Merge pull request #113 from midas-isg/security-changes

Security changes
midas-isg · Apr 11, 2019 · 04ad56f · 04ad56f
2 parents 57cd762 + 45e895b
commit 04ad56f
Show file tree

Hide file tree

Showing 17 changed files with 153 additions and 91 deletions.
diff --git a/app/controllers/Application.java b/app/controllers/Application.java
@@ -7,6 +7,7 @@
 import play.mvc.Controller;
 import play.mvc.Http.Context;
 import play.mvc.Result;
+import security.auth0.Auth0Aid;
 import security.controllers.UserController;
 
 
@@ -34,43 +35,27 @@ private static void init() {
 		}
 	}
 
-	public Result index() {
-		return basicSearch();
+	public static boolean hasCredentials() {
+		return (session(Auth0Aid.idTokenKey) != null);
 	}
 
-	public Result basicSearch() {
-		return ok(views.html.index.render("search", info()));
-	}
-
-	public Result mapSearch() {
-		return ok(views.html.map_search.render("map search", info()));
-	}
-
-	public Result translate() {
-		return ok(views.html.translate.render("translator", info()));
-	}
-
-	public Result results() {
-		return ok(views.html.results.render("refine search", info()));
-	}
-
-	public Result browser() {
-		return ok(views.html.browser.render("browser", info()));
+	@Transactional
+	public Result create() {
+		return ok(views.html.create.render("creator", info(), hasCredentials()));
 	}
 
 	@Transactional
-	public Result resolver() {
-		return ok(views.html.resolver.render("resolver", info()));
+	public Result concept() {
+		Logger.warn("\nWARNING! " + Context.current().request().uri() + " is deprecated and may stop being available in the future!\n");
+		return ok(views.html.concept.render("concept", info(), hasCredentials()));
 	}
 
 	@Transactional
-	public Result create() {
-		return ok(views.html.create.render("creator", info()));
+	public Result resolver() {
+		return ok(views.html.resolver.render("resolver", info(), hasCredentials()));
 	}
 
-	@Transactional
-	public Result concept() {
-		Logger.warn("\nWARNING! " + Context.current().request().uri() + " is deprecated and may stop being available in the future!\n");
-		return ok(views.html.concept.render("concept", info()));
+	public Result translate() {
+		return ok(views.html.translate.render("translator", info(), hasCredentials()));
 	}
 }
diff --git a/app/controllers/UnsecuredApplication.java b/app/controllers/UnsecuredApplication.java
@@ -4,7 +4,9 @@
 import play.Logger;
 import play.Play;
 import play.db.jpa.Transactional;
+import play.libs.Scala;
 import play.mvc.Result;
+import security.auth0.Auth0Aid;
 import play.mvc.Http.Context;
 import play.mvc.Controller;
 
@@ -24,7 +26,7 @@ private static void init() {
 			String version = "Version: " + cfg.getString("app.version");
 			String dbName = "Database: " + cfg.getString("db.default.url");
 
-			INFO = "Copyright 2014-2017 - University of Pittsburgh, " 
+			INFO = "Copyright 2014-2019 - University of Pittsburgh, " 
 				+ version;
 
 			if(Play.isDev()) {
@@ -34,50 +36,30 @@ private static void init() {
 	}
 
 	public Result about() {
-		return ok(views.html.about.render("about", info()));
+		return ok(views.html.about.render("about", info(), Application.hasCredentials()));
+	}
+
+	public Result browser() {
+		return ok(views.html.browser.render("browser", info(), Application.hasCredentials()));
 	}
 
 	public Result error() {
-		return ok(views.html.error.render("error", info()));
+		return ok(views.html.error.render("error", info(), Application.hasCredentials()));
 	}
 
 	public Result index() {
-		return basicSearch();
+		return ok(views.html.index.render("search", info(), Application.hasCredentials()));
 	}
 
-	public Result basicSearch() {
-		return ok(views.html.index.render("search", info()));
+	public Result login() {
+		return ok(views.html.login.render("search", info(), "SPOOF!", "null", "null"));
 	}
 
 	public Result mapSearch() {
-		return ok(views.html.map_search.render("map search", info()));
-	}
-
-	public Result translate() {
-		return ok(views.html.translate.render("translator", info()));
+		return ok(views.html.map_search.render("map search", info(), Application.hasCredentials()));
 	}
 
 	public Result results() {
-		return ok(views.html.results.render("refine search", info()));
-	}
-
-	public Result browser() {
-		return ok(views.html.browser.render("browser", info()));
-	}
-
-	@Transactional
-	public Result resolver() {
-		return ok(views.html.resolver.render("resolver", info()));
-	}
-
-	@Transactional
-	public Result create() {
-		return ok(views.html.create.render("creator", info()));
-	}
-
-	@Transactional
-	public Result concept() {
-		Logger.warn("\nWARNING! " + Context.current().request().uri() + " is deprecated and may stop being available in the future!\n");
-		return ok(views.html.concept.render("concept", info()));
+		return ok(views.html.results.render("refine search", info(), Application.hasCredentials()));
 	}
 }
diff --git a/app/security/auth0/Auth0Controller.java b/app/security/auth0/Auth0Controller.java
@@ -34,9 +34,15 @@ public Promise<Result> callback(String authorizationCode){
                 .map(user -> redirectBasingOnSession(capturedSession));
     }
 
