DM-13112 merge pr #15 from lsst/dm-13112_lsstworkspace

DM-13112 LSST workspace (to use with firefly rc-2019.2)

Author: tgoldina

config/app.config

@@ -32,7 +32,6 @@ sso.logout.url = "/oauth2/sign_in"
 sso.user.profile.url =
 __$help.base.url = "onlinehelp/"
 
-
 sso.framework.adapter = "edu.caltech.ipac.lsst.security.LsstSsoAdapter"
 sso.auth.required = "false"
 oidc_client_id = ""
@@ -58,6 +57,12 @@ lsst.dax.metaservURL = "/api/meta/v1/db/"
 lsst.dax.imgservURL = "/api/image/v1/"
 lsst.dax.imgserv.repository = "DC_W13_Stripe82"
 
+// if workspace host url is empty, the url will be derived from request's host and protocol
+workspace.host.url = ""
+workspace.root.path = "/api/dav/scratch/dav"
+workspace.protocol.webdav = "edu.caltech.ipac.lsst.LsstWebDAVWorkspaceManager"
+__$workspace.propfind.infinity = false
+
 // ehcache.xml env sensitive properties
 // ehcahe replication port; suggest 4077-developer, 5077-dev, 6077-I&T, 7077-Prod, 8077-Public
 ehcache.multicast.port = "7077"
@@ -78,6 +83,7 @@ environments{
         ehcache.multicast.address="239.255.0.1"
         ehcache.multicast.ttl = 0
         redis.host = "127.0.0.1"
+        workspace.host.url = "https://lsst-lsp-int.ncsa.illinois.edu"
     }
     dev {
         BuildType = "Development"

config/suit.prop

@@ -32,5 +32,9 @@ oidc_client_id = @oidc_client_id@
 oidc_client_secret = @oidc_client_secret@
 oidc_redirect_uri = @sso_redirect_uri@
 __$sso_redirect_uri = @sso_redirect_uri@
+workspace.host.url = @workspace.host.url@
+workspace.protocol.webdav = @workspace.protocol.webdav@
+workspace.root.path = @workspace.root.path@
+workspace.propfind.infinity = @__$workspace.propfind.infinity@
 
 redis.host = @redis.host@

src/suit/java/edu/caltech/ipac/lsst/LsstWebDAVWorkspaceManager.java

@@ -0,0 +1,58 @@
+package edu.caltech.ipac.lsst;
+
+import edu.caltech.ipac.firefly.data.WspaceMeta;
+import edu.caltech.ipac.firefly.server.WebDAVWorkspaceManagerBase;
+import edu.caltech.ipac.firefly.server.network.HttpServiceInput;
+import edu.caltech.ipac.firefly.server.ws.WsCredentials;
+import edu.caltech.ipac.util.AppProperties;
+
+import java.util.Map;
+
+/**
+ * License information at https://github.com/Caltech-IPAC/firefly/blob/master/License.txt
+ *
+ * @author tatianag
+ */
+public class LsstWebDAVWorkspaceManager extends WebDAVWorkspaceManagerBase {
+
+    private static String WS_ROOT_PATH = AppProperties.getProperty("workspace.root.path", "/dav");
+
+    private WsCredentials creds;
+    private String userHome;
+
+    public LsstWebDAVWorkspaceManager(String wsId) {
+
+        Map<String, String> cookies = HttpServiceInput.createWithCredential(getWsHostUrl()).getCookies();          // should look at this again.
+        // for development from a local machine, set wsId to your user name
+        // if (wsId == null || wsId.equals("Guest")) wsId = "tatianag";
+        this.creds = new WsCredentials(wsId, cookies);
+        this.userHome = WspaceMeta.ensureWsHomePath(wsId);
+    }
+
+    public LsstWebDAVWorkspaceManager(WsCredentials cred) {
+        this(cred.getWsId());
+    }
+
+    @Override
+    public WsCredentials getCredentials() {
+        return this.creds;
+    }
+
+    @Override
+    public String getWsHome() {
+        return WS_ROOT_PATH + this.userHome;
+    }
+
+    // namespace is only used to set and save properties,
+    // this feature is not used in the current implementation
+
+    @Override
+    protected String getNamespacePrefix() {
+        return "lsst";
+    }
+
+    @Override
+    protected String getNamespaceUri() {
+        return getWsHostUrl()+"/namespace/";
+    }
+}

