Changes in set permission and CLI

9f5fae50 · Sonia Zorba · c67052b0 · 9f5fae50 · 9f5fae50 · 9f5fae50
Commit 9f5fae50 authored Aug 23, 2020 by Sonia Zorba
--- a/README.md
+++ b/README.md
@@ -28,17 +28,6 @@ The first super admin user must be added manually, then he/she will be able to a

 The value `user_id` is the RAP user id.

-## Command line clients
-
-To add a command line client first generate the sha256 of its password:
-
-    echo -n password | sha256sum
-
-Then insert the client line into the database:
-
-    INSERT INTO gms_client (client_id, client_secret, allowed_actions, ip_filter)
-    VALUES ('test', '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08', '{"*"}', NULL);
-
 ## Developer notes

 Backend and frontend are 2 separate applications:

--- a/gms-client/gms-cli/src/main/java/it/inaf/ia2/gms/cli/CLI.java
+++ b/gms-client/gms-cli/src/main/java/it/inaf/ia2/gms/cli/CLI.java
@@ -178,6 +178,13 @@ public class CLI {
                client.removeMember(args[argIndex + 1], args[argIndex + 2]);
                System.out.println("Member removed");
                break;
+            case "set-permission":
+                if (argIndex + 3 >= args.length) {
+                    displayUsage();
+                }
+                client.setPermission(args[argIndex + 1], args[argIndex + 2], Permission.valueOf(args[argIndex + 3]));
+                System.out.println("Permission changed");
+                break;
            case "add-permission":
                if (argIndex + 3 >= args.length) {
                    displayUsage();
@@ -220,6 +227,7 @@ public class CLI {
                + "    delete-group <name1.name2.name3>\n"
                + "    add-member <name1.name2.name3> <user_id>\n"
                + "    remove-member <name1.name2.name3> <user_id>\n"
+                + "    set-permission <name1.name2.name3> <user_id> <permission>\n"
                + "    add-permission <name1.name2.name3> <user_id> <permission>\n"
                + "    delete-permission <name1.name2.name3> <user_id>\n"
                + "    get-member-email-addresses <name1.name2.name3> [<permission>]");

--- a/gms-client/gms-client-lib/src/main/java/it/inaf/ia2/gms/client/GmsClient.java
+++ b/gms-client/gms-client-lib/src/main/java/it/inaf/ia2/gms/client/GmsClient.java
@@ -13,6 +13,7 @@ import it.inaf.ia2.gms.client.call.GetUserPermissionsCall;
 import it.inaf.ia2.gms.client.call.ListGroupsCall;
 import it.inaf.ia2.gms.client.call.RemoveMemberCall;
 import it.inaf.ia2.gms.client.call.RemovePermissionCall;
+import it.inaf.ia2.gms.client.call.SetPermissionCall;
 import it.inaf.ia2.gms.client.model.GroupPermission;
 import it.inaf.ia2.gms.client.model.Permission;
 import it.inaf.ia2.gms.client.model.UserPermission;
@@ -64,6 +65,10 @@ public class GmsClient {
        new AddPermissionCall(httpClientWrapper).addPermission(completeGroupName, userId, permission);
    }

+    public void setPermission(String completeGroupName, String userId, Permission permission) {
+        new SetPermissionCall(httpClientWrapper).setPermission(completeGroupName, userId, permission);
+    }
+
    public void removePermission(String completeGroupName, String userId) {
        new RemovePermissionCall(httpClientWrapper).removePermission(completeGroupName, userId);
    }

--- a/gms-client/gms-client-lib/src/main/java/it/inaf/ia2/gms/client/call/SetPermissionCall.java
+++ b/gms-client/gms-client-lib/src/main/java/it/inaf/ia2/gms/client/call/SetPermissionCall.java
+package it.inaf.ia2.gms.client.call;
+
+import static it.inaf.ia2.gms.client.call.BaseGmsCall.logServerErrorInputStream;
+import it.inaf.ia2.gms.client.model.Permission;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+
+public class SetPermissionCall extends BaseGmsCall {
+
+    public SetPermissionCall(HttpClientWrapper clientWrapper) {
+        super(clientWrapper);
+    }
+
+    public boolean setPermission(String completeGroupName, String userId, Permission permission) {
+
+        String endpoint = "permission";
+        if (completeGroupName != null && !completeGroupName.isBlank()) {
+            endpoint += "/" + completeGroupName;
+        }
+
+        HttpRequest.BodyPublisher requestBody = HttpRequest.BodyPublishers.ofString(
+                "user_id=" + userId + "&permission=" + permission);
+
+        HttpRequest groupsRequest = newHttpRequest(endpoint)
+                .header("Accept", "text/plain")
+                .header("Content-Type", "application/x-www-form-urlencoded")
+                .PUT(requestBody)
+                .build();
+
+        return getClient().sendAsync(groupsRequest, HttpResponse.BodyHandlers.ofInputStream())
+                .thenApply(response -> {
+                    if (response.statusCode() == 200) {
+                        return true;
+                    }
+                    logServerErrorInputStream(groupsRequest, response);
+                    throw new IllegalStateException("Unable to set permission");
+                }).join();
+    }
+}
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
@@ -59,6 +59,6 @@ public class SessionData {
    }

