Project

General

Profile

« Previous | Next » 

Revision 9533

dd the hasValidAuthToken() method to determine if the current token (if any) is valid. Use this and validateSession() within the script to determine if we need to call Metacat->login() or not. Add some minor debugging to work through the code stages using auth tokens.

refs https://github.nceas.ucsb.edu/KNB/arctic-data/issues/42

View differences:

src/perl/register-dataset.cgi
389 389
	# None of the stages have been reached and data is not being confirmed.
390 390

  
391 391
	# check if the user is logged in...
392
	my $session = CGI::Session->load() or die CGI::Session->errstr();
393
	if ( $session->is_empty ) {
392
	if ( ! validateSession() ) {
394 393

  
395 394
		# no session found ... redirect to login page template
396 395
		$$templateVars{'showInstructions'} = 'true';
......
475 474

  
476 475
if ( !$error ) {
477 476

  
478
	# Login to metacat
479
	my ( $username, $password ) = getCredentials();
480
	my $response = $metacat->login( $username, $password );
481
	my $errorMessage = "";
477
	# Login to metacat if there is no authentication token
478
    my $response = hasValidAuthToken();
479
    if ( ! $response ) {
480
    	my ( $username, $password ) = getCredentials();
481
    	$response = $metacat->login( $username, $password );
482
    	my $errorMessage = "";
483
        
484
    }
482 485
    
483 486
	# Parameters have been validated and Create the XML document
484 487
	my $xmldoc = createXMLDocument();
......
518 521
			}
519 522
		}
520 523

  
521
		debug("A");
524
		debug("Checking for a FORM docid.");
522 525
		if ( $FORM::docid eq "" ) {
523
			debug("B1");
526
			debug("No FORM docid is present. Generating one from Metacat.");
524 527

  
525 528
			# document is being inserted
526 529
			my $docStatus = "INCOMPLETE";
......
533 536
                $xmldocWithDocID =~ s/docid/$docid/;
534 537
                debugDoc($xmldocWithDocID);
535 538
                $docStatus = insertMetadata( $xmldocWithDocID, $docid );
536
                               
537
                debug("B2");
538
                
539
                                               
539 540
			}
540
                        
541
            debug("B3");
542
            
541
                                    
543 542
            if ( $docStatus ne "SUCCESS" ) {
544 543
                debug("NO SUCCESS");
545 544
                debug("Message is: $docStatus");
......
552 551
            
553 552
		}
554 553
		else {
555
			debug("M1");
554
			debug("The form has an existing docid: " . $FORM::docid);
556 555

  
557 556
			# document is being modified
558 557
			$docid = incrementRevision($FORM::docid);
......
560 559
			$xmldoc =~ s/docid/$docid/;
561 560
			debugDoc($xmldoc);
562 561

  
562
            debug('Updating docid: ' . $docid);
563 563
			my $response = $metacat->update( $docid, $xmldoc );
564 564

  
565 565
			if ( !$response ) {
......
567 567
				push( @errorMessages, "Failed while updating.\n" );
568 568
			}
569 569

  
570
			debug("M2, $docid");
570
			debug("Updated document with docid: $docid");
571 571
			if ( scalar(@errorMessages) ) {
572 572
				debug("Errors defined in modify.");
573 573

  
......
682 682
    
683 683
}
684 684

  
685
debug("C");
686

  
687 685
if ( scalar(@errorMessages) ) {
688 686
	debug("ErrorMessages defined.");
689 687
	$$templateVars{'docid'} = $FORM::docid;
......
725 723

  
726 724
	debug("Trying to insert the following document");
727 725
	my $docStatus = "SUCCESS";
728
	debug("Starting insert of $docid (D1)");
726
	debug("Starting insert of $docid");
729 727

