You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/23 01:38:34 UTC
[1/3] airavata-php-gateway git commit: AIRAVATA-2403 Basic account
creation working
Repository: airavata-php-gateway
Updated Branches:
refs/heads/develop 97dc57e38 -> ece3d216e
AIRAVATA-2403 Basic account creation working
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/1a744a34
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/1a744a34
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/1a744a34
Branch: refs/heads/develop
Commit: 1a744a34d145cb1757dd2e898f730cd6e99b1c1e
Parents: 97dc57e
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu Jun 22 15:33:04 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu Jun 22 15:33:04 2017 -0400
----------------------------------------------------------------------
app/controllers/AccountController.php | 116 ++++++++++++----------------
app/controllers/AdminController.php | 6 +-
app/libraries/EmailUtilities.php | 2 +-
app/libraries/UserProfileUtilities.php | 4 +-
app/views/account/login.blade.php | 5 ++
5 files changed, 64 insertions(+), 69 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a744a34/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 99709df..5a707db 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -49,43 +49,19 @@ class AccountController extends BaseController
$admin_authz_token = Keycloak::getAdminAuthzToken();
- $gatewayId = Config::get('pga_config.airavata')['gateway-id'];
- $user_details = new Airavata\Model\User\UserProfile();
- $user_details->userId = $username;
- $user_details->emails = array($email);
- $user_details->firstName = $first_name;
- $user_details->lastName = $last_name;
- $user_details->gatewayId = $gatewayId;
- $user_details->creationTime = 0;
- $user_details->lastAccessTime = 0;
- $user_details->validUntil = 0;
- $user_details->State = Airavata\Model\User\Status::PENDING;
-
- // TODO: do we need to pass this if we are passing an access token?
- // Couldn't the backend just use the access token?
- $realm_admin_credentials = new Airavata\Model\Credential\Store\PasswordCredential();
- $realm_admin_credentials->gatewayId = $gatewayId;
- $realm_admin_credentials->portalUserName = Config::get('pga_config.wsis')['admin-username'];
- $realm_admin_credentials->loginUserName = Config::get('pga_config.wsis')['admin-username'];
- $realm_admin_credentials->password = Config::get('pga_config.wsis')['admin-password'];
-
- IamAdminServices::registerUser($admin_authz_token, $user_details, $realm_admin_credentials, $password);
+ IamAdminServices::registerUser($admin_authz_token, $username, $email, $first_name, $last_name, $password);
/*add user to the initial role */
- // TODO: add user to initial role, etc.
- // $initialRoleName = CommonUtilities::getInitialRoleName();
- // $allRoles = Keycloak::getAllRoles();
- //
- // $userRoles["new"] = $initialRoleName;
- //
- // if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
- //
- // $userRoles["new"] = array("gateway-provider", "admin");
- // }
- // $userRoles["deleted"] = array();
- // // FIXME: this requires the $user_id, not the $username
- // Keycloak::updateUserRoles( $username, $userRoles);
+ // add user to initial role
+ $initialRoleName = CommonUtilities::getInitialRoleName();
+ IamAdminServices::addRoleToUser($admin_authz_token, $username, $initialRoleName);
+ if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
+ IamAdminServices::addRoleToUser($admin_authz_token, $username, "gateway-provider");
+ }
+
+ // Send account confirmation email
+ EmailUtilities::sendVerifyEmailAccount($username, $first_name, $last_name, $email);
CommonUtilities::print_success_message('Account confirmation request was sent to your email account');
return View::make('home');
@@ -126,9 +102,12 @@ class AccountController extends BaseController
$expirationTime = time() + $response->expires_in - 300; // 5 minutes safe margin
$userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken);
+ Session::put("iam-user-profile", $userProfile);
$username = $userProfile['username'];
$userRoles = $userProfile['roles'];
$userEmail = $userProfile["email"];
+ $firstName = $userProfile["firstname"];
+ $lastName = $userProfile["lastname"];
$authzToken = new Airavata\Model\Security\AuthzToken();
$authzToken->accessToken = $accessToken;
@@ -162,7 +141,7 @@ class AccountController extends BaseController
Session::put("gateway_id", Config::get('pga_config.airavata')['gateway-id']);
if(Session::has("admin") || Session::has("admin-read-only") || Session::has("authorized-user")){
- return $this->initializeWithAiravata($username, $userEmail);
+ return $this->initializeWithAiravata($username, $userEmail, $firstName, $lastName);
}
if(Session::has("admin") || Session::has("admin-read-only")){
@@ -175,6 +154,7 @@ class AccountController extends BaseController
}
+ // TODO: add new user from OAuth login to initial role
public function oauthCallback()
{
if (!isset($_GET["code"])) {
@@ -193,9 +173,12 @@ class AccountController extends BaseController
$userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken);
Log::debug("userProfile", array($userProfile));
+ Session::put("iam-user-profile", $userProfile);
$username = $userProfile['username'];
$userRoles = $userProfile['roles'];
$userEmail = $userProfile['email'];
+ $firstName = $userProfile['firstname'];
+ $lastName = $userProfile['lastName'];
//FIXME There is a bug in WSO2 IS which doest not return the admin role for the default admin user.
