7715 signed urls for external tools

src/main/java/edu/harvard/iq/dataverse/ConfigureFragmentBean.java

@@ -106,6 +106,7 @@ public void  generateApiToken() {
         ApiToken apiToken = new ApiToken();
         User user = session.getUser();
         if (user instanceof AuthenticatedUser) {
+            toolHandler.setUser(((AuthenticatedUser) user).getUserIdentifier());
             apiToken = authService.findApiTokenByUser((AuthenticatedUser) user);
             if (apiToken == null) {
                 //No un-expired token

src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java

@@ -49,6 +49,7 @@
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.UrlSignerUtil;
 import edu.harvard.iq.dataverse.util.json.JsonParser;
 import edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder;
 import edu.harvard.iq.dataverse.validation.PasswordValidatorServiceBean;
@@ -419,10 +420,36 @@ private AuthenticatedUser findAuthenticatedUserOrDie( String key, String wfid )
             } else {
                 throw new WrappedResponse(badWFKey(wfid));
             }
+        } else {
+            AuthenticatedUser authUser = getAuthenticatedUserFromSignedUrl();
+            if (authUser != null) {
+                return authUser;
+            } 
         }
         //Just send info about the apiKey - workflow users will learn about invocationId elsewhere
         throw new WrappedResponse(badApiKey(null));
     }
+
+    private AuthenticatedUser getAuthenticatedUserFromSignedUrl() {
+        AuthenticatedUser authUser = null;
+        // The signUrl contains a param telling which user this is supposed to be for.
+        // We don't trust this. So we lookup that user, and get their API key, and use
+        // that as a secret in validation the signedURL. If the signature can't be
+        // validating with their key, the user (or their API key) has been changed and
+        // we reject the request.
+        //ToDo - add null checks/ verify that calling methods catch things.
+        String user = httpRequest.getParameter("user");
+        AuthenticatedUser targetUser = authSvc.getAuthenticatedUser(user);
+        String key = System.getProperty(SystemConfig.API_SIGNING_SECRET,"") + authSvc.findApiTokenByUser(targetUser).getTokenString();
+        String signedUrl = httpRequest.getRequestURL().toString()+"?"+httpRequest.getQueryString();
+        String method = httpRequest.getMethod();
+        String queryString = httpRequest.getQueryString();
+        boolean validated = UrlSignerUtil.isValidUrl(signedUrl, user, method, key);
+        if (validated){
+            authUser = targetUser;
+        }
+        return authUser;
+    }    
 
     protected Dataverse findDataverseOrDie( String dvIdtf ) throws WrappedResponse {
         Dataverse dv = findDataverse(dvIdtf);

src/main/java/edu/harvard/iq/dataverse/api/Admin.java

@@ -34,6 +34,7 @@
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibServiceBean;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibUtil;
+import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.confirmemail.ConfirmEmailData;
 import edu.harvard.iq.dataverse.confirmemail.ConfirmEmailException;
@@ -47,6 +48,7 @@
 import javax.json.Json;
 import javax.json.JsonArrayBuilder;
 import javax.json.JsonObjectBuilder;
+import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -98,6 +100,7 @@
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.FileUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.UrlSignerUtil;
 
 import java.io.IOException;
 import java.io.OutputStream;
@@ -2139,4 +2142,43 @@ public Response getBannerMessages(@PathParam("id") Long id) throws WrappedRespon
                 .collect(toJsonArray()));
 
     }
+
+    @POST
+    @Consumes("application/json")
+    @Path("/requestSignedUrl")
+    public Response getSignedUrl(JsonObject urlInfo) throws WrappedResponse {
+        AuthenticatedUser superuser = authSvc.getAdminUser();
+
+        if (superuser == null) {
+            return error(Response.Status.FORBIDDEN, "Requesting signed URLs is restricted to superusers.");
+        }
+
+        String userId = urlInfo.getString("user");
+        String key=null;
+        if(userId!=null) {
+        AuthenticatedUser user = authSvc.getAuthenticatedUser(userId);
+        if(user!=null) {
+            ApiToken apiToken = authSvc.findApiTokenByUser(user);
+            if(apiToken!=null && !apiToken.isExpired() &&  ! apiToken.isDisabled()) {
+                key = apiToken.getTokenString();
+            }
+        } else {
+            userId=superuser.getIdentifier();
+            //We ~know this exists - the superuser just used it and it was unexpired/not disabled. (ToDo - if we want this to work with workflow tokens (or as a signed URL, we should do more checking as for the user above))
+        }
+            key =  System.getProperty(SystemConfig.API_SIGNING_SECRET,"") + authSvc.findApiTokenByUser(superuser).getTokenString();
+        }
+        if(key==null) {
+            return error(Response.Status.CONFLICT, "Do not have a valid user with apiToken");
+        }
+
+        String baseUrl = urlInfo.getString("url");
+        int timeout = urlInfo.getInt("timeout", 10);
+        String method = urlInfo.getString("method", "GET");
+
+        String signedUrl = UrlSignerUtil.signUrl(baseUrl, timeout, userId, method, key); 
+
+        return ok(Json.createObjectBuilder().add("signedUrl", signedUrl));
+    }
+
 }

src/main/java/edu/harvard/iq/dataverse/api/Users.java

@@ -21,6 +21,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.ejb.Stateless;
 import javax.json.JsonArray;
@@ -201,7 +202,14 @@ public Response getAuthenticatedUserByToken() {
 