  
730 728
	my $response = $metacat->insert( $docid, $xmldoc );
731 729
	if ( !$response ) {
732
		debug("Response gotten (D2)");
730
		debug("Response gotten for docid: " . $docid);
733 731
		my $errormsg = $metacat->getMessage();
734
		debug( "Error is (D3): " . $errormsg );
732
		debug( "Error is: " . $errormsg );
735 733
		if ( $errormsg =~ /is already in use/ ) {
736 734
			$docStatus = "INCOMPLETE";
737 735
		}
......
742 740
			$docStatus = $errormsg;
743 741
		}
744 742
	}
745
	debug("Ending insert (D4)");
743
	debug("Ending insert of docid: " . $docid);
746 744

  
747 745
	return $docStatus;
748 746
}
......
1294 1292
	}
1295 1293
    
1296 1294
	# Now the file is on disk, send the object to Metacat
1297
	my $session = CGI::Session->load();
1298
	if ( $session->is_empty ) {
1295
	if ( ! validateSession() ) {
1299 1296
		push( @errorMessages, "Must be logged in to upload files." );
1300 1297
		debug("Not logged in, cannot upload files.");
1301 1298
		return 0;
......
1476 1473
sub deleteFileData {
1477 1474
	my $input = shift;
1478 1475
	my ( $docid, $fileHash ) = datafileInfo($input);
1479
	my $metacat = Metacat->new($metacatUrl);
1476
	my ($username, $password);
1477
    my $metacat = Metacat->new($metacatUrl);
1480 1478
    setAuthToken($metacat);
1481

  
1482
	my ( $username, $password ) = getCredentials();
1483
	my $response = $metacat->login( $username, $password );
1479
    
1480
    my $response = hasValidAuthToken();
1481
    if ( ! $response ) {
1482
    	( $username, $password ) = getCredentials();
1483
    	$response = $metacat->login( $username, $password );
1484
        
1485
    }
1484 1486
	if ( !$response ) {
1485 1487
		my $msg = $metacat->getMessage();
1486 1488
		push( @errorMessages,
......
1510 1512
	my $filename = shift;
1511 1513

  
1512 1514
	debug("Upload -- Starting upload of $docid");
1515
    
1513 1516
	my $response = $metacat->upload( $docid, $data, $filename );
1514 1517
	if ( !$response ) {
1515 1518
		
......
2470 2473
	my $element;
2471 2474
	my $tempfile;
2472 2475

  
2473
	my ( $username, $password ) = getCredentials();
2474
	$metacat->login( $username, $password );
2476
    if ( ! hasValidAuthToken() ) {
2477
        my ( $username, $password ) = getCredentials();
2478
	    $metacat->login( $username, $password );
2479
  
2480
    }
2475 2481

  
2476 2482
	$httpMessage = $metacat->read($docid);
2477 2483
	$doc         = $httpMessage->content();
......
3520 3526

  
3521 3527
	# Login to metacat
3522 3528
	my $errorMessage = "";
3523
	my ( $username, $password ) = getCredentials();
3524
	my $response = $metacat->login( $username, $password );
3529
    
3530
    my $response = hasValidAuthToken();
3531
    if ( ! $response ) {
3532
    	my ( $username, $password ) = getCredentials();
3533
    	$response = $metacat->login( $username, $password );
3534
        
3535
    }
3525 3536

  
3526 3537
	if ( !$response ) {
3527 3538

  
......
3637 3648

  
3638 3649
	# Check if a session already exists
3639 3650
	my $session = CGI::Session->load() or die CGI::Session->errstr();
3640
	if ( $session->is_empty ) {
3651
	if ( ! validateSession() ) { # tokens won't be involved in login()
3641 3652

  
3642 3653
		# no session found ... check if the login is correct
3643 3654
		my $username = $FORM::username;
3644 3655
		my $password = $FORM::password;
3645 3656

  
3646 3657
		my $metacat = Metacat->new($metacatUrl);
3647
        setAuthToken($metacat);
3648
		my $returnVal = $metacat->login( $username, $password );
3649
		debug(
3650
"Login was $returnVal for login attempt to $metacatUrl, with $username"
3651
		);
3658
                
3659
    	my $returnVal = $metacat->login( $username, $password );
3660
            
3661
		debug("Login was $returnVal for login " . 
3662
              "attempt to $metacatUrl, with $username");
3663
              