//FIXME Hence as a workaround we manually add it here.
@@ -225,12 +208,12 @@ class AccountController extends BaseController
Session::put("gateway_id", Config::get('pga_config.airavata')['gateway-id']);
if(Session::get("admin") || Session::get("admin-read-only") || Session::get("authorized-user")){
- return $this->initializeWithAiravata($username, $userEmail);
+ return $this->initializeWithAiravata($username, $userEmail, $firstName, $lastName);
}
return Redirect::to("home");
}
- private function initializeWithAiravata($username, $userEmail){
+ private function initializeWithAiravata($username, $userEmail, $firstName, $lastName){
// Log the user out if Airavata is down. If a new user we want to make
// sure we create the default project and setup experiment storage
@@ -256,7 +239,7 @@ class AccountController extends BaseController
// Create basic user profile if it doesn't exist
if (!UserProfileUtilities::does_user_profile_exist($username)) {
- UserProfileUtilities::create_basic_user_profile($username, $userEmail);
+ UserProfileUtilities::create_basic_user_profile($username, $userEmail, $firstName, $lastName);
}
$userProfile = UserProfileUtilities::get_user_profile($username);
Session::put('user-profile', $userProfile);
@@ -295,7 +278,11 @@ class AccountController extends BaseController
public function dashboard(){
$userRoles = Session::get("roles");
- $userEmail = Session::get("user-profile")->emails[0];
+ if (Session::has("user-profile")) {
+ $userEmail = Session::get("user-profile")->emails[0];
+ } else {
+ $userEmail = Session::get("iam-user-profile")["email"];
+ }
if( in_array( "gateway-provider", $userRoles ) ) {
$gatewayOfUser = "";
@@ -330,33 +317,32 @@ class AccountController extends BaseController
public function confirmAccountCreation()
{
- $confirmation = Input::get("confirmation");
+ $code = Input::get("code");
$username = Input::get("username");
- if(empty($username) || empty($confirmation)){
+ if(empty($username) || empty($code)){
return View::make("home");
}else{
try{
-// if(Input::has("userAnswer")){
- $result = WSIS::confirmUserRegistration($username, $confirmation, Config::get('pga_config.wsis')['tenant-domain']);
- if($result->verified){
- $this->sendAccountCreationNotification2Admin($username);
- return Redirect::to("login");
-// }else if(!$result->verified && preg_match('/Error while validating captcha for user/',$result->error) ){
-// CommonUtilities::print_error_message("Captcha Verification failed!");
-// $capatcha = WSIS::getCapatcha()->return;
-// return View::make("account/verify-human", array("username"=>$username,"code"=>$confirmation,
-// "imagePath"=>$capatcha->imagePath, "secretKey"=>$capatcha->secretKey,
-// "imageUrl"=> Config::get("pga_config.wsis")["service-url"] . $capatcha->imagePath));
- }else{
- CommonUtilities::print_error_message("Account confirmation failed! Please contact the Gateway Admin");
- return View::make("home");
- }
-// }else{
-// $capatcha = WSIS::getCapatcha()->return;
-// return View::make("account/verify-human", array("username"=>$username,"code"=>$confirmation,
-// "imagePath"=>$capatcha->imagePath, "secretKey"=>$capatcha->secretKey,
-// "imageUrl"=> Config::get("pga_config.wsis")["service-url"] . $capatcha->imagePath));
-// }
+ $verified = EmailUtilities::verifyEmailVerification($username, $code);
+ if (!$verified){
+ $user_profile = Keycloak::getUserProfile($username);
+ EmailUtilities::sendVerifyEmailAccount($username,
+ $user_profile["firstname"], $user_profile["lastname"], $user_profile["email"]);
+ CommonUtilities::print_error_message("Account confirmation "
+ . "failed! We're sending another confirmation email. "
+ . "Please click the link in the confirmation email that "
+ . "you should be receiving soon.");
+ return View::make("home");
+ }
