yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-11-04 04:39:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(frontend): refactoring AuthServiceClient (#6029)

Browse Source
This commit is contained in:
Aditya Radhakrishnan 2022-09-22 18:26:42 -07:00 committed by GitHub
parent 3a6d1d2bf1
commit d13145e32d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 80 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
datahub-frontend/app/client/AuthServiceClient.java
View File

@ -1,6 +1,8 @@
package client; package client;
import com.datahub.authentication.Authentication;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.Objects; import java.util.Objects;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -13,7 +15,6 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
import play.mvc.Http; import play.mvc.Http;
import com.datahub.authentication.Authentication;
/** /**
@ -66,11 +67,15 @@ public class AuthServiceClient {
try { try {
final String protocol = this.metadataServiceUseSsl ? "https" : "http"; final String protocol = this.metadataServiceUseSsl ? "https" : "http";
final HttpPost request = new HttpPost(String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, final HttpPost request = new HttpPost(
this.metadataServicePort, GENERATE_SESSION_TOKEN_ENDPOINT)); String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, this.metadataServicePort,
GENERATE_SESSION_TOKEN_ENDPOINT));
// Build JSON request to generate a token on behalf of a user. // Build JSON request to generate a token on behalf of a user.
String json = String.format("{ \"%s\":\"%s\" }", USER_ID_FIELD, userId); final ObjectMapper objectMapper = new ObjectMapper();
final ObjectNode objectNode = objectMapper.createObjectNode();
objectNode.put(USER_ID_FIELD, userId);
final String json = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(objectNode);
request.setEntity(new StringEntity(json)); request.setEntity(new StringEntity(json));
// Add authorization header with DataHub frontend system id and secret. // Add authorization header with DataHub frontend system id and secret.
@ -101,7 +106,6 @@ public class AuthServiceClient {
/** /**
* Call the Auth Service to create a native Datahub user. * Call the Auth Service to create a native Datahub user.
*/ */
@Nonnull
public boolean signUp(@Nonnull final String userUrn, @Nonnull final String fullName, @Nonnull final String email, public boolean signUp(@Nonnull final String userUrn, @Nonnull final String fullName, @Nonnull final String email,
@Nonnull final String title, @Nonnull final String password, @Nonnull final String inviteToken) { @Nonnull final String title, @Nonnull final String password, @Nonnull final String inviteToken) {
Objects.requireNonNull(userUrn, "userUrn must not be null"); Objects.requireNonNull(userUrn, "userUrn must not be null");
@ -115,15 +119,20 @@ public class AuthServiceClient {
try { try {
final String protocol = this.metadataServiceUseSsl ? "https" : "http"; final String protocol = this.metadataServiceUseSsl ? "https" : "http";
final HttpPost request = final HttpPost request = new HttpPost(
new HttpPost(String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, this.metadataServicePort, String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, this.metadataServicePort,
SIGN_UP_ENDPOINT)); SIGN_UP_ENDPOINT));
// Build JSON request to verify credentials for a native user. // Build JSON request to verify credentials for a native user.
String json = final ObjectMapper objectMapper = new ObjectMapper();
String.format("{ \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\" }", final ObjectNode objectNode = objectMapper.createObjectNode();
USER_URN_FIELD, userUrn, FULL_NAME_FIELD, fullName, EMAIL_FIELD, email, TITLE_FIELD, title, objectNode.put(USER_URN_FIELD, userUrn);
PASSWORD_FIELD, password, INVITE_TOKEN_FIELD, inviteToken); objectNode.put(FULL_NAME_FIELD, fullName);
objectNode.put(EMAIL_FIELD, email);
objectNode.put(TITLE_FIELD, title);
objectNode.put(PASSWORD_FIELD, password);
objectNode.put(INVITE_TOKEN_FIELD, inviteToken);
final String json = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(objectNode);
request.setEntity(new StringEntity(json)); request.setEntity(new StringEntity(json));
// Add authorization header with DataHub frontend system id and secret. // Add authorization header with DataHub frontend system id and secret.
@ -154,7 +163,6 @@ public class AuthServiceClient {
/** /**
* Call the Auth Service to reset credentials for a native DataHub user. * Call the Auth Service to reset credentials for a native DataHub user.