3652 3664
		if ( $returnVal > 0 ) {
3653 3665

  
3654 3666
			# valid username and passwd
......
3781 3793
	my $metacat = Metacat->new($metacatUrl);
3782 3794
	setAuthToken($metacat);
3783 3795
    
3784
	my ( $username, $password ) = getCredentials();
3785
	$metacat->login( $username, $password );
3796
    if ( ! hasValidAuthToken() ) {
3797
    	my ( $username, $password ) = getCredentials();
3798
    	$metacat->login( $username, $password );
3799
        
3800
    }
3786 3801
	
3787 3802
	my $userInfo = $metacat->getUserInfo($sessionId);
3788 3803
	
......
3895 3910
sub getReviewHistoryHTML {
3896 3911
	my $metacat = Metacat->new($metacatUrl);
3897 3912
	setAuthToken($metacat);
3898
	my ( $username, $password ) = getCredentials();
3899
	$metacat->login( $username, $password );
3913
    if ( ! hasValidAuthToken() ) {
3914
    	my ( $username, $password ) = getCredentials();
3915
    	$metacat->login( $username, $password );
3916
        
3917
    }
3918
    
3900 3919
	my $parser = XML::LibXML->new();
3901 3920
	my $docid  = $FORM::docid;
3902 3921
	my ( $x, $y, $z ) = split( /\./, $docid );
......
3959 3978
	my $userDN              = '';
3960 3979

  
3961 3980
	# Log into metacat
3962
	my $response = $metacat->login( $modUsername, $modPassword );
3981
    my $response = hasValidAuthToken();
3982
    if ( ! $response ) {
3983
    	$response = $metacat->login( $modUsername, $modPassword );
3984
        
3985
    }
3963 3986
	my $docid = $FORM::docid;
3964 3987

  
3965 3988
	if ( !$response ) {
......
4133 4156
	my $title;
4134 4157

  
4135 4158
	# Log into metacat
4136
	my $response = $metacat->login( $modUsername, $modPassword );
4159
    my $response = hasValidAuthToken();
4160
    if ( ! $response ) {
4161
    	$response = $metacat->login( $modUsername, $modPassword );
4162
        
4163
    }
4137 4164

  
4138 4165
	if ( !$response ) {
4139 4166

  
......
4272 4299
	my $userDN = '';
4273 4300

  
4274 4301
	# Log into metacat
4275
	my $response = $metacat->login( $modUsername, $modPassword );
4302
    my $response = hasValidAuthToken();
4303
    if ( ! $response ) {
4304
    	$response = $metacat->login( $modUsername, $modPassword );
4305
        
4306
    }
4276 4307

  
4277 4308
	if ( !$response ) {
4278 4309

  
......
5477 5508
sub setAuthToken() {
5478 5509
    my $metacat = shift;
5479 5510
    
5511
    if ( $debug_enabled ) {
5512
        debug('setAuthToken() called.');
5513
        
5514
    }
5515
    
5480 5516
    eval { $metacat->isa('Metacat'); };
5481 5517
    
5482 5518
    if ( ! $@ ) {
......
5484 5520
        if ( $ENV{'HTTP_AUTHORIZATION'}) {
5485 5521
            $metacat->set_options( 
5486 5522
                auth_token_header => $ENV{'HTTP_AUTHORIZATION'});
5523
        } else {
5524
            if ( $debug_enabled ) {
5525
                debug("There is no HTTP_AUTHORIZATION variable. " .
5526
                      "Did not set Metacat->{'auth_token_header'}");
5527
        
5528
            }
5487 5529
        }
5488 5530
        
5489 5531
    } else {
5490 5532
        debug('Not an instance of Metacat.' .
5491
        'Pass a Metacat object only to setAuthToken()');
5533
        'Pass a Metacat object only to setAuthToken().');
5492 5534
    }
5493 5535
}
5494 5536

  
......
5499 5541
#
5500 5542
################################################################################
5501 5543
sub getSigningCertificate() {
5544
    
5545
    if ( $debug_enabled ) {
5546
        debug('getSigningCertificate called.');
5502 5547
        
