diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 51acfcd80..9039536ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -87,7 +87,7 @@ jobs: run: node_modules/karma/bin/karma start karma.conf.js --single-run --browsers ChromeHeadless - name: Run BioCollect functional tests - run: ./src/main/scripts/runFunctionalTests.sh chromeHeadless /tmp/ecodata master + run: ./src/main/scripts/runFunctionalTests.sh chromeHeadless /tmp/ecodata dev env: GITHUB_ACTOR: ${{env.GITHUB_ACTOR}} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/build.gradle b/build.gradle index 9e8d294ff..ec927a789 100644 --- a/build.gradle +++ b/build.gradle @@ -154,14 +154,16 @@ dependencies { if (!Boolean.valueOf(inplace)) { implementation "org.grails.plugins:ala-map-plugin:3.0.1" - implementation "org.grails.plugins:ecodata-client-plugin:6.3-SNAPSHOT" + implementation "org.grails.plugins:ecodata-client-plugin:7.0-SNAPSHOT" } testCompileOnly "org.grails:grails-test-mixins:3.3.0" testImplementation "org.grails:grails-gorm-testing-support" testImplementation "org.mockito:mockito-core" testImplementation "org.grails:grails-web-testing-support" - testImplementation "org.grails.plugins:geb" + testImplementation ("org.grails.plugins:geb") { + exclude module: "grails-core" + } testImplementation "com.github.tomakehurst:wiremock-jre8-standalone:2.28.0" testImplementation "org.seleniumhq.selenium:selenium-remote-driver:$seleniumVersion" testImplementation "org.seleniumhq.selenium:selenium-api:$seleniumVersion" diff --git a/gradle.properties b/gradle.properties index 8c91f2380..7a15b91b8 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,11 +1,11 @@ biocollectVersion=6.9-SNAPSHOT -grailsVersion=5.1.9 -grailsGradlePluginVersion=5.1.5 -assetPipelineVersion=3.3.4 +grailsVersion=6.2.0 +grailsGradlePluginVersion=6.1.2 +assetPipelineVersion=4.3.0 alaSecurityLibsVersion=6.2.0 -seleniumVersion=4.9.0 -groovyVersion=3.0.7 -gorm.version=7.2.1 +seleniumVersion=3.12.0 +groovyVersion=3.0.21 +gorm.version=8.1.2 org.gradle.jvmargs=-Dfile.encoding=UTF-8 -Xmx2048M org.gradle.daemon=true org.gradle.parallel=true diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index e708b1c02..afba10928 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index ffed3a254..c7d437bbb 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.4-bin.zip +networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 4f906e0c8..65dcd68d6 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ -#!/usr/bin/env sh +#!/bin/sh # -# Copyright 2015 the original author or authors. +# Copyright © 2015-2021 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,67 +17,101 @@ # ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null -APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar @@ -87,9 +121,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -98,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" + JAVACMD=java which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the @@ -106,80 +140,105 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac fi -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. # For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) fi - i=`expr $i + 1` + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg done - case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=`save "$@"` +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat index ac1b06f93..6689b85be 100755 --- a/gradlew.bat +++ b/gradlew.bat @@ -14,7 +14,7 @@ @rem limitations under the License. @rem -@if "%DEBUG%" == "" @echo off +@if "%DEBUG%"=="" @echo off @rem ########################################################################## @rem @rem Gradle startup script for Windows @@ -25,7 +25,8 @@ if "%OS%"=="Windows_NT" setlocal set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% @@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto execute +if %ERRORLEVEL% equ 0 goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar :end @rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd +if %ERRORLEVEL% equ 0 goto mainEnd :fail rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% :mainEnd if "%OS%"=="Windows_NT" endlocal diff --git a/grails-app/conf/application.groovy b/grails-app/conf/application.groovy index 401ad2b13..e15d52101 100644 --- a/grails-app/conf/application.groovy +++ b/grails-app/conf/application.groovy @@ -15,6 +15,9 @@ collectory.service.url= "https://collections.ala.org.au" ecodata.baseURL= "https://ecodata.ala.org.au/" +if(!app.domain.whiteList) { + app.domain.whiteList = "ala.org.au,localhost" +} google { maps.base= "https://maps.googleapis.com/maps/api/js?key=" @@ -50,6 +53,13 @@ environments { grails.config.locations = [] security.oidc.discoveryUri = "http://localhost:${wiremock.port}/cas/oidc/.well-known" security.oidc.allowUnsignedIdTokens = true + security.oidc.clientId="oidcId" + security.oidc.secret="oidcSecret" + webservice['client-id']="jwtId" + webservice['client-secret'] = "jwtSecret" + tokenURI = "http://localhost:${wiremock.port}/cas/oidc/oidcAccessToken" + jwkURI = "http://localhost:${wiremock.port}/cas/oidc/jwks" + issuerURI = "http://localhost:${wiremock.port}/cas/oidc" def casBaseUrl = "http://localhost:${wiremock.port}" ehcache.directory = './ehcache' security.cas.appServerName=serverName @@ -71,7 +81,6 @@ environments { ecodata.baseURL = 'http://localhost:8080' ecodata.service.url = 'http://localhost:8080/ws' pdfgen.baseURL = "http://localhost:${wiremock.port}/" - api_key='testapikey' grails.cache.config = { diskStore { path '/tmp' @@ -124,12 +133,17 @@ security.oidc.enabled= true security.oidc.discoveryUri= "${auth.baseURL}/cas/oidc/.well-known" security.oidc.clientId= "changeMe" security.oidc.secret= "changeMe" -security.oidc.scope= "openid,profile,email,ala,roles" +security.oidc.scope= "openid profile email roles user_defined ala" security.oidc.allowUnsignedIdTokens= true security.jwt.enabled= true security.jwt.discoveryUri= "${auth.baseURL}/cas/oidc/.well-known" -security.jwt.fallbackToLegacyBehaviour= true +// security.jwt.fallbackToLegacyBehaviour= true + +webservice.jwt = true +webservice['jwt-scopes'] = "ala/internal users/read ala/attrs ecodata/read ecodata/write" +webservice['client-id']='changeMe' +webservice['client-secret'] = 'changeMe' dataAccessMethods = [ "oasrdfs", diff --git a/grails-app/controllers/au/org/ala/biocollect/DocumentController.groovy b/grails-app/controllers/au/org/ala/biocollect/DocumentController.groovy index 8e233c5d5..ac700dddf 100644 --- a/grails-app/controllers/au/org/ala/biocollect/DocumentController.groovy +++ b/grails-app/controllers/au/org/ala/biocollect/DocumentController.groovy @@ -56,7 +56,7 @@ class DocumentController { if (documentService.canView(document)) { String url = buildDownloadUrl(path, filename) - webService.proxyGetRequest(response, url, false, true) + webService.proxyGetRequest(response, url, false) return null } } diff --git a/grails-app/controllers/au/org/ala/biocollect/DownloadController.groovy b/grails-app/controllers/au/org/ala/biocollect/DownloadController.groovy index 328c9df10..1ed67965b 100644 --- a/grails-app/controllers/au/org/ala/biocollect/DownloadController.groovy +++ b/grails-app/controllers/au/org/ala/biocollect/DownloadController.groovy @@ -19,14 +19,14 @@ class DownloadController { render "A download ID is required" } else { String fileExtension = params.fileExtension ?: 'zip' - webService.proxyGetRequest(response, "${grailsApplication.config.ecodata.service.url}/search/downloadProjectDataFile/${params.id}?fileExtension=${fileExtension}", true, true) + webService.proxyGetRequest(response, "${grailsApplication.config.ecodata.service.url}/search/downloadProjectDataFile/${params.id}?fileExtension=${fileExtension}") return null } } def file() { if (params.id) { - webService.proxyGetRequest(response, "${grailsApplication.config.ecodata.service.url}/document/${params.id}/file", true, true) + webService.proxyGetRequest(response, "${grailsApplication.config.ecodata.service.url}/document/${params.id}/file") return null } else if (params.filename) { String path = grailsApplication.config.upload.images.path diff --git a/grails-app/controllers/au/org/ala/biocollect/merit/ProjectController.groovy b/grails-app/controllers/au/org/ala/biocollect/merit/ProjectController.groovy index fe2a2f406..729878029 100644 --- a/grails-app/controllers/au/org/ala/biocollect/merit/ProjectController.groovy +++ b/grails-app/controllers/au/org/ala/biocollect/merit/ProjectController.groovy @@ -1447,7 +1447,7 @@ class ProjectController { def downloadShapefile(String id) { def url = grailsApplication.config.ecodata.baseURL + "/ws/project/${id}.shp" - def resp = webService.proxyGetRequest(response, url, true, true,960000) + def resp = webService.proxyGetRequest(response, url, true, 960000) if (resp.status != 200) { render view:'/error', model:[error:resp.error] } diff --git a/grails-app/services/au/org/ala/biocollect/BulkImportService.groovy b/grails-app/services/au/org/ala/biocollect/BulkImportService.groovy index 322b4bc5e..26152eb5e 100644 --- a/grails-app/services/au/org/ala/biocollect/BulkImportService.groovy +++ b/grails-app/services/au/org/ala/biocollect/BulkImportService.groovy @@ -15,7 +15,7 @@ class BulkImportService { Map get(String id) { String url = grailsApplication.config.getProperty('ecodata.service.url') + "/bulkImport/" + id - webService.getJson(url, null, true) + webService.getJson(url, null) } Map create (Map props) { diff --git a/grails-app/services/au/org/ala/biocollect/PdfGenerationService.groovy