ccc488d3 · ccc488d3 · ccc488d3 · ccc488d3 · ccc488d3 · e80c791f
--- a/classes/model/BrowserBasedOAuth2Client.php
+++ b/classes/model/BrowserBasedOAuth2Client.php
 <?php
-/* ----------------------------------------------------------------------------
+/*
- *               INAF - National Institute for Astrophysics
+ * This file is part of rap
- *               IRA  - Radioastronomical Institute - Bologna
- *               OATS - Astronomical Observatory - Trieste
- * ----------------------------------------------------------------------------
- *
 * Copyright (C) 2019 Istituto Nazionale di Astrofisica
- *
+ * SPDX-License-Identifier: GPL-3.0-or-later
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License Version 3 as published by the
- * Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */
 namespace RAP;
@@ -35,7 +19,6 @@ class BrowserBasedOAuth2Client extends BrowserBasedClient {
    public $scope;
    public $homePage;
    public $showInHome;
-    public $jwks;
    public $scopeAudienceMap = [];
    public function __construct(object $config) {
@@ -48,7 +31,6 @@ class BrowserBasedOAuth2Client extends BrowserBasedClient {
        $this->homePage = isset($config->home) ? $config->home : null;
        $this->showInHome = isset($config->showInHome) ? $config->showInHome : false;
        $this->authMethods = $config->methods;
-        $this->jwks = isset($config->jwks) ? $config->jwks : null;
        $this->scopeAudienceMap = isset($config->scopeAudienceMap) ? $config->scopeAudienceMap : null;
    }

--- a/classes/model/CliOAuth2Client.php
+++ b/classes/model/CliOAuth2Client.php
 <?php
+/*
+ * This file is part of rap
+ * Copyright (C) 2021 Istituto Nazionale di Astrofisica
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
 namespace RAP;
 /**

--- a/classes/model/Identity.php
+++ b/classes/model/Identity.php
 <?php
-/* ----------------------------------------------------------------------------
+/*
- *               INAF - National Institute for Astrophysics
+ * This file is part of rap
- *               IRA  - Radioastronomical Institute - Bologna
- *               OATS - Astronomical Observatory - Trieste
- * ----------------------------------------------------------------------------
- *
 * Copyright (C) 2016 Istituto Nazionale di Astrofisica
- *
+ * SPDX-License-Identifier: GPL-3.0-or-later
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License Version 3 as published by the
- * Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */
 namespace RAP;

--- a/classes/model/InternalClient.php
+++ b/classes/model/InternalClient.php
 <?php
+/*
+ * This file is part of rap
+ * Copyright (C) 2021 Istituto Nazionale di Astrofisica
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
 namespace RAP;
 /**

--- a/classes/model/OAuth2RequestData.php
+++ b/classes/model/OAuth2RequestData.php
 <?php
+/*
+ * This file is part of rap
+ * Copyright (C) 2021 Istituto Nazionale di Astrofisica
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
 namespace RAP;
 /**

--- a/classes/model/PublicJWK.php
+++ b/classes/model/PublicJWK.php
-<?php
-namespace RAP;
-class PublicJWK {
-    public $kid;
-    public $key;
-    public $url;
-    public $updateTime;
-}
--- a/classes/model/RSAKeyPair.php
+++ b/classes/model/RSAKeyPair.php
 <?php
+/*
+ * This file is part of rap
+ * Copyright (C) 2021 Istituto Nazionale di Astrofisica
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
 namespace RAP;
 class RSAKeyPair {

--- a/classes/model/RefreshTokenData.php
+++ b/classes/model/RefreshTokenData.php
 <?php
+/*
+ * This file is part of rap
+ * Copyright (C) 2021 Istituto Nazionale di Astrofisica
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
 namespace RAP;
 class RefreshTokenData {

--- a/classes/model/SessionData.php
+++ b/classes/model/SessionData.php
 <?php
-/* ----------------------------------------------------------------------------
+/*
- *               INAF - National Institute for Astrophysics
+ * This file is part of rap
- *               IRA  - Radioastronomical Institute - Bologna
- *               OATS - Astronomical Observatory - Trieste
- * ----------------------------------------------------------------------------
- *
 * Copyright (C) 2016 Istituto Nazionale di Astrofisica
- *
+ * SPDX-License-Identifier: GPL-3.0-or-later
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License Version 3 as published by the
- * Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */
 namespace RAP;