5548
    }   
5549
     
5503 5550
    open(my $pem_cert_file, ">", $pem_file_path)
5504 5551
        or die "\nCould not open PEM certificate file: $!\n";
5505 5552

  
......
5557 5604
        "-out", $der_file_path, "-outform", "DER");
5558 5605
    system(@convert_der_args);
5559 5606
    
5607
    # For debugging, display the cert details
5608
    if ( $debug_enabled ) {
5609
        my @cert_info = `openssl x509 -noout -issuer -subject -dates -in $pem_file_path`;
5610
        debug("Signing certificate info: ");
5611
        for my $info_line (@cert_info) {
5612
            debug($info_line);
5613
            
5614
        }
5615
    }
5560 5616
}
5561 5617

  
5562 5618
################################################################################
......
5566 5622
################################################################################
5567 5623
sub getTokenInfo() {
5568 5624
    # Initialize the token info hash
5625
    if ( $debug_enabled ) {
5626
        debug('getTokenInfo() called.');
5627
    }
5628
    
5569 5629
    my $token_info = {
5570 5630
            userId      => '',
5571 5631
            issuedAt    => '',
......
5583 5643
    if ( $ENV{'HTTP_AUTHORIZATION'} ) {
5584 5644
        my @token_parts = split(/ /, $ENV{'HTTP_AUTHORIZATION'});
5585 5645
        $token = @token_parts[1];
5586
        
5587 5646
    }
5588 5647
    
5589 5648
    my $der_cert_file;
......
5596 5655
    }
5597 5656
    
5598 5657
    # Read the DER-encoded certificate
5599
    open($der_cert_file, "<", $cn . ".der")
5658
    open($der_cert_file, "<", $der_file_path)
5600 5659
        or die "\nCould not open DER certificate file: $!\n";
5601 5660
    binmode($der_cert_file);
5602 5661
    read($der_cert_file, $signing_cert, 4096)
......
5604 5663
    close($der_cert_file);
5605 5664
    
5606 5665
    my $cert = Crypt::X509->new(cert=>$signing_cert);
5607
    
5666
        
5608 5667
    # Decode the token using Crypt::JWT 
5609
    eval{ $token_info = decode_jwt(token=>$token, key=>$cert); };
5668
    eval{ $token_info = decode_jwt(token=>$token, key=>$cert) };
5610 5669
    if ( ! $@ ) { 
5611 5670
        $$token_info{isValid} = 1;
5671
        
5672
    } else {
5673
        debug($@);
5674
        
5612 5675
    }
5613 5676
    
5614 5677
    return $token_info;
......
5628 5691
        debug('validateSession() called.');
5629 5692
    }
5630 5693
    
5631
    my %token_info = getTokenInfo();
5694
    my $token_info = getTokenInfo();
5632 5695
    my $session = CGI::Session->load();
5633 5696
    my $valid = 0;
5634
   
5635
    if ( $token_info{'isValid'} ) {
5697
       
5698
    if ( $token_info->{"isValid"} ) {
5636 5699
        $valid = 1;
5637 5700
        if ( $debug_enabled ) {
5638 5701
                debug('The auth token session is valid.');
......
5654 5717
        }
5655 5718
    }
5656 5719
    
5720
    if ( $debug_enabled ) {
5721
        while( my ($k, $v) = each %$token_info ) {
5722
            debug("$k: $v");
5723
        }
5724
    }
5725
    
5726
    
5657 5727
    return $valid;
5658 5728
}
5729

  
5730
################################################################################
5731
#
5732
# Determine if the current authentication token is valid
5733
#
5734
################################################################################
5735
sub hasValidAuthToken() {
5736
    
5737
    if ( $debug_enabled ) {
5738
        debug('hasValidAuthToken() called.');
5739
    }
5740
    
5741
    my $token_info = getTokenInfo();
5742

  
5743
    if ( $debug_enabled ) {
5744
        debug("Auth token is valid: $token_info->{'isValid'}");
5745
    }
5746
    
5747
    return $token_info->{'isValid'};
5748
}

Also available in: Unified diff