*/ */
@Nonnull
public boolean resetNativeUserCredentials(@Nonnull final String userUrn, @Nonnull final String password, public boolean resetNativeUserCredentials(@Nonnull final String userUrn, @Nonnull final String password,
@Nonnull final String resetToken) { @Nonnull final String resetToken) {
Objects.requireNonNull(userUrn, "userUrn must not be null"); Objects.requireNonNull(userUrn, "userUrn must not be null");
@ -170,9 +178,12 @@ public class AuthServiceClient {
RESET_NATIVE_USER_CREDENTIALS_ENDPOINT)); RESET_NATIVE_USER_CREDENTIALS_ENDPOINT));
// Build JSON request to verify credentials for a native user. // Build JSON request to verify credentials for a native user.
String json = final ObjectMapper objectMapper = new ObjectMapper();
String.format("{ \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\" }", USER_URN_FIELD, userUrn, final ObjectNode objectNode = objectMapper.createObjectNode();
PASSWORD_FIELD, password, RESET_TOKEN_FIELD, resetToken); objectNode.put(USER_URN_FIELD, userUrn);
objectNode.put(PASSWORD_FIELD, password);
objectNode.put(RESET_TOKEN_FIELD, resetToken);
final String json = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(objectNode);
request.setEntity(new StringEntity(json)); request.setEntity(new StringEntity(json));
// Add authorization header with DataHub frontend system id and secret. // Add authorization header with DataHub frontend system id and secret.
@ -203,7 +214,6 @@ public class AuthServiceClient {
/** /**
* Call the Auth Service to verify the credentials for a native Datahub user. * Call the Auth Service to verify the credentials for a native Datahub user.
*/ */
@Nonnull
public boolean verifyNativeUserCredentials(@Nonnull final String userUrn, @Nonnull final String password) { public boolean verifyNativeUserCredentials(@Nonnull final String userUrn, @Nonnull final String password) {
Objects.requireNonNull(userUrn, "userUrn must not be null"); Objects.requireNonNull(userUrn, "userUrn must not be null");
Objects.requireNonNull(password, "password must not be null"); Objects.requireNonNull(password, "password must not be null");
@ -217,8 +227,11 @@ public class AuthServiceClient {
VERIFY_NATIVE_USER_CREDENTIALS_ENDPOINT)); VERIFY_NATIVE_USER_CREDENTIALS_ENDPOINT));
// Build JSON request to verify credentials for a native user. // Build JSON request to verify credentials for a native user.
String json = final ObjectMapper objectMapper = new ObjectMapper();
String.format("{ \"%s\":\"%s\", \"%s\":\"%s\" }", USER_URN_FIELD, userUrn, PASSWORD_FIELD, password); final ObjectNode objectNode = objectMapper.createObjectNode();
objectNode.put(USER_URN_FIELD, userUrn);
objectNode.put(PASSWORD_FIELD, password);
final String json = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(objectNode);
request.setEntity(new StringEntity(json)); request.setEntity(new StringEntity(json));
// Add authorization header with DataHub frontend system id and secret. // Add authorization header with DataHub frontend system id and secret.

92
datahub-frontend/app/controllers/AuthenticationController.java
View File

@ -1,5 +1,9 @@
package controllers; package controllers;
import auth.AuthUtils;
import auth.JAASConfigs;
import auth.NativeAuthenticationConfigs;
import auth.sso.SsoManager;
import client.AuthServiceClient; import client.AuthServiceClient;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode; import com.fasterxml.jackson.databind.node.ObjectNode;
@ -8,7 +12,13 @@ import com.linkedin.common.urn.Urn;
import com.typesafe.config.Config; import com.typesafe.config.Config;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional; import java.util.Optional;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.pac4j.core.client.Client; import org.pac4j.core.client.Client;
import org.pac4j.core.context.session.SessionStore; import org.pac4j.core.context.session.SessionStore;
@ -21,18 +31,8 @@ import play.libs.Json;
import play.mvc.Controller; import play.mvc.Controller;
import play.mvc.Http; import play.mvc.Http;
import play.mvc.Result; import play.mvc.Result;
import auth.AuthUtils;
import auth.JAASConfigs;
import auth.NativeAuthenticationConfigs;
import auth.sso.SsoManager;
import security.AuthenticationManager; import security.AuthenticationManager;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import static auth.AuthUtils.*; import static auth.AuthUtils.*;
import static org.pac4j.core.client.IndirectClient.*; import static org.pac4j.core.client.IndirectClient.*;
@ -70,14 +70,14 @@ public class AuthenticationController extends Controller {
* Route used to perform authentication, or redirect to log in if authentication fails. * Route used to perform authentication, or redirect to log in if authentication fails.
