/ - Diff - D-Net - D-Net project tracking tool

     <!DOCTYPE HTML>
     <html xmlns:th="http://www.thymeleaf.org">
     <head>
     	<meta charset="utf-8">
     	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     	<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
     	<meta http-equiv="Pragma" content="no-cache">
     	<meta http-equiv="Expires" content="0">
     	<!-- Bootstrap CSS -->
     	<link rel="stylesheet" href="resources/css/bootstrap.min.css" />
     	<title>Organizations Database: not authorized</title>
     </head>
     <body>
     	<div class="container">
     		<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
     			<a class="navbar-brand" href="#">
     				<img src="resources/images/openaire_logo_small.png" width="30" height="30" alt="OpenOrgs Database"> OpenOrgs Database
     			</a>
     		</nav>
     	    <div class="card text-center" style="margin-top: 25px">
     			<div class="card-body">
     				<h5 class="card-title">403 - Access is denied</h5>
     				<p class="card-text" th:inline="text">Hello '[[${#httpServletRequest.remoteUser}]]', you do not have permission to access this page.</p>
     			</div>
     		</div>
     	</div>
     	<script src="resources/js/jquery-3.4.1.min.js"></script>
     	<script src="resources/js/popper.min.js"></script>
     	<script src="resources/js/bootstrap.min.js"></script>
     </body>
     </html>

     	@Column(name = "email")
     	private String email;
     	@Column(name = "password")
     	private String password;
     	@Column(name = "valid")
     	private boolean valid;
-...
     		this.email = email;
+    	}
     	public String getPassword() {
     		return password;
+    	}
     	public void setPassword(final String password) {
     		this.password = password;
+    	}
     	public boolean isValid() {
     		return valid;
+    	}

     package eu.dnetlib.organizations.utils;
     import java.time.OffsetDateTime;
     import java.util.Arrays;
     import java.util.List;
     import java.util.stream.Collectors;
     import javax.transaction.Transactional;
-...
     	@Transactional
     	public void saveUser(@RequestBody final UserView userView) {
     		final User user = userRepository.findById(userView.getEmail()).orElseThrow(() -> new RuntimeException("User not found"));
     		user.setRole(userView.getRole());
     		user.setValid(userView.isValid());
     		userRepository.save(user);
     		userCountryRepository.deleteByEmail(userView.getEmail());
     		for (final String country : userView.getCountries()) {
     			userCountryRepository.save(new UserCountry(userView.getEmail(), country));
     		if (userView.getCountries() != null) {
     			userCountryRepository
     					.saveAll(Arrays.stream(userView.getCountries()).map(c -> new UserCountry(userView.getEmail(), c)).collect(Collectors.toList()));
+    		}
+    	}
-...
     		userRepository.deleteById(email);
+    	}
     	@Transactional
     	public void newUser(final String email, final List<String> countries) {
     		final User user = new User();
     		user.setEmail(email);
     		user.setRole(OpenOrgsConstants.pendingRole);
     		user.setValid(false);
     		userRepository.save(user);
     		if (countries != null) {
     			userCountryRepository.saveAll(countries.stream().map(c -> new UserCountry(email, c)).collect(Collectors.toList()));
+    		}
+    	}
+    }

modules/dnet-orgs-database-application/trunk/src/main/java/eu/dnetlib/organizations/utils/OpenOrgsConstants.java
5	5	public static final String userRole = "USER";
6	6	public static final String superUserRole = "SUPERUSER";
7	7	public static final String pendingRole = "PENDING";
	8	public static final String notAuthorizedRole = "NOTAUTHORIZED";
8	9
9	10	public static final String OPENORGS_PREFIX = "openorgs____::";
10	11	public static final String OPENORGS_MESH_PREFIX = "openorgsmesh::";

