Merge pull request #16 from appirio-tech/dev

Merge to Master-ifx from dev-ifx

Author: nkumar-topcoder

.gitignore

@@ -0,0 +1 @@
+.idea

buildtokenproperties.sh

@@ -29,6 +29,10 @@ M2MAUTHCONFIG_AUTHDOMAIN=$(eval "echo \$${ENV}_M2MAUTHCONFIG_AUTHDOMAIN")
 M2MAUTHCONFIG_TOKENEXPIRETIME=$(eval "echo \$${ENV}_M2MAUTHCONFIG_TOKENEXPIRETIME")
 M2MAUTHCONFIG_USERID=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERID")
 M2MAUTHCONFIG_AUTHPROXYSERVERURL=$(eval "echo \$${ENV}_M2MAUTHCONFIG_AUTHPROXYSERVERURL")
+M2MAUTHCONFIG_USERPROFILES_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_CREATE")
+M2MAUTHCONFIG_USERPROFILES_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_UPDATE")
+M2MAUTHCONFIG_USERPROFILES_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_READ")
+M2MAUTHCONFIG_USERPROFILES_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_DELETE")
 
 DOMAIN=$(eval "echo \$${ENV}_DOMAIN")
 SMTP=$(eval "echo \$${ENV}_SMTP")
@@ -97,5 +101,9 @@ perl -pi -e "s/\{\{M2MAUTHCONFIG_TOKENEXPIRETIME\}\}/$M2MAUTHCONFIG_TOKENEXPIRET
 perl -pi -e "s/\{\{M2MAUTHCONFIG_USERID\}\}/$M2MAUTHCONFIG_USERID/g" $CONFFILENAME
 #perl -pi -e "s/\{\{M2MAUTHCONFIG_AUTHPROXYSERVERURL\}\}/$M2MAUTHCONFIG_AUTHPROXYSERVERURL/g" $CONFFILENAME
 perl -pi -e "s|\{\{M2MAUTHCONFIG_AUTHPROXYSERVERURL\}\}|$M2MAUTHCONFIG_AUTHPROXYSERVERURL|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_CREATE\}\}|$M2MAUTHCONFIG_USERPROFILES_CREATE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_UPDATE\}\}|$M2MAUTHCONFIG_USERPROFILES_UPDATE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_READ\}\}|$M2MAUTHCONFIG_USERPROFILES_READ|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_DELETE\}\}|$M2MAUTHCONFIG_USERPROFILES_DELETE|g" $CONFFILENAME
 perl -pi -e "s/\{\{AUTH0_NEW_DOMAIN\}\}/$AUTH0_NEW_DOMAIN/g" $CONFFILENAME
-perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME
+perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME

src/main/java/com/appirio/tech/core/service/identity/IdentityApplication.java

@@ -230,7 +230,7 @@ public void run(IdentityConfiguration configuration, Environment environment) th
 		        configuration.getEventBusServiceClientConfig(), configuration.getM2mAuthConfiguration());
 		// Resources::users
     	CacheService cacheService = configuration.getCache().createCacheService();
-    	UserResource userResource = new UserResource(userDao, roleDao, cacheService, eventProducer, eventBusServiceClient);
+    	UserResource userResource = new UserResource(userDao, roleDao, cacheService, eventProducer, eventBusServiceClient, configuration.getM2mAuthConfiguration().getUserProfiles());
     	userResource.setAuth0Client(configuration.getAuth0()); // TODO: constructor
     	userResource.setDomain(configuration.getAuthDomain());
     	// this secret _used_ to be different from the one used in AuthorizationResource.
@@ -250,8 +250,6 @@ public void run(IdentityConfiguration configuration, Environment environment) th
 		GroupResource groupResource = new GroupResource(groupDao, groupInformixDao);
 		environment.jersey().register(groupResource);
 		environment.jersey().register(groupDao);
-		// TODO: temporary fix.
-		userResource.setGroupDAO(groupDao);
 
 		// Resources::authorizations
 		AuthDataStore authDataStore = configuration.getAuthStore().createAuthDataStore();

src/main/java/com/appirio/tech/core/service/identity/M2mAuthConfiguration.java

@@ -1,5 +1,6 @@
 package com.appirio.tech.core.service.identity;
 
+import com.appirio.tech.core.service.identity.util.m2mscope.UserProfilesFactory;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import javax.validation.constraints.NotNull;
 
@@ -61,6 +62,17 @@ public class M2mAuthConfiguration {
     @JsonProperty
     private String authProxyServerUrl;
 
