Merge branch 'prerelease' into improvement/LIMS-979/add-unqueue-all/s…

…elected-buttons

.github/workflows/ci.yml

@@ -61,9 +61,8 @@ jobs:
           php_version: 7.3
           version: 9
 
-      # Note, lint errors are being escaped here - so this will report, but not cause the build to fail
       - name: Run Psalm
-        run: psalm --output-format=github || exit 0
+        run: psalm --output-format=github
 
   js_build:
     name: JavaScript build, test and lint
@@ -81,6 +80,7 @@ jobs:
         # hack the output from the linting steps to avoid these stopping the builds - we are not going to get 
         # to a clean output without considerable effort, but it's useful to see the output
         run: |
+              cp src/js/config_sample.json src/js/config.json
               node --version
               npm ci
               npm run build

.gitignore

@@ -27,6 +27,7 @@ client/index.php
 client/dist
 client/index.html
 client/.env
+client/src/js/config.json
 
 api/config.php
 api/vendor
@@ -38,3 +39,5 @@ entrypoint.bash
 php-fpm.conf
 php-fpm.pid
 php.ini
+
+*~

api/config_sample.php

@@ -43,10 +43,17 @@
     # CAS CA Cert (for SSO)
     $cacert = '/etc/certs/ca-bundle.crt';
 
-    # ldap server, used for lookup and authentication (if using)
+    # ldap server, used for lookup and authentication (if using, set to null if not)
     # Update the ldap(s) prefix, hostname and search settings as required
     $ldap_server = 'ldaps://ldap.example.com';
     $ldap_search = 'ou=people,dc=example,dc=com';
+    # Specify the LDAP server type, can be either 
+    # "openldap" (default) or "activedirectory"
+    $ldap_server_type = "openldap";
+    # If using "activedirectory" then specify the legacy domain name.
+    # i.e. "MYDOMAIN" rather than "mydomain.com" 
+    # This will be prepended onto the username (e.g. MYDOMAIN\mylogin)
+    $active_directory_domain = "MYDOMAIN";
     $ldap_use_tls = false; # default - i.e. don't use secured LDAP connection
 
     # Upload directory
@@ -57,6 +64,9 @@
     # - Show at the top of every page on first load
     $motd = 'This is the message of the day.';
 
+    # Synchweb version, displayed in footer of each page
+    $synchweb_version = '';
+
     # Maintainance Mode
     # - Disables site access, showing a message
     # - This is defined in client/js/config.json
@@ -67,6 +77,12 @@
     # URL to access the PV archiver
     $archive_url = '';
 
+    # URL to access elog logbook
+    $elog_base_url = '';
+    $elog_callouts_page = '';
+    $elog_ehc_page = '';
+
+
     # Valid Components
     #   Denotes that only staff may create proteins, otherwise they must come from replication 
     #   with a valid `externalid`, users may still clone proteins
@@ -248,7 +264,10 @@
     # Shipping service details
     $use_shipping_service = null;
     $use_shipping_service_incoming_shipments = null;
-    $shipping_service_url = null;
+    $shipping_service_api_url = null;
+    $shipping_service_api_user = null;
+    $shipping_service_api_password = null;
+    $shipping_service_app_url = null;
     $shipping_service_links_in_emails = null;
 
 
@@ -304,7 +323,8 @@
         array(
             'name' => 'i03',
             'group' => 'mx',
-            'archived' => False
+            'archived' => False,
+            'logbook' => 'BLI03'
         ),
         array(
             'name' => 'i04',

api/index.php

@@ -24,6 +24,7 @@
 use SynchWeb\Database\DatabaseParent;
 use SynchWeb\ImagingShared;
 use SynchWeb\Dispatch;
+use SynchWeb\Options;
 
 require 'vendor/autoload.php';
 
