airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [26/50] [abbrv] airavata git commit: AIRAVATA-2316 Adding authz checks to user profile modification methods
Date Tue, 07 Mar 2017 22:05:26 GMT
AIRAVATA-2316 Adding authz checks to user profile modification methods


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ee8d5eed
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ee8d5eed
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ee8d5eed

Branch: refs/heads/develop
Commit: ee8d5eede9fafd9353be8f36635449efa391800f
Parents: 08fd8c4
Author: Marcus Christie <machristie@apache.org>
Authored: Tue Feb 28 11:55:41 2017 -0500
Committer: Anuj Bhandar <bhandar.anuj@gmail.com>
Committed: Tue Feb 28 13:07:18 2017 -0500

----------------------------------------------------------------------
 .../server/handler/AiravataServerHandler.java   | 24 ++++++++++++++------
 .../server/UserProfileServiceHandler.java       |  1 +
 2 files changed, 18 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/ee8d5eed/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 8415c21..588a61a 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -4773,7 +4773,12 @@ public class AiravataServerHandler implements Airavata.Iface {
     public String addUserProfile(AuthzToken authzToken, UserProfile userProfile)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: check that username and gatewayId match authzToken
+        // check that username and gatewayId match authzToken
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+        String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+        if( !userProfile.getUserId().equals(userId) || !userProfile.getGatewayId().equals(gatewayId)
){
+            throw new AuthorizationException("User isn't authorized to add user profile for
this user and/or gateway");
+        }
         try {
             return getUserProfileServiceClient().addUserProfile(userProfile);
         } catch (Exception e) {
@@ -4790,7 +4795,12 @@ public class AiravataServerHandler implements Airavata.Iface {
     public boolean updateUserProfile(AuthzToken authzToken, UserProfile userProfile)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: check that username and gatewayId match authzToken
+        // check that username and gatewayId match authzToken
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
+        String userId = authzToken.getClaimsMap().get(Constants.USER_NAME);
+        if( !userProfile.getUserId().equals(userId) || !userProfile.getGatewayId().equals(gatewayId)
){
+            throw new AuthorizationException("User isn't authorized to update user profile
for this user and/or gateway");
+        }
         try {
             return getUserProfileServiceClient().updateUserProfile(userProfile);
         } catch (Exception e) {
@@ -4807,7 +4817,6 @@ public class AiravataServerHandler implements Airavata.Iface {
     public UserProfile getUserProfileById(AuthzToken authzToken, String userId, String gatewayId)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: check that username and gatewayId match authzToken
         try {
             return getUserProfileServiceClient().getUserProfileById(userId, gatewayId);
         } catch (Exception e) {
@@ -4821,10 +4830,14 @@ public class AiravataServerHandler implements Airavata.Iface {
 
     @Override
     @SecurityCheck
+    // FIXME: deleting user profile should require the gatewayId as well!
     public boolean deleteUserProfile(AuthzToken authzToken, String userId)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: check that username match authzToken
+        // check that userId match authzToken
+        if( !authzToken.getClaimsMap().get(Constants.USER_NAME).equals(userId) ){
+            throw new AuthorizationException("User isn't authorized to delete user profile
for this user");
+        }
         try {
             return getUserProfileServiceClient().deleteUserProfile(userId);
         } catch (Exception e) {
@@ -4841,7 +4854,6 @@ public class AiravataServerHandler implements Airavata.Iface {
     public List<UserProfile> getAllUserProfilesInGateway(AuthzToken authzToken, String
gatewayId, int offset, int limit)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: check that gatewayId match authzToken
         try {
             return getUserProfileServiceClient().getAllUserProfilesInGateway(gatewayId, offset,
limit);
         } catch (Exception e) {
@@ -4858,7 +4870,6 @@ public class AiravataServerHandler implements Airavata.Iface {
     public UserProfile getUserProfileByName(AuthzToken authzToken, String userName, String
gatewayId)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: check that username and gatewayId match authzToken
         try {
             return getUserProfileServiceClient().getUserProfileByName(userName, gatewayId);
         } catch (Exception e) {
@@ -4875,7 +4886,6 @@ public class AiravataServerHandler implements Airavata.Iface {
     public boolean doesUserProfileExist(AuthzToken authzToken, String userName, String gatewayId)
             throws InvalidRequestException, AiravataClientException, AiravataSystemException,
AuthorizationException, TException {
 
-        // TODO: verify that authzToken gatewayId matches
         try {
             return getUserProfileServiceClient().doesUserExist(userName, gatewayId);
         } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/airavata/blob/ee8d5eed/modules/user-profile/user-profile-service/src/main/java/org/apache/airavata/user/profile/server/UserProfileServiceHandler.java
----------------------------------------------------------------------
diff --git a/modules/user-profile/user-profile-service/src/main/java/org/apache/airavata/user/profile/server/UserProfileServiceHandler.java
b/modules/user-profile/user-profile-service/src/main/java/org/apache/airavata/user/profile/server/UserProfileServiceHandler.java
index ddefbc7..598adc0 100644
--- a/modules/user-profile/user-profile-service/src/main/java/org/apache/airavata/user/profile/server/UserProfileServiceHandler.java
+++ b/modules/user-profile/user-profile-service/src/main/java/org/apache/airavata/user/profile/server/UserProfileServiceHandler.java
@@ -82,6 +82,7 @@ public class UserProfileServiceHandler implements UserProfileService.Iface
{
         }
     }
 
+    // FIXME: shouldn't deleteUserProfile require the gatewayId as well?
     public boolean deleteUserProfile(String userId) throws UserProfileServiceException {
         try{
             boolean deleteResult = userProfileRepository.delete(userId);


Mime
View raw message