Merge pull request #12 from appirio-tech/make_scopes_configurable

make m2m scopes configurable

Author: mtwomey

buildtokenproperties.sh

@@ -29,6 +29,10 @@ M2MAUTHCONFIG_AUTHDOMAIN=$(eval "echo \$${ENV}_M2MAUTHCONFIG_AUTHDOMAIN")
 M2MAUTHCONFIG_TOKENEXPIRETIME=$(eval "echo \$${ENV}_M2MAUTHCONFIG_TOKENEXPIRETIME")
 M2MAUTHCONFIG_USERID=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERID")
 M2MAUTHCONFIG_AUTHPROXYSERVERURL=$(eval "echo \$${ENV}_M2MAUTHCONFIG_AUTHPROXYSERVERURL")
+M2MAUTHCONFIG_USERPROFILES_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_CREATE")
+M2MAUTHCONFIG_USERPROFILES_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_UPDATE")
+M2MAUTHCONFIG_USERPROFILES_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_READ")
+M2MAUTHCONFIG_USERPROFILES_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_DELETE")
 
 DOMAIN=$(eval "echo \$${ENV}_DOMAIN")
 SMTP=$(eval "echo \$${ENV}_SMTP")
@@ -97,5 +101,9 @@ perl -pi -e "s/\{\{M2MAUTHCONFIG_TOKENEXPIRETIME\}\}/$M2MAUTHCONFIG_TOKENEXPIRET
 perl -pi -e "s/\{\{M2MAUTHCONFIG_USERID\}\}/$M2MAUTHCONFIG_USERID/g" $CONFFILENAME
 #perl -pi -e "s/\{\{M2MAUTHCONFIG_AUTHPROXYSERVERURL\}\}/$M2MAUTHCONFIG_AUTHPROXYSERVERURL/g" $CONFFILENAME
 perl -pi -e "s|\{\{M2MAUTHCONFIG_AUTHPROXYSERVERURL\}\}|$M2MAUTHCONFIG_AUTHPROXYSERVERURL|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_CREATE\}\}|$M2MAUTHCONFIG_USERPROFILES_CREATE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_UPDATE\}\}|$M2MAUTHCONFIG_USERPROFILES_UPDATE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_READ\}\}|$M2MAUTHCONFIG_USERPROFILES_READ|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_DELETE\}\}|$M2MAUTHCONFIG_USERPROFILES_DELETE|g" $CONFFILENAME
 perl -pi -e "s/\{\{AUTH0_NEW_DOMAIN\}\}/$AUTH0_NEW_DOMAIN/g" $CONFFILENAME
-perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME
+perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME

src/main/java/com/appirio/tech/core/service/identity/IdentityApplication.java

@@ -230,7 +230,7 @@ public void run(IdentityConfiguration configuration, Environment environment) th
 		        configuration.getEventBusServiceClientConfig(), configuration.getM2mAuthConfiguration());
 		// Resources::users
     	CacheService cacheService = configuration.getCache().createCacheService();
-    	UserResource userResource = new UserResource(userDao, roleDao, cacheService, eventProducer, eventBusServiceClient);
+    	UserResource userResource = new UserResource(userDao, roleDao, cacheService, eventProducer, eventBusServiceClient, configuration.getM2mAuthConfiguration().getUserProfiles());
     	userResource.setAuth0Client(configuration.getAuth0()); // TODO: constructor
     	userResource.setDomain(configuration.getAuthDomain());
     	// this secret _used_ to be different from the one used in AuthorizationResource.

src/main/java/com/appirio/tech/core/service/identity/M2mAuthConfiguration.java

@@ -1,5 +1,6 @@
 package com.appirio.tech.core.service.identity;
 
+import com.appirio.tech.core.service.identity.util.m2mscope.UserProfilesFactory;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import javax.validation.constraints.NotNull;
 
@@ -61,6 +62,17 @@ public class M2mAuthConfiguration {
     @JsonProperty
     private String authProxyServerUrl;
 