@@ -69,10 +70,11 @@ function setupApplication($mode): Slim
         global $motd, $authentication_type, $cas_url, $cas_sso, $sso_url, $package_description,
             $facility_courier_countries, $facility_courier_countries_nde,
             $dhl_enable, $dhl_link, $scale_grid, $scale_grid_end_date, $preset_proposal, $timezone,
-            $valid_components, $enabled_container_types, $ifsummary;
+            $valid_components, $enabled_container_types, $ifsummary, $synchweb_version;
         $app->contentType('application/json');
+        $options = $app->container['options'];
         $app->response()->body(json_encode(array(
-            'motd' => $motd,
+            'motd' => $options->get('motd', $motd),
             'authentication_type' => $authentication_type,
             'cas_url' => $cas_url,
             'cas_sso' => $cas_sso,
@@ -88,7 +90,8 @@ function setupApplication($mode): Slim
             'timezone' => $timezone,
             'valid_components' => $valid_components,
             'enabled_container_types' => $enabled_container_types,
-            'ifsummary' => $ifsummary
+            'ifsummary' => $ifsummary,
+            'synchweb_version' => $synchweb_version
         )));
     });
     return $app;
@@ -145,4 +148,8 @@ function setupDependencyInjectionContainer($app)
     $app->container->singleton('dispatch', function () use ($app) {
         return new Dispatch($app, $app->container['db'], $app->container['user']);
     });
+
+    $app->container->singleton('options', function () use ($app) {
+        return new Options($app->container['db']);
+    });
 }

api/scripts/mtz2map.sh

@@ -15,15 +15,35 @@ export CLIBD=$CCP4_MASTER/lib/data
 export CCP4_SCR=/tmp
 export root=$CCP4_MASTER/bin
 
+if [ -f $1 ]; then
+	mtz=$1
+else
+	if [ -f $1.gz ]; then
+		mtz=/tmp/$2_$3.mtz
+		gunzip -c $1.gz > $mtz
+	else
+		echo "No mtz file found"
+		exit
+	fi
+fi
+
 if [ $3 == 'dimple' -o $3 == 'mrbump' ]; then
 
+if [ -f $4 ]; then
+	pdb=$4
+else
+	if [ -f $4.gz ]; then
+		pdb=/tmp/$2_$3.pdb
+		gunzip -c $4.gz > $pdb
+	else
+		echo "No pdb file found"
+		exit
+	fi
+fi
+
 if [ $3 == 'dimple' ]; then
-	# fofc2="F1=F SIG1=SIGF PHI=PH2FOFCWT W=FOM"
-	# fofc="F1=F SIG1=SIGF PHI=PHFOFCWT W=FOM"
-	# fofc2="F1=F SIG1=SIGF PHI=PHWT W=FOM"
-	# fofc="F1=F SIG1=SIGF PHI=PHDELWT W=FOM"
 
-	if $root/mtzinfo $1 | grep -q PH2FOFCWT; then
+	if $root/mtzinfo $mtz | grep -q PH2FOFCWT; then
 		fofc2="F1=2FOFCWT SIG1=SIGF PHI=PH2FOFCWT"
 		fofc="F1=F SIG1=SIGF PHI=PHFOFCWT W=FOM"
 	else
@@ -37,7 +57,7 @@ fi
 
 # F SIGF FC PHIC FC_ALL PHIC_ALL FWT PHWT DELFWT PHDELWT FOM FC_ALL_LS PHIC_ALL_LS
 
-$root/fft HKLIN $1 MAPOUT "/tmp/$2_$3_2fofc.map.tmp" << eof
+$root/fft HKLIN $mtz MAPOUT "/tmp/$2_$3_2fofc.map.tmp" << eof
 title $2 2fofc
 xyzlim asu
 scale F1 1.0
@@ -46,11 +66,11 @@ $fofc2
 end
 eof
 
-$root/mapmask MAPIN "/tmp/$2_$3_2fofc.map.tmp" MAPOUT "/tmp/$2_$3_2fofc.map" XYZIN "$4" << eof
+$root/mapmask MAPIN "/tmp/$2_$3_2fofc.map.tmp" MAPOUT "/tmp/$2_$3_2fofc.map" XYZIN "$pdb" << eof
 BORDER 5
 eof
 
