From 2e3fe392a4def4a0ec628259b65b49eba6c68ea5 Mon Sep 17 00:00:00 2001 From: Gcolon021 <34667267+Gcolon021@users.noreply.github.com> Date: Tue, 26 Mar 2024 16:12:09 -0400 Subject: [PATCH] Merging for 03-28 release (#162) * Update release with Fence-Integration (#153) * [HOT-FIX] Add maven war plugin version to fix production build [HOT-FIX] Add maven war plugin version to fix production build * [ALS-5514] AIM-AHEAD PIC-SURE AuthN (#150) [ALS-5332] BDC PIC-SURE: Support PSAMA persist admin roles fix compile issue Add manual roles check if roles are empty Add StudyAccessService Better error code; clean up Bump swagger version? Added jersey-server for tests Add guava to pom Adds method to look for accounts missing a subject Check if subject is empty * [ALS-5514] Add OktaOAuthAuthenticationService for user authentication The new class, OktaOAuthAuthenticationService, has been added to manage user authentication via Okta. This involves the process of code-token exchange, token introspection, and user initialization. It also contains utility methods for making requests to Okta API and processing the responses. * [ALS-5514] Add Okta authentication support in PIC-SURE This commit includes the addition of an OktaAuthenticationController which is responsible for handling Okta-based authentication requests. It also restructures the JAXRSConfiguration class's startup sequence and adds more flexibility in handling different Identity Provider (IDP) setups; specifically, it enhances the class's ability to properly configure and handle Okta IDP. * [ALS-5514] Remove unused import in AuthService.java * [ALS-5514] The 'standalone.xml' file has been updated to include OTKA parameters configuration. * [ALS-5514] Update maven war plugin * [ALS-5514] Use unauthorizedError in place of less specific error * [ALS-5514] Refactor UserRepository and improve user metadata generation Updated UserRepository.java to streamline the user data querying and creation process, and added explicit save(user) method for better clarity. In OktaOAuthAuthenticationService.java, a refactoring was done to simplify the process of updating user metadata. A unit test for generating user metadata was also added in a new OktaOAuthAuthenticationServiceTest.java file for improved code coverage and reliability. *[ALS-5514] Remove mapped clientId, refactor beanConfig scheme The commit eliminates mapped clientId resource in JAXRSConfiguration.java, instead retrieving it through ctx.lookup. This resolves issues in the cases where client_id may be empty. --------- Co-authored-by: James --------- Co-authored-by: James * [ALS-5858] AIM-AHEAD PIC-SURE: Landing page shows 0 studies (#156) * [ALS-5858] In order to upsert user studies we needed many of the same configuration values depended on by FENCE. I have refactored common JAXRSConfigurations to methods. They are now reused across different idp provider configurations. * ALS-6142: Update apache httpclient version (#160) * [ALS-5979] AIM-AHEAD PIC-SURE: Downloaded dataset seems incorrect (#161) * Refactor FENCEAuthenticationService to customize query fields Different fields for queryTemplateText are set based on the idp_provider in FENCEAuthenticationService. The "?fields" parameter of the query is now conditionally filled, with it being set to the parentAccessionField if idp_provider equals "fence", and empty otherwise. This change provides more flexibility for FENCE authentication depending on the provider setting. * Remove empty string for fields * Flip equals to avoid npe --------- Co-authored-by: James Co-authored-by: ramari16 --- pic-sure-auth-services/pom.xml | 2 +- .../service/auth/FENCEAuthenticationService.java | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/pic-sure-auth-services/pom.xml b/pic-sure-auth-services/pom.xml index 6b29c119..c0e1219e 100644 --- a/pic-sure-auth-services/pom.xml +++ b/pic-sure-auth-services/pom.xml @@ -32,7 +32,7 @@ org.apache.httpcomponents httpclient - 4.5.6 + 4.5.14 io.jsonwebtoken diff --git a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java index 9e7f9d3d..6fb59d38 100644 --- a/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java +++ b/pic-sure-auth-services/src/main/java/edu/harvard/hms/dbmi/avillach/auth/service/auth/FENCEAuthenticationService.java @@ -514,11 +514,18 @@ private Privilege upsertClinicalPrivilege(String studyIdentifier, String project +"\":[\"" +studyIdentifierField +"\"]}," - +"\"numericFilters\":{},\"requiredFields\":[]," - +"\"fields\":[\"" + parentAccessionField + "\"]," - +"\"variantInfoFilters\":[{\"categoryVariantInfoFilters\":{},\"numericVariantInfoFilters\":{}}]," + +"\"numericFilters\":{},\"requiredFields\":[],"; + + if("fence".equalsIgnoreCase(JAXRSConfiguration.idp_provider)) { + queryTemplateText += "\"fields\":[\"" + parentAccessionField + "\"],"; + } else { + queryTemplateText += "\"fields\":[],"; + } + + queryTemplateText+="\"variantInfoFilters\":[{\"categoryVariantInfoFilters\":{},\"numericVariantInfoFilters\":{}}]," +"\"expectedResultType\": \"COUNT\"" +"}"; + priv.setQueryTemplate(queryTemplateText); if(isHarmonized) { priv.setQueryScope("[\"" + conceptPath + "\",\"_\",\"" + fence_harmonized_concept_path + "\"]");