+    @JsonProperty
+    private UserProfilesFactory userProfiles = new UserProfilesFactory();
+
+    public UserProfilesFactory getUserProfiles() {
+        return userProfiles;
+    }
+
+    public void setUserProfiles(UserProfilesFactory userProfiles) {
+        this.userProfiles = userProfiles;
+    }
+
     /**
      * Get clientId
      * 
@@ -73,7 +85,7 @@ public String getClientId() {
     /**
      * Set clientId
      * 
-     * @return the clientId to set
+     * @param clientId the clientId to set
      */
     public void setClientId(String clientId) {
         this.clientId = clientId;
@@ -91,7 +103,7 @@ public String getClientSecret() {
     /**
      * Set clientSecret
      * 
-     * @return the clientSecret to set
+     * @param clientSecret the clientSecret to set
      */
     public void setClientSecret(String clientSecret) {
         this.clientSecret = clientSecret;
@@ -109,7 +121,7 @@ public String getAudience() {
     /**
      * Set audience
      * 
-     * @return the audience to set
+     * @param audience the audience to set
      */
     public void setAudience(String audience) {
         this.audience = audience;
@@ -127,7 +139,7 @@ public String getM2mAuthDomain() {
     /**
      * Set m2mAuthDomain
      * 
-     * @return the m2mAuthDomain to set
+     * @param m2mAuthDomain the m2mAuthDomain to set
      */
     public void setM2mAuthDomain(String m2mAuthDomain) {
         this.m2mAuthDomain = m2mAuthDomain;
@@ -145,7 +157,7 @@ public Integer getTokenExpireTimeInMinutes() {
     /**
      * Set tokenExpireTimeInMinutes
      * 
-     * @return the tokenExpireTimeInMinutes to set
+     * @param tokenExpireTimeInMinutes the tokenExpireTimeInMinutes to set
      */
     public void setTokenExpireTimeInMinutes(Integer tokenExpireTimeInMinutes) {
         this.tokenExpireTimeInMinutes = tokenExpireTimeInMinutes;
@@ -163,7 +175,7 @@ public Long getUserId() {
     /**
      * Set userId
      * 
-     * @return the userId to set
+     * @param userId the userId to set
      */
     public void setUserId(Long userId) {
         this.userId = userId;
@@ -181,7 +193,7 @@ public String getAuthProxyServerUrl() {
     /**
      * Set authProxyServerUrl
      *
-     * @return the authProxyServerUrl to set
+     * @param authProxyServerUrl the authProxyServerUrl to set
      */
     public void setAuthServerProxyUrl(String authProxyServerUrl) {
         this.authProxyServerUrl = authProxyServerUrl;

src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java

@@ -2,6 +2,8 @@
 
 import static com.appirio.tech.core.service.identity.util.Constants.*;
 import static javax.servlet.http.HttpServletResponse.*;
+
+import com.appirio.tech.core.service.identity.util.m2mscope.UserProfilesFactory;
 import io.dropwizard.auth.Auth;
 import io.dropwizard.jersey.PATCH;
 
@@ -91,26 +93,6 @@ public class UserResource implements GetResource<User>, DDLResource<User> {
     // TODO: switch to slf4j directly (this delegates to it) - it's more efficient
     private static final Logger logger = Logger.getLogger(UserResource.class);
 
-    /**
-     * Represents the create scopes for machine token validation.
-     */
-    public static final String[] ReadScopes = {"read:user_profiles", "all:user_profiles"};
-
-    /**
-     * Represents the create scopes for machine token validation.
-     */
-    public static final String[] CreateScopes = {"create:user_profiles", "all:user_profiles"};
-
-    /**
-     * Represents the delete scopes for machine token validation.
-     */
-    public static final String[] DeleteScopes = {"delete:user_profiles", "all:user_profiles"};
-
-    /**
-     * Represents the update scopes for machine token validation.
-     */
-    public static final String[] UpdateScopes = {"update:user_profiles", "all:user_profiles"};
-
     private int resetTokenExpirySeconds = 30 * 60; //30min
 
     private int resendActivationCodeExpirySeconds = 30 * 60; //30min
@@ -139,6 +121,8 @@ public class UserResource implements GetResource<User>, DDLResource<User> {
      * The event bus service client field used to send the event
      */
     private final EventBusServiceClient eventBusServiceClient;
+
+    private final UserProfilesFactory userProfilesFactory;
 