b/grails-app/services/au/org/ala/biocollect/PdfGenerationService.groovy index e07fa12f4..75d3c223f 100644 --- a/grails-app/services/au/org/ala/biocollect/PdfGenerationService.groovy +++ b/grails-app/services/au/org/ala/biocollect/PdfGenerationService.groovy @@ -59,7 +59,7 @@ class PdfGenerationService { String url = grailsApplication.config.pdfgen.baseURL + PDFGEN_PATH + commonService.buildUrlParamsFromMap(pdfGenParams) Map result try { - result = webService.proxyGetRequest(response, url, false, false, TIMEOUT) + result = webService.proxyGetRequest(response, url, false, TIMEOUT) } catch (Exception e) { result = [error: e.message] diff --git a/grails-app/services/au/org/ala/biocollect/RecordService.groovy b/grails-app/services/au/org/ala/biocollect/RecordService.groovy index 4ada5d990..11daf544e 100644 --- a/grails-app/services/au/org/ala/biocollect/RecordService.groovy +++ b/grails-app/services/au/org/ala/biocollect/RecordService.groovy @@ -15,11 +15,11 @@ class RecordService { } def listActivityRecords(id){ - webService.getJson(grailsApplication.config.ecodata.service.url + '/record/listForActivity/' + id, null, true) + webService.getJson(grailsApplication.config.ecodata.service.url + '/record/listForActivity/' + id, null) } def listProjectActivityAndUserRecords(String projectActivityId, String userId) { - webService.getJson(grailsApplication.config.ecodata.service.url + "/record/listForProjectActivityAndUser/$projectActivityId?userId=$userId", null, true) + webService.getJson(grailsApplication.config.ecodata.service.url + "/record/listForProjectActivityAndUser/$projectActivityId?userId=$userId", null) } def get(id) { diff --git a/grails-app/services/au/org/ala/biocollect/merit/ActivityService.groovy b/grails-app/services/au/org/ala/biocollect/merit/ActivityService.groovy index 346698c35..336769fc2 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/ActivityService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/ActivityService.groovy @@ -438,7 +438,7 @@ class ActivityService { } def convertExcelToOutputData(String id, String type, def file){ - def result = webService.postMultipart(grailsApplication.config.ecodata.service.url + "/metadata/extractOutputDataFromActivityExcelTemplate", [pActivityId: id, type: type], file, 'data', false, true) + def result = webService.postMultipart(grailsApplication.config.ecodata.service.url + "/metadata/extractOutputDataFromActivityExcelTemplate", [pActivityId: id, type: type], file, 'data', true) if (result.error) { return result.details } diff --git a/grails-app/services/au/org/ala/biocollect/merit/AdminService.groovy b/grails-app/services/au/org/ala/biocollect/merit/AdminService.groovy index 76f538197..df789227b 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/AdminService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/AdminService.groovy @@ -21,7 +21,7 @@ class AdminService { * Triggers a full site re-index. */ def reIndexAll() { - webService.getJson(grailsApplication.config.ecodata.service.url + '/admin/reIndexAll', 50000, true) + webService.getJson(grailsApplication.config.ecodata.service.url + '/admin/reIndexAll', 50000) } static outputDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'hh:mm:ssZ") @@ -195,8 +195,6 @@ class AdminService { def syncCollectoryOrgs() { def url = "${grailsApplication.config.ecodata.service.url}admin/syncCollectoryOrgs" - webService.doPost(url, [ - api_key: grailsApplication.config.api_key - ]) + webService.doPost(url, [:]) } } diff --git a/grails-app/services/au/org/ala/biocollect/merit/MetadataService.groovy b/grails-app/services/au/org/ala/biocollect/merit/MetadataService.groovy index fd1658795..2b5300f88 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/MetadataService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/MetadataService.groovy @@ -248,14 +248,14 @@ class MetadataService { def facetConfig = webService.getJson(grailsApplication.config.ecodata.service.url + "/metadata/getGeographicFacetConfig") facetConfig.grouped.each { k, v -> v.each { name, fid -> - def objects = webService.getJson(grailsApplication.config.spatial.baseURL + '/ws/objects/'+fid, null, false, true, true) + def objects = webService.getJson(grailsApplication.config.spatial.baseURL + '/ws/objects/'+fid) results[k] << [(objects[0].fieldname):objects[0]] // Using the fieldname instead of the name for grouped facets is a temp workaround for the GER. } } facetConfig.contextual.each { name, fid -> - def objects = webService.getJson(grailsApplication.config.spatial.baseURL + '/ws/objects/'+fid, null, false, true, true) + def objects = webService.getJson(grailsApplication.config.spatial.baseURL + '/ws/objects/'+fid) objects.each { results[name] << [(it.name):it] } diff --git