--- a/classes/model/User.php
+++ b/classes/model/User.php
 <?php
-/* ----------------------------------------------------------------------------
+/*
- *               INAF - National Institute for Astrophysics
+ * This file is part of rap
- *               IRA  - Radioastronomical Institute - Bologna
- *               OATS - Astronomical Observatory - Trieste
- * ----------------------------------------------------------------------------
- *
 * Copyright (C) 2016 Istituto Nazionale di Astrofisica
- *
+ * SPDX-License-Identifier: GPL-3.0-or-later
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License Version 3 as published by the
- * Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */
 namespace RAP;

--- a/composer.json
+++ b/composer.json
@@ -6,12 +6,10 @@
        "mikecao/flight": "1.3.7",
        "google/apiclient": "2.1.3",
        "facebook/graph-sdk": "^5.5",
-        "monolog/monolog": "^1.22",
+        "monolog/monolog": "^1.22"
-        "phpmailer/phpmailer": "^6.0"
    },
    "require-dev": {
-        "phpunit/phpunit": "^8.2",
+        "phpunit/phpunit": "^8.2"
-        "phpmd/phpmd": "@stable"
    },
    "autoload": {
        "classmap": [

--- a/composer.lock
+++ b/composer.lock
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -31,7 +31,7 @@ authenticationMethods:
    callback: "/auth/social/linkedin/token"
  X509:
  LocalIdP:
-    url: "https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2-v2/auth/eduGAIN"
+    url: "https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2/auth/eduGAIN"
    logo: "img/ia2-logo-60x60.png"
    logoAlt: "IA2 logo"
    description: "Use the IA2 Logo to Login if you have an account provided by IA2 or self registered"
@@ -39,9 +39,11 @@ authenticationMethods:
    id: "XXXXXX"
    callback: "/auth/orcid"
    secret: "XXXXXX"
+  # enable simulated login page for testing
+  test: false
 gms:
  id: "gms"
-  joinEndpoint: "https://sso.ia2.inaf.it/gms/ws/jwt/join"
+  joinEndpoint: "https://sso.ia2.inaf.it/gms"
 tokenIssuer:
  services:
  - id: fileserver
@@ -59,7 +61,6 @@ clients:
    icon: 
    showInHome: true
    methods: [eduGAIN, Google, Facebook, LinkedIn, X.509, LocalIdP]
-    jwks:
  - label: "Asiago Astrophysical Observatory (localhost)"
    id: aao-dev
    secret: 2a97516c354b68848cdbd8f54a226a0a55b21ed138e207ad6c5cbb9c00aa5aea
@@ -69,7 +70,6 @@ clients:
    icon: asiago.gif
    showInHome: true
    methods: [eduGAIN, Google, Facebook, LinkedIn, X.509, LocalIdP]
-    jwks: http://localhost:8081/aao/jwks
 cliClients:
  - id: gms_cli
    secret: 2a97516c354b68848cdbd8f54a226a0a55b21ed138e207ad6c5cbb9c00aa5aea

--- a/css/style.css
+++ b/css/style.css
@@ -42,6 +42,7 @@ body {
 /* Box containing one or more authentication methods in the RAP main page. */
 .home-box {
    display: inline-block;
+    vertical-align: top;
    width: 240px;
    height: 165px;
    margin: 10px;