    public long getExpiresIn() {
-        return (System.currentTimeMillis() - expiration) / 1000;
+        return (expiration - System.currentTimeMillis()) / 1000;
    }
 }
--- a/gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java
@@ -37,6 +37,7 @@ import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
@@ -254,23 +255,16 @@ public class JWTWebServiceController {
        }
    }

-    @PostMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE)
-    public void addPermission(@PathVariable("group") Optional<String> groupNames, HttpServletRequest request, HttpServletResponse response) throws IOException {
-
-        String targetUserId = request.getParameter("user_id");
-        if (targetUserId == null) {
-            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing user_id parameter");
-            return;
-        }
-        String permissionParam = request.getParameter("permission");
-        if (permissionParam == null) {
-            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing permission parameter");
-            return;
-        }
-
+    @PostMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    public void addPermission(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String targetUserId, @RequestParam("permission") Permission permission) throws IOException {
        GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
+        permissionsManager.addPermission(groupEntity, targetUserId, permission);
+    }

-        permissionsManager.addPermission(groupEntity, targetUserId, Permission.valueOf(permissionParam));
+    @PutMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    public void setPermission(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String targetUserId, @RequestParam("permission") Permission permission) throws IOException {
+        GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
+        permissionsManager.createOrUpdatePermission(groupEntity, targetUserId, permission);
    }

    @DeleteMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE)

--- a/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
@@ -87,6 +87,11 @@ public class PermissionsManager extends UserAwareComponent {
        throw unauthorizedExceptionSupplier(group).get();
    }

+    public PermissionEntity createOrUpdatePermission(GroupEntity group, String userId, Permission permission) {
+        verifyUserCanManagePermissions(group);
+        return permissionsService.createOrUpdatePermission(group, userId, permission);
+    }
+
    public PermissionEntity updatePermission(GroupEntity group, String userId, Permission permission) {
        verifyUserCanManagePermissions(group);
        return permissionsService.updatePermission(group, userId, permission);

--- a/gms/src/main/java/it/inaf/ia2/gms/service/PermissionsService.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/service/PermissionsService.java
@@ -62,6 +62,17 @@ public class PermissionsService {
        return permissionEntity;
    }

+    public PermissionEntity createOrUpdatePermission(GroupEntity group, String userId, Permission permission) {
+
+        PermissionEntity permissionEntity = new PermissionEntity();
+        permissionEntity.setGroupId(group.getId());
+        permissionEntity.setUserId(userId);
+        permissionEntity.setPermission(permission);
+        permissionEntity.setGroupPath(group.getPath());
+
+        return permissionsDAO.createOrUpdatePermission(permissionEntity);
+    }
+
    public PermissionEntity updatePermission(GroupEntity group, String userId, Permission permission) {

        PermissionEntity permissionEntity = permissionsDAO.findPermissionEntity(group.getId(), userId)

--- a/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
+package it.inaf.ia2.gms.authn;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import javax.servlet.http.HttpServletRequest;
+import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+
+@RunWith(MockitoJUnitRunner.class)
+public class SessionDataTest {
+
+    @Mock
+    private HttpServletRequest request;
+
+    @InjectMocks
+    private SessionData sessionData;
+
+    @Test
+    public void testExpired() {
+
+        OAuth2AccessToken accessToken = mock(OAuth2AccessToken.class);
+        when(accessToken.getExpiresIn()).thenReturn(3600);
+
+        CustomAuthenticationData data = new CustomAuthenticationData("user",
+                new HashMap<>(), new ArrayList<>(), accessToken, "refresh_token");
+
+        OAuth2Authentication auth = mock(OAuth2Authentication.class);
+        when(auth.getUserAuthentication()).thenReturn(data);
+        when(request.getUserPrincipal()).thenReturn(auth);
+
+        sessionData.init();
+
+        assertTrue(sessionData.getExpiresIn() > 0);
+    }
+}