a/grails-app/services/au/org/ala/biocollect/merit/ProjectService.groovy b/grails-app/services/au/org/ala/biocollect/merit/ProjectService.groovy index 81422ff75..93311545f 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/ProjectService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/ProjectService.groovy @@ -359,7 +359,7 @@ class ProjectService { def getMembersForProjectPerPage(projectId, pageStart, pageSize) { def url = grailsApplication.config.ecodata.service.url + "/permissions/getMembersForProjectPerPage?projectId=${projectId}&offset=${pageStart}&max=${pageSize}" - webService.getJson(url, null, true) + webService.getJson(url) } /** diff --git a/grails-app/services/au/org/ala/biocollect/merit/SearchService.groovy b/grails-app/services/au/org/ala/biocollect/merit/SearchService.groovy index 113a91f13..5b93cc8e7 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/SearchService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/SearchService.groovy @@ -84,14 +84,14 @@ class SearchService { } def downloadProjectData(HttpServletResponse response, Map params) { - webService.proxyGetRequest(response, "${grailsApplication.config.ecodata.service.url}/search/downloadAllData${commonService.buildUrlParamsFromMap(params)}", true, true) + webService.proxyGetRequest(response, "${grailsApplication.config.ecodata.service.url}/search/downloadAllData${commonService.buildUrlParamsFromMap(params)}") } Map searchProjectActivity(GrailsParameterMap params, String q = null){ // String url = grailsApplication.config.ecodata.service.url + '/search/elasticProjectActivity' + commonService.buildUrlParamsFromMap(params) String url = "${elasticSearchBaseUrl}/elasticProjectActivity" + commonService.buildUrlParamsFromMap(params) log.debug "url = $url" - webService.getJson(url, null, true) + webService.getJson(url) } /** @@ -180,14 +180,8 @@ class SearchService { def url = "${elasticSearchBaseUrl}/elasticHome" + commonService.buildUrlParamsFromMap(params) log.debug "url = $url" - def jsonstring = webService.get(url) - try { - def jsonObj = new JsonSlurper().parseText(jsonstring) - jsonObj - } catch(Exception e){ - log.error(e.getMessage(), e) - [error:'Problem retrieving home page facets from: ' + url] - } + + webService.getJson(url) } def getProjectsForIds(params) { diff --git a/grails-app/services/au/org/ala/biocollect/merit/SettingService.groovy b/grails-app/services/au/org/ala/biocollect/merit/SettingService.groovy index 1612eb9c9..a1744f7f3 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/SettingService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/SettingService.groovy @@ -229,7 +229,7 @@ class SettingService { cacheService.get(hubCacheKey(urlPath), { String url = grailsApplication.config.ecodata.service.url + '/hub/findByUrlPath/' + urlPath - Map json = webService.getJson(url, null, true) + Map json = webService.getJson(url) json.hubId ? new HubSettings(new HashMap(json)) : null }) } @@ -245,7 +245,7 @@ class SettingService { List listHubs() { cacheService.get(HUB_LIST_CACHE_KEY, { String url = grailsApplication.config.ecodata.service.url+'/hub/' - Map resp = webService.getJson(url, null, true, false) + Map resp = webService.getJson(url, null, false) resp.list ?: [] }) } diff --git a/grails-app/services/au/org/ala/biocollect/merit/SiteService.groovy b/grails-app/services/au/org/ala/biocollect/merit/SiteService.groovy index 22d910af6..04a1df7ec 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/SiteService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/SiteService.groovy @@ -160,9 +160,9 @@ class SiteService { /** uploads a shapefile to the spatial portal */ def uploadShapefile(shapefile) { def userId = userService.getUser().userId - def url = "${grailsApplication.config.spatial.layersUrl}/shape/upload/shp?user_id=${userId}&api_key=${grailsApplication.config.api_key}" + def url = "${grailsApplication.config.spatial.layersUrl}/shape/upload/shp?user_id=${userId}" - return webService.postMultipart(url, [:], shapefile, 'files', true) + return webService.postMultipart(url, [:], shapefile, 'files') } /** @@ -179,11 +179,11 @@ class SiteService { def baseUrl = "${grailsApplication.config.spatial.layersUrl}/shape/upload/shp" def userId = userService.getUser().userId - def site = [name:name, description: description, user_id:userId, api_key:grailsApplication.config.api_key] + def site = [name:name, description: description, user_id:userId] def url = "${baseUrl}/${shapeFileId}/${siteId}" - def result = webService.doPost(url, site, true) + def result = webService.doPost(url, site) String error if (!result?.resp?.id) { @@ -243,9 +243,9 @@ class SiteService { def description = placemark.getAttribute('description') Geometry geom = placemark.getDefaultGeometry() - def