    docker run --env-file docker-env -d -p 8081:8081 -i -t gms:latest

+## Create the first super-admin
+
+The first super admin user must be added manually, then he/she will be able to add other administrators from the UI:
+
+    INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', '');
+
+The value `user_id` is the RAP user id.
+
 ## Command line clients

 To add a command line client first generate the sha256 of its password:

--- a/database/Dockerfile
+++ b/database/Dockerfile
 FROM library/postgres:11
 COPY gms/src/main/resources/sql/init.sql /docker-entrypoint-initdb.d/
 COPY database/user.sql /docker-entrypoint-initdb.d/
+ENV POSTGRES_HOST_AUTH_METHOD=trust
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java
@@ -23,10 +23,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
    @Override
    public Authentication extractAuthentication(Map<String, ?> map) {

-        String idToken = (String) map.get("id_token");
-
-        OAuth2AccessToken token = jwkTokenStore.readAccessToken(idToken);
+        String idTokenString = (String) map.get("id_token");
+        String accessTokenString = (String) map.get("access_token");

+        OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString);
+        OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString);
        String refreshToken = (String) map.get("refresh_token");

        Map<String, Object> claims = token.getAdditionalInformation();
@@ -36,6 +37,6 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {

        List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");

-        return new CustomAuthenticationData(principal, claims, authorities, token, refreshToken);
+        return new CustomAuthenticationData(principal, claims, authorities, accessToken, refreshToken);
    }
 }
--- a/gms/src/main/resources/application.properties
+++ b/gms/src/main/resources/application.properties
@@ -8,7 +8,7 @@ security.oauth2.client.client-secret=gms-secret
 security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token
 security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize
 security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token
-security.oauth2.client.scope=openid,email,profile
+security.oauth2.client.scope=openid,email,profile,read:rap
 security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks

 logging.level.it.inaf=TRACE