* *
* If indirect SSO (eg. oidc) is configured, this route will redirect to the identity provider (Indirect auth). * If indirect SSO (eg. oidc) is configured, this route will redirect to the identity provider (Indirect auth).
* If not, we will fallback to the default username / password login experience (Direct auth). * If not, we will fall back to the default username / password login experience (Direct auth).
*/ */
@Nonnull @Nonnull
public Result authenticate() { public Result authenticate(Http.Request request) {
// TODO: Call getAuthenticatedUser and then generate a session cookie for the UI if the user is authenticated. // TODO: Call getAuthenticatedUser and then generate a session cookie for the UI if the user is authenticated.
final Optional<String> maybeRedirectPath = Optional.ofNullable(ctx().request().getQueryString(AUTH_REDIRECT_URI_PARAM)); final Optional<String> maybeRedirectPath = Optional.ofNullable(request.getQueryString(AUTH_REDIRECT_URI_PARAM));
final String redirectPath = maybeRedirectPath.orElse("/"); final String redirectPath = maybeRedirectPath.orElse("/");
if (AuthUtils.hasValidSessionCookie(ctx())) { if (AuthUtils.hasValidSessionCookie(ctx())) {
@ -98,10 +98,9 @@ public class AuthenticationController extends Controller {
// 3. If no auth enabled, fallback to using default user account & redirect. // 3. If no auth enabled, fallback to using default user account & redirect.
// Generate GMS session token, TODO: // Generate GMS session token, TODO:
final String accessToken = _authClient.generateSessionTokenForUser(DEFAULT_ACTOR_URN.getId()); final String accessToken = _authClient.generateSessionTokenForUser(DEFAULT_ACTOR_URN.getId());
session().put(ACCESS_TOKEN, accessToken); request.session().adding(createSessionMap(DEFAULT_ACTOR_URN.toString(), accessToken));
session().put(ACTOR, DEFAULT_ACTOR_URN.toString()); return redirect(redirectPath).withCookies(createActorCookie(DEFAULT_ACTOR_URN.toString(),
return redirect(redirectPath).withCookies(createActorCookie(DEFAULT_ACTOR_URN.toString(), _configs.hasPath(SESSION_TTL_CONFIG_PATH) _configs.hasPath(SESSION_TTL_CONFIG_PATH) ? _configs.getInt(SESSION_TTL_CONFIG_PATH)
? _configs.getInt(SESSION_TTL_CONFIG_PATH)
: DEFAULT_SESSION_TTL_HOURS)); : DEFAULT_SESSION_TTL_HOURS));
} }
@ -111,7 +110,7 @@ public class AuthenticationController extends Controller {
* TODO: Implement built-in support for LDAP auth. Currently dummy jaas authentication is the default. * TODO: Implement built-in support for LDAP auth. Currently dummy jaas authentication is the default.