+ $admin_authz_token = Keycloak::getAdminAuthzToken();
+ $result = IamAdminServices::enableUser($admin_authz_token, $username);
+ if($result){
+ $this->sendAccountCreationNotification2Admin($username);
+ return Redirect::to("login")->with("account-created-success", "Your account has been successfully created. Please log in now.");
+ }else{
+ CommonUtilities::print_error_message("Account confirmation failed! Please contact the Gateway Admin");
+ return View::make("home");
+ }
}catch (Exception $e){
CommonUtilities::print_error_message("Account confirmation failed! Please contact the Gateway Admin");
return View::make("home");
@@ -395,12 +381,10 @@ class AccountController extends BaseController
$mail->Subject = "New User Account Was Created Successfully";
$userProfile = Keycloak::getUserProfile($username);
$wsisConfig = Config::get('pga_config.wsis');
- if( $wsisConfig['tenant-domain'] == "")
- $username = $username;
- else
- $username = $username . "@" . $wsisConfig['tenant-domain'];
+ $tenant = $wsisConfig['tenant-domain'];
$str = "Gateway Portal: " . $_SERVER['SERVER_NAME'] ."<br/>";
+ $str = $str . "Tenant: " . $tenant . "<br/>";
$str = $str . "Username: " . $username ."<br/>";
$str = $str . "Name: " . $userProfile["firstname"] . " " . $userProfile["lastname"] . "<br/>";
$str = $str . "Email: " . $userProfile["email"];
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a744a34/app/controllers/AdminController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php
index fcf56fc..d86f2b2 100644
--- a/app/controllers/AdminController.php
+++ b/app/controllers/AdminController.php
@@ -13,7 +13,11 @@ class AdminController extends BaseController {
$data = array();
$userRoles = Session::get("roles");
$username = Session::get("username");
- $userEmail = Session::get("user-profile")->emails[0];
+ if (Session::has("user-profile")) {
+ $userEmail = Session::get("user-profile")->emails[0];
+ } else {
+ $userEmail = Session::get("iam-user-profile")["email"];
+ }
Session::forget("new-gateway-provider");
//check for gateway provider users
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a744a34/app/libraries/EmailUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/EmailUtilities.php b/app/libraries/EmailUtilities.php
index 7f55afc..8e1099a 100644
--- a/app/libraries/EmailUtilities.php
+++ b/app/libraries/EmailUtilities.php
@@ -14,7 +14,7 @@ class EmailUtilities
$subject = $emailTemplates->account_verification->subject;
$body = trim(implode($emailTemplates->account_verification->body));
- $body = str_replace("\$url", URL::to('/') . '/confirmAccountCreation?username=' . $username . '&code=' . $code, $body);
+ $body = str_replace("\$url", URL::to('/') . '/confirm-user-registration?username=' . $username . '&code=' . $code, $body);
$body = str_replace("\$firstName", $firstName, $body);
$body = str_replace("\$lastName", $lastName, $body);
$body = str_replace("\$validTime", $validTime, $body);
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a744a34/app/libraries/UserProfileUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/UserProfileUtilities.php b/app/libraries/UserProfileUtilities.php
index 31a586c..b266211 100644
--- a/app/libraries/UserProfileUtilities.php
+++ b/app/libraries/UserProfileUtilities.php
@@ -11,13 +11,15 @@ class UserProfileUtilities
return UserProfileService::doesUserExist(Session::get('authz-token'), $userId, $gatewayId);
}
- public static function create_basic_user_profile($username, $userEmail) {
+ public static function create_basic_user_profile($username, $userEmail, $firstName, $lastName) {
$gatewayId = Session::get("gateway_id");
$userProfileData = array();
$userProfileData["airavataInternalUserId"] = $username . '@' . $gatewayId;
$userProfileData["userId"] = $username;
$userProfileData["gatewayId"] = $gatewayId;
