Skip to content

Commit

Permalink
Merge branch 'release/2.0.16'
Browse files Browse the repository at this point in the history
  • Loading branch information
@bbrauzzi
bbrauzzi committed May 31, 2023
2 parents bf81f3c + aec491d commit c666f62
Show file tree
Hide file tree
Showing 8 changed files with 232 additions and 158 deletions.
112 changes: 0 additions & 112 deletions 3ty/proc-comm-zoo-1.2-alpha/assets/patch/zoo/zoo_service_loader.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -753,118 +753,6 @@ addUserToMap(maps* conf){
}
}
}

if(false && strstr(s,"HTTP_AUTHORIZATION")!=NULL && strlen(strstr(s,"="))>1 && strstr(s,"REDIRECT_HTTP_AUTHORIZATION")==NULL){
// fprintf(stderr,"--> %s=%s \n", tmpName1, tmpValue );
char* baseU=strchr(s,'=');
if (baseU){
char* baseS=strchr(++baseU,' ');
if (baseS){
*baseS='\0';
fprintf(stderr,"**** %s\n",baseU);
if (strcmp(baseU,"Bearer")==0){
canContinue=true;
}
*baseS=' ';
if (canContinue){
while (*(++baseS)==' ');
fprintf(stderr,">%s<\n",baseS);

char* HEADER=baseS;
char* PAYLOAD=NULL;
char* VERIFY_SIGNATURE=NULL;

char* tmpP=strchr(HEADER,'.');
if (tmpP){
*tmpP='\0';
PAYLOAD=tmpP+1;
tmpP=strchr(PAYLOAD ,'.');
if (tmpP){
*tmpP='\0';
VERIFY_SIGNATURE=tmpP+1;
int bufferLen=0;

size_t nPAYLOAD=(strlen(PAYLOAD)+2)*sizeof (char);
char* cPAYLOAD=(char*)malloc(nPAYLOAD);
memset(cPAYLOAD,'\0',nPAYLOAD);
memcpy(cPAYLOAD,PAYLOAD,(strlen(PAYLOAD))*sizeof (char));
*(cPAYLOAD+strlen(PAYLOAD)) = '=';

unsigned char* buffer=NULL;
size_t theLen=0;
Base64Decode(cPAYLOAD,&buffer,&theLen);

fprintf(stderr,"PAYLOAD %s\n",PAYLOAD);
fprintf(stderr,"PAYLOAD %s\n",cPAYLOAD);
fprintf(stderr,"buffer %s\n",(char*)buffer);

struct json_object *jobj;
jobj = json_tokener_parse((char*)buffer/*(char *)buffer*/);

if(jobj){
fprintf(stderr,"jobj from str:\n---\n%s\n---\n", json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_SPACED | JSON_C_TO_STRING_PRETTY));
json_object* pct_claims=NULL;
if(json_object_object_get_ex(jobj,"pct_claims",&pct_claims)!=FALSE){

json_object* user_names=NULL;
if(json_object_object_get_ex(pct_claims,"user_name",&user_names)!=FALSE){
int arraylen;
json_object *medi_array=NULL,*medi_array_obj=NULL;
arraylen = json_object_array_length(user_names);
if (arraylen>0){
medi_array_obj=json_object_array_get_idx(user_names, 0);

int uLen=json_object_get_string_len(medi_array_obj) * sizeof(char);

if (uLen>0){
username=(char*)malloc(uLen+1);
memset(username,'\0',uLen+1);
memcpy(username,json_object_get_string(medi_array_obj),uLen);
fprintf(stderr,">>>>%s<<<<<=====>>>>>\n",username);

maps *_tmpMaps = createMaps("eoepcaUser");
if(_tmpMaps->content == NULL)
_tmpMaps->content = createMap ("user",username);
else
addToMap (_tmpMaps->content,"user",username);

if( strcmp(anonymousUser,username)==0 ){
// it is anonymous, can only reads
// rwx
map *theGrants = createMap("grant","1--");
addMapToMap(&_tmpMaps->content,theGrants);
}else{
// it is ok!
map *theGrants = createMap("grant","111");
addMapToMap(&_tmpMaps->content,theGrants);
}

if(conf){
addMapsToMaps (&conf, _tmpMaps);
}
freeMaps(&_tmpMaps);
free(_tmpMaps);
_tmpMaps=NULL;
}
}
}
}
}else{
fprintf(stderr,"can't convert the json string >%s< \n",(char*)buffer);
ret=1;
}

if(jobj){
json_object_put(jobj);
}
free(cPAYLOAD);
free(buffer);
}
}
}
}
}
}
}
s = *(orig+ei);
}
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ RUN wget -qO- https://micromamba.snakepit.net/api/micromamba/linux-64/latest | t
rm -rf /var/lib/{apt,dpkg,cache,log} && \
cp ./micromamba /usr/bin && \
micromamba create -n workflow_executor_env && \
micromamba install workflow-executor=1.0.45 -c eoepca -c conda-forge -n workflow_executor_env && \
micromamba install workflow-executor=1.0.47 -c eoepca -c conda-forge -n workflow_executor_env && \
rm -fr /srv/conda/pkgs && \
rm -fr /tmp/*

Expand Down
2 changes: 1 addition & 1 deletion build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
docker_image_name: eoepca/proc-ades
docker_image_version: 2.0.15
docker_image_version: 2.0.16
1 change: 0 additions & 1 deletion charts/ades/files/main.cfg.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ individualName=Operations Support team

[javax]

[env]

[database]

Expand Down
156 changes: 137 additions & 19 deletions src/deployundeploy/zoo/deploy.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,16 +44,21 @@ static std::string replaceStr(std::string &str, const std::string &from,
}

std::string authorizationBearer(maps *&conf){
// std::cerr << "dumping map conf in deploy.cpp" << std::endl;
// dumpMaps(conf);
map* eoUserMap=getMapFromMaps(conf,"renv","HTTP_AUTHORIZATION");

if (eoUserMap){
map* userServicePathMap = getMap(eoUserMap,"HTTP_AUTHORIZATION");
if (userServicePathMap){
char* baseS=strchr(userServicePathMap->value,' ');
std::cerr << "HTTP_AUTHORIZATION " << baseS << std::endl;
if (baseS){
return std::string(++baseS);
}
}
}
std::cerr << "HTTP_AUTHORIZATION not found" << std::endl;
return "";
}

Expand Down Expand Up @@ -183,6 +188,63 @@ DeployResults deploy(std::string_view path, std::string_view content) {
return DeployResults::NONE;
}


/**
* given a json and path, return the value at the path
* returns an empty json if the path is not found
* @param j
* @param path
* @return json value
*/
nlohmann::json getJsonPathValue(nlohmann::json j, std::string path) {
std::string delimiter = ".";
size_t pos = 0;
std::string token;
while ((pos = path.find(delimiter)) != std::string::npos) {
token = path.substr(0, pos);
j = j[token];
path.erase(0, pos + delimiter.length());
}
return j[path];
}



/**
* given a token and a path, returns the value at the path
* returns an empty json if the path is not found
* @param token
* @param path
* @return json value
*/
nlohmann::json getPayloadPathValue(std::string token, std::string path) {
auto decoded = jwt::decode(token);
std::string payload = decoded.get_payload();
nlohmann::json j = nlohmann::json::parse(payload);
return getJsonPathValue(j, path);
}


/**
* Get the value of the HTTP_AUTHORIZATION header (bearer token) from the request
* @param conf
* @return
*/
std::string getAuthorizationBearer(maps *&conf){
map* eoUserMap=getMapFromMaps(conf,"renv","HTTP_AUTHORIZATION");
if (eoUserMap){
map* userServicePathMap = getMap(eoUserMap,"HTTP_AUTHORIZATION");
if (userServicePathMap){
char* baseS=strchr(userServicePathMap->value,' ');
if (baseS){
fprintf(stderr,"getAuthorizationBearer >%s<\n",++baseS);
return std::string(++baseS);
}
}
}
return "";
}

void setStatus(maps *&conf, const char *status, const char *message) {

map *usid = getMapFromMaps(conf, "lenv", "uusid");
Expand Down Expand Up @@ -340,7 +402,6 @@ int job(maps *&conf, maps *&inputs, maps *&outputs, Operation operation) {
}

auto workflowExecutor = std::make_unique<mods::WorkflowExecutor>(confEoepca["libWorkflowExecutor"]);
std::string _userIdToken;
if (usepep) {
resource->setJwt(authorizationBearer(conf));
if (resource->jwt_empty()) {
Expand Down Expand Up @@ -523,6 +584,9 @@ int job(maps *&conf, maps *&inputs, maps *&outputs, Operation operation) {
// check if protocol is http, https or s3
auto isS3 = owsOri.find("s3://");
if (isS3 == std::string::npos) {