     /**
      * Create UserResource
@@ -148,18 +132,43 @@ public class UserResource implements GetResource<User>, DDLResource<User> {
      * @param cacheService the cacheService to use
      * @param eventProducer the eventProducer to use
      * @param eventBusServiceClient the eventBusServiceClient to use
+     * @param userProfilesFactory the user profiles scopes configuration.
      */
     public UserResource(
                 UserDAO userDao,
                 RoleDAO roleDao,
                 CacheService cacheService,
                 EventProducer eventProducer,
-                EventBusServiceClient eventBusServiceClient) {
+                EventBusServiceClient eventBusServiceClient, UserProfilesFactory userProfilesFactory) {
         this.userDao = userDao;
         this.roleDao = roleDao;
         this.cacheService = cacheService;
         this.eventProducer = eventProducer;
         this.eventBusServiceClient = eventBusServiceClient;
+        if (userProfilesFactory == null) {
+            // create a default one
+            this.userProfilesFactory = new UserProfilesFactory();
+        } else {
+            this.userProfilesFactory = userProfilesFactory;
+        }
+    }
+
+    /**
+     * Create UserResource
+     *
+     * @param userDao the userDao to use
+     * @param roleDao the roleDao to use
+     * @param cacheService the cacheService to use
+     * @param eventProducer the eventProducer to use
+     * @param eventBusServiceClient the eventBusServiceClient to use
+     */
+    public UserResource(
+            UserDAO userDao,
+            RoleDAO roleDao,
+            CacheService cacheService,
+            EventProducer eventProducer,
+            EventBusServiceClient eventBusServiceClient) {
+        this(userDao, roleDao, cacheService, eventProducer, eventBusServiceClient, null);
     }
 
     protected void setObjectMapper(ObjectMapper objectMapper) {
@@ -205,7 +214,7 @@ public ApiResponse createSSOUserLogin(@Auth AuthUser authUser,
             @Valid PostPutRequest<UserProfile> postRequest) {
         UserProfile profile = postRequest.getParam();
 
-        checkAccessAndUserProfile(authUser, userId, profile, CreateScopes);
+        checkAccessAndUserProfile(authUser, userId, profile, userProfilesFactory.getCreateScopes());
 
         try {
             SSOUserDAO ssoUserDao = this.userDao.createSSOUserDAO();
@@ -246,7 +255,7 @@ public ApiResponse updateSSOUserLogin(@Auth AuthUser authUser,
             @PathParam("userId") long userId,
             @Valid PostPutRequest<UserProfile> postRequest) {
         UserProfile profile = postRequest.getParam();
-        checkAccessAndUserProfile(authUser, userId, profile, UpdateScopes);
+        checkAccessAndUserProfile(authUser, userId, profile, userProfilesFactory.getUpdateScopes());
 
         try {
             SSOUserDAO ssoUserDao = this.userDao.createSSOUserDAO();
@@ -283,7 +292,7 @@ public ApiResponse updateSSOUserLogin(@Auth AuthUser authUser,
     @Path("/{userId}/SSOUserLogin")
     public ApiResponse deleteSSOUserLogin(@Auth AuthUser authUser,
             @PathParam("userId") long userId, @QueryParam("provider") String provider,  @QueryParam("providerId") Long providerId) {
-        Utils.checkAccess(authUser, DeleteScopes, Utils.AdminRoles);
+        Utils.checkAccess(authUser, userProfilesFactory.getDeleteScopes(), Utils.AdminRoles);
         if (userId <= 0) {
             throw new APIRuntimeException(SC_BAD_REQUEST, "userId should be positive:" + userId);
         }
@@ -339,7 +348,7 @@ public ApiResponse deleteSSOUserLogin(@Auth AuthUser authUser,
     @Path("/{userId}/SSOUserLogins")
     public ApiResponse getSSOUserLoginsByUserId(@Auth AuthUser authUser,
             @PathParam("userId") long userId) {
-        Utils.checkAccess(authUser, ReadScopes, Utils.AdminRoles);
+        Utils.checkAccess(authUser, userProfilesFactory.getReadScopes(), Utils.AdminRoles);
         if (userId <= 0) {
             throw new APIRuntimeException(SC_BAD_REQUEST, "userId should be positive:" + userId);
         }
@@ -365,7 +374,7 @@ public ApiResponse getObjects(
             @APIQueryParam(repClass = User.class) QueryParameter query,
             @Context HttpServletRequest request) {
         logger.info("getObjects");
-        Utils.checkAccess(authUser, ReadScopes, Utils.AdminRoles);
+        Utils.checkAccess(authUser, userProfilesFactory.getReadScopes(), Utils.AdminRoles);
 