src/suit/java/edu/caltech/ipac/lsst/security/LsstSsoAdapter.java

@@ -13,7 +13,6 @@
 import edu.caltech.ipac.util.StringUtils;
 import org.json.simple.parser.JSONParser;
 
-import java.util.Arrays;
 import java.util.Base64;
 import java.util.List;
 import java.util.Map;
@@ -32,8 +31,10 @@ public class LsstSsoAdapter implements SsoAdapter {
 
     private static final String ID_TOKEN = "X-Auth-Request-Token";
 
-    private static final String USER_NAME = "sub";
-    private static final String UID = "uidNumber";
+    // the keywords are listed in https://confluence.lsstcorp.org/display/LAAIM/Web+SSO
+    private static final String USER_NAME = "sub"; // ex.value "http://cilogon.org/serverT/users/123456'
+    private static final String UID_NUMBER = "uidNumber"; // ex.value "01234"
+    private static final String UID = "uid"; // ex.value "username"
     private static final String MEMBER_OF = "isMemberOf";
     private static final String NAME = "name";
     private static final String EMAIL = "email";
@@ -49,11 +50,14 @@ public Token getAuthToken() {
                 String id_token = getString(ra, ID_TOKEN, "");      // this is a 3-parts base64 encoded JWT token
                 String[] parts = id_token.split("\\.");
                 if (parts.length == 3) {
-                    Map claims = (Map) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1])));
+                    String jsonContent = new String(Base64.getDecoder().decode(parts[1]));
+                    //LOGGER.debug("CILogon User Info: " + jsonContent);
+                    Map claims = (Map) new JSONParser().parse(jsonContent);
                     token = new Token(String.valueOf(claims.get(USER_NAME)));
                     token.setExpiresOn(StringUtils.getInt(claims.get(EXPIRES), 0));
                     token.set(EMAIL, String.valueOf(claims.get(EMAIL)));
                     token.set(NAME, String.valueOf(claims.get(NAME)));
+                    token.set(UID_NUMBER, String.valueOf(claims.get(UID_NUMBER)));
                     token.set(UID, String.valueOf(claims.get(UID)));
                     token.set(ID_TOKEN, id_token);
 
@@ -80,7 +84,8 @@ public UserInfo getUserInfo() {
         Token token = getAuthToken();
         if (token != null) {
             UserInfo user = new UserInfo();
-            user.setLoginName(token.getId());
+            //user.setLoginName(token.getId());
+            user.setLoginName(token.get(UID));
             user.setEmail(token.get(EMAIL));
             String name = token.get(NAME) == null ? "" : token.get(NAME);
             String[] parts = name.split(" ");
@@ -94,11 +99,14 @@ public UserInfo getUserInfo() {
     }
 
     public void setAuthCredential(HttpServiceInput inputs) {
+//        // to test from a local machine, obtain temptoken and set it directly,
+//        // you also need to set
+//        String tempToken = "short token here";
+//        inputs.setHeader("Authorization", "Bearer " + tempToken);
         Token token = getAuthToken();
         if (token != null && token.get(ID_TOKEN) != null) {
             if (SsoAdapter.requireAuthCredential(inputs.getRequestUrl(), reqAuthHosts)) {
                 inputs.setHeader("Authorization", "Bearer " + token.get(ID_TOKEN));
-
             }
         }
     }

src/suit/js/SUIT.js

@@ -59,7 +59,8 @@ var options = {
                 value: 'https://ned.ipac.caltech.edu/tap/' },
         ],
         defaultMaxrec: 50000
-    }
+    },
+    workspace: {showOptions: true}
 };