$userProfileData["emails"] = array($userEmail);
+ $userProfileData["firstName"] = $firstName;
+ $userProfileData["lastName"] = $lastName;
Log::info("creating basic user profile for user", array($userProfileData));
return UserProfileUtilities::add_user_profile($userProfileData);
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/1a744a34/app/views/account/login.blade.php
----------------------------------------------------------------------
diff --git a/app/views/account/login.blade.php b/app/views/account/login.blade.php
index f9305aa..1372f3e 100755
--- a/app/views/account/login.blade.php
+++ b/app/views/account/login.blade.php
@@ -30,6 +30,11 @@
{{{ Session::get("password-reset-success") }}}
</div>
@endif
+ @if( Session::has("account-created-success") )
+ <div class="alert alert-success">
+ {{{ Session::get("account-created-success") }}}
+ </div>
+ @endif
<div class="form-group">
<label class="sr-only" for="username">Username</label>
[2/3] airavata-php-gateway git commit: AIRAVATA-2403 Adding
restrictions on username characters
Posted by ma...@apache.org.
AIRAVATA-2403 Adding restrictions on username characters
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/975bf9ff
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/975bf9ff
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/975bf9ff
Branch: refs/heads/develop
Commit: 975bf9ff8ec4a39e7cb5d4adeec2c8733ff2e2da
Parents: 1a744a3
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu Jun 22 15:57:58 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu Jun 22 15:57:58 2017 -0400
----------------------------------------------------------------------
app/controllers/AccountController.php | 3 ++-
app/views/account/create.blade.php | 9 ++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/975bf9ff/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 5a707db..867c4e3 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -18,13 +18,14 @@ class AccountController extends BaseController
public function createAccountSubmit()
{
$rules = array(
- "username" => "required|min:6",
+ "username" => "required|min:6|regex:/^[a-z0-9_-]+$/",
"password" => self::PASSWORD_VALIDATION,
"confirm_password" => "required|same:password",
"email" => "required|email",
);
$messages = array(
+ 'username.regex' => "Username can only contain lowercase letters, numbers, underscores and hyphens.",
'password.regex' => self::PASSWORD_VALIDATION_MESSAGE,
);
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/975bf9ff/app/views/account/create.blade.php
----------------------------------------------------------------------
diff --git a/app/views/account/create.blade.php b/app/views/account/create.blade.php
index d6d0748..d13d72b 100644
--- a/app/views/account/create.blade.php
+++ b/app/views/account/create.blade.php
@@ -33,7 +33,9 @@
<div class="form-group required"><label class="control-label">Username</label>
<div><input class="form-control" id="username" minlength="6" maxlength="30" name="username"
- placeholder="Username" required="required" type="text" value="{{Input::old('username') }}"/>
+ placeholder="Username" required="required" type="text" value="{{Input::old('username') }}"
+ onblur="this.value = this.value.toLowerCase()"
+ data-container="body" data-toggle="popover" data-placement="left" data-content="Username can only contain lowercase letters, numbers, underscores and hyphens."/>
</div>
</div>
<div class="form-group required"><label class="control-label">Password</label>
@@ -85,10 +87,7 @@
@section('scripts')
@parent
<script>
- $("#password").popover({
- 'trigger':'focus'
- });
- $("#email").popover({
+ $("[data-toggle=popover]").popover({
'trigger':'focus'
});
</script>
[3/3] airavata-php-gateway git commit: AIRAVATA-2403 Handle first
login from OAuth callback
Posted by ma...@apache.org.