-$root/fft HKLIN $1 MAPOUT "/tmp/$2_$3_fofc.map.tmp" << eof
+$root/fft HKLIN $mtz MAPOUT "/tmp/$2_$3_fofc.map.tmp" << eof
 title $2 fofc
 xyzlim asu
 scale F1 1.0
@@ -60,16 +80,17 @@ end
 eof
 
 
-$root/mapmask MAPIN "/tmp/$2_$3_fofc.map.tmp" MAPOUT "/tmp/$2_$3_fofc.map" XYZIN "$4" << eof
+$root/mapmask MAPIN "/tmp/$2_$3_fofc.map.tmp" MAPOUT "/tmp/$2_$3_fofc.map" XYZIN "$pdb" << eof
 BORDER 5
 eof
 
 gzip "/tmp/$2_$3_2fofc.map"
 gzip "/tmp/$2_$3_fofc.map"
 
+rm -f /tmp/$2_$3.pdb
 
 else
-$root/fft HKLIN $1 MAPOUT "/tmp/$2_$3.map" << eof
+$root/fft HKLIN $mtz MAPOUT "/tmp/$2_$3.map" << eof
 title $2 fofc
 xyzlim asu
 scale F1 1.0
@@ -78,10 +99,8 @@ F1=F SIG1=SIGF PHI=PHI W=FOM
 end
 eof
 
-#$mm MAPIN "/tmp/$2_ep.map.tmp" MAPOUT "/tmp/$2_ep.map" XYZIN "$4" << eof
-#BORDER 5
-#eof
-
 gzip "/tmp/$2_$3.map"
 
 fi
+
+rm -f /tmp/$2_$3.mtz

api/src/Authentication/Type/LDAP.php

@@ -24,26 +24,44 @@ function check()
 
     function authenticate($login, $password)
     {
-        global $ldap_server, $ldap_search, $ldap_use_tls;
+        global $ldap_server, $ldap_search, $ldap_use_tls, $ldap_server_type, $active_directory_domain;
+        if (!$ldap_server_type) {
+            $ldap_search_type = "openldap";
+        }
 
         $conn = ldap_connect($ldap_server);
 
         if ($conn) {
             // Tested against LDAP version 3 (could add support for older versions here)
+            /**
+             * @psalm-suppress UndefinedConstant
+             */
             ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
 
             // use a secure connection for LDAP, if configured this way (default is unsecured as this was the historical setting)
             if ($ldap_use_tls) {
                 ldap_start_tls($conn);
             }
-
             try {
-                // testing with openldap indicates this call needs to use a correct
-                // DN syntax: "uid=<login>,ou=people,dc=example,dc=com"
-                return ldap_bind($conn, "uid=" . $login . "," . $ldap_search, $password);
+                if ($ldap_server_type == "activedirectory") {
+                    if (!$active_directory_domain) {
+                        error_log("'active_directory_domain' parameter is not defined.");
+                        error_log("\t This is required when LDAP server type is 'activedirectory'");
+                        return false;
+                    }
+                    $ldap_user = $active_directory_domain . "\\" . $login;
+                } else {
+                    // testing with openldap indicates this call needs to use a correct
+                    // DN syntax: "uid=<login>,ou=people,dc=example,dc=com"
+                    $ldap_user = "uid=" . $login . "," . $ldap_search;
+                }
+                return ldap_bind($conn, $ldap_user, $password);
 
                 // Couldn't bind
             } catch (\Exception $e) {
+                error_log("SynchWeb - LDAP Auth FAILURE for user $login");
+                error_log("\t" . $e->getMessage());
+                error_log("\tldap_error: " . ldap_error($conn) . "  (Err Code: " . ldap_errno($conn) . ")");
                 return false;
             }
         }

api/src/Authentication/Type/OIDC.php

@@ -8,37 +8,41 @@
 
 class OIDC extends AuthenticationParent implements AuthenticationInterface
 {
-    private $providerConfig = array();
+    //** Cache for providerConfig */
+    private $providerConfigCache = null;
 
