From a1b66b277c3cee905234733836e8ce0529290715 Mon Sep 17 00:00:00 2001 From: Ivan Budayeu Date: Fri, 10 Jul 2020 15:03:08 +0300 Subject: [PATCH 1/8] Dependencies update --- .../UiAuthenticationSuccessEventHandler.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java index 2d2257b7..14f5a348 100644 --- a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java @@ -15,6 +15,7 @@ */ package com.epam.reportportal.auth.event; +import com.epam.reportportal.auth.integration.saml.ReportPortalSamlAuthentication; import com.epam.ta.reportportal.commons.ReportPortalUser; import com.epam.ta.reportportal.dao.UserRepository; import com.epam.ta.reportportal.entity.project.Project; @@ -25,6 +26,7 @@ import org.apache.commons.collections4.MapUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.event.EventListener; +import org.springframework.security.core.Authentication; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -55,11 +57,23 @@ public UiAuthenticationSuccessEventHandler(UserRepository userRepository, Person public void onApplicationEvent(UiUserSignedInEvent event) { String username = event.getAuthentication().getName(); userRepository.updateLastLoginDate(LocalDateTime.ofInstant(Instant.ofEpochMilli(event.getTimestamp()), ZoneOffset.UTC), username); - if (MapUtils.isEmpty(((ReportPortalUser) event.getAuthentication().getPrincipal()).getProjectDetails())) { + + Authentication authentication = event.getAuthentication(); + if (MapUtils.isEmpty(acquireUser(authentication).getProjectDetails())) { User user = userRepository.findByLogin(username) .orElseThrow(() -> new ReportPortalException(ErrorType.USER_NOT_FOUND, username)); Project project = personalProjectService.generatePersonalProject(user); user.getProjects().addAll(project.getUsers()); } } + + private ReportPortalUser acquireUser(Authentication authentication) { + if (authentication instanceof ReportPortalSamlAuthentication) { + ReportPortalSamlAuthentication rpAuthentication = (ReportPortalSamlAuthentication) authentication; + return userRepository.findUserDetails(rpAuthentication.getPrincipal()) + .orElseThrow(() -> new ReportPortalException(ErrorType.USER_NOT_FOUND, rpAuthentication.getPrincipal())); + } else { + return (ReportPortalUser) authentication.getPrincipal(); + } + } } \ No newline at end of file From d39b882cf5913cd38d2c2fc222734af5ba231f0a Mon Sep 17 00:00:00 2001 From: Ivan Budayeu Date: Fri, 10 Jul 2020 15:05:36 +0300 Subject: [PATCH 2/8] Code style fix --- .../auth/event/UiAuthenticationSuccessEventHandler.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java index 14f5a348..9c4922d3 100644 --- a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java @@ -58,8 +58,7 @@ public void onApplicationEvent(UiUserSignedInEvent event) { String username = event.getAuthentication().getName(); userRepository.updateLastLoginDate(LocalDateTime.ofInstant(Instant.ofEpochMilli(event.getTimestamp()), ZoneOffset.UTC), username); - Authentication authentication = event.getAuthentication(); - if (MapUtils.isEmpty(acquireUser(authentication).getProjectDetails())) { + if (MapUtils.isEmpty(acquireUser(event.getAuthentication()).getProjectDetails())) { User user = userRepository.findByLogin(username) .orElseThrow(() -> new ReportPortalException(ErrorType.USER_NOT_FOUND, username)); Project project = personalProjectService.generatePersonalProject(user); From 906d6985720d4c420140e5b2305d92f34f87a6a7 Mon Sep 17 00:00:00 2001 From: Yaroslav_Halchenko Date: Thu, 30 Jul 2020 13:51:57 +0200 Subject: [PATCH 3/8] EPMRPP-47267 Removed unused endpoints under /sso path --- .../auth/endpoint/SsoEndpoint.java | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/endpoint/SsoEndpoint.java b/src/main/java/com/epam/reportportal/auth/endpoint/SsoEndpoint.java index 425b0a19..8302ce45 100644 --- a/src/main/java/com/epam/reportportal/auth/endpoint/SsoEndpoint.java +++ b/src/main/java/com/epam/reportportal/auth/endpoint/SsoEndpoint.java @@ -29,7 +29,6 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import java.security.Principal; @@ -38,6 +37,9 @@ import java.util.Optional; import java.util.stream.Collectors; +import static org.springframework.web.bind.annotation.RequestMethod.GET; +import static org.springframework.web.bind.annotation.RequestMethod.POST; + /** * Base SSO controller * @@ -54,7 +56,7 @@ public SsoEndpoint(TokenServicesFacade tokenServicesFacade) { this.tokenServicesFacade = tokenServicesFacade; } - @RequestMapping({ "/sso/me", "/sso/user" }) + @RequestMapping(value = { "/sso/me", "/sso/user" }, method = { GET, POST }) public Map user(Authentication user) { ImmutableMap.Builder details = ImmutableMap.builder().put("user", user.getName()) @@ -67,7 +69,7 @@ public Map user(Authentication user) { return