site = [name:name, description: description, user_id:userId, api_key:grailsApplication.config.api_key, wkt:geom.toText()] + def site = [name:name, description: description, user_id:userId, wkt:geom.toText()] - def result = webService.doPost(url, site, true) + def result = webService.doPost(url, site) if (!result.error) { def id = result.resp.id if (!result.resp.error) { diff --git a/grails-app/services/au/org/ala/biocollect/merit/WebService.groovy b/grails-app/services/au/org/ala/biocollect/merit/WebService.groovy index 0f92970f1..09ac97f59 100644 --- a/grails-app/services/au/org/ala/biocollect/merit/WebService.groovy +++ b/grails-app/services/au/org/ala/biocollect/merit/WebService.groovy @@ -23,9 +23,12 @@ import org.apache.http.entity.mime.content.InputStreamBody import org.apache.http.entity.mime.content.StringBody import org.grails.web.converters.exceptions.ConverterException import grails.web.http.HttpHeaders +import org.springframework.core.env.Environment import org.springframework.http.MediaType import org.springframework.web.multipart.MultipartFile import au.org.ala.ws.tokens.TokenService + +import javax.annotation.PostConstruct import javax.servlet.http.Cookie import javax.servlet.http.HttpServletResponse import java.nio.charset.StandardCharsets @@ -37,6 +40,8 @@ import static org.apache.http.HttpHeaders.* */ class WebService { private static APPLICATION_JSON = 'application/json' + List WHITE_LISTED_DOMAINS = [] + // Used to avoid a circular dependency during initialisation def getUserService() { return grailsApplication.mainContext.userService @@ -45,6 +50,12 @@ class WebService { def grailsApplication TokenService tokenService + @PostConstruct + void init() { + String whiteListed = grailsApplication.config.getProperty('app.domain.whiteList', "") + WHITE_LISTED_DOMAINS = Arrays.asList(whiteListed.split(',')) + } + def get(String url, boolean includeUserId) { def conn = null try { @@ -67,19 +78,40 @@ class WebService { grailsApplication.config.webservice.readTimeout as int } + private boolean isDomainWhitelisted(URL url) { + def host = url.getHost() + for (int domIndex = 0; domIndex < WHITE_LISTED_DOMAINS.size(); domIndex++) { + if (host.endsWith(WHITE_LISTED_DOMAINS[domIndex])) { + return true + } + } + + return false + } + + private void addAuthForAllowedDomains(URLConnection conn) { + if (isDomainWhitelisted(conn.getURL())) { + conn.setRequestProperty("Authorization", getAuthHeader()) + } + } + private URLConnection configureConnection(String url, boolean includeUserId, Integer timeout = null) { - URLConnection conn = new URL(url).openConnection() + URLConnection conn = (new URL(url)).openConnection() def readTimeout = timeout?:defaultTimeout() conn.setConnectTimeout(grailsApplication.config.getProperty("webservice.connectTimeout", Integer)) conn.setReadTimeout(readTimeout) + addHubUrlPath(conn) + addAuthForAllowedDomains(conn) + if (includeUserId) { def user = getUserService().getUser() if (user) { conn.setRequestProperty(grailsApplication.config.getProperty("app.http.header.userId", String), user.userId) } } + conn } @@ -105,17 +137,13 @@ class WebService { * Proxies a request URL but doesn't assume the response is text based. (Used for proxying requests to * ecodata for excel-based reports) */ - def proxyGetRequest(HttpServletResponse response, String url, boolean includeUserId = true, boolean includeApiKey = false, Integer timeout = null) { + def proxyGetRequest(HttpServletResponse response, String url, boolean includeUserId = true, Integer timeout = null) { HttpURLConnection conn = configureConnection(url, includeUserId) def readTimeout = timeout?:defaultTimeout() conn.setConnectTimeout(grailsApplication.config.webservice.connectTimeout as int) conn.setReadTimeout(readTimeout) - if (includeApiKey) { - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) - } - def headers = [HttpHeaders.CONTENT_DISPOSITION, HttpHeaders.CACHE_CONTROL, HttpHeaders.EXPIRES, HttpHeaders.LAST_MODIFIED, HttpHeaders.ETAG] def resp = [status:conn.responseCode] if (conn.responseCode == 200) { @@ -140,7 +168,7 @@ class WebService { * Proxies a request URL with post data but doesn't assume the response is text based. (Used for proxying requests to * ecodata for excel-based reports) */ - def proxyPostRequest(HttpServletResponse response, String url, Map postBody, boolean includeUserId = true, boolean includeApiKey = false, Integer timeout = null) { + def proxyPostRequest(HttpServletResponse response, String url, Map postBody, boolean includeUserId = true, Integer timeout = null) { def charEncoding = 'utf-8' @@ -153,10 +181,6 @@ class WebService { conn.setReadTimeout(readTimeout) conn.setDoOutput ( true ); - if (includeApiKey) { - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) - } - OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream(), charEncoding) wr.write((postBody as JSON).toString()) wr.flush() @@ -187,17 +211,10 @@ class WebService { tokenService.getAuthToken(false).toAuthorizationHeader() } - def getJson(String url, Integer timeout = null, boolean includeApiKey = false, boolean includeUserId = true, boolean useToken = false) { + def getJson(String url, Integer timeout = null, boolean includeUserId = true) { def conn = null try { conn = configureConnection(url, includeUserId, timeout) - if (includeApiKey) { - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) - } - - if (useToken) { - conn.setRequestProperty("Authorization", getAuthHeader()) - } conn.setRequestProperty(ACCEPT, MediaType.APPLICATION_JSON_VALUE) def json = responseText(conn) @@ -256,8 +273,9 @@ class WebService { conn = new URL(url+query).openConnection() conn.setRequestMethod("POST") conn.setDoOutput(true) - conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) + conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded") + + addAuthForAllowedDomains(conn) addHubUrlPath(conn) def user = getUserService().getUser() @@ -286,7 +304,7 @@ class WebService { } } - def doPost(String url, Map postBody, boolean useToken = false) { + def doPost(String url, Map postBody) { def conn = null def charEncoding = 'utf-8' try { @@ -294,12 +312,7 @@ class WebService { conn.setDoOutput(true) conn.setRequestProperty("Content-Type", "application/json;charset=${charEncoding}") - if (useToken) { - conn.setRequestProperty("Authorization", getAuthHeader()) - } else { - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) - } - + addAuthForAllowedDomains(conn) addHubUrlPath(conn) def user = getUserService().getUser() @@ -333,8 +346,9 @@ class WebService { conn = new URL(url).openConnection() conn.setRequestMethod("PUT") conn.setDoOutput(true) - conn.setRequestProperty("Content-Type", "application/json;charset=${charEncoding}"); - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) + conn.setRequestProperty("Content-Type", "application/json;charset=${charEncoding}") + + addAuthForAllowedDomains(conn) addHubUrlPath(conn) def user = getUserService().getUser() @@ -380,7 +394,8 @@ class WebService { conn.setDoOutput(true) conn.setRequestMethod("GET") conn.setRequestProperty("Content-Type", "${APPLICATION_JSON};charset=${StandardCharsets.UTF_8.toString()}"); - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) + + addAuthForAllowedDomains(conn) addHubUrlPath(conn) def user = getUserService().getUser() @@ -404,12 +419,12 @@ class WebService { } def doDelete(String url) { - url += (url.indexOf('?') == -1 ? '?' : '&') + "api_key=${grailsApplication.config.api_key}" def conn = null try { conn = new URL(url).openConnection() conn.setRequestMethod("DELETE") - conn.setRequestProperty("Authorization", grailsApplication.config.getProperty("api_key")) + + addAuthForAllowedDomains(conn) addHubUrlPath(conn) def user = getUserService().getUser() @@ -446,9 +461,9 @@ class WebService { * @param includeFailureDetails if true, the return value will include response body. If content type is JSON, an object will be returned in `details` property. * @return [status:, content: */ - def postMultipart(url, Map params, MultipartFile file, fileParam = 'files', boolean useToken = false, boolean includeFailureDetails = false) { + def postMultipart(url, Map params, MultipartFile file, fileParam = 'files', boolean includeFailureDetails = false) { - postMultipart(url, params, file.inputStream, file.contentType, file.originalFilename, fileParam, useToken, includeFailureDetails) + postMultipart(url, params, file.inputStream, file.contentType, file.originalFilename, fileParam, includeFailureDetails) } /** @@ -461,12 +476,13 @@ class WebService { * @param fileParamName the name of the HTTP parameter that will be used for the post. * @return [status:, content: */ - def postMultipart(url, Map params, InputStream contentIn, contentType, originalFilename, fileParamName = 'files', boolean useToken = false, boolean includeFailureDetails = false) { + def postMultipart(url, Map params, InputStream contentIn, contentType, originalFilename, fileParamName = 'files', boolean includeFailureDetails = false) { def result = [:] def user = userService.getUser() HTTPBuilder builder = new HTTPBuilder(url) + builder.request(Method.POST) { request -> requestContentType : 'multipart/form-data' MultipartEntity content = new MultipartEntity(HttpMultipartMode.BROWSER_COMPATIBLE) @@ -477,13 +493,13 @@ class WebService { } } - addHubUrlPath(headers) - if (useToken) { + if (isDomainWhitelisted(new URL(url))) { headers."Authorization" = getAuthHeader() - } else { - headers."Authorization" = grailsApplication.config.getProperty("api_key") } + addHubUrlPath(headers) + + if (user) { headers[grailsApplication.config.app.http.header.userId] = user.userId } diff --git a/package-lock.json b/package-lock.json index 82a29b9f7..ef5fdb5bb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "6.0", "devDependencies": { "@metahub/karma-jasmine-jquery": "^2.0.1", - "chromedriver": "^125.0.3", + "chromedriver": "^126.0.4", "jasmine-core": "^3.5.0", "jasmine-jquery": "^2.0.0", "jquery": "^3.4.1", @@ -689,11 +689,12 @@ } }, "node_modules/chromedriver": { - "version": "125.0.3", - "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-125.0.3.tgz", - "integrity": "sha512-Qzuk5Wian2o3EVGjtbz6V/jv+pT/AV9246HbG6kUljZXXjsKZLZxqJC+kHR3qEh/wdv4EJD0YwAOWV72v9hogw==", + "version": "126.0.5", + "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-126.0.5.tgz", + "integrity": "sha512-xXVxwxd8CJ6yg2KEvFqLQi7V0RvF78xFnLB+xo9g9MoJNHMQccD7b4OWaxtKDy5RXrMgQ6Jb6vUN3SjTYXHLEQ==", "dev": true, "hasInstallScript": true, + "license": "Apache-2.0", "dependencies": { "@testim/chrome-version": "^1.1.4", "axios": "^1.6.7", @@ -4299,9 +4300,9 @@ } }, "chromedriver": { - "version": "125.0.3", - "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-125.0.3.tgz", - "integrity": "sha512-Qzuk5Wian2o3EVGjtbz6V/jv+pT/AV9246HbG6kUljZXXjsKZLZxqJC+kHR3qEh/wdv4EJD0YwAOWV72v9hogw==", + "version": "126.0.5", + "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-126.0.5.tgz", + "integrity": "sha512-xXVxwxd8CJ6yg2KEvFqLQi7V0RvF78xFnLB+xo9g9MoJNHMQccD7b4OWaxtKDy5RXrMgQ6Jb6vUN3SjTYXHLEQ==", "dev": true, "requires": { "@testim/chrome-version": "^1.1.4", diff --git a/package.json b/package.json index 6031eed9c..088225664 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ }, "devDependencies": { "@metahub/karma-jasmine-jquery": "^2.0.1", - "chromedriver": "^125.0.3", + "chromedriver": "^126.0.4", "jasmine-core": "^3.5.0", "jasmine-jquery": "^2.0.0", "jquery": "^3.4.1", diff --git a/src/integration-test/groovy/au/org/ala/biocollect/StubbedCasSpec.groovy b/src/integration-test/groovy/au/org/ala/biocollect/StubbedCasSpec.groovy index caca97341..a53d686f4 100644 --- a/src/integration-test/groovy/au/org/ala/biocollect/StubbedCasSpec.groovy +++ b/src/integration-test/groovy/au/org/ala/biocollect/StubbedCasSpec.groovy @@ -72,6 +72,7 @@ class StubbedCasSpec extends BiocollectFunctionalTest { // Configure the client configureFor("localhost", testConfig.wiremock.port) + setupTokenForSystem() } private void startWireMock() { @@ -213,8 +214,13 @@ class StubbedCasSpec extends BiocollectFunctionalTest { */ String setupOidcAuthForUser(Map userDetails) { // The test config isn't a normal grails config object (probably need to to into why) so getProperty doesn't work. - String clientId = getTestConfig().security.oidc.clientId + Map testConfig = getTestConfig() + String clientId = testConfig.security.oidc.clientId + String clientSecret = testConfig.security.oidc.secret + String base64EncodedAuth = "Basic " + "${clientId}:${clientSecret}".bytes.encodeBase64().toString() + List roles = ["ROLE_USER"] + if (userDetails.role) { roles << userDetails.role } @@ -232,6 +238,7 @@ class StubbedCasSpec extends BiocollectFunctionalTest { client_id:clientId, sid:"test_sid", aud:clientId, + audience:clientId, name:userDetails.firstName+" "+userDetails.lastName, state:"maybe_this_matters", auth_time:-1, @@ -240,7 +247,7 @@ class StubbedCasSpec extends BiocollectFunctionalTest { iat:com.nimbusds.jwt.util.DateUtils.toSecondsSinceEpoch(new Date()), jti:"id", email:userDetails.email, - scope : "openid profile ala roles email" + scope : testConfig.security.oidc.scope ] String idToken = new JwtGenerator(new RSASignatureConfiguration(pair)).generate(idTokenClaims) Map token = [:] @@ -252,6 +259,7 @@ class StubbedCasSpec extends BiocollectFunctionalTest { token.scope = "openid profile ala roles email" stubFor(post(urlPathEqualTo("/cas/oidc/oidcAccessToken")) + .withHeader("Authorization", equalTo(base64EncodedAuth)) .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") @@ -278,6 +286,54 @@ class StubbedCasSpec extends BiocollectFunctionalTest { idToken } + /** + * Sets up stubs with wiremock to authenticate the system. Used to authenticate calls from feildcapture to ecodata. + * @return an idToken for the system. + */ + String setupTokenForSystem() { + // The test config isn't a normal grails config object (probably need to to into why) so getProperty doesn't work. + Map testConfig = getTestConfig() + String clientId = testConfig.webservice["client-id"] + String clientSecret = testConfig.webservice["client-secret"] + String base64EncodedAuth = "Basic " + "${clientId}:${clientSecret}".bytes.encodeBase64().toString() + + Map idTokenClaims = [ + at_hash : "KX-L2Fj6Z9ow-gOpYfehRA", + sub : clientId, + amr : "DelegatedClientAuthenticationHandler", + iss : "http://localhost:8018/cas/oidc", + client_id : clientId, + aud : clientId, + audience : clientId, + state : "maybe_this_matters", + auth_time : -1, + nbf : com.nimbusds.jwt.util.DateUtils.toSecondsSinceEpoch(new Date().minus(365)), + exp : com.nimbusds.jwt.util.DateUtils.toSecondsSinceEpoch(new Date().plus(365)), + iat : com.nimbusds.jwt.util.DateUtils.toSecondsSinceEpoch(new Date()), + jti : "id-system", + scope : testConfig.webservice["jwt-scopes"] + ] + + String idToken = new JwtGenerator(new RSASignatureConfiguration(pair)).generate(idTokenClaims) + Map token = [:] + token.access_token = idToken + token.id_token = idToken + token.refresh_token = null + token.token_type = "bearer" + token.expires_in = 86400 + token.scope = testConfig.webservice["jwt-scopes"] + + stubFor(post(urlPathEqualTo("/cas/oidc/oidcAccessToken")) + .withHeader("Authorization", equalTo(base64EncodedAuth)) + .willReturn(aResponse() + .withStatus(200) + .withHeader("Content-Type", "application/json") + .withBody((token as JSON).toString()) + .withTransformers("response-template"))) + + idToken + } + /** Creates a wiremock configuration to stub a user login request and return the supplied user and role information */ def casLogin(Map userDetails, Browser browser) { diff --git a/src/main/groovy/au/org/ala/biocollect/merit/SettingPageType.groovy b/src/main/groovy/au/org/ala/biocollect/merit/SettingPageType.groovy index 273f9b485..31df9b317 100644 --- a/src/main/groovy/au/org/ala/biocollect/merit/SettingPageType.groovy +++ b/src/main/groovy/au/org/ala/biocollect/merit/SettingPageType.groovy @@ -67,7 +67,7 @@ enum SettingPageType { String title String key - public SettingPageType(name, title, key) { + private SettingPageType(name, title, key) { this.name = name this.title = title this.key = key diff --git a/src/test/groovy/au/org/ala/biocollect/DocumentControllerSpec.groovy b/src/test/groovy/au/org/ala/biocollect/DocumentControllerSpec.groovy index 33f08dd7a..544b9ac38 100644 --- a/src/test/groovy/au/org/ala/biocollect/DocumentControllerSpec.groovy +++ b/src/test/groovy/au/org/ala/biocollect/DocumentControllerSpec.groovy @@ -28,7 +28,7 @@ class DocumentControllerSpec extends Specification implements ControllerUnitTest then: 1 * documentService.search([filepath:"path", filename:"file.txt"]) >> [count: 1, documents:[document]] 1 * documentService.canView(document) >> true - 1 * webService.proxyGetRequest(response, {it.endsWith('document/download/path/file.txt')}, false, true) + 1 * webService.proxyGetRequest(response, {it.endsWith('document/download/path/file.txt')}, false) resp == null } @@ -43,7 +43,7 @@ class DocumentControllerSpec extends Specification implements ControllerUnitTest then: 1 * documentService.search([filepath:"path", filename:"file.png"]) >> [count: 1, documents:[document]] 1 * documentService.canView(document) >> true - 1 * webService.proxyGetRequest(response, {it.endsWith('document/download/path/thumb_file.png')}, false, true) + 1 * webService.proxyGetRequest(response, {it.endsWith('document/download/path/thumb_file.png')}, false) resp == null } diff --git a/src/test/groovy/au/org/ala/biocollect/DownloadControllerSpec.groovy b/src/test/groovy/au/org/ala/biocollect/DownloadControllerSpec.groovy index 23ccfafc7..00f64d768 100644 --- a/src/test/groovy/au/org/ala/biocollect/DownloadControllerSpec.groovy +++ b/src/test/groovy/au/org/ala/biocollect/DownloadControllerSpec.groovy @@ -163,7 +163,7 @@ class DownloadControllerSpec extends Specification implements ControllerUnitTest Map result = controller.downloadProjectDataFile() then: - 1 * webServiceStub.proxyGetRequest(response, 'http://test/search/downloadProjectDataFile/'+projectId+'?fileExtension='+expectedOutputFormat, true, true) + 1 * webServiceStub.proxyGetRequest(response, 'http://test/search/downloadProjectDataFile/'+projectId+'?fileExtension='+expectedOutputFormat) result == null where: @@ -218,7 +218,7 @@ class DownloadControllerSpec extends Specification implements ControllerUnitTest controller.downloadProjectDataFile() then: - 1 * webServiceStub.proxyGetRequest(response, 'http://test/search/downloadProjectDataFile/1?fileExtension=zip', true, true) + 1 * webServiceStub.proxyGetRequest(response, 'http://test/search/downloadProjectDataFile/1?fileExtension=zip') response.status == HttpStatus.SC_OK } @@ -228,7 +228,7 @@ class DownloadControllerSpec extends Specification implements ControllerUnitTest controller.file() then: - 1 * webServiceStub.proxyGetRequest(response, 'http://test/document/1/file', true, true) + 1 * webServiceStub.proxyGetRequest(response, 'http://test/document/1/file') response.status == HttpStatus.SC_OK }