-    public Result logout() {
+    public Result logout(String currentURL) {
         session().clear();
+
+        if(currentURL != null) {
+            return redirect(aid.toAuth0AbsoluteGlobalLogoutUrl(currentURL));
+        }
+
         final String returnUrlAfterRelogin = aid.toAbsoluteLoginUrl(request());
+
         return redirect(aid.toAuth0AbsoluteGlobalLogoutUrl(returnUrlAfterRelogin));
     }
 

diff --git a/app/views/about.scala.html b/app/views/about.scala.html
@@ -1,11 +1,11 @@
-@(message: String, version:String)
+@(message: String, version:String, credentials: Boolean)
 
 @imports = {
 	<!-- <script src='@routes.Assets.at("javascripts/browser.js")' defer></script> -->
 
 	<link href='@routes.Assets.at("stylesheets/about.css")' rel='stylesheet'>
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<iframe id="about-doc" class="center-block" src="https://docs.google.com/document/d/1aBj5Vkxmme6MiAPmAF71xDLKHxPfVK8gbf6l0eoxTSA/pub?embedded=true"></iframe>
 }
diff --git a/app/views/browser.scala.html b/app/views/browser.scala.html
@@ -1,4 +1,4 @@
-@(message: String, version:String)
+@(message: String, version:String, credentials: Boolean)
 
 @imports = {
 <!-- External Packages -->
@@ -16,7 +16,7 @@
 	<script src='@routes.Assets.at("javascripts/browser.js")' defer></script>
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div>
 		<div id="header-data" hidden>
 			<div>

diff --git a/app/views/concept.scala.html b/app/views/concept.scala.html
@@ -1,4 +1,4 @@
-@(message: String, version:String)
+@(message: String, version:String, credentials: Boolean)
 
 @imports = {
 <!-- 
@@ -18,7 +18,7 @@
 -->
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div hidden><a href="http://workshops.opengeo.org/postgis-intro/" target="_blank">PostGIS Intro</a></div>
 
 	<div style="padding-left: 1%;">

diff --git a/app/views/create.scala.html b/app/views/create.scala.html
@@ -1,4 +1,4 @@
-@(message: String, version:String)
+@(message: String, version:String, credentials: Boolean)
 
 @imports = {
 <!-- External Packages -->
@@ -29,7 +29,7 @@
 	-->
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div id="create-view">
 		<div id="creation-dialog" class="no-padding">
 			<div class="extra-bottom-space">

diff --git a/app/views/error.scala.html b/app/views/error.scala.html
@@ -1,12 +1,12 @@
-@(message: String, version:String)
+@(message: String, version:String, credentials: Boolean)
 
 @imports = {
 	<!-- <script src='@routes.Assets.at("javascripts/browser.js")' defer></script> -->
 
 	<link href='@routes.Assets.at("stylesheets/about.css")' rel='stylesheet'>
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div>
 		<h2>Error!</h2>
 

diff --git a/app/views/index.scala.html b/app/views/index.scala.html
@@ -1,11 +1,11 @@
-@(message: String, version: String)
+@(message: String, version: String, credentials: Boolean)
 
 @imports = {
 	<link href='@routes.Assets.at("stylesheets/index.css")' rel='stylesheet'>
 	<link href='@routes.Assets.at("stylesheets/search.css")' rel='stylesheet'>
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div class="center-block">
 		<h1 id="headline" class="centered-text">Apollo Location Services</h1>
 