+    @JsonProperty
+    private UserProfilesFactory userProfiles = new UserProfilesFactory();
+
+    public UserProfilesFactory getUserProfiles() {
+        return userProfiles;
+    }
+
+    public void setUserProfiles(UserProfilesFactory userProfiles) {
+        this.userProfiles = userProfiles;
+    }
+
     /**
      * Get clientId
      * 
@@ -73,7 +85,7 @@ public String getClientId() {
     /**
      * Set clientId
      * 
-     * @return the clientId to set
+     * @param clientId the clientId to set
      */
     public void setClientId(String clientId) {
         this.clientId = clientId;
@@ -91,7 +103,7 @@ public String getClientSecret() {
     /**
      * Set clientSecret
      * 
-     * @return the clientSecret to set
+     * @param clientSecret the clientSecret to set
      */
     public void setClientSecret(String clientSecret) {
         this.clientSecret = clientSecret;
@@ -109,7 +121,7 @@ public String getAudience() {
     /**
      * Set audience
      * 
-     * @return the audience to set
+     * @param audience the audience to set
      */
     public void setAudience(String audience) {
         this.audience = audience;
@@ -127,7 +139,7 @@ public String getM2mAuthDomain() {
     /**
      * Set m2mAuthDomain
      * 
-     * @return the m2mAuthDomain to set
+     * @param m2mAuthDomain the m2mAuthDomain to set
      */
     public void setM2mAuthDomain(String m2mAuthDomain) {
         this.m2mAuthDomain = m2mAuthDomain;
@@ -145,7 +157,7 @@ public Integer getTokenExpireTimeInMinutes() {
     /**
      * Set tokenExpireTimeInMinutes
      * 
-     * @return the tokenExpireTimeInMinutes to set
+     * @param tokenExpireTimeInMinutes the tokenExpireTimeInMinutes to set
      */
     public void setTokenExpireTimeInMinutes(Integer tokenExpireTimeInMinutes) {
         this.tokenExpireTimeInMinutes = tokenExpireTimeInMinutes;
@@ -163,7 +175,7 @@ public Long getUserId() {
     /**
      * Set userId
      * 
-     * @return the userId to set
+     * @param userId the userId to set
      */
     public void setUserId(Long userId) {
         this.userId = userId;
@@ -181,7 +193,7 @@ public String getAuthProxyServerUrl() {
     /**
      * Set authProxyServerUrl
      *
-     * @return the authProxyServerUrl to set
+     * @param authProxyServerUrl the authProxyServerUrl to set
      */
     public void setAuthServerProxyUrl(String authProxyServerUrl) {
         this.authProxyServerUrl = authProxyServerUrl;

src/main/java/com/appirio/tech/core/service/identity/resource/AuthorizationResource.java

@@ -384,14 +384,13 @@ public ApiResponse createObject(
             Map<String, Object> header = Utils.parseJWTHeader(auth.getExternalToken());
             if ("RS256".equals(header.get("alg"))) {
                 isRs256Token = true;
-                String refreshToken = this.cacheService.get(auth.getExternalToken());
-                if (refreshToken == null) {
-                    throw new APIRuntimeException(HttpServletResponse.SC_NOT_FOUND, "The refresh token is not found.");
-                }
+                
+                String refreshToken = auth.getRefreshToken();
                 Auth0Credential cred = this.auth0New.refreshToken(refreshToken);
                 this.cacheService.delete(auth.getExternalToken());
                 this.cacheService.put(cred.getAccessToken(), refreshToken);
                 auth.setToken(cred.getAccessToken());
+                
             } else {
                 auth.setToken(createJWTToken(auth.getExternalToken()));
             }

src/main/java/com/appirio/tech/core/service/identity/resource/GroupResource.java

@@ -98,11 +98,6 @@ public class GroupResource implements GetResource<Group>, DDLResource<Group> {
 	 */
 	private static final String[] writeScopes = {"write:groups", "all:groups"};
 
-	/**
-	 * Represents the admin roles
-	 */
-	private static final String[] adminRoles = {"administrator"};
-
 	/**
 	 * Represents the DAO For Group
 	 */
@@ -139,7 +134,7 @@ public ApiResponse createObject(
 			@Context HttpServletRequest request) {
 		logger.info("createObject()");
 
-		checkAccess(authUser, writeScopes, adminRoles);
+		Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
 
 		Group group = validateGroup(postRequest);
 
@@ -185,7 +180,7 @@ public ApiResponse createSecurityGroup(
 
         logger.info("createSecurityGroup()");
 