details.build(); } - @RequestMapping(value = { "/sso/me/apitoken" }, method = RequestMethod.GET) + @RequestMapping(value = { "/sso/me/apitoken" }, method = GET) @ApiOperation(value = "Get api token") public OAuth2AccessToken getApiToken(Principal user) { Optional tokens = tokenServicesFacade.getTokens(user.getName(), ReportPortalClient.api).findAny(); @@ -75,11 +77,15 @@ public OAuth2AccessToken getApiToken(Principal user) { return tokens.get(); } - @RequestMapping(value = { "/sso/me/apitoken" }, method = RequestMethod.POST) + @RequestMapping(value = { "/sso/me/apitoken" }, method = POST) @ApiOperation(value = "Create api token") public OAuth2AccessToken createApiToken(OAuth2Authentication user) { tokenServicesFacade.revokeUserTokens(user.getName(), ReportPortalClient.api); - return tokenServicesFacade.createToken(ReportPortalClient.api, user.getName(), user.getUserAuthentication(), Collections.emptyMap()); + return tokenServicesFacade.createToken(ReportPortalClient.api, + user.getName(), + user.getUserAuthentication(), + Collections.emptyMap() + ); } -} +} \ No newline at end of file From 477034b25ab3b652af40309758c60e0282127920 Mon Sep 17 00:00:00 2001 From: Yaroslav_Halchenko Date: Mon, 3 Aug 2020 11:08:30 +0200 Subject: [PATCH 4/8] EPMRPP-49373 Fixed incorrect exception message --- .../reportportal/auth/integration/ldap/LdapUserReplicator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java index ec464b5c..529c592f 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java @@ -102,7 +102,7 @@ public User replicateUser(String name, DirContextOperations ctx, Map Date: Wed, 2 Sep 2020 14:56:50 -0400 Subject: [PATCH 5/8] Allow secrets to be passed in via file Add shell line --- Dockerfile | 4 ++-- entrypoint.sh | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100755 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 40f4638e..9620737f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ FROM openjdk:11-jre-slim LABEL version=5.2.1 description="Unified Authorization Trap for all ReportPortal's Services" maintainer="Andrei Varabyeu " RUN apt-get update -qq && apt-get install -qq -y wget && \ - echo 'exec java ${JAVA_OPTS} -jar service-authorization-5.2.1-exec.jar' > /start.sh && chmod +x /start.sh && \ wget -q https://dl.bintray.com/epam/reportportal/com/epam/reportportal/service-authorization/5.2.1/service-authorization-5.2.1-exec.jar ENV JAVA_OPTS="-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom" VOLUME ["/tmp"] EXPOSE 8080 -ENTRYPOINT ./start.sh +COPY entrypoint.sh ./entrypoint.sh +ENTRYPOINT ./entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 00000000..273bf7d1 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +if [ ! -z $RP_DB_PASS_FILE ]; then + export RP_DB_PASS=$(cat $RP_DB_PASS_FILE) +fi + +if [ ! -z $RP_BINARYSTORE_MINIO_ACCESSKEY_FILE ]; then + export RP_BINARYSTORE_MINIO_ACCESSKEY=$(cat $RP_BINARYSTORE_MINIO_ACCESSKEY_FILE) +fi + +if [ ! -z $RP_BINARYSTORE_MINIO_SECRETKEY_FILE ]; then + export RP_BINARYSTORE_MINIO_SECRETKEY=$(cat $RP_BINARYSTORE_MINIO_SECRETKEY_FILE) +fi + +exec java ${JAVA_OPTS} -jar service-authorization-5.2.1-exec.jar \ No newline at end of file From cd05f77c7c56caef7815cdb01e68236d250961f4 Mon Sep 17 00:00:00 2001 From: Jeremy Lundy <16428663+jlundy2@users.noreply.github.com> Date: Wed, 2 Sep 2020 15:00:41 -0400 Subject: [PATCH 6/8] Create main.yml --- .github/workflows/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..340584a7 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,19 @@ +name: build-and-push + +on: + push: + branches: [ develop ] + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Build and push Docker images + uses: docker/build-push-action@v1.1.0 + with: + repository: jlundy2/reportportal-service-authorization + username: ${{ secrets.DOCKERHUB_USERNAME}} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + tag_with_ref: true From f08b24d5ca8fef30fefe503659a992c36da3088f Mon Sep 17 00:00:00 2001 From: Jeremy Lundy <16428663+jlundy2@users.noreply.github.com> Date: Wed, 2 Sep 2020 15:07:10 -0400 Subject: [PATCH 7/8] Update main.yml --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 340584a7..67260666 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,8 +1,7 @@ name: build-and-push on: - push: - branches: [ develop ] + release: workflow_dispatch: jobs: From 1562485a67ce85d2aa52279cdb2cfe113a200597 Mon Sep 17 00:00:00 2001 From: Jeremy Lundy <16428663+jlundy2@users.noreply.github.com> Date: Wed, 2 Sep 2020 15:10:27 -0400 Subject: [PATCH 8/8] Update main.yml --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 67260666..ca10a000 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,6 +2,7 @@ name: build-and-push on: release: + types: [created] workflow_dispatch: jobs: