Merge branch 'release/19.0.0'

CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+
+We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
+
+19.0.0 (2019-08-19)
+===================
+
+- Update fakeCAS for OSF token-scope relationship change
+- Add OAuth revoke endpoint
+- Fix OAuth profile endpoint
+- Rewrite readme
+

PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,34 @@
+<!-- Use the following format for the title of the pull request:
+
+    [Ticket] Title
+    
+    Before submit your pull request, make sure you picked the right branch:
+
+    - For hotfixes, select "master" as the target branch
+    - For new features and improvements, select "develop" as the target branch
+    
+    For security related tickets, talk with the team lead before submit your PR -->
+
+## Ticket
+
+<!-- Link to JIRA ticket, if applicable e.g. https://openscience.atlassian.net/browse/SVCS-1234 -->
+
+## Purpose
+
+<!-- Describe the purpose of your changes -->
+
+## Changes
+
+<!-- Describe or list your changes  -->
+
+## Side effects
+
+<!-- Any possible side effects? -->
+
+## QA Notes
+
+<!-- Describe how QA should test this ticket/PR -->
+
+## Deployment Notes
+
+<!-- Any special configurations for deployment? -->

README.md

@@ -1,16 +1,33 @@
-# Fake CAS
+# Run fakeCAS with OSF
 
-Download the binary from [here](https://github.com/CenterForOpenScience/fakecas/releases/latest)
+Please follow [README-docker-compose.md](https://github.com/CenterForOpenScience/osf.io/blob/develop/README-docker-compose.md) to run fakeCAS with OSF.
 
-```bash
-cd ~/Downloads # cd to where you downloaded the file to
-chmod +x fakecas # Make the server executable
-./fakecas # Run the server
+## Change the Image
 
-./fakecas -h  # Print possible configuration options
-# Usage of ./fakecas:
-#   -dbaddress="localhost:27017": The address of your mongodb. ie: localhost:27017
-#   -dbname="osf20130903": The name of your OSF database
-#   -host="localhost:8080": The host to bind to
-#   -osfhost="localhost:5000": The osf host to bind to
+By default, OSF uses the `master` image of fakeCAS, as shown below in [docker-compose.yml](https://github.com/CenterForOpenScience/osf.io/blob/develop/docker-compose.yml).
+
+```yml
+##################################
+# Central Authentication Service #
+##################################
+
+fakecas:
+  image: quay.io/centerforopenscience/fakecas:master
+  command: fakecas -host=0.0.0.0:8080 -osfhost=localhost:5000 -dbaddress=postgres://postgres@postgres:5432/osf?sslmode=disable
+  restart: unless-stopped
+  ports:
+    - 8080:8080
+  depends_on:
+    - postgres
+  stdin_open: true
 ```
+
+If you need the `develop` one, use `quay.io/centerforopenscience/fakecas:develop` instead. Run `docker-compose pull fakecas` to pull the new image before starting `docker-compose pull fakecas`.
+
+## Pre-docker-compose
+
+Starting [19.0.0](https://github.com/CenterForOpenScience/fakecas/milestone/1), fakeCAS no longer provides downloadable binrary executables. Here is the last version [0.11.1](https://github.com/CenterForOpenScience/fakecas/releases/tag/0.11.1) that provides such a binary.
+
+# Develop fakeCAS
+
+Please take a look at the [Dockerfile](https://github.com/cslzchen/fakecas/blob/develop/Dockerfile) for how to develop fakeCAS locally. On macOS, use [`brew`](https://github.com/Homebrew/brew) to install [`go`](https://github.com/golang/go) and [`glide`](https://github.com/Masterminds/glide).

fakecas.go

@@ -4,17 +4,18 @@ import (
 	"database/sql"
 	"flag"
 	"fmt"
-  "github.com/labstack/echo"
-  "github.com/labstack/echo/middleware"
-	_ "github.com/lib/pq"
 	"html/template"
 	"os"
+
+	"github.com/labstack/echo"
+	"github.com/labstack/echo/middleware"
+	_ "github.com/lib/pq"
 )
 
 var Version string
 
 var (
-	Host               = flag.String("host", "localhost:8080", "The host to bind to")
+	Host               = flag.String("host", "192.168.168.167:8080", "The host to bind to")
 	OSFHost            = flag.String("osfhost", "localhost:5000", "The osf host to bind to")
 	DatabaseName       = flag.String("dbname", "osf", "The name of your OSF database")
 	DatabaseAddress    = flag.String("dbaddress", "postgres://postgres@localhost:5432/osf?sslmode=disable", "The address of your postgres instance. ie: postgres://user:[email protected]/dbname?other=args")
@@ -31,25 +32,26 @@ func main() {
 	}))
 	e.Use(middleware.Recover())
 
-  e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
 		AllowCredentials: true,
-		AllowOrigins:   []string{"*"},
-		AllowMethods:   []string{"GET", "PUT", "POST", "DELETE"},
-		AllowHeaders:   []string{"Range", "Content-Type", "Authorization", "X-Requested-With"},
-		ExposeHeaders:   []string{"Range", "Content-Type", "Authorization", "X-Requested-With"},
+		AllowOrigins:     []string{"*"},
+		AllowMethods:     []string{"GET", "PUT", "POST", "DELETE"},
+		AllowHeaders:     []string{"Range", "Content-Type", "Authorization", "X-Requested-With"},
+		ExposeHeaders:    []string{"Range", "Content-Type", "Authorization", "X-Requested-With"},
 	}))
 
 	t, err := template.New("login").Parse(LOGINPAGE)
 	if err != nil {
 		panic(err)
 	}
 	temp := &Template{templates: t}
-  e.Renderer = temp
+	e.Renderer = temp
 
 	e.GET("/login", LoginGET)
 	e.POST("/login", LoginPOST)
 	e.GET("/logout", Logout)
 	e.GET("/oauth2/profile", OAuth)
+	e.POST("/oauth2/revoke", OAuthRevoke)
 	e.GET("/p3/serviceValidate", ServiceValidate)
 
 	fmt.Println("Expecting database", *DatabaseName, "to be running at", *DatabaseAddress)
@@ -62,5 +64,5 @@ func main() {
 
 	defer DatabaseConnection.Close()
 
-  e.Start(*Host)
+	e.Start(*Host)
 }

utils.go

@@ -1,9 +1,10 @@
 package main
 
 import (
-	"github.com/labstack/echo"
 	"io"
 	"net/url"
+
+	"github.com/labstack/echo"
 )
 
 func ValidateService(c echo.Context) *url.URL {

views.go

@@ -3,10 +3,11 @@ package main
 import (
 	"database/sql"
 	"fmt"
-	"github.com/labstack/echo"
 	"net/http"
 	"net/url"
 	"strings"
+
+	"github.com/labstack/echo"
 )
 
 func LoginPOST(c echo.Context) error {
@@ -161,45 +162,83 @@ func ServiceValidate(c echo.Context) error {
 }
 
 func OAuth(c echo.Context) error {
-	var (
-		scopes string
-		result User
-	)
 
 	tokenId := strings.Replace(c.Request().Header.Get("Authorization"), "Bearer ", "", 1)
 
-	var queryString = `
+	// Find the user that owns the token
+	var result User
+	queryString := `
 		SELECT DISTINCT
 			osf_guid._id,
 			osf_osfuser.username,
 			osf_osfuser.given_name,
-			osf_osfuser.family_name,
-			osf_apioauth2personaltoken.scopes
+			osf_osfuser.family_name
 		FROM osf_guid
 			LEFT JOIN django_content_type
 				ON django_content_type.model = 'osfuser'
 			JOIN osf_osfuser
 				ON django_content_type.id = osf_guid.content_type_id AND object_id = osf_osfuser.id
 			JOIN osf_apioauth2personaltoken
-					ON osf_osfuser.id = osf_apioauth2personaltoken.owner_id
-			WHERE osf_apioauth2personaltoken.token_id = $1
+				ON osf_osfuser.id = osf_apioauth2personaltoken.owner_id
+		WHERE osf_apioauth2personaltoken.token_id = $1 AND osf_apioauth2personaltoken.is_active
 	`
-	err := DatabaseConnection.QueryRow(queryString, tokenId).Scan(&result.Id, &result.Username, &result.GivenName, &result.FamilyName, &scopes)
+	err := DatabaseConnection.QueryRow(queryString, tokenId).Scan(&result.Id, &result.Username, &result.GivenName, &result.FamilyName)
 	if err != nil {
 		if err != sql.ErrNoRows {
 			panic(err)
 		}
-		fmt.Println("Access token", tokenId, "not found")
+		fmt.Printf("Access token %s not found\n", tokenId)
 		return c.NoContent(http.StatusNotFound)
 	}
-	fmt.Println("User found for token: username =", result.Username, ", guid =", result.Id)
+	fmt.Printf("User found for token: username = %s , guid =%s\n", result.Username, result.Id)
 
+	// Find all the scopes associated with the token
+	fmt.Printf("Reading scopes ... ")
+	queryString = `
+		SELECT DISTINCT osf_apioauth2scope.name
+		FROM osf_apioauth2personaltoken_scopes
+			JOIN osf_apioauth2personaltoken
+		   		on osf_apioauth2personaltoken_scopes.apioauth2personaltoken_id = osf_apioauth2personaltoken.id
+			JOIN osf_apioauth2scope
+		   		on osf_apioauth2personaltoken_scopes.apioauth2scope_id = osf_apioauth2scope.id
+		WHERE osf_apioauth2personaltoken.token_id = $1
+	`
+	rows, err := DatabaseConnection.Query(queryString, tokenId)
+	if err != nil {
+		if err != sql.ErrNoRows {
+			panic(err)
+		}
+		fmt.Printf("No scope is found for access token %s\n", tokenId)
+		return c.NoContent(http.StatusNotFound)
+	}
+	defer rows.Close()
+	scopes := make([]string, 0)
+	var scope string
+	for rows.Next() {
+		err = rows.Scan(&scope)
+		if err != nil {
+			panic(err)
+		}
+		fmt.Printf("%s, ", scope)
+		scopes = append(scopes, scope)
+	}
+	err = rows.Err()
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("... %d scopes in total.\n", len(scopes))
+
+	// Return 200 with user information and scopes
 	return c.JSON(200, OAuthResponse{
 		Id: result.Id,
 		Attributes: OAuthAttributes{
 			LastName:  result.FamilyName,
 			FirstName: result.GivenName,
 		},
-		Scope: strings.Split(scopes, " "),
+		Scope: scopes,
 	})
 }
+
+func OAuthRevoke(c echo.Context) error {
+	return c.NoContent(http.StatusNoContent)
+}