AIRAVATA-2403 Handle first login from OAuth callback
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/ece3d216
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/ece3d216
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/ece3d216
Branch: refs/heads/develop
Commit: ece3d216ea175aa0012efd6f12f6408f72eb0cc4
Parents: 975bf9f
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu Jun 22 21:38:18 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu Jun 22 21:38:18 2017 -0400
----------------------------------------------------------------------
app/controllers/AccountController.php | 39 +++++++++++++++++++++---------
1 file changed, 27 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ece3d216/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 867c4e3..6742fb2 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -55,12 +55,7 @@ class AccountController extends BaseController
/*add user to the initial role */
// add user to initial role
- $initialRoleName = CommonUtilities::getInitialRoleName();
- IamAdminServices::addRoleToUser($admin_authz_token, $username, $initialRoleName);
- if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
- IamAdminServices::addRoleToUser($admin_authz_token, $username, "gateway-provider");
- }
-
+ $this->addUserToInitialRole($username);
// Send account confirmation email
EmailUtilities::sendVerifyEmailAccount($username, $first_name, $last_name, $email);
@@ -69,6 +64,16 @@ class AccountController extends BaseController
}
}
+ private function addUserToInitialRole($username) {
+
+ $admin_authz_token = Keycloak::getAdminAuthzToken();
+ $initialRoleName = CommonUtilities::getInitialRoleName();
+ IamAdminServices::addRoleToUser($admin_authz_token, $username, $initialRoleName);
+ if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
+ IamAdminServices::addRoleToUser($admin_authz_token, $username, "gateway-provider");
+ }
+ }
+
public function loginView()
{
if(Config::get('pga_config.wsis')['oauth-grant-type'] == "authorization_code"){
@@ -155,7 +160,6 @@ class AccountController extends BaseController
}
- // TODO: add new user from OAuth login to initial role
public function oauthCallback()
{
if (!isset($_GET["code"])) {
@@ -181,11 +185,14 @@ class AccountController extends BaseController
$firstName = $userProfile['firstname'];
$lastName = $userProfile['lastName'];
- //FIXME There is a bug in WSO2 IS which doest not return the admin role for the default admin user.
- //FIXME Hence as a workaround we manually add it here.
- if ($username == Config::get('pga_config.wsis')['admin-username']
- || $username == Config::get('pga_config.wsis')['admin-username'] . '@' . Config::get('pga_config.wsis')['tenant-domain']){
- $userRoles[] = Config::get('pga_config.wsis')['admin-role-name'];
+ # As a workaround to figuring out if the user is logging in for the first
+ # time, if the user has no roles, assume they are logging in for the first
+ # time and add them to the initial role
+ if (!$this->hasAnyRoles($userRoles)){
+ $this->addUserToInitialRole($username);
+ # Reload the roles
+ $userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken);
+ $userRoles = $userProfile['roles'];
}
$authzToken = new Airavata\Model\Security\AuthzToken();
@@ -214,6 +221,14 @@ class AccountController extends BaseController
return Redirect::to("home");
}
+ private function hasAnyRoles($roles) {
+ return in_array("gateway-provider", $roles)
+ or in_array("user-pending", $roles)
+ or in_array(Config::get('pga_config.wsis')['admin-role-name'], $roles)
+ or in_array(Config::get('pga_config.wsis')['read-only-admin-role-name'], $roles)
+ or in_array(Config::get('pga_config.wsis')['user-role-name'], $roles)
+ or in_array(Config::get('pga_config.wsis')['initial-role-name'], $roles);
+ }
private function initializeWithAiravata($username, $userEmail, $firstName, $lastName){
// Log the user out if Airavata is down. If a new user we want to make