diff --git a/.env.unix.example b/.env.unix.example
index 3f39fd7b37d6d25eaf34dbc4a9b74a33d84d19fd..bbc4ce743d04a6d9bcba22baef1ee7199fdfe0c9 100644
--- a/.env.unix.example
+++ b/.env.unix.example
@@ -2,6 +2,7 @@ DBREPO_CLIENT_SECRET=MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG
RABBITMQ_CLIENT_SECRET=JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u
JWT_ISSUER=http://localhost:8080/realms/dbrepo
JWT_PUBKEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
+JWT_CERT=MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
SHARED_FILESYSTEM=/tmp
LOG_LEVEL=trace
ELASTIC_PASSWORD=elastic
diff --git a/fda-authentication-service/dbrepo-realm.json b/fda-authentication-service/dbrepo-realm.json
index e4df97e0b86d0f8d2c11c1bbae537cbbc9e2030b..3d79aeed6d66e21b9e24c6527a8389cded0efb02 100644
--- a/fda-authentication-service/dbrepo-realm.json
+++ b/fda-authentication-service/dbrepo-realm.json
@@ -21,8 +21,8 @@
"accessCodeLifespan" : 60,
"accessCodeLifespanUserAction" : 300,
"accessCodeLifespanLogin" : 1800,
- "actionTokenGeneratedByAdminLifespan" : 43200,
- "actionTokenGeneratedByUserLifespan" : 300,
+ "actionTokenGeneratedByAdminLifespan" : 259200,
+ "actionTokenGeneratedByUserLifespan" : 86400,
"oauth2DeviceCodeLifespan" : 600,
"oauth2DevicePollingInterval" : 5,
"enabled" : true,
@@ -843,7 +843,7 @@
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpPolicyCodeReusable" : false,
- "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppMicrosoftAuthenticatorName", "totpAppGoogleName" ],
+ "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName", "totpAppMicrosoftAuthenticatorName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@@ -1738,23 +1738,6 @@
"config" : {
"allow-default-scopes" : [ "true" ]
}
- }, {
- "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
- "name" : "Trusted Hosts",
- "providerId" : "trusted-hosts",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : {
- "host-sending-registration-request-must-match" : [ "true" ],
- "client-uris-must-match" : [ "true" ]
- }
- }, {
- "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
- "name" : "Full Scope Disabled",
- "providerId" : "scope",
- "subType" : "anonymous",
- "subComponents" : { },
- "config" : { }
}, {
"id" : "0efa669d-1017-4b4a-82e1-c2eaf72de2c9",
"name" : "Allowed Client Scopes",
@@ -1772,25 +1755,60 @@
"subComponents" : { },
"config" : { }
}, {
- "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
+ "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
- "subType" : "authenticated",
+ "subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper" ]
}
}, {
- "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
+ "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
"name" : "Allowed Protocol Mapper Types",
"providerId" : "allowed-protocol-mappers",
- "subType" : "anonymous",
+ "subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ]
}
} ],
+ "org.keycloak.userprofile.UserProfileProvider" : [ {
+ "id" : "9ed551eb-c1e6-4af1-aaea-7aca5c7e6a97",
+ "providerId" : "declarative-user-profile",
+ "subComponents" : { },
+ "config" : { }
+ } ],
"org.keycloak.keys.KeyProvider" : [ {
+ "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
"id" : "28ca0b6d-b2e2-4785-b04b-2391e6344e30",
"name" : "aes-generated",
"providerId" : "aes-generated",
@@ -1811,18 +1829,6 @@
"priority" : [ "100" ],
"algorithm" : [ "HS256" ]
}
- }, {
- "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
- "name" : "rsa-enc-generated",
- "providerId" : "rsa-enc-generated",
- "subComponents" : { },
- "config" : {
- "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
- "keyUse" : [ "ENC" ],
- "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
- "priority" : [ "100" ],
- "algorithm" : [ "RSA-OAEP" ]
- }
}, {
"id" : "2293ff99-3c6d-46d1-8635-5e679d5b134a",
"name" : "rsa-generated",
@@ -1839,7 +1845,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
- "id" : "f5670e73-ebe7-4df8-a412-720db86688a0",
+ "id" : "813567bd-6600-4b6e-b286-b5dee1f5d064",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@@ -1861,7 +1867,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "594021be-b169-45e1-af94-f38308239acb",
+ "id" : "9826cfed-0fa3-4147-89dc-b2682c24d1ae",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@@ -1890,7 +1896,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "008b215a-c415-481e-a56e-d916ad7b8be8",
+ "id" : "c784fdf2-5c81-4c49-bfcd-4b4c1df23709",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -1912,7 +1918,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "225f4a5e-3e16-4f96-a74d-106ee2a648a8",
+ "id" : "14ec8779-1edf-41cc-80b4-472bf39ea78b",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -1934,7 +1940,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "76e0a042-42ee-4968-bc9c-ea99aa5da1e9",
+ "id" : "d1d343ce-85ea-4dd8-ace0-e2a89b1c8aa7",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -1956,7 +1962,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "325c7942-4a29-4be9-8b11-18eac7b94576",
+ "id" : "9cdaab34-3b7b-49f3-b563-fb5e5e5234ad",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@@ -1978,7 +1984,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "5ec59354-2513-4969-94c4-155a5d9d40bb",
+ "id" : "e52f4a8e-3e68-48b7-a332-e5d4cdea71f7",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@@ -2000,7 +2006,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "f9059e44-8678-4239-b022-964d0778b2eb",
+ "id" : "26fe8be3-b879-4e42-ab17-984a779e4e3b",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@@ -2023,7 +2029,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "aeb11709-cfc9-4983-a49a-a6a394738390",
+ "id" : "88be070e-9dca-477a-a309-ee6a128b3cdb",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@@ -2045,7 +2051,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "9060a17e-e895-4080-8d15-736ffc935d69",