std::cerr << "Downloading application package from http/https endpoint" << std::endl;
// http or https
auto ret = getFromWeb(bufferOWSFile, owsOri.c_str());
if (ret != 200) {
Expand All @@ -534,36 +598,90 @@ int job(maps *&conf, maps *&inputs, maps *&outputs, Operation operation) {
////////////////////////////
// s3
// START RETRIEVE USERNAME
std::cerr << "Retrieving username from User Id token \n";
_userIdToken = userIdToken(conf);
auto decoded = jwt::decode(_userIdToken);
std::string username;
auto claims = decoded.get_payload_claims();
std::string key = "user_name";
auto count = decoded.get_payload_claims().count(key);
if (count) {
username = claims[key].as_string();
std::cerr << "user: " << username << std::endl;
// std::cerr << "Retrieving username from User Id token \n";
// _userIdToken = userIdToken(conf);
// auto decoded = jwt::decode(_userIdToken);
// std::string username;
// auto claims = decoded.get_payload_claims();
// std::string key = "user_name";
// auto count = decoded.get_payload_claims().count(key);
// if (count) {
// username = claims[key].as_string();
// std::cerr << "user: " << username << std::endl;
// } else {
// if (claims.count("pct_claims")) {
// auto pct_claims_json = claims["pct_claims"].to_json();
// if (pct_claims_json.contains(key)) {
// username = pct_claims_json.get(key).to_str();
// std::cerr << "user: " << pct_claims_json.get(key) << std::endl;
// }
// }
// }


std::cerr << "Downloading application package from S3 endpoint" << std::endl;
// get bearer token
std::string authorizationBearerToken{getAuthorizationBearer(conf)};
std::string username{};
if (!authorizationBearerToken.empty()){
// get username path
std::string usernamePath {confEoepca["usernameJwtJsonPath"].c_str()};

// check if username path is empty, if so use default value
if (usernamePath.empty()) {
usernamePath = "user_name";
}

// get username from token using configured user path
std::cerr << "Retrieving username from Bearer token." << std::endl;
username = getPayloadPathValue(authorizationBearerToken, usernamePath);
std::cerr << "Retrieving username from Bearer token success. Username: " << username << std::endl;
} else {
if (claims.count("pct_claims")) {
auto pct_claims_json = claims["pct_claims"].to_json();
if (pct_claims_json.contains(key)) {
username = pct_claims_json.get(key).to_str();
std::cerr << "user: " << pct_claims_json.get(key) << std::endl;

// username could not be parsed from bearer token
// we are going to check if the x-user-id header is present
std::cerr << "Retrieving username from user-id-token \n";

auto decoded = jwt::decode(userIdToken(conf));
std::string username;
auto claims = decoded.get_payload_claims();
std::string key = "user_name";
auto count = decoded.get_payload_claims().count(key);

if(count) {
username = claims[key].as_string();
std::cerr << "user: " << username << std::endl;
} else {
if (claims.count("pct_claims")) {
auto pct_claims_json = claims["pct_claims"].to_json();
if (pct_claims_json.contains(key)) {
username = pct_claims_json.get(key).to_str();
std::cerr << "user: " << pct_claims_json.get(key) << std::endl;
}
}
}
// checking if username was correctly parsed
if (username.empty() ) {
std::string err{
"eoepca: service error. Username could not be parsed."};
setStatus(conf, "failed", err.c_str());
updateStatus(conf, 100, err.c_str());
return SERVICE_FAILED;
} else {
std::cerr << "Retrieving username from X-User-id hearder token success. Username: " << username << std::endl;
}
}
}

auto wfpm = std::make_unique<mods::WorkflowExecutor::WorkflowExecutorWebParameters>();
wfpm->username = username;
wfpm->userIdToken = _userIdToken;
wfpm->bearerToken = authorizationBearer(conf);
wfpm->userIdToken = userIdToken(conf);
wfpm->hostName = confEoepca["WorkflowExecutorHost"];
wfpm->workspaceResource = owsOri.c_str();

std::cerr << "workflowExecutor->webGetWorkspaceResource init\n";
workflowExecutor->webGetWorkspaceResource(*wfpm, bufferOWSFile);
std::cerr << "workflowExecutor->webGetWorkspaceResource end\n";

}
}

Expand Down
Loading

0 comments on commit c666f62

Please sign in to comment.