-    function __construct() {
+    private function getProviderConfig() {
         global $sso_url, $oidc_client_id, $oidc_client_secret;
-
-        $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, 'https://' . $sso_url . '/.well-known/openid-configuration');
-        curl_setopt($ch, CURLOPT_HEADER, 0);
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-        $response = curl_exec($ch);
-        curl_close($ch);
-        $newProviderConfig = json_decode($response);
-
-        if(!$newProviderConfig
-            || !isset($newProviderConfig->userinfo_endpoint)
-            || !isset($newProviderConfig->authorization_endpoint) 
-            || !isset($newProviderConfig->token_endpoint)) {
-            error_log("OIDC Authentication provider replied with invalid JSON body");
-            return;
+        if (is_null($this->providerConfigCache)) {            
+
+            $ch = curl_init();
+            curl_setopt($ch, CURLOPT_URL, 'https://' . $sso_url . '/.well-known/openid-configuration');
+            curl_setopt($ch, CURLOPT_HEADER, 0);
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+            $response = curl_exec($ch);
+            curl_close($ch);
+            $newProviderConfig = json_decode($response);
+
+            if(!$newProviderConfig
+                || !isset($newProviderConfig->userinfo_endpoint)
+                || !isset($newProviderConfig->authorization_endpoint) 
+                || !isset($newProviderConfig->token_endpoint)) {
+                error_log("OIDC Authentication provider replied with invalid JSON body");
+                return null;
+            }
+            $newProviderConfig->b64ClientCreds = base64_encode(
+                $oidc_client_id . ":" . $oidc_client_secret
+            );
+
+            $this->providerConfigCache = $newProviderConfig;
         }
-        $newProviderConfig->b64ClientCreds = base64_encode(
-            $oidc_client_id . ":" . $oidc_client_secret
-        );
-
-        $this->providerConfig = $newProviderConfig;
+        return $this->providerConfigCache;
     }
 
     private function getUser($token)
     {        
         $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, $this->providerConfig->userinfo_endpoint);
+        curl_setopt($ch, CURLOPT_URL, $this->getProviderConfig()->userinfo_endpoint);
         curl_setopt($ch, CURLOPT_HEADER, 0);
         curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $token));
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
@@ -74,7 +78,7 @@ function authorise()
         global $oidc_client_id;
         $redirect_url = Utils::filterParamFromUrl($_SERVER["HTTP_REFERER"], "code");
 
-        return ( $this->providerConfig->authorization_endpoint . 
+        return ( $this->getProviderConfig()->authorization_endpoint . 
             '?response_type=code&client_id=' . $oidc_client_id . 
             '&redirect_uri=' . $redirect_url
         );
@@ -87,14 +91,14 @@ function authenticateByCode($code)
         $redirect_url = Utils::filterParamFromUrl($_SERVER["HTTP_REFERER"], "code");
 
         $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, $this->providerConfig->token_endpoint . 
+        curl_setopt($ch, CURLOPT_URL, $this->getProviderConfig()->token_endpoint . 
             '?grant_type=authorization_code&redirect_uri=' . 
             $redirect_url . 
             "&code=" . $code
         );
         curl_setopt($ch, CURLOPT_HEADER, 0);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic ' . $this->providerConfig->b64ClientCreds));
+        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic ' . $this->getProviderConfig()->b64ClientCreds));
         $response = curl_exec($ch);
         curl_close($ch);
 
@@ -105,14 +109,14 @@ function authenticateByCode($code)
         }        
 
         $token = $response_json->access_token;
-
+        
         if(!$token) {
             error_log("Invalid authentication attempt, provider returned no access token");
             return false;
         }
 
         $cookieOpts = array (
-            'expires' => time() + 60*60*24,
+            'expires' => time() + $response_json->expires_in,
             'path' => '/',
             'secure' => true,
             'httponly' => true,
@@ -123,4 +127,3 @@ function authenticateByCode($code)
         return $this->getUser($token);
     }
 }
-