         AuthenticatedUser authenticatedUser = findUserByApiToken(tokenFromRequestAPI);
         if (authenticatedUser == null) {
-            return error(Response.Status.BAD_REQUEST, "User with token " + tokenFromRequestAPI + " not found.");
+            try {
+                authenticatedUser = findAuthenticatedUserOrDie();
+                return ok(json(authenticatedUser));
+            } catch (WrappedResponse ex) {
+                Logger.getLogger(Users.class.getName()).log(Level.SEVERE, null, ex);
+                return error(Response.Status.BAD_REQUEST, "User with token " + tokenFromRequestAPI + " not found.");
+            }
+
         } else {
             return ok(json(authenticatedUser));
         }

src/main/java/edu/harvard/iq/dataverse/externaltools/ExternalTool.java

@@ -20,7 +20,6 @@
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.OneToMany;
-import javax.persistence.Transient;
 
 /**
  * A specification or definition for how an external tool is intended to
@@ -30,8 +29,6 @@
 @Entity
 public class ExternalTool implements Serializable {
 
-    private static final Logger logger = Logger.getLogger(ExternalToolServiceBean.class.getCanonicalName());
-
     public static final String DISPLAY_NAME = "displayName";
     public static final String DESCRIPTION = "description";
     public static final String LEGACY_SINGLE_TYPE = "type";
@@ -41,6 +38,7 @@ public class ExternalTool implements Serializable {
     public static final String TOOL_PARAMETERS = "toolParameters";
     public static final String CONTENT_TYPE = "contentType";
     public static final String TOOL_NAME = "toolName";
+    public static final String ALLOWED_API_CALLS = "allowedApiCalls";
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
@@ -97,6 +95,14 @@ public class ExternalTool implements Serializable {
     @Column(nullable = true, columnDefinition = "TEXT")
     private String contentType;
 
+    /**
+     * Set of API calls the tool would like to be able to use (e,.g. for retrieving
+     * data through the Dataverse REST api). Used to build signedUrls for POST
+     * headers, as in DPCreator
+     */
+    @Column(nullable = true, columnDefinition = "TEXT")
+    private String allowedApiCalls;
+
     /**
      * This default constructor is only here to prevent this error at
      * deployment:
@@ -122,6 +128,18 @@ public ExternalTool(String displayName, String toolName, String description, Lis
         this.contentType = contentType;
     }
 
+    public ExternalTool(String displayName, String toolName, String description, List<ExternalToolType> externalToolTypes, Scope scope, String toolUrl, String toolParameters, String contentType, String allowedApiCalls) {
+        this.displayName = displayName;
+        this.toolName = toolName;
+        this.description = description;
+        this.externalToolTypes = externalToolTypes;
+        this.scope = scope;
+        this.toolUrl = toolUrl;
+        this.toolParameters = toolParameters;
+        this.contentType = contentType;
+        this.allowedApiCalls = allowedApiCalls;
+    }
+
     public enum Type {
 
         EXPLORE("explore"),
@@ -273,64 +291,10 @@ public JsonObjectBuilder toJson() {
         if (getContentType() != null) {
             jab.add(CONTENT_TYPE, getContentType());
         }
-        return jab;
-    }
-
-    public enum ReservedWord {
-
-        // TODO: Research if a format like "{reservedWord}" is easily parse-able or if another format would be
-        // better. The choice of curly braces is somewhat arbitrary, but has been observed in documenation for
-        // various REST APIs. For example, "Variable substitutions will be made when a variable is named in {brackets}."
-        // from https://swagger.io/specification/#fixed-fields-29 but that's for URLs.
-        FILE_ID("fileId"),
-        FILE_PID("filePid"),
-        SITE_URL("siteUrl"),
-        API_TOKEN("apiToken"),
-        // datasetId is the database id
-        DATASET_ID("datasetId"),
-        // datasetPid is the DOI or Handle
-        DATASET_PID("datasetPid"),
-        DATASET_VERSION("datasetVersion"),
-        FILE_METADATA_ID("fileMetadataId"),
-        LOCALE_CODE("localeCode");
-
-        private final String text;
-        private final String START = "{";
-        private final String END = "}";
-
-        private ReservedWord(final String text) {
-            this.text = START + text + END;
-        }
-
-        /**
-         * This is a centralized method that enforces that only reserved words
-         * are allowed to be used by external tools. External tool authors
-         * cannot pass their own query parameters through Dataverse such as
-         * "mode=mode1".
-         *
-         * @throws IllegalArgumentException
-         */
-        public static ReservedWord fromString(String text) throws IllegalArgumentException {
-            if (text != null) {
-                for (ReservedWord reservedWord : ReservedWord.values()) {
-                    if (text.equals(reservedWord.text)) {
-                        return reservedWord;
-                    }
-                }
-            }
-            // TODO: Consider switching to a more informative message that enumerates the valid reserved words.
-            boolean moreInformativeMessage = false;
-            if (moreInformativeMessage) {
-                throw new IllegalArgumentException("Unknown reserved word: " + text + ". A reserved word must be one of these values: " + Arrays.asList(ReservedWord.values()) + ".");
-            } else {
-                throw new IllegalArgumentException("Unknown reserved word: " + text);
-            }
-        }
-
-        @Override
-        public String toString() {
-            return text;
+        if (getAllowedApiCalls()!= null) {
+            jab.add(ALLOWED_API_CALLS,getAllowedApiCalls());
         }
+        return jab;
     }
 
     public String getDescriptionLang() {
@@ -355,5 +319,19 @@ public String getDisplayNameLang() {
         return displayName;
     }
 
+    /**
+     * @return the allowedApiCalls
+     */
+    public String getAllowedApiCalls() {
+        return allowedApiCalls;
+    }
+
+    /**
+     * @param allowedApiCalls the allowedApiCalls to set
+     */
+    public void setAllowedApiCalls(String allowedApiCalls) {
+        this.allowedApiCalls = allowedApiCalls;
+    }
+
 
 }