+ "id" : "3eae800e-9501-4a4d-a212-a5c9f6bb21a5",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@@ -2081,7 +2087,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "cf5dd646-4767-4f1f-a868-932f25158e8e",
+ "id" : "f590ef06-e384-409d-bbe7-7802d829464f",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@@ -2117,7 +2123,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "bd5f02ab-595b-42ef-bee5-536240a1f5e4",
+ "id" : "830f1845-6d89-4de7-9ad2-e5ee4b13d774",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@@ -2146,7 +2152,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "bb4fc7b4-ce03-48a5-953a-efa64f9b1f08",
+ "id" : "6430a3fa-60ce-475d-a512-966c4046ad10",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@@ -2161,7 +2167,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "5263fbcf-1e5e-4073-82b9-61c284be6a1d",
+ "id" : "6ed62838-778b-48e8-9b0d-ca7a7232ec9e",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@@ -2184,7 +2190,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "e3b9c110-2293-450c-95a8-1ab67a13a40b",
+ "id" : "368b31ba-3065-4425-832e-f565336e93f5",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@@ -2206,7 +2212,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "40c9d62a-783d-4434-9642-1c34c9101d87",
+ "id" : "32618434-ca5d-4e5f-bcf7-a27f233e6ee2",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@@ -2228,7 +2234,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "aaecb234-2351-467f-81ad-d56c1f8811a4",
+ "id" : "17dbfb8f-0e6a-4b3c-9a6f-02e7b210ffe1",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@@ -2244,7 +2250,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "6c79d6c6-08e9-44b1-8d98-e536c18e1b2a",
+ "id" : "aef432b9-ac38-46b6-bb35-210ae9a01828",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@@ -2280,7 +2286,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "1e6cf937-d987-4898-a1dc-765bbae4da72",
+ "id" : "64cff6f9-6931-4b12-a869-bbd6c767ffd7",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@@ -2316,7 +2322,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "ea9c6ea6-5cef-4e5c-9ca1-217d2833257b",
+ "id" : "85c3536d-5812-403a-b7a9-59728f9d2a5f",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@@ -2332,13 +2338,13 @@
} ]
} ],
"authenticatorConfig" : [ {
- "id" : "8aabe328-f9c8-4842-a084-601deacd79e2",
+ "id" : "2f156ed6-ea2d-4ed7-8974-283993cb0b8a",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
- "id" : "398beafd-0718-4a86-a6d4-5a5ab54c8bc6",
+ "id" : "50956254-36cd-4834-bc2e-f258c525309f",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
@@ -2425,17 +2431,22 @@
"dockerAuthenticationFlow" : "docker auth",
"attributes" : {
"cibaBackchannelTokenDeliveryMode" : "poll",
- "cibaExpiresIn" : "120",
"cibaAuthRequestedUserHint" : "login_hint",
- "oauth2DeviceCodeLifespan" : "600",
"clientOfflineSessionMaxLifespan" : "0",
"oauth2DevicePollingInterval" : "5",
"clientSessionIdleTimeout" : "0",
- "parRequestUriLifespan" : "60",
- "clientSessionMaxLifespan" : "0",
+ "actionTokenGeneratedByUserLifespan-execute-actions" : "",
+ "actionTokenGeneratedByUserLifespan-verify-email" : "",
"clientOfflineSessionIdleTimeout" : "0",
+ "actionTokenGeneratedByUserLifespan-reset-credentials" : "",
"cibaInterval" : "5",
- "realmReusableOtpCode" : "false"
+ "realmReusableOtpCode" : "false",
+ "cibaExpiresIn" : "120",
+ "oauth2DeviceCodeLifespan" : "600",
+ "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "shortVerificationUri" : ""
},
"keycloakVersion" : "21.0.1",
"userManagedAccessAllowed" : false,
diff --git a/fda-broker-service/Dockerfile b/fda-broker-service/Dockerfile
index 0e2626ec371ec8e05b26b8672d9c54d6901a2be0..4c82b98176f6a989e455c0a181f924a68bdb33cd 100644
--- a/fda-broker-service/Dockerfile
+++ b/fda-broker-service/Dockerfile
@@ -6,6 +6,8 @@ MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
FROM rabbitmq:3-management-alpine as runtime
ENV PYTHONUNBUFFERED=1
+ENV JWT_PUBKEY=public-key
+ENV JWT_CERT=cert
COPY ./rabbitmq.conf /etc/rabbitmq/
@@ -15,7 +17,7 @@ RUN pip3 install -r ./requirements.txt
WORKDIR /app
-COPY ./init.py ./init.py
+COPY ./init.sh ./init.sh
COPY ./register.py ./register.py
COPY ./service_ready /usr/bin/service_ready
COPY ./docker-entrypoint.sh ./docker-entrypoint.sh
diff --git a/fda-broker-service/docker-entrypoint.sh b/fda-broker-service/docker-entrypoint.sh
index 3af6f8ef11700fec89ffb8b8b8f5d2b9788012d7..9279f112c555bda657bc06bc2289ef352511428b 100755
--- a/fda-broker-service/docker-entrypoint.sh
+++ b/fda-broker-service/docker-entrypoint.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# load jwt certificates
-python3 ./init.py
+bash ./init.sh
# enable prometheus plugin
(sleep 10; rabbitmq-plugins enable rabbitmq_prometheus rabbitmq_mqtt rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl; touch /ready) &
diff --git a/fda-broker-service/init.py b/fda-broker-service/init.py
deleted file mode 100644
index 249ae7670986207b76822c0915bac5565910c1af..0000000000000000000000000000000000000000
--- a/fda-broker-service/init.py
+++ /dev/null
@@ -1,44 +0,0 @@
-import requests as rq
-import py_eureka_client.logger as logger
-import datetime
-
-logger.set_level("ERROR")
-
-
-def get_cert() -> str:
- body = rq.get("http://gateway-service:9095/api/auth/realms/dbrepo/protocol/openid-connect/certs").json()
- for key in body["keys"]:
- if key["alg"] != "RS256":
- continue
- cert = "-----BEGIN CERTIFICATE-----\n"
- cert += key["x5c"][0]
- cert += "\n-----END CERTIFICATE-----"
- return cert
-
-
-def get_pubkey() -> str:
- body = rq.get("http://gateway-service:9095/api/auth/realms/dbrepo").json()
- pubkey = "-----BEGIN RSA PUBLIC KEY-----\n"
- pubkey += body["public_key"]
- pubkey += "\n-----END RSA PUBLIC KEY-----"
- return pubkey
-
-
-def write_file(path, content):
- with open(path, 'w') as f:
- f.write(content)
-
-
-def log(message):
- date = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
- print(f"{date} LOG: {message}")
-
-
-if __name__ == "__main__":
- log("Retrieving certificate ...")