diff --git a/app/views/login.scala.html b/app/views/login.scala.html
@@ -0,0 +1,71 @@
+@import security.auth0.Auth0Aid
+@* @(aid:Auth0Aid, callbackUrl:String, userId:String) *@
+@(message: String, version: String, aid: String = "SPOOF!", callbackUrl: String = "YourMom", userId: String = "Manana")
+
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<title>Log In - LS</title>
+	</head>
+	<body>
+		<script src="https://cdn.auth0.com/js/auth0/9.7.3/auth0.min.js"></script>
+		<script type="text/javascript">
+		(function() {
+			// debugger;
+			var CONTEXT = '@http_context()',
+				auth0options = toAuth0Options();
+			new auth0.Authentication(auth0options).getSSOData(function (err, data) {
+				var message ="Please login to use the services",
+						loggedInUserId = '@userId';
+				if (data && data.sso === true) {
+					console.log('SSO: an Auth0 SSO session already exists');
+					if (loggedInUserId !== data.lastUsedUserID) {
+						console.log("SSO Session but NOT locally authenticated ");
+						authorize();
+					}
+					else {
+						console.log("SSO Session and locally authenticated ");
+						window.location = CONTEXT;
+					}
+				} else if (loggedInUserId){
+					console.log("NO SSO Session but locally authenticated -> log them out locally");
+					window.location = CONTEXT + '/logout';
+				} else {
+					console.log("NO SSO Session and NOT locally authenticated ");
+					if (window.location.hash.substr(1).match('^logout')) {
+						message = "Logged out successfully.";
+					}
+					window.location = toMidasSso(message);
+				}
+			});
+			function authorize () {
+				console.log('Authorizing ...');
+				new auth0.WebAuth(auth0options).authorize({
+					prompt: 'none'
+				});
+			}
+			function toAuth0Options() {
+				var domain = '@aid@*.domain*@';
+				return {
+					responseType: 'code',
+					clientID: '@aid@*.clientId*@',
+					audience: 'https://' + domain + '/userinfo',
+					scope: 'openid profile email',
+					redirectUri: '@callbackUrl',
+					domain: domain
+				};
+			}
+			function toMidasSso(message) {
+			    var title = "Apollo LS",
+						aboutLink = location.origin + CONTEXT + '/about',
+						returnTitle = "About LS";
+				return '@aid@*.hubWsUrl*@/sso?returnToUrl=' +
+						encodeURIComponent(window.location) + '&title=' + title +
+						'&message=' + message + '&returnUrl=' + encodeURIComponent(aboutLink) +
+						'&returnTitle=' + returnTitle;
+			}
+		})();
+		</script>
+	</body>
+</html>
+
diff --git a/app/views/main.scala.html b/app/views/main.scala.html
@@ -1,4 +1,4 @@
-@(title: String, imports: Html = Html(""), version: String)(content: Html)
+@(title: String, imports: Html = Html(""), version: String, credentials: Boolean)(content: Html)
 
 <!DOCTYPE html>
 
@@ -55,7 +55,7 @@
 				<div class="container-fluid">
 					<div class="navbar-header">
 						<span class="navbar-brand">
-							<a href="@routes.Application.index">apollo location services</a> <span id="page-title">@title</span>
+							<a href="@routes.UnsecuredApplication.index">apollo location services</a> <span id="page-title">@title</span>
 						</span>
 
 						<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navigator">
@@ -85,7 +85,7 @@
 							</li>
 							<li><a href="@http_context()/translate">Translate</a></li>
 							<li><a href="@http_context()/create">Create</a></li>
-							<li><a href="@http_context()/logout">Log out</a></li>
+							<li><a id="log-button" href="@http_context()/login">Log in</a></li>
 						</ul>
 					</div>
 				</div>
@@ -105,4 +105,20 @@
 			</div>
 		</footer>
 	</body>
+
+	<script type="application/javascript">
+		(function() {
+			var logButton = document.getElementById('log-button');
+
+			@if(credentials) {
+				logButton.href = "@http_context()/logout?targetPath=" + location.href;
+				logButton.innerHTML = "Log out";
+			} else {
+				logButton.href = "@http_context()/login?targetPath=" + location.href;
+				logButton.innerHTML = "Log in";
+			}
+
+			return;
+		})();
+	</script>
 </html>
diff --git a/app/views/map_search.scala.html b/app/views/map_search.scala.html
@@ -1,4 +1,4 @@
-@(message: String, version: String)
+@(message: String, version: String, credentials: Boolean)
 
 @imports = {
 	<!-- External Packages -->
@@ -27,7 +27,7 @@
 	-->
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div class="center-block">
 		<div id="map-div" class="vertical-spaced">
 			<div class="pull-left" style="width: calc(100% - 38px);">

diff --git a/app/views/resolver.scala.html b/app/views/resolver.scala.html
@@ -1,4 +1,4 @@
-@(message: String, version: String)
+@(message: String, version: String, credentials: Boolean)
 
 @imports = {
 <!--
@@ -14,7 +14,7 @@
 -->
 }
 
-@main(message, imports, version) {
+@main(message, imports, version, credentials) {
 	<div class="no-padding">
 		<div>
 			<div class="extra-bottom-space" style="display: inline-block;">