     package eu.dnetlib.organizations.controller;
     import java.util.HashMap;
     import java.util.List;
     import java.util.Map;
     import org.apache.commons.codec.digest.DigestUtils;
     import org.springframework.beans.factory.annotation.Autowired;
     import org.springframework.security.core.Authentication;
     import org.springframework.web.bind.annotation.DeleteMapping;
-...
     import org.springframework.web.bind.annotation.RequestParam;
     import org.springframework.web.bind.annotation.RestController;
     import eu.dnetlib.organizations.model.User;
     import eu.dnetlib.organizations.model.view.UserView;
     import eu.dnetlib.organizations.repository.UserRepository;
     import eu.dnetlib.organizations.repository.readonly.UserViewRepository;
     import eu.dnetlib.organizations.utils.DatabaseUtils;
     import eu.dnetlib.organizations.utils.OpenOrgsConstants;
     @RestController
     public class UserController {
     	private static final String DEFAULT_PASSWORD = "dnet";
     	@Autowired
     	private UserRepository userRepository;
     	@Autowired
     	private UserViewRepository userViewRepository;
     	@Autowired
     	private DatabaseUtils dbUtils;
     	@PostMapping(value = "/public_api/newUser")
     	public Map<String, Integer> newUser(final @RequestParam String email) {
     	public Map<String, Integer> newUser(final @RequestBody List<String> countries, final Authentication authentication) {
     		final String email = authentication.getName();
     		final Map<String, Integer> res = new HashMap<>();
     		if (userRepository.existsById(email)) {
     		if (!UserInfo.isNotAuthorized(authentication) || userRepository.existsById(email)) {
     			res.put("status", 2);
     		} else {
     			final User user = new User();
     			user.setEmail(email);
     			user.setPassword("{MD5}" + DigestUtils.md5Hex(DEFAULT_PASSWORD));
     			user.setRole(OpenOrgsConstants.pendingRole);
     			user.setValid(false);
     			userRepository.save(user);
     			dbUtils.newUser(email, countries);
     			res.put("status", 1);
+    		}
     		return res;

     import org.springframework.beans.factory.annotation.Autowired;
     import org.springframework.security.core.Authentication;
     import org.springframework.web.bind.annotation.RequestMapping;
     import org.springframework.web.bind.annotation.RequestMethod;
     import org.springframework.web.bind.annotation.GetMapping;
     import org.springframework.web.bind.annotation.RestController;
     import eu.dnetlib.organizations.utils.DatabaseUtils;
-...
     import eu.dnetlib.organizations.utils.SimilarityType;
     @RestController
     @RequestMapping("/api/vocabularies")
     public class VocabulariesController {
     	@Autowired
     	private DatabaseUtils databaseUtils;
     	@RequestMapping(value = "", method = RequestMethod.GET)
     	@GetMapping({ "/api/vocabularies", "/public_api/vocabularies" })
     	public Map<String, List<String>> ListVocabularies(final Authentication authentication) {
     		final Map<String, List<String>> vocs = new HashMap<>();
     		vocs.put("orgTypes", databaseUtils.listValuesOfVocabularyTable(VocabularyTable.org_types));
-...
     		vocs.put("relTypes", Arrays.stream(RelationType.values()).map(Object::toString).collect(Collectors.toList()));
     		vocs.put("similaritiesType", Arrays.stream(SimilarityType.values()).map(Object::toString).collect(Collectors.toList()));
     		if (UserInfo.isSuperUser(authentication)) {
     		if (UserInfo.isSimpleUser(authentication)) {
     			vocs.put("countries", databaseUtils.listCountriesForUser(authentication.getName()));
     		} else {
     			vocs.put("countries", databaseUtils.listValuesOfVocabularyTable(VocabularyTable.countries));
     		} else {
     			vocs.put("countries", databaseUtils.listCountriesForUser(authentication.getName()));
+    		}
     		return vocs;

     	public static boolean isSuperUser(final Authentication authentication) {
     		for (final GrantedAuthority aut : authentication.getAuthorities()) {
     			if (aut.getAuthority().equals("ROLE_" + OpenOrgsConstants.superUserRole)) { return true; }
+    		}
     		return false;
+    	}
     	public static boolean isSimpleUser(final Authentication authentication) {
     		for (final GrantedAuthority aut : authentication.getAuthorities()) {
     			if (aut.getAuthority().equals("ROLE_" + OpenOrgsConstants.userRole)) { return true; }
+    		}
     		return false;
+    	}
     	public static boolean isPending(final Authentication authentication) {
     		for (final GrantedAuthority aut : authentication.getAuthorities()) {
     			if (aut.getAuthority().equals("ROLE_" + OpenOrgsConstants.pendingRole)) { return true; }
+    		}
     		return false;
+    	}
     	public static boolean isNotAuthorized(final Authentication authentication) {
     		for (final GrantedAuthority aut : authentication.getAuthorities()) {
     			if (aut.getAuthority().equals("ROLE_" + OpenOrgsConstants.notAuthorizedRole)) { return true; }
+    		}
     		return false;
+    	}
+    }

     		return "/login";
+    	}
     	@GetMapping("/403")
     	public String error403() {
     		return "/403";
     	@GetMapping("/authorizationRequest")
     	public String authorizationRequest() {
     		return "/authorizationRequest";
+    	}
     	@RequestMapping(value = { "/doc", "/swagger" }, method = RequestMethod.GET)