- pem = get_cert()
- pubkey = get_pubkey()
- write_file("/app/cert.pem", pem)
- log("saved cert to /app/cert.pem")
- write_file("/app/pubkey.pem", pubkey)
- log("saved cert to /app/pubkey.pem")
diff --git a/fda-broker-service/init.sh b/fda-broker-service/init.sh
new file mode 100644
index 0000000000000000000000000000000000000000..afcf6f35644190aa0faafcdd3374626f008123af
--- /dev/null
+++ b/fda-broker-service/init.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+echo "init pubkey ..."
+rm -f /app/pubkey.pem /app/cert.pem
+cat << EOF > /app/pubkey.pem
+-----BEGIN RSA PUBLIC KEY-----
+${JWT_PUBKEY}
+-----END RSA PUBLIC KEY-----
+EOF
+echo "init cert ..."
+cat << EOF > /app/cert.pem
+-----BEGIN CERTIFICATE-----
+${JWT_CERT}
+-----END CERTIFICATE-----
+EOF
\ No newline at end of file
diff --git a/fda-container-service/Dockerfile b/fda-container-service/Dockerfile
index cac8dff13d629f51172bde545d38066344a37a90..95f2ddbb34ab85f9ceada45f408fea52cb618c26 100644
--- a/fda-container-service/Dockerfile
+++ b/fda-container-service/Dockerfile
@@ -29,7 +29,7 @@ ENV BROKER_PASSWORD=fda
ENV SHARED_FILESYSTEM=/tmp
ENV USER_NETWORK=userdb
ENV LOG_LEVEL=debug
-ENV CLIENT_SECRET="${DBREPO_CLIENT_SECRET:-client-secret}"
+ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
ENV JWT_PUBKEY=public-key
diff --git a/fda-container-service/rest-service/src/main/resources/application-docker.yml b/fda-container-service/rest-service/src/main/resources/application-docker.yml
index f2afff130eddfa9db2dc28746d4a55e92d90bb4f..eea48592c78d8c76d69038c26d089cd64f20b4f9 100644
--- a/fda-container-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-docker.yml
@@ -41,6 +41,6 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: http://gateway-service:9095
\ No newline at end of file
diff --git a/fda-container-service/rest-service/src/main/resources/application.yml b/fda-container-service/rest-service/src/main/resources/application.yml
index 0d80243df81c7157024ee3be8c4dc1bf2d8be70e..1b781359d2ecb1d8b079140a2d75f150a8c7aad1 100644
--- a/fda-container-service/rest-service/src/main/resources/application.yml
+++ b/fda-container-service/rest-service/src/main/resources/application.yml
@@ -41,6 +41,6 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: http://gateway-service:9095
\ No newline at end of file
diff --git a/fda-database-service/Dockerfile b/fda-database-service/Dockerfile
index abc770942688549b5dbdb7be20f514542701b2cc..8cb9cb8d330e94625022957c94eeb90fe7ad5b95 100644
--- a/fda-database-service/Dockerfile
+++ b/fda-database-service/Dockerfile
@@ -31,7 +31,7 @@ ENV SEARCH_USERNAME=elastic
ENV SEARCH_PASSWORD=elastic
ENV GATEWAY_ENDPOINT=http://gateway-service:9095
ENV LOG_LEVEL=debug
-ENV CLIENT_SECRET="${DBREPO_CLIENT_SECRET:-client-secret}"
+ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
ENV JWT_PUBKEY=public-key
diff --git a/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java b/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java
index 3c83982839537f9244f5eb1093b6072b292e208b..9f652ed3cafd9530b76c079952727fc080559bc9 100644
--- a/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java
+++ b/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/AccessEndpoint.java
@@ -41,7 +41,7 @@ public class AccessEndpoint {
@PostMapping
@Transactional
- @PreAuthorize("hasAuthority('create-access')")
+ @PreAuthorize("hasAuthority('create-database-access')")
@Operation(summary = "Give access to some database", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<?> create(@NotBlank @PathVariable("id") Long containerId,
@NotBlank @PathVariable("databaseId") Long databaseId,
@@ -65,7 +65,7 @@ public class AccessEndpoint {
@PutMapping("/{username}")
@Transactional
- @PreAuthorize("hasAuthority('modify-access')")
+ @PreAuthorize("hasAuthority('update-database-access')")
@Operation(summary = "Modify access to some database", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<?> update(@NotBlank @PathVariable("id") Long containerId,
@NotBlank @PathVariable("databaseId") Long databaseId,
@@ -84,7 +84,7 @@ public class AccessEndpoint {
@GetMapping
@Transactional
- @PreAuthorize("hasAuthority('check-access')")
+ @PreAuthorize("hasAuthority('check-database-access')")
@Operation(summary = "Check access to some database", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<DatabaseAccessDto> find(@NotBlank @PathVariable("id") Long containerId,
@NotBlank @PathVariable("databaseId") Long databaseId,
@@ -100,7 +100,7 @@ public class AccessEndpoint {
@DeleteMapping("/{username}")
@Transactional
- @PreAuthorize("hasAuthority('modify-access')")
+ @PreAuthorize("hasAuthority('delete-database-access')")
@Operation(summary = "Revoke access to some database", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<?> revoke(@NotBlank @PathVariable("id") Long containerId,
@NotBlank @PathVariable("databaseId") Long databaseId,
diff --git a/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java b/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
index 11121c05c8123583d2f4b2b0c5eb5a4bbd43fdef..5176472cd2c1e7bb3cc8be47772b272a8f38dd3f 100644
--- a/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
+++ b/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
@@ -85,9 +85,10 @@ public class DatabaseEndpoint {
principal);
final Database database = databaseService.create(containerId, createDto, principal);
final User user = userService.findByUsername(principal.getName());
+ messageQueueService.createUser(user);
messageQueueService.createExchange(database, principal);
- queryStoreService.create(containerId, database.getId(), principal);
messageQueueService.updatePermissions(principal);
+ queryStoreService.create(containerId, database.getId(), principal);
databaseAccessRepository.save(databaseMapper.defaultCreatorAccess(database, user));
final DatabaseBriefDto dto = databaseMapper.databaseToDatabaseBriefDto(database);
log.trace("create database resulted in database {}", dto);
diff --git a/fda-database-service/rest-service/src/main/resources/application-docker.yml b/fda-database-service/rest-service/src/main/resources/application-docker.yml
index 077cd6cfaa7bd13245e8d969977cb2510ec3c2c3..f94d2480e098c74ed183deefbf7fb78d530fed76 100644
--- a/fda-database-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-database-service/rest-service/src/main/resources/application-docker.yml
@@ -46,6 +46,6 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: "${GATEWAY_ENDPOINT}"
\ No newline at end of file
diff --git a/fda-database-service/rest-service/src/main/resources/application.yml b/fda-database-service/rest-service/src/main/resources/application.yml
index 8a670dbd08fae3a2d92dc448efe9a88215248599..5fe3306acfb65381f970ac91842a50e77de95780 100644
--- a/fda-database-service/rest-service/src/main/resources/application.yml
+++ b/fda-database-service/rest-service/src/main/resources/application.yml
@@ -46,6 +46,6 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: http://gateway-service:9095
\ No newline at end of file
diff --git a/fda-database-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java b/fda-database-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java
index e8dc0bdd94a5258a1fda561f3149371a49d5fca5..f24e321b159bd679096afa786b43753e5f8e7a5e 100644
--- a/fda-database-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/gateway/BrokerServiceGateway.java
@@ -27,6 +27,14 @@ public interface BrokerServiceGateway {
void grantPermission(String username, ExchangeUpdatePermissionsDto data)
throws BrokerVirtualHostGrantException;
+ /**
+ * Create user on the broker service
+ *
+ * @param username The new username.