-        checkAccess(authUser, writeScopes, adminRoles);
+		Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
 
         if (postRequest == null) {
             throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Group"));
@@ -392,7 +387,7 @@ public ApiResponse updateObject(
 			@Context HttpServletRequest request) {
 		logger.info("updateObject()");
 
-		checkAccess(authUser, writeScopes, adminRoles);
+		Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
 
 		Group group = validateGroup(putRequest);
 
@@ -447,7 +442,7 @@ public ApiResponse deleteObject(
 			@Context HttpServletRequest request) {
 		logger.info(String.format("deleteObject(%s)", groupId));
 
-		checkAccess(authUser, writeScopes, adminRoles);
+		Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
 
 		Group group = getExistingGroup(new TCID(groupId));
 
@@ -511,7 +506,7 @@ public ApiResponse getObject(
 		logger.info(String.format("getObject(%s)", groupId));
 		Group group = getExistingGroup(groupId);
 
-		validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, adminRoles);
+		validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, Utils.AdminRoles);
 
 		return ApiResponseFactory.createFieldSelectorResponse(group, selector);
 	}
@@ -636,7 +631,7 @@ public ApiResponse getMembers(
 		// Check group exists
 		Group group = getExistingGroup(groupId);
 
-		validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, adminRoles);
+		validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, Utils.AdminRoles);
 
 		try {
 			List<GroupMembership> memberships = groupDao.findMembershipsByGroup(Utils.toLongValue(groupId));
@@ -669,10 +664,10 @@ public ApiResponse getObjects(
 
 		logger.info(String.format("getObjects(%s, %s)", memberId, membershipType));
 
-		checkAccess(authUser, readScopes, null);
+		Utils.checkAccess(authUser, readScopes, null);
 
 		// for admin and machine token
-		if (authUser.isMachine() || hasAdminRole(authUser)) {
+		if (authUser.isMachine() || Utils.hasAdminRole(authUser)) {
 			if (memberId==null && Utils.isEmpty(membershipType)) {
 				return ApiResponseFactory.createFieldSelectorResponse(groupDao.findAllGroups(), null);
 			}
@@ -709,7 +704,7 @@ public ApiResponse addMember(
 
 		logger.info("addMember()");
 
-		checkAccess(authUser, writeScopes, null);
+		Utils.checkAccess(authUser, writeScopes, null);
 
 		validateMembership(postRequest);
 
@@ -722,7 +717,7 @@ public ApiResponse addMember(
 		Group group = getExistingGroup(groupId);
 
 		// only admins or self registering users are allowed (if the group allows self register)
-		if(!authUser.isMachine() && !hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
+		if(!authUser.isMachine() && !Utils.hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
 			throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
 		}
 
@@ -759,7 +754,7 @@ public ApiResponse removeMember(
 
 		logger.info(String.format("removeMember(%s, %s)", groupId, membershipId));
 
-		checkAccess(authUser, writeScopes, null);
+		Utils.checkAccess(authUser, writeScopes, null);
 
 		long id = Utils.toLongValue(membershipId);
 		GroupMembership membership = groupDao.findMembership(id);
@@ -770,7 +765,7 @@ public ApiResponse removeMember(
 		}
 
 		// only admins or self registering users are allowed (if the group allows self register)
-		if(!authUser.isMachine() && !hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
+		if(!authUser.isMachine() && !Utils.hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
 			throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
 		}
 
@@ -812,46 +807,4 @@ private void validateAdminRoleOrPrivateGroupMembership(AuthUser authUser, Group
 		}
 		throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
 	}
-
-	private void checkAccess(AuthUser authUser, String[] allowedScopes, String[] allowedRoles) {
-		if (authUser == null) {
-			throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Authentication user"));
-		}
-
-		if (authUser.isMachine()) {
-			if (allowedScopes == null || allowedScopes.length == 0) {
-				return;
-			}
-
-			for (String allowedScope : allowedScopes) {
-				if (authUser.getScope().contains(allowedScope)) {
-					return;
-				}
-			}
-		} else {
-			if (allowedRoles == null || allowedRoles.length == 0) {
-				return;
-			}
-
-			for (String role : allowedRoles) {
-				if (authUser.getRoles() != null && authUser.getRoles().contains(role)) {
-					return;
-				}
-			}
-		}
-
-		throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
-	}
-
-	private boolean hasAdminRole(AuthUser authUser) {
-		if (authUser.getRoles() != null) {
-			for (String role : adminRoles) {
-				if (authUser.getRoles().contains(role)) {
-					return true;
-				}
-			}
-		}
-
-		return false;
-	}
 }