     				.authorizeRequests()
     				.antMatchers("/", "/api/**")
     				.hasAnyRole(OpenOrgsConstants.userRole, OpenOrgsConstants.superUserRole)
     				.antMatchers("/public_api/**")
     				.hasRole(OpenOrgsConstants.notAuthorizedRole)
     				.antMatchers("/resources/**", "/webjars/**", "/public_api/**")
     				.permitAll()
     				.anyRequest()
-...
     				.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true")  // TODO: this is a MOCK, the user should
     																								  // be authenticated using the openaire
     																								  // credentials
     				.authoritiesByUsernameQuery("with const as (SELECT ? as email) select c.email, coalesce(u.role, 'UNAUTHORIZED') from const c left outer join users u on (u.email = c.email)");
     				.authoritiesByUsernameQuery("with const as (SELECT ? as email) select c.email, 'ROLE_'||coalesce(u.role, 'NOTAUTHORIZED') from const c left outer join users u on (u.email = c.email)");
+    	}
     	@Bean

modules/dnet-orgs-database-application/trunk/src/main/java/eu/dnetlib/organizations/MyAccessDeniedHandler.java
29	29	logger.warn(String.format("User '%s' attempted to access the protected URL: %s", auth.getName(), httpServletRequest.getRequestURI()));
30	30	}
31	31
32		httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/403");
	32	httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/authorizationRequest");
33	33	}
34	34
35	35	}

     INSERT INTO users(email, password, valid, role) VALUES ('michele', '{MD5}'||MD5('dnet'), true, 'SUPERUSER');
     INSERT INTO users(email, password, valid, role) VALUES ('claudio', '{MD5}'||MD5('dnet'), true, 'SUPERUSER');
     INSERT INTO users(email, password, valid, role) VALUES ('emma',    '{MD5}'||MD5('dnet'), true, 'USER');
     INSERT INTO users(email, password, valid, role) VALUES ('paolo',   '{MD5}'||MD5('dnet'), true, 'USER');
     INSERT INTO user_countries VALUES ('emma', 'IT');
     INSERT INTO user_countries VALUES ('paolo', 'IT');
     INSERT INTO user_countries VALUES ('paolo', 'GR');
     INSERT INTO user_countries VALUES ('paolo', 'GB');
     INSERT INTO user_countries VALUES ('paolo', 'US');
     INSERT INTO users(email, valid, role) VALUES ('michele.artini@isti.cnr.it', '{MD5}'||MD5('dnet'), true, 'SUPERUSER');

modules/dnet-orgs-database-application/trunk/src/main/resources/sql/schema.sql
52	52
53	53	CREATE TABLE users (
54	54	email text PRIMARY KEY,
55		password text NOT NULL,
56	55	valid boolean DEFAULT true,
57	56	role text NOT NULL default 'USER' REFERENCES user_roles(role)
58	57	);

     					<a class="nav-link dropdown-toggle" href="javascript:void(0)" data-toggle="dropdown"><i class="fa fa-user"></i></a>
     					<div class="dropdown-menu dropdown-menu-right">
     						<p class="px-4 pt-2 text-muted small">
     							<b>Logged as:</b><br /><span sec:authentication="name"></span>
     							<b>Logged as:</b><br /><span sec:authentication="name"></span><br />
     							<b>Role:</b><br /><span sec:authentication="principal.authorities"></span>
     						</p>
     						<div class="dropdown-divider"></div>

     							<div class="tab-pane" id="tabRegister">
     								<h4 class="card-title">Register</h4>
     								<div id="registerMessage">
     									<p class="card-text mb-4">Insert the email used to access the OpenAIRE portal. An administrator will authorize you as soon as possible.</p>
     									<p class="card-text mb-4">
     										To use this service you have to perform the following steps:
     										<ol>
     											<li>Register your self on the OpenAIRE portal.</li>
     											<li>Use the same credentials to access to the this tool</li>
     											<li>Compile the Authorization Request Form</li>
     											<li>An administrator will auhorize you as soon as possible</li>
     										</ol>
     									</p>
     								</div>
     								<form method="post">
     									<div class="form-group">
     										<input type="text" name="email" id="email" class="form-control input-lg" placeholder="Email" required="true" autofocus="true" />
     									</div>
     									<div class="row">
     										<div class="col-xs-6 col-sm-6 col-md-6">
     											<input type="button" id="btnRegister" class="btn btn-lg btn-primary btn-block" value="Register" onclick="register(this.form.email.value)" />
     										</div>
     										<div class="col-xs-6 col-sm-6 col-md-6"></div>
     									</div>
     								</form>
     							</div>
     						</div>
     					</div>
-...
     			e.preventDefault()
     			$(this).tab('show')
     		});
     		function register(email) {
     			$('#btnRegister').attr("disabled", "disabled");
     			$.post("public_api/newUser", { 'email': email }, function(data, textStatus) {
     				if (textStatus == 'success' && data.status == 1) {
     					$('#registerMessage').html('<div class="alert alert-info">Registration saved !</div>');
     				} else if (textStatus == 'success' && data.status == 2) {
     					$('#registerMessage').html('<div class="alert alert-warning">User already registered !</div>');
     					$('#btnRegister').removeAttr("disabled");
     				} else {
     					$('#registerMessage').html('<div class="alert alert-danger">Error saving registration !</div>');
+    				}
     			}, 'json');
+    		}
     	</script>
     </body>
     </html>