+ * @throws BrokerVirtualHostCreationException The user could not be created.
+ */
+ void createUser(String username) throws BrokerVirtualHostCreationException;
+
/**
* Grants a user permission at a virtual host in the queue service.
*
diff --git a/fda-database-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java b/fda-database-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java
index 48cf9d5d50fc5e28c9ce91828a7e956224029aa3..49f89002d7702da8cd3a6af6735a0751ea6f7181 100644
--- a/fda-database-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/gateway/impl/BrokerServiceGatewayImpl.java
@@ -1,5 +1,6 @@
package at.tuwien.gateway.impl;
+import at.tuwien.api.amqp.CreateUserDto;
import at.tuwien.api.amqp.CreateVirtualHostDto;
import at.tuwien.api.amqp.GrantVirtualHostPermissionsDto;
import at.tuwien.api.user.ExchangeUpdatePermissionsDto;
@@ -54,6 +55,21 @@ public class BrokerServiceGatewayImpl implements BrokerServiceGateway {
log.info("Grant exchange for user with username {}", username);
}
+ @Override
+ public void createUser(String username) throws BrokerVirtualHostCreationException {
+ final CreateUserDto data = CreateUserDto.builder()
+ .passwordHash("")
+ .tags("")
+ .build();
+ final ResponseEntity<Void> response = restTemplate.exchange(gatewayConfig.getGatewayEndpoint() + "/api/broker/users/" + username, HttpMethod.PUT,
+ new HttpEntity<>(data), Void.class);
+ if (!response.getStatusCode().equals(HttpStatus.CREATED) && !response.getStatusCode().equals(HttpStatus.NO_CONTENT)) {
+ log.error("Failed to create user: {}", response.getStatusCode());
+ throw new BrokerVirtualHostCreationException("Failed to create user");
+ }
+ log.info("Created user with username {}", username);
+ }
+
@Override
public void grantPermission(String username, GrantVirtualHostPermissionsDto data)
throws BrokerVirtualHostGrantException {
diff --git a/fda-database-service/services/src/main/java/at/tuwien/service/MessageQueueService.java b/fda-database-service/services/src/main/java/at/tuwien/service/MessageQueueService.java
index dd7029d8c3e4543708d0b2ba8bdb23c2d881927c..6693e408d3960b894040edecf0c3a526212e4c16 100644
--- a/fda-database-service/services/src/main/java/at/tuwien/service/MessageQueueService.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/service/MessageQueueService.java
@@ -1,6 +1,7 @@
package at.tuwien.service;
import at.tuwien.entities.database.Database;
+import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
import javax.annotation.PostConstruct;
@@ -20,6 +21,14 @@ public interface MessageQueueService {
*/
void createExchange(Database database, Principal principal) throws AmqpException;
+ /**
+ * Create user on the broker service
+ *
+ * @param user The new user.
+ * @throws BrokerVirtualHostCreationException The user could not be created.
+ */
+ void createUser(User user) throws BrokerVirtualHostCreationException;
+
/**
* Updates the virtual host permissions in the broker service.
*
diff --git a/fda-database-service/services/src/main/java/at/tuwien/service/impl/RabbitMqServiceImpl.java b/fda-database-service/services/src/main/java/at/tuwien/service/impl/RabbitMqServiceImpl.java
index 8d3ddd3606809417a1f4139552af88b6d135cee4..70f2cabd3b49a73f38b64b618bfda3261bc6eecf 100644
--- a/fda-database-service/services/src/main/java/at/tuwien/service/impl/RabbitMqServiceImpl.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/service/impl/RabbitMqServiceImpl.java
@@ -3,6 +3,7 @@ package at.tuwien.service.impl;
import at.tuwien.api.amqp.GrantVirtualHostPermissionsDto;
import at.tuwien.config.AmqpConfig;
import at.tuwien.entities.database.Database;
+import at.tuwien.entities.user.User;
import at.tuwien.exception.AmqpException;
import at.tuwien.exception.BrokerVirtualHostCreationException;
import at.tuwien.exception.BrokerVirtualHostGrantException;
@@ -66,6 +67,11 @@ public class RabbitMqServiceImpl implements MessageQueueService {
}
}
+ @Override
+ public void createUser(User user) throws BrokerVirtualHostCreationException {
+ brokerServiceGateway.createUser(user.getUsername());
+ }
+
@Override
public void updatePermissions(Principal principal) throws BrokerVirtualHostGrantException {
final List<Database> databases = databaseRepository.findAllByUsername(principal.getName());
diff --git a/fda-identifier-service/Dockerfile b/fda-identifier-service/Dockerfile
index 47cbf34ae587cb331adaa8df92575d434895ba71..1d1d44e699773daca509fd60a34cab01fb0b886e 100644
--- a/fda-identifier-service/Dockerfile
+++ b/fda-identifier-service/Dockerfile
@@ -28,7 +28,7 @@ ENV METADATA_PASSWORD=dbrepo
ENV GATEWAY_ENDPOINT=http://gateway-service:9095
ENV WEBSITE=http://localhost:3000
ENV LOG_LEVEL=debug
-ENV CLIENT_SECRET="${DBREPO_CLIENT_SECRET:-client-secret}"
+ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
ENV JWT_PUBKEY=public-key
diff --git a/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/IdentifierEndpoint.java b/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/IdentifierEndpoint.java
index d75aeb79eba1389df1ea154fe7202c505c7d95e5..1b2f41090f31577a1b56b2ae42dcee7433bfeb00 100644
--- a/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/IdentifierEndpoint.java
+++ b/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/IdentifierEndpoint.java
@@ -41,7 +41,6 @@ public class IdentifierEndpoint {
@GetMapping
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('find-identifiers')")
@Timed(value = "identifier.list", description = "Time needed to list the identifiers")
@Operation(summary = "Find identifiers")
public ResponseEntity<List<IdentifierDto>> list(@RequestParam(required = false) Long dbid,
diff --git a/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/PersistenceEndpoint.java b/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/PersistenceEndpoint.java