*/ */
@Nonnull @Nonnull
public Result logIn() { public Result logIn(Http.Request request) {
boolean jaasEnabled = _jaasConfigs.isJAASEnabled(); boolean jaasEnabled = _jaasConfigs.isJAASEnabled();
_logger.debug(String.format("Jaas authentication enabled: %b", jaasEnabled)); _logger.debug(String.format("Jaas authentication enabled: %b", jaasEnabled));
boolean nativeAuthenticationEnabled = _nativeAuthenticationConfigs.isNativeAuthenticationEnabled(); boolean nativeAuthenticationEnabled = _nativeAuthenticationConfigs.isNativeAuthenticationEnabled();
@ -124,7 +123,7 @@ public class AuthenticationController extends Controller {
return badRequest(error); return badRequest(error);
} }
final JsonNode json = request().body().asJson(); final JsonNode json = request.body().asJson();
final String username = json.findPath(USER_NAME).textValue(); final String username = json.findPath(USER_NAME).textValue();
final String password = json.findPath(PASSWORD).textValue(); final String password = json.findPath(PASSWORD).textValue();
@ -133,8 +132,6 @@ public class AuthenticationController extends Controller {
return badRequest(invalidCredsJson); return badRequest(invalidCredsJson);
} }
ctx().session().clear();
JsonNode invalidCredsJson = Json.newObject().put("message", "Invalid Credentials"); JsonNode invalidCredsJson = Json.newObject().put("message", "Invalid Credentials");
boolean loginSucceeded = tryLogin(username, password); boolean loginSucceeded = tryLogin(username, password);
@ -144,12 +141,12 @@ public class AuthenticationController extends Controller {
final Urn actorUrn = new CorpuserUrn(username); final Urn actorUrn = new CorpuserUrn(username);
final String accessToken = _authClient.generateSessionTokenForUser(actorUrn.getId()); final String accessToken = _authClient.generateSessionTokenForUser(actorUrn.getId());
ctx().session().put(ACTOR, actorUrn.toString()); Result result = ok().withSession(createSessionMap(actorUrn.toString(), accessToken))
ctx().session().put(ACCESS_TOKEN, accessToken); .withCookies(Http.Cookie.builder(ACTOR, actorUrn.toString())
return ok().withCookies(Http.Cookie.builder(ACTOR, actorUrn.toString()) .withHttpOnly(false)
.withHttpOnly(false) .withMaxAge(Duration.of(30, ChronoUnit.DAYS))
.withMaxAge(Duration.of(30, ChronoUnit.DAYS)) .build());
.build()); return result;
} }
/** /**
@ -158,7 +155,7 @@ public class AuthenticationController extends Controller {
* *
*/ */
@Nonnull @Nonnull
public Result signUp() { public Result signUp(Http.Request request) {
boolean nativeAuthenticationEnabled = _nativeAuthenticationConfigs.isNativeAuthenticationEnabled(); boolean nativeAuthenticationEnabled = _nativeAuthenticationConfigs.isNativeAuthenticationEnabled();
_logger.debug(String.format("Native authentication enabled: %b", nativeAuthenticationEnabled)); _logger.debug(String.format("Native authentication enabled: %b", nativeAuthenticationEnabled));
if (!nativeAuthenticationEnabled) { if (!nativeAuthenticationEnabled) {
@ -168,7 +165,7 @@ public class AuthenticationController extends Controller {
return badRequest(error); return badRequest(error);
} }
final JsonNode json = request().body().asJson(); final JsonNode json = request.body().asJson();
final String fullName = json.findPath(FULL_NAME).textValue(); final String fullName = json.findPath(FULL_NAME).textValue();
final String email = json.findPath(EMAIL).textValue(); final String email = json.findPath(EMAIL).textValue();
final String title = json.findPath(TITLE).textValue(); final String title = json.findPath(TITLE).textValue();
@ -200,18 +197,15 @@ public class AuthenticationController extends Controller {
return badRequest(invalidCredsJson); return badRequest(invalidCredsJson);
} }
ctx().session().clear();
final Urn userUrn = new CorpuserUrn(email); final Urn userUrn = new CorpuserUrn(email);
final String userUrnString = userUrn.toString(); final String userUrnString = userUrn.toString();
boolean isNativeUserCreated = _authClient.signUp(userUrnString, fullName, email, title, password, inviteToken); boolean isNativeUserCreated = _authClient.signUp(userUrnString, fullName, email, title, password, inviteToken);
final String accessToken = _authClient.generateSessionTokenForUser(userUrn.getId()); final String accessToken = _authClient.generateSessionTokenForUser(userUrn.getId());
ctx().session().put(ACTOR, userUrnString); return ok().withSession(createSessionMap(userUrnString, accessToken))
ctx().session().put(ACCESS_TOKEN, accessToken); .withCookies(Http.Cookie.builder(ACTOR, userUrnString)
return ok().withCookies(Http.Cookie.builder(ACTOR, userUrnString) .withHttpOnly(false)
.withHttpOnly(false) .withMaxAge(Duration.of(30, ChronoUnit.DAYS))