     <!DOCTYPE HTML>
     <html xmlns:th="http://www.thymeleaf.org">
     <head>
     	<meta charset="utf-8">
     	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     	<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
     	<meta http-equiv="Pragma" content="no-cache">
     	<meta http-equiv="Expires" content="0">
     	<!-- Bootstrap CSS -->
     	<link rel="stylesheet" href="resources/css/bootstrap.min.css" />
     	<!-- Icons CSS -->
     	<link rel="stylesheet" href="resources/css/fontawesome-all.min.css">
     	<title>Organizations Database: authorization request</title>
     </head>
     <body ng-app="authReqApp" ng-controller="authReqCtrl">
     	<div class="container">
     		<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
     			<a class="navbar-brand" href="#">
     				<img src="resources/images/openaire_logo_small.png" width="30" height="30" alt="OpenOrgs Database"> OpenOrgs Database
     			</a>
     		</nav>
     		<div ng-if="registrationMessage">
     			<div class="alert" style="margin-top: 25px" ng-class="{'alert-info': registrationStatus == 1, 'alert-warning': registrationStatus == 2, 'alert-danger': registrationStatus == -1}">{{registrationMessage}}</div>
     			<a class="btn btn-sm btn-primary" th:href="@{/logout}">return to login form</a>
     		</div>
     	    <div class="card" style="margin-top: 25px" ng-if="registrationStatus == 0">
     			<div class="card-body">
     				<h5 class="card-title">Authorization request</h5>
     				<p class="card-text" th:inline="text">
     					Hello '[[${#httpServletRequest.remoteUser}]]', you do not have permission to ... <br />
     					If you want to contribute to ... compile the form, an administrator will authorize you as soon as possible.
     				</p>
     				<form class="small">
     					<div class="card" style="margin-top: 25px">
     						<div class="card-header">Select your countries</div>
     						<div class="card-body">
     							<div class="form-group row">
     								<div class="col-sm-2" ng-repeat="c in vocs.countries">
     									<div class="form-check form-check-inline">
     										<input class="form-check-input" type="checkbox" checklist-model="countries" checklist-value="c"/>
     										<label class="form-check-label">{{c}}</label>
     									</div>
     								</div>
     							</div>
     						</div>
     						<div class="card-footer">
     							<button id="btnRegister" class="btn btn-sm btn-primary" ng-click="register()">send request</button>
     							<a class="btn btn-sm btn-danger" th:href="@{/logout}">abort request</a>
     						</div>
     					</div>
     				</form>
     			</div>
     		</div>
     	</div>
     	<script src="resources/js/jquery-3.4.1.min.js"></script>
     	<script src="resources/js/popper.min.js"></script>
     	<script src="resources/js/bootstrap.min.js"></script>
     	<script src="resources/js/jquery-3.4.1.min.js"></script>
     	<script src="resources/js/popper.min.js"></script>
     	<script src="resources/js/bootstrap.min.js"></script>
     	<script src="resources/js/angular.min.js"></script>
     	<script src='resources/js/checklist-model.js'></script>
     	<script>
     	angular.module('authReqApp', ['checklist-model']).controller('authReqCtrl', function($scope, $http) {
     		$scope.vocs = {};
     		$scope.countries = [];
     		$scope.registrationStatus = 0;
     		$scope.registrationMessage = '';
     		$http.get('public_api/vocabularies').then(function successCallback(res) {
     			$scope.vocs = res.data;
     		}, function errorCallback(res) {
     			alert('ERROR: ' + res.data.error + ' (' + res.data.message + ')');
     		});
     		$scope.register = function (email) {
     			$('#btnRegister').attr("disabled", "disabled");
     			$http.defaults.headers.post["Content-Type"] = "application/json;charset=UTF-8";
     			$http.post('public_api/newUser', $scope.countries).then(function successCallback(res) {
     				$scope.registrationStatus = res.data.status;
     				if (res.data.status == 1) {
     					$scope.registrationMessage = 'Registration saved !';
     				} else {
     					$scope.registrationMessage = 'User already registered !';
+    				}
     			}, function errorCallback(res) {
     				$scope.registerStatus = -1;
     				$scope.registrationMessage = 'Error saving registration !';
     				alert('ERROR: ' + res.data.error + ' (' + res.data.message + ')');
     			});
+    		}
     	});
     	</script>
     </body>
     </html>

Project

General

Profile

D-Net

Revision 57650

Added by Michele Artini over 4 years ago