index a540a807e741ca0df2e495197ad4a061562c8852..93ff27454be942939fe499c873e894e948ed59ab 100644
--- a/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/PersistenceEndpoint.java
+++ b/fda-identifier-service/rest-service/src/main/java/at/tuwien/endpoints/PersistenceEndpoint.java
@@ -46,7 +46,6 @@ public class PersistenceEndpoint {
@GetMapping("/{pid}")
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('find-identifier')")
@Timed(value = "pid.find", description = "Time needed to find a persisted identifier")
@Operation(summary = "Find some identifier")
public ResponseEntity<?> find(@Valid @PathVariable("pid") Long pid,
diff --git a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml b/fda-identifier-service/rest-service/src/main/resources/application-docker.yml
index 1930d3a31812016a8c7fb693081736b43a999010..effdbdecf86f748ef83a0b9df79ac13229124755 100644
--- a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application-docker.yml
@@ -38,7 +38,7 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: "${GATEWAY_ENDPOINT}"
website: "${WEBSITE}"
diff --git a/fda-identifier-service/rest-service/src/main/resources/application.yml b/fda-identifier-service/rest-service/src/main/resources/application.yml
index c31a5533d2283111ccc08ae896667b596ec4371c..c94870bb525e18a83a51ad981afa9f1b36e0ce04 100644
--- a/fda-identifier-service/rest-service/src/main/resources/application.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application.yml
@@ -38,7 +38,7 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: "${GATEWAY_ENDPOINT}"
website: "${WEBSITE}"
diff --git a/fda-metadata-db/api/src/main/java/at/tuwien/api/amqp/CreateUserDto.java b/fda-metadata-db/api/src/main/java/at/tuwien/api/amqp/CreateUserDto.java
index d38ff9464434f3c6b9e606ed6d24bad1b5572454..f528e63ecd6750ed2c8f1e33185a1efaef4fb8bc 100644
--- a/fda-metadata-db/api/src/main/java/at/tuwien/api/amqp/CreateUserDto.java
+++ b/fda-metadata-db/api/src/main/java/at/tuwien/api/amqp/CreateUserDto.java
@@ -1,10 +1,9 @@
package at.tuwien.api.amqp;
+import com.fasterxml.jackson.annotation.JsonProperty;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.*;
-import javax.validation.constraints.NotNull;
-
@Getter
@Setter
@ToString
@@ -13,9 +12,8 @@ import javax.validation.constraints.NotNull;
@NoArgsConstructor
public class CreateUserDto {
- @NotNull
- @ToString.Exclude
- private String password;
+ @JsonProperty("password_hash")
+ private String passwordHash;
@Schema(example = "administrator")
private String tags;
diff --git a/fda-metadata-db/api/src/main/java/at/tuwien/api/database/DatabaseAccessDto.java b/fda-metadata-db/api/src/main/java/at/tuwien/api/database/DatabaseAccessDto.java
index 272ff0118955ccfd1246bbdaa3a9085f2af85ea2..5824512e7aa7bc8d7da46d103f189fffe5903bec 100644
--- a/fda-metadata-db/api/src/main/java/at/tuwien/api/database/DatabaseAccessDto.java
+++ b/fda-metadata-db/api/src/main/java/at/tuwien/api/database/DatabaseAccessDto.java
@@ -21,7 +21,7 @@ public class DatabaseAccessDto {
@NotNull
@JsonIgnore
@ToString.Exclude
- private Long huserid;
+ private String huserid;
@NotNull
@JsonIgnore
diff --git a/fda-metadata-db/entities/src/main/java/at/tuwien/entities/database/DatabaseAccessKey.java b/fda-metadata-db/entities/src/main/java/at/tuwien/entities/database/DatabaseAccessKey.java
index 6591c771ae3d2538ec139233460ffe73c057a1fa..6b4b8f2bc8768dce6adba4a3b29083e250822d61 100644
--- a/fda-metadata-db/entities/src/main/java/at/tuwien/entities/database/DatabaseAccessKey.java
+++ b/fda-metadata-db/entities/src/main/java/at/tuwien/entities/database/DatabaseAccessKey.java
@@ -7,7 +7,7 @@ import java.io.Serializable;
@EqualsAndHashCode
public class DatabaseAccessKey implements Serializable {
- private Long huserid;
+ private String huserid;
private Long hdbid;
}
diff --git a/fda-query-service/Dockerfile b/fda-query-service/Dockerfile
index 90a92f23bdf538151987ccc5e1558d23ce6ac7d5..75b10b84358d279a493ebff048fdcbbf29714c8e 100644
--- a/fda-query-service/Dockerfile
+++ b/fda-query-service/Dockerfile
@@ -31,7 +31,7 @@ ENV GATEWAY_ENDPOINT=http://gateway-service:9095
ENV SHARED_FILESYSTEM=/tmp
ENV BROKER_CONSUMERS=2
ENV LOG_LEVEL=debug
-ENV CLIENT_SECRET="${DBREPO_CLIENT_SECRET:-client-secret}"
+ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
ENV JWT_PUBKEY=public-key
diff --git a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/QueryEndpoint.java b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/QueryEndpoint.java
index 31f447c71ce14c54fbcc7591e30a88f492165e29..af50ebc896b565413187f4484966f0757ced1a86 100644
--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/QueryEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/QueryEndpoint.java
@@ -3,7 +3,6 @@ package at.tuwien.endpoint;
import at.tuwien.ExportResource;
import at.tuwien.SortType;
import at.tuwien.api.database.query.*;
-import at.tuwien.config.QueryConfig;
import at.tuwien.querystore.Query;
import at.tuwien.exception.*;
import at.tuwien.service.*;
diff --git a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
index 03c527325cfb2f0d68de2c72a7bf94dca0888b47..12ef14a247b8d721e2ea101408e33af3aa49cdd9 100644
--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
@@ -2,7 +2,6 @@ package at.tuwien.endpoint;
import at.tuwien.api.database.query.QueryBriefDto;
import at.tuwien.api.database.query.QueryDto;
-import at.tuwien.config.QueryConfig;
import at.tuwien.entities.identifier.Identifier;
import at.tuwien.entities.identifier.IdentifierType;
import at.tuwien.entities.user.User;
@@ -56,7 +55,6 @@ public class StoreEndpoint {
@GetMapping
@Transactional(readOnly = true)
@Timed(value = "store.list", description = "Time needed to list queries from the query store")
- @PreAuthorize("hasAuthority('find-queries')")
@Operation(summary = "Find queries", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<List<QueryBriefDto>> findAll(@NotNull @PathVariable("id") Long containerId,
@NotNull @PathVariable("databaseId") Long databaseId,
@@ -89,7 +87,6 @@ public class StoreEndpoint {
@GetMapping("/{queryId}")
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('find-query')")
@Timed(value = "store.find", description = "Time needed to find a query from the query store")
@Operation(summary = "Find some query", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<QueryDto> find(@NotNull @PathVariable("id") Long containerId,
diff --git a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableDataEndpoint.java b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableDataEndpoint.java
index 1edc99ccb0a102d0023e3729ea8fa6bd16b69068..0056da271566d4f1a8f19c79a421f2c49fb371e5 100644
--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableDataEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableDataEndpoint.java
@@ -42,7 +42,7 @@ public class TableDataEndpoint {
@PostMapping
@Transactional
@Timed(value = "data.insert", description = "Time needed to insert data into a table")
- @PreAuthorize("hasAuthority('modify-data')")
+ @PreAuthorize("hasAuthority('insert-table-data')")
@Operation(summary = "Insert data", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<Void> insert(@NotNull @PathVariable("id") Long containerId,
@NotNull @PathVariable("databaseId") Long databaseId,
@@ -62,7 +62,7 @@ public class TableDataEndpoint {
@PutMapping
@Transactional
@Deprecated
- @PreAuthorize("hasAuthority('modify-data')")
+ @PreAuthorize("hasAuthority('insert-table-data')")
@Timed(value = "data.update", description = "Time needed to update data in a table")
@Operation(summary = "Update data", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<Void> update(@NotNull @PathVariable("id") Long containerId,
@@ -82,7 +82,7 @@ public class TableDataEndpoint {
@DeleteMapping
@Transactional
- @PreAuthorize("hasAuthority('modify-data')")
+ @PreAuthorize("hasAuthority('delete-table-data')")
@Timed(value = "data.delete", description = "Time needed to delete data into a table")
@Operation(summary = "Delete data", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<Void> delete(@NotNull @PathVariable("id") Long containerId,
@@ -102,7 +102,7 @@ public class TableDataEndpoint {
@PostMapping("/import")
@Transactional
- @PreAuthorize("hasAuthority('modify-data')")
+ @PreAuthorize("hasAuthority('insert-table-data')")
@Timed(value = "data.insertbulk", description = "Time needed to insert data from .csv into a table")
@Operation(summary = "Insert data from csv", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<Void> importCsv(@NotNull @PathVariable("id") Long containerId,
@@ -122,7 +122,6 @@ public class TableDataEndpoint {
@RequestMapping(method = {RequestMethod.GET, RequestMethod.HEAD})
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('get-data')")
@Timed(value = "data.all", description = "Time needed to find all data from a table")
@Operation(summary = "Find data", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<QueryResultDto> getAll(@NotNull @PathVariable("id") Long containerId,
@@ -148,7 +147,6 @@ public class TableDataEndpoint {
}
@GetMapping("/count")
- @PreAuthorize("hasAuthority('get-data')")
@Timed(value = "data.all.count", description = "Time needed to get count of all data from a table")
@Operation(summary = "Find data", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<Long> getCount(@NotNull @PathVariable("id") Long containerId,
diff --git a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableHistoryEndpoint.java b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableHistoryEndpoint.java
index e2fff813a7d0d913c98c234890c551b561c0c4ae..55dcab71c1b3220dbb5b5f76cda0b45e873ebefd 100644
--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableHistoryEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/TableHistoryEndpoint.java
@@ -33,7 +33,6 @@ public class TableHistoryEndpoint {
@RequestMapping(method = {RequestMethod.GET, RequestMethod.HEAD})
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('data-history')")
@Timed(value = "history.list", description = "Time needed to retrieve table history")
@Operation(summary = "Find all history", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<List<TableHistoryDto>> getAll(@NotNull @PathVariable("id") Long containerId,
diff --git a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java
index 01f35fd3398fb2cb3d20fc12c859198ce3e9bb52..274078d4d1090aa45a2c8e0229866cfdf28e36e4 100644
--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/ViewEndpoint.java
@@ -51,7 +51,6 @@ public class ViewEndpoint {
@GetMapping
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('find-views')")
@Timed(value = "view.list", description = "Time needed to list all views in a database")
@Operation(summary = "Find all views", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<List<ViewBriefDto>> findAll(@NotNull @PathVariable("id") Long containerId,
@@ -72,7 +71,7 @@ public class ViewEndpoint {
@PostMapping
@Transactional
- @PreAuthorize("hasAuthority('create-view')")
+ @PreAuthorize("hasAuthority('create-database-view')")
@Timed(value = "view.create", description = "Time needed to create a view")
@Operation(summary = "Create a view", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<ViewBriefDto> create(@NotNull @PathVariable("id") Long containerId,
@@ -95,7 +94,6 @@ public class ViewEndpoint {
@GetMapping("/{viewId}")
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('find-view')")
@Timed(value = "view.find", description = "Time needed to find a view")
@Operation(summary = "Find one view", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<ViewDto> find(@NotNull @PathVariable("id") Long containerId,
@@ -114,7 +112,7 @@ public class ViewEndpoint {
@DeleteMapping("/{viewId}")
@Transactional
- @PreAuthorize("hasAuthority('delete-view')")
+ @PreAuthorize("hasAuthority('delete-database-view')")
@Timed(value = "view.delete", description = "Time needed to delete a view")
@Operation(summary = "Delete one view", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<?> delete(@NotNull @PathVariable("id") Long containerId,
@@ -132,7 +130,6 @@ public class ViewEndpoint {
@GetMapping("/{viewId}/data")
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('view-view')")
@Timed(value = "view.data", description = "Time needed to retrieve data from a view")
@Operation(summary = "Find view data", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<QueryResultDto> data(@NotNull @PathVariable("id") Long containerId,
@@ -161,7 +158,6 @@ public class ViewEndpoint {
@GetMapping("/{viewId}/data/count")
@Transactional(readOnly = true)
- @PreAuthorize("hasAuthority('view-view')")
@Timed(value = "view.data.count", description = "Time needed to retrieve data count from a view")
@Operation(summary = "Find view data count", security = @SecurityRequirement(name = "bearerAuth"))
public ResponseEntity<Long> count(@NotNull @PathVariable("id") Long containerId,
diff --git a/fda-query-service/rest-service/src/main/resources/application-docker.yml b/fda-query-service/rest-service/src/main/resources/application-docker.yml
index 0010b04b70bc831636c0041b0ff4d31ef6ffb98e..af01aef8848883339087020d716790a5e0faaf54 100644
--- a/fda-query-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-query-service/rest-service/src/main/resources/application-docker.yml
@@ -43,7 +43,7 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
consumers: 2
unsupported: "${NOT_SUPPORTED_KEYWORDS}"
diff --git a/fda-query-service/rest-service/src/main/resources/application.yml b/fda-query-service/rest-service/src/main/resources/application.yml
index f773caffc066c7c9e2116b13e5ac60d587497739..5fa2c15377451daa437fa5ca0c1f21417467d4a0 100644
--- a/fda-query-service/rest-service/src/main/resources/application.yml
+++ b/fda-query-service/rest-service/src/main/resources/application.yml
@@ -43,7 +43,7 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
consumers: "${BROKER_CONSUMERS}"
unsupported: "${NOT_SUPPORTED_KEYWORDS}"
diff --git a/fda-table-service/Dockerfile b/fda-table-service/Dockerfile
index cac8dff13d629f51172bde545d38066344a37a90..95f2ddbb34ab85f9ceada45f408fea52cb618c26 100644
--- a/fda-table-service/Dockerfile
+++ b/fda-table-service/Dockerfile
@@ -29,7 +29,7 @@ ENV BROKER_PASSWORD=fda
ENV SHARED_FILESYSTEM=/tmp
ENV USER_NETWORK=userdb
ENV LOG_LEVEL=debug
-ENV CLIENT_SECRET="${DBREPO_CLIENT_SECRET:-client-secret}"
+ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
ENV JWT_PUBKEY=public-key
diff --git a/fda-table-service/rest-service/src/main/resources/application-docker.yml b/fda-table-service/rest-service/src/main/resources/application-docker.yml
index 7e549849650b016a1911089d79c5e3df8db99273..2bb58074adc7189b70e92299f7479280a411dd47 100644
--- a/fda-table-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-table-service/rest-service/src/main/resources/application-docker.yml
@@ -42,7 +42,7 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: "${GATEWAY_ENDPOINT}"
elastic:
diff --git a/fda-table-service/rest-service/src/main/resources/application.yml b/fda-table-service/rest-service/src/main/resources/application.yml
index 0197bd442bcd179f204e7dae605970702de2a0a8..93de3e69e5a1b46ae72b4ad12886200aca3ad46c 100644
--- a/fda-table-service/rest-service/src/main/resources/application.yml
+++ b/fda-table-service/rest-service/src/main/resources/application.yml
@@ -42,7 +42,7 @@ fda:
jwt:
issuer: "${JWT_ISSUER}"
public_key: "${JWT_PUBKEY}"
- client_secret: "${CLIENT_SECRET}"
+ client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
gateway.endpoint: http://gateway-service:9095
elastic:
diff --git a/fda-ui/.env.example b/fda-ui/.env.example
index 9498c087a5670bd0e2a77ba52455abdac3e8b508..5a83ca98633b20cb62f0b6c9a2c03bae08a58833 100644
--- a/fda-ui/.env.example
+++ b/fda-ui/.env.example
@@ -7,4 +7,4 @@ BROKER_USERNAME=fda
BROKER_PASSWORD=fda
SANDBOX=false
SHARED_FILESYSTEM=/tmp
-CLIENT_SECRET=
+DBREPO_CLIENT_SECRET=
diff --git a/fda-ui/Dockerfile b/fda-ui/Dockerfile
index 8078a05225d11e8d1196ab3ae54ba7fe652dd292..730cbf8f9adff87e4d85930db79a3f6b9f37bf0b 100644
--- a/fda-ui/Dockerfile
+++ b/fda-ui/Dockerfile
@@ -55,7 +55,7 @@ ENV ELASTIC_PASSWORD=elastic
ENV VERSION="${TAG}"
ENV TITLE="Database Repository"
ENV ICON="/favicon.ico"
-ENV CLIENT_SECRET=""
+ENV DBREPO_CLIENT_SECRET=client-secret
WORKDIR /app
diff --git a/fda-ui/api/user/index.js b/fda-ui/api/user/index.js
index 7e06253dec9b786d42f8a916b64242fc44913cb2..8f3edc2f2c93cd476e8d5210e6c6f57fef7dfb08 100644
--- a/fda-ui/api/user/index.js
+++ b/fda-ui/api/user/index.js
@@ -10,7 +10,7 @@ export function authenticate (clientSecret, username, password) {
password,
grant_type: 'password',
client_secret: clientSecret,
- scope: 'openid'
+ scope: 'openid roles'
}
return axios.post('/api/auth/realms/dbrepo/protocol/openid-connect/token', qs.stringify(payload), {
headers: { ContentType: 'application/form-data' }
@@ -44,13 +44,8 @@ export function tokenToUser (token) {
id: data.sub,
firstname: data.given_name || null,
lastname: data.family_name || null,
- username: data.preferred_username,
- theme_dark: data.metadata?.theme_dark || false,
- titles_before: data.metadata?.titles_before || null,
- titles_after: data.metadata?.titles_after || null,
- affiliation: data.metadata?.affiliation || null,
- orcid: data.metadata?.orcid || null,
- email_verified: data.metadata?.email_verified || null
+ username: data.client_id,
+ roles: data.realm_access.roles || []
}
}
diff --git a/fda-ui/components/DBToolbar.vue b/fda-ui/components/DBToolbar.vue
index 2cf0ca33d3f9df992e76318304fc09a715d7f9a3..309001e40b99871404d23562e44d2e72d8e127b9 100644
--- a/fda-ui/components/DBToolbar.vue
+++ b/fda-ui/components/DBToolbar.vue
@@ -28,16 +28,16 @@
</v-toolbar-title>
<v-spacer />
<v-toolbar-title>
- <v-btn v-if="!loading && canModify && isResearcher" class="mr-2 mb-1" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/table/import`">
+ <v-btn v-if="canImportCsv" class="mr-2 mb-1" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/table/import`">
<v-icon left>mdi-cloud-upload</v-icon> Import CSV
</v-btn>
- <v-btn v-if="!loading && canRead && isResearcher" color="secondary" class="mb-1 white--text" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/query/create`">
+ <v-btn v-if="canCreateSubset" color="secondary" class="mb-1 white--text" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/query/create`">
<v-icon left>mdi-wrench</v-icon> Create Subset
</v-btn>
- <v-btn v-if="!loading && isOwner && isResearcher" color="secondary" class="ml-2 mr-2 mb-1 white--text" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/view/create`">
+ <v-btn v-if="canCreateView" color="secondary" class="ml-2 mr-2 mb-1 white--text" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/view/create`">
<v-icon left>mdi-view-carousel-outline</v-icon> Create View
</v-btn>
- <v-btn v-if="!loading && canModify && isResearcher" color="primary" class="mb-1" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/table/create`">
+ <v-btn v-if="canCreateTable" color="primary" class="mb-1" :to="`/container/${$route.params.container_id}/database/${$route.params.database_id}/table/create`">
<v-icon left>mdi-table-large-plus</v-icon> Create Table
</v-btn>
</v-toolbar-title>
@@ -65,20 +65,14 @@
</template>
<script>
-import { isResearcher } from '@/utils'
-
export default {
data () {
return {
tab: null,
- loading: false,
error: false
}
},
computed: {
- loadingColor () {
- return 'primary'
- },
database () {
return this.$store.state.database
},
@@ -91,32 +85,23 @@ export default {
token () {
return this.$store.state.token
},
- canModify () {
- if (!this.user || !this.access || !this.database || !this.database.creator) {
- return false
- }
- if (this.database.creator.username === this.user.username) {
- return true
- }
- return this.access.type === 'write_own' || this.access.type === 'write_all'
+ canImportCsv () {
+ return this.user.roles.includes('insert-table-data')
},
- canRead () {
- if (this.database?.is_public) {
- return true
- }
- if (!this.access) {
- return false
- }
- return this.access.type === 'read' || this.access.type === 'write_own' || this.access.type === 'write_all'
+ canCreateSubset () {
+ return this.user.roles.includes('execute-query')
+ },
+ canCreateView () {
+ return this.user.roles.includes('create-database-view')
+ },
+ canCreateTable () {
+ return this.user.roles.includes('create-table')
},
isOwner () {
if (!this.user || !this.database || !this.database.creator) {
return false
}
- return this.database.creator.username === this.user.username
- },
- isResearcher () {
- return isResearcher(this.user)
+ return this.database.creator.username === this.user.client_id
},
config () {
if (this.token === null) {
diff --git a/fda-ui/components/QueryList.vue b/fda-ui/components/QueryList.vue
index 5e5f6772b115f0755ff1c138b05a823ba1eed2ce..200b37fb06f615a1d3a922da123b5f6e98786396 100644
--- a/fda-ui/components/QueryList.vue
+++ b/fda-ui/components/QueryList.vue
@@ -1,6 +1,11 @@
<template>
<div>
<v-progress-linear v-if="loadingIdentifiers || loadingQueries || error" :color="loadingColor" :value="loadProgress" />
+ <v-card v-if="!(loadingIdentifiers || loadingQueries) && queries && queries.length === 0" flat>
+ <v-card-text>
+ (no subsets)
+ </v-card-text>
+ </v-card>
<v-tabs-items>
<div v-if="!loadingQueries && !error">
<div v-for="(item,i) in queries" :key="i">
diff --git a/fda-ui/config.js b/fda-ui/config.js
index 8e22479f037e05308d518ac8026378441b4720db..a11e09b5c480b74f978ba2a7d86c5d902cfc40a5 100644
--- a/fda-ui/config.js
+++ b/fda-ui/config.js
@@ -14,6 +14,6 @@ config.mailVerify = process.env.MAIL_VERIFY || false
config.tokenMax = process.env.TOKEN_MAX || 5
config.elasticPassword = process.env.ELASTIC_PASSWORD || 'elastic'
config.elasticPassword = process.env.ELASTIC_PASSWORD || 'elastic'
-config.clientSecret = process.env.CLIENT_SECRET
+config.clientSecret = process.env.DBREPO_CLIENT_SECRET
module.exports = config
diff --git a/fda-ui/layouts/default.vue b/fda-ui/layouts/default.vue
index 30700fe6ff746f656fba450a0feca346406d0c30..7958c2d097e09aad9a5d85cae2d9c2a01447498e 100644
--- a/fda-ui/layouts/default.vue
+++ b/fda-ui/layouts/default.vue
@@ -244,7 +244,7 @@ export default {
const redirect = ![undefined, '/', '/login'].includes(this.$router.currentRoute.path)
this.$router.push({ path: '/login', query: redirect ? { redirect: this.$router.currentRoute.path } : {} })
},
- logout (message = null) {
+ logout (message) {
if (message) {
this.$toast.warning(message)
}
diff --git a/fda-userdb/Dockerfile b/fda-userdb/Dockerfile
deleted file mode 100644
index 79269300da74865624043dd2ab126d823f0ed44c..0000000000000000000000000000000000000000
--- a/fda-userdb/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM mariadb:10.5 as runtime
-MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
-
-COPY ./querystore.sql /docker-entrypoint-initdb.d/querystore.sql
-
-HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD mysqladmin ping --host=127.0.0.1
\ No newline at end of file