.withMaxAge(Duration.of(30, ChronoUnit.DAYS)) .build());
.build());
} }
/** /**
@ -219,7 +213,7 @@ public class AuthenticationController extends Controller {
* *
*/ */
@Nonnull @Nonnull
public Result resetNativeUserCredentials() { public Result resetNativeUserCredentials(Http.Request request) {
boolean nativeAuthenticationEnabled = _nativeAuthenticationConfigs.isNativeAuthenticationEnabled(); boolean nativeAuthenticationEnabled = _nativeAuthenticationConfigs.isNativeAuthenticationEnabled();
_logger.debug(String.format("Native authentication enabled: %b", nativeAuthenticationEnabled)); _logger.debug(String.format("Native authentication enabled: %b", nativeAuthenticationEnabled));
if (!nativeAuthenticationEnabled) { if (!nativeAuthenticationEnabled) {
@ -229,7 +223,7 @@ public class AuthenticationController extends Controller {
return badRequest(error); return badRequest(error);
} }
final JsonNode json = request().body().asJson(); final JsonNode json = request.body().asJson();
final String email = json.findPath(EMAIL).textValue(); final String email = json.findPath(EMAIL).textValue();
final String password = json.findPath(PASSWORD).textValue(); final String password = json.findPath(PASSWORD).textValue();
final String resetToken = json.findPath(RESET_TOKEN).textValue(); final String resetToken = json.findPath(RESET_TOKEN).textValue();
@ -249,20 +243,17 @@ public class AuthenticationController extends Controller {
return badRequest(invalidCredsJson); return badRequest(invalidCredsJson);
} }
ctx().session().clear();
final Urn userUrn = new CorpuserUrn(email); final Urn userUrn = new CorpuserUrn(email);
final String userUrnString = userUrn.toString(); final String userUrnString = userUrn.toString();
boolean areNativeUserCredentialsReset = boolean areNativeUserCredentialsReset =
_authClient.resetNativeUserCredentials(userUrnString, password, resetToken); _authClient.resetNativeUserCredentials(userUrnString, password, resetToken);
_logger.debug(String.format("Are native user credentials reset: %b", areNativeUserCredentialsReset)); _logger.debug(String.format("Are native user credentials reset: %b", areNativeUserCredentialsReset));
final String accessToken = _authClient.generateSessionTokenForUser(userUrn.getId()); final String accessToken = _authClient.generateSessionTokenForUser(userUrn.getId());
ctx().session().put(ACTOR, userUrnString); return ok().withSession(createSessionMap(userUrnString, accessToken))
ctx().session().put(ACCESS_TOKEN, accessToken); .withCookies(Http.Cookie.builder(ACTOR, userUrnString)
return ok().withCookies(Http.Cookie.builder(ACTOR, userUrnString) .withHttpOnly(false)
.withHttpOnly(false) .withMaxAge(Duration.of(30, ChronoUnit.DAYS))
.withMaxAge(Duration.of(30, ChronoUnit.DAYS)) .build());
.build());
} }
private Result redirectToIdentityProvider() { private Result redirectToIdentityProvider() {
@ -321,4 +312,11 @@ public class AuthenticationController extends Controller {
return loginSucceeded; return loginSucceeded;
} }
private Map<String, String> createSessionMap(final String userUrnStr, final String accessToken) {
final Map<String, String> sessionAttributes = new HashMap<>();
sessionAttributes.put(ACTOR, userUrnStr);
sessionAttributes.put(ACCESS_TOKEN, accessToken);
return sessionAttributes;
}
} }

8
datahub-frontend/conf/routes
View File

@ -12,10 +12,10 @@ GET /config co
# Routes used exclusively by the React application. # Routes used exclusively by the React application.
# Authentication in React # Authentication in React
GET /authenticate controllers.AuthenticationController.authenticate() GET /authenticate controllers.AuthenticationController.authenticate(request: Request)
POST /logIn controllers.AuthenticationController.logIn() POST /logIn controllers.AuthenticationController.logIn(request: Request)
POST /signUp controllers.AuthenticationController.signUp() POST /signUp controllers.AuthenticationController.signUp(request: Request)
POST /resetNativeUserCredentials controllers.AuthenticationController.resetNativeUserCredentials() POST /resetNativeUserCredentials controllers.AuthenticationController.resetNativeUserCredentials(request: Request)
GET /callback/:protocol controllers.SsoCallbackController.handleCallback(protocol: String) GET /callback/:protocol controllers.SsoCallbackController.handleCallback(protocol: String)
POST /callback/:protocol controllers.SsoCallbackController.handleCallback(protocol: String) POST /callback/:protocol controllers.SsoCallbackController.handleCallback(protocol: String)
GET /logOut controllers.CentralLogoutController.executeLogout() GET /logOut controllers.CentralLogoutController.executeLogout()