         try {
             List<User> users = userDao.findUsers(
@@ -394,7 +403,7 @@ public ApiResponse getObject(
             @PathParam("resourceId") TCID resourceId,
             @APIFieldParam(repClass = User.class) FieldSelector selector,
             @Context HttpServletRequest request) throws Exception {
-        validateResourceIdAndCheckPermission(authUser, resourceId, ReadScopes);
+        validateResourceIdAndCheckPermission(authUser, resourceId, userProfilesFactory.getReadScopes());
 
         User user = this.userDao.populateById(selector, resourceId);
         if (user == null) {
@@ -508,7 +517,7 @@ public ApiResponse updateObject(
 
         TCID id = new TCID(resourceId);
 
-        validateResourceIdAndCheckPermission(authUser, id, UpdateScopes);
+        validateResourceIdAndCheckPermission(authUser, id, userProfilesFactory.getUpdateScopes());
         // checking param
         checkParam(patchRequest);
 
@@ -603,7 +612,7 @@ public ApiResponse createUserProfile(
         logger.info(String.format("createUserProfile(%s)", resourceId));
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, CreateScopes);
+        validateResourceIdAndCheckPermission(authUser, id, userProfilesFactory.getCreateScopes());
         // checking param
         checkParam(postRequest);
 
@@ -678,7 +687,7 @@ public ApiResponse deleteUserProfile(
             throw new APIRuntimeException(SC_BAD_REQUEST, String.format(Constants.MSG_TEMPLATE_MANDATORY, "provider"));
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, DeleteScopes);
+        validateResourceIdAndCheckPermission(authUser, id, userProfilesFactory.getDeleteScopes());
 
         ProviderType providerType = ProviderType.getByName(provider);
         if(providerType==null)
@@ -842,7 +851,7 @@ public ApiResponse updateHandle(
         logger.info(String.format("updateHandle(%s)", resourceId));
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, UpdateScopes);
+        validateResourceIdAndCheckPermission(authUser, id, userProfilesFactory.getUpdateScopes());
         // checking param
         checkParam(patchRequest);
 
@@ -888,7 +897,7 @@ public ApiResponse updatePrimaryEmail(
         logger.info(String.format("updatePrimaryEmail(%s)", resourceId));
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, UpdateScopes);
+        validateResourceIdAndCheckPermission(authUser, id, userProfilesFactory.getUpdateScopes());
         // checking param
         checkParam(patchRequest);
 
@@ -993,7 +1002,7 @@ public ApiResponse updateStatus(
         logger.info(String.format("updateStatus(%s, %s)", resourceId, comment));
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, UpdateScopes);
+        validateResourceIdAndCheckPermission(authUser, id, userProfilesFactory.getUpdateScopes());
         // checking param
         checkParam(patchRequest);
 
@@ -1165,7 +1174,7 @@ public ApiResponse getAchievements(
 
         logger.info(String.format("getAchievements(%s)", resourceId));
 
-        validateResourceIdAndCheckPermission(authUser, resourceId, ReadScopes);
+        validateResourceIdAndCheckPermission(authUser, resourceId, userProfilesFactory.getReadScopes());
 
         Long userId = Utils.toLongValue(resourceId);
         logger.debug(String.format("findUserById(%s)", userId));