--- a/docker/Dockerfile
+++ b/docker/Dockerfile
+FROM git.ia2.inaf.it:5050/ia2/rap-ia2/composer
+FROM git.ia2.inaf.it:5050/ia2/rap-ia2/base
+# add RAP Apache configuration
+COPY docker/rap.conf /etc/apache2/conf-available/
+RUN a2enconf rap.conf
+# enable mod_rewrite and mod_headers (for Flight framework)
+RUN a2enmod rewrite
+RUN a2enmod headers
+ARG RAP_DIR=/var/www/html/rap-ia2/
+# create RAP directory
+RUN mkdir $RAP_DIR
+COPY --from=0 /rap-ia2 $RAP_DIR
+WORKDIR $RAP_DIR
+# create logs directory
+RUN mkdir -p logs
+RUN chown -R www-data $RAP_DIR
+# allow apache2 to stop gracefully
+STOPSIGNAL SIGWINCH
+EXPOSE 80
+CMD ["apachectl", "-D", "FOREGROUND"]
--- a/docker/base-Dockerfile
+++ b/docker/base-Dockerfile
+# Base Docker image for running RAP inside Apache server
+FROM debian:buster
+RUN apt-get update && \
+    apt-get install -yq --no-install-recommends \
+    apache2 \
+    libapache2-mod-php \
+    php-xml \
+    php-mbstring \
+    php-mysql \
+    php-curl \
+    php-yaml \
+    ca-certificates \
+    ssl-cert
--- a/docker/composer-Dockerfile
+++ b/docker/composer-Dockerfile
+# Docker image containing composer and RAP source code
+FROM debian:buster
+RUN apt-get update && \
+    apt-get install -yq --no-install-recommends \
+    php-zip php-yaml php-curl php-xml php-mysql \
+    composer git unzip
+COPY composer* /rap-ia2/
+WORKDIR /rap-ia2
+RUN composer install --no-dev --no-autoloader
+# copy RAP php files
+COPY auth /rap-ia2/auth
+COPY classes /rap-ia2/classes
+COPY css /rap-ia2/css
+COPY exec /rap-ia2/exec
+COPY img /rap-ia2/img
+COPY include /rap-ia2/include
+COPY js /rap-ia2/js
+COPY service-logos /rap-ia2/service-logos
+COPY views /rap-ia2/views
+COPY config-example.yaml index.php version.txt .htaccess /rap-ia2/
+RUN composer install --no-dev
+COPY tests /rap-ia2/tests
+ARG INCLUDE_TESTS=false
+RUN if [ "$INCLUDE_TESTS" = 'true' ]; then composer install; else rm -Rf /rap-ia2/tests; fi
--- a/docker/db-Dockerfile
+++ b/docker/db-Dockerfile
@@ -2,6 +2,8 @@ FROM mariadb:10.5
 ENV MYSQL_ALLOW_EMPTY_PASSWORD yes
 ENV MYSQL_DATABASE rap
+ENV MYSQL_USER rap
+ENV MYSQL_PASSWORD rap
 COPY sql/setup-database.sql /docker-entrypoint-initdb.d/01-setup-database.sql
 COPY sql/delete-user-procedure.sql /docker-entrypoint-initdb.d/02-delete-user-procedure.sql
--- a/docker/demo-config.yaml
+++ b/docker/demo-config.yaml
+---
+contextRoot: "/rap-ia2"
+serviceLogFile: "/var/www/html/rap-ia2/logs/rap-service.log"
+auditLogFile: "/var/www/html/rap-ia2/logs/rap-audit.log"
+timeZone: "Europe/Rome"
+logLevel: "DEBUG"
+jwtIssuer: "http://rap-ia2/rap-ia2"
+contactEmail: "ia2@inaf.it"
+contactLabel: "IA2 Team"
+databaseConfig:
+  dbtype: "MySQL"
+  hostname: "rap-db"
+  port: 3306
+  username: "rap"
+  password: "rap"
+  dbname: "rap"
+authenticationMethods:
+  test: true
+gms:
+  id: "gms"
+  joinEndpoint: "http://gms:8080/gms/join"
+tokenIssuer:
+  services:
+  - id: gms
+    label: GMS
+    aud: [gms, rap]
+    scope: read:gms write:gms read:rap
+  lifespans: [1, 6, 12, 24]
+clients:
+  - label: "GMS"
+    id: gms
+    secret: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
+    redirect: http://localhost:8081/gms/login
+    scope: "openid email read:rap"
+    home: http://localhost:8081/gms
+    icon: 
+    showInHome: true
+    methods: [eduGAIN, Google, Facebook, LinkedIn, X.509, LocalIdP]
+cliClients:
+  - id: rap_cli
+    secret: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
+    scope: "read:rap write:rap"
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
+---
+version: '3.0'
+services:
+  rap:
+    image: git.ia2.inaf.it:5050/ia2/rap-ia2
+    volumes:
+      - ./demo-config.yaml:/var/www/html/rap-ia2/config.yaml
+    ports:
+      - "8080:80"
+  rap-db:
+    image: git.ia2.inaf.it:5050/ia2/rap-ia2/database
+  gms:
+    build: ./gms
+    environment:
+      - server.port=8081
+      - spring.datasource.url=jdbc:postgresql://gms-db:5432/postgres
+      - spring.datasource.username=gms
+      - spring.datasource.password=
+      - AUTH_CONFIG_PATH=/etc/gms/auth.properties
+    volumes:
+      - ./gms/gms-auth.properties:/etc/gms/auth.properties
+    ports:
+      - "8081:8081"
+  gms-db:
+    image: git.ia2.inaf.it:5050/ia2/ia2-gms/database