use signedUrl for getting authenticated user. add allowedUrls field t…

…o ExtrenalTool
IQSS · Jun 8, 2022 · 7e82009 · 7e82009
1 parent ac23437
commit 7e82009
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 1 deletion.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -49,6 +49,7 @@
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.UrlSignerUtil;
 import edu.harvard.iq.dataverse.util.json.JsonParser;
 import edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder;
 import edu.harvard.iq.dataverse.validation.PasswordValidatorServiceBean;
@@ -419,10 +420,28 @@ private AuthenticatedUser findAuthenticatedUserOrDie( String key, String wfid )
             } else {
                 throw new WrappedResponse(badWFKey(wfid));
             }
+        } else {
+            AuthenticatedUser authUser = getAuthenticatedUserFromSignedUrl();
+            if (authUser != null) {
+                return authUser;
+            } 
         }
         //Just send info about the apiKey - workflow users will learn about invocationId elsewhere
         throw new WrappedResponse(badApiKey(null));
     }
+
+    private AuthenticatedUser getAuthenticatedUserFromSignedUrl() {
+        AuthenticatedUser authUser = null;
+        String signedUrl = httpRequest.getRequestURL().toString();
+        String user = httpRequest.getParameter("user");
+        String method = httpRequest.getMethod();
+        String key = httpRequest.getParameter("token");
+        boolean validated = UrlSignerUtil.isValidUrl(signedUrl, method, user, key);
+        if (validated){
+            authUser = authSvc.getAuthenticatedUser(user);
+        }     
+        return authUser;
+    }    
 
     protected Dataverse findDataverseOrDie( String dvIdtf ) throws WrappedResponse {
         Dataverse dv = findDataverse(dvIdtf);

diff --git a/src/main/java/edu/harvard/iq/dataverse/externaltools/ExternalTool.java b/src/main/java/edu/harvard/iq/dataverse/externaltools/ExternalTool.java
@@ -41,6 +41,7 @@ public class ExternalTool implements Serializable {
     public static final String TOOL_PARAMETERS = "toolParameters";
     public static final String CONTENT_TYPE = "contentType";
     public static final String TOOL_NAME = "toolName";
+    public static final String ALLOWED_URLS = "allowedUrls";
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
@@ -97,6 +98,13 @@ public class ExternalTool implements Serializable {
     @Column(nullable = true, columnDefinition = "TEXT")
     private String contentType;
 
+    /**
+     * Path for retrieving data through the REST api. Used to build signedUrls
+     * for POST headers, as in DPCreator
+     */
+    @Column(nullable = true, columnDefinition = "TEXT")
+    private String allowedUrls;
+
     /**
      * This default constructor is only here to prevent this error at
      * deployment:
@@ -122,6 +130,18 @@ public ExternalTool(String displayName, String toolName, String description, Lis
         this.contentType = contentType;
     }
 
+    public ExternalTool(String displayName, String toolName, String description, List<ExternalToolType> externalToolTypes, Scope scope, String toolUrl, String toolParameters, String contentType, String allowedUrls) {
+        this.displayName = displayName;
+        this.toolName = toolName;
+        this.description = description;
+        this.externalToolTypes = externalToolTypes;
+        this.scope = scope;
+        this.toolUrl = toolUrl;
+        this.toolParameters = toolParameters;
+        this.contentType = contentType;
+        this.allowedUrls = allowedUrls;
+    }
+
     public enum Type {
 
         EXPLORE("explore"),
@@ -273,6 +293,9 @@ public JsonObjectBuilder toJson() {
         if (getContentType() != null) {
             jab.add(CONTENT_TYPE, getContentType());
         }
+        if (getAllowedUrls()!= null) {
+            jab.add(ALLOWED_URLS,getAllowedUrls());
+        }
         return jab;
     }
 
@@ -292,7 +315,8 @@ public enum ReservedWord {
         DATASET_PID("datasetPid"),
         DATASET_VERSION("datasetVersion"),
         FILE_METADATA_ID("fileMetadataId"),
-        LOCALE_CODE("localeCode");
+        LOCALE_CODE("localeCode"),
+        ALLOWED_URLS("allowedUrls");
 
         private final String text;
         private final String START = "{";
@@ -355,5 +379,19 @@ public String getDisplayNameLang() {
         return displayName;
     }
 
+    /**
+     * @return the allowedUrls
+     */
+    public String getAllowedUrls() {
+        return allowedUrls;
+    }
+
+    /**
+     * @param allowedUrls the allowedUrls to set
+     */
+    public void setAllowedUrls(String allowedUrls) {
+        this.allowedUrls = allowedUrls;
+    }
+
 
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/externaltools/ExternalToolHandler.java b/src/main/java/edu/harvard/iq/dataverse/externaltools/ExternalToolHandler.java
@@ -33,6 +33,20 @@
  */
 public class ExternalToolHandler {
 
+    /**
+     * @return the allowedUrls
+     */
+    public String getAllowedUrls() {
+        return allowedUrls;
+    }
+
+    /**
+     * @param allowedUrls the allowedUrls to set
+     */
+    public void setAllowedUrls(String allowedUrls) {
+        this.allowedUrls = allowedUrls;
+    }
+
     /**
      * @param user the user to set
      */
@@ -53,6 +67,7 @@ public void setUser(String user) {
     private String toolContext;
     private String user;
     private String siteUrl;
+    private String allowedUrls;
 
     /**
      * File level tool
@@ -209,6 +224,8 @@ private String getQueryParam(String key, String value) {
                 }
             case LOCALE_CODE:
                 return key + "=" + getLocaleCode();
+            case ALLOWED_URLS:
+                return key + "=" + getAllowedUrls();                    
             default:
                 break;
         }