#5048

Committed 25 Apr 2024 05:04PM UTC coverage: 76.044% (+0.008%) from 76.036%

Build # #5048

Build Type

push

Committed by

Commit Message

[DUOS-3007][risk=no] Log stack trace when retrieving Sam user info fails (#2311)

Run Details

0 of 3 new or added lines in 2 files covered. (0.0%)

9558 of 12569 relevant lines covered (76.04%)

0.76 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

74.07

/src/main/java/org/broadinstitute/consent/http/authentication/OAuthAuthenticator.java

package org.broadinstitute.consent.http.authentication;

import com.google.gson.Gson;
import com.google.inject.Inject;
import io.dropwizard.auth.Authenticator;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.ServerErrorException;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.broadinstitute.consent.http.filters.ClaimsCache;
import org.broadinstitute.consent.http.models.AuthUser;
import org.broadinstitute.consent.http.models.sam.UserStatus;
import org.broadinstitute.consent.http.models.sam.UserStatusInfo;
import org.broadinstitute.consent.http.service.sam.SamService;
import org.broadinstitute.consent.http.util.ConsentLogger;


public class OAuthAuthenticator implements Authenticator<String, AuthUser>, ConsentLogger {

  private final SamService samService;
  private final ClaimsCache claimsCache;

  @Inject
  public OAuthAuthenticator(SamService samService) {
    this.samService = samService;
    this.claimsCache = ClaimsCache.getInstance();
  }

  @Override
  public Optional<AuthUser> authenticate(String bearer) {
    try {
      var headers = claimsCache.cache.getIfPresent(bearer);
      if (headers != null) {
        AuthUser user = buildAuthUserFromHeaders(headers);
        AuthUser userWithStatus = getUserWithStatusInfo(user);
        if (userWithStatus == null) {
          logWarn("User with status is null, authentication incomplete");
          return Optional.of(user);
        }
        return Optional.of(userWithStatus);
      }
      logException(new ServerErrorException("Error reading request headers", 500));
      return Optional.empty();
    } catch (Exception e) {
      logException("Error authenticating credentials", e);
      return Optional.empty();
    }
  }

  private AuthUser buildAuthUserFromHeaders(Map<String, String> headers) {
    String aud = headers.get(ClaimsCache.OAUTH2_CLAIM_aud);
    String token = headers.get(ClaimsCache.OAUTH2_CLAIM_access_token);
    String email = headers.get(ClaimsCache.OAUTH2_CLAIM_email);
    String name = headers.get(ClaimsCache.OAUTH2_CLAIM_name);
    // Name is not a guaranteed header
    if (name == null) {
      name = email;
    }
    if (email == null) {
      logWarn(String.format("Reading oauth2 claim headers: email is null, auth user is incomplete. Aud: %s Name: %s", aud, name));
    }
    return new AuthUser()
        .setAud(aud)
        .setAuthToken(token)
        .setEmail(email)
        .setName(name);
  }

  /**
   * Attempt to get the registration status of the current user and set the value on AuthUser
   *
   * @param authUser The AuthUser
   * @return A cloned AuthUser with Sam registration status
   */
  private AuthUser getUserWithStatusInfo(AuthUser authUser) {
    if (authUser == null || authUser.getEmail() == null) {
      logWarn("AuthUser/email is null, cannot get user status info");
      return null;
    }
    try {
      UserStatusInfo userStatusInfo = samService.getRegistrationInfo(authUser);
      if (Objects.nonNull(userStatusInfo)) {
        // safety check in case the call to generic user (i.e. Google) failed.
        if (Objects.isNull(authUser.getEmail())) {
          authUser.setEmail(userStatusInfo.getUserEmail());
        }
        if (Objects.isNull(authUser.getName())) {
          authUser.setName(userStatusInfo.getUserEmail());
        }
      } else {
        logWarn("Error getting user status info back from Sam for user: " + authUser.getEmail());
      }
      return authUser.deepCopy().setUserStatusInfo(userStatusInfo);
    } catch (NotFoundException e) {
      Gson gson = new Gson();
      // Try to post the user to Sam if they have not registered previously
      try {
        UserStatus userStatus = samService.postRegistrationInfo(authUser);
        if (Objects.nonNull(userStatus) && Objects.nonNull(userStatus.getUserInfo())) {
          authUser.setEmail(userStatus.getUserInfo().getUserEmail());
        } else {
          logWarn("Error posting to Sam, AuthUser not able to be registered: " + gson.toJson(authUser));
        }
      } catch (Exception exc) {
        logException("AuthUser not able to be registered: '" + gson.toJson(authUser), exc);
      }
    } catch (Throwable e) {
      logWarn(String.format("Exception retrieving Sam user info for '%s'", authUser.getEmail()), e);
    }
    return authUser;
  }

}

1	package org.broadinstitute.consent.http.authentication;
2
3	import com.google.gson.Gson;
4	import com.google.inject.Inject;
5	import io.dropwizard.auth.Authenticator;
6	import jakarta.ws.rs.NotFoundException;
7	import jakarta.ws.rs.ServerErrorException;
8	import java.util.Map;
9	import java.util.Objects;
10	import java.util.Optional;
11	import org.broadinstitute.consent.http.filters.ClaimsCache;
12	import org.broadinstitute.consent.http.models.AuthUser;
13	import org.broadinstitute.consent.http.models.sam.UserStatus;
14	import org.broadinstitute.consent.http.models.sam.UserStatusInfo;
15	import org.broadinstitute.consent.http.service.sam.SamService;
16	import org.broadinstitute.consent.http.util.ConsentLogger;
17
18
19	public class OAuthAuthenticator implements Authenticator<String, AuthUser>, ConsentLogger {
20
21	private final SamService samService;
22	private final ClaimsCache claimsCache;
23
24	@Inject
25	public OAuthAuthenticator(SamService samService) {	1✔
26	this.samService = samService;	1✔
27	this.claimsCache = ClaimsCache.getInstance();	1✔
28	}	1✔
29
30	@Override
31	public Optional<AuthUser> authenticate(String bearer) {
32	try {
33	var headers = claimsCache.cache.getIfPresent(bearer);	1✔
34	if (headers != null) {	1✔
35	AuthUser user = buildAuthUserFromHeaders(headers);	1✔
36	AuthUser userWithStatus = getUserWithStatusInfo(user);	1✔
37	if (userWithStatus == null) {	1✔
38	logWarn("User with status is null, authentication incomplete");	1✔
39	return Optional.of(user);	1✔
40	}
41	return Optional.of(userWithStatus);	1✔
42	}
43	logException(new ServerErrorException("Error reading request headers", 500));	×
44	return Optional.empty();	×
45	} catch (Exception e) {	×
46	logException("Error authenticating credentials", e);	×
47	return Optional.empty();	×
48	}
49	}
50
51	private AuthUser buildAuthUserFromHeaders(Map<String, String> headers) {
52	String aud = headers.get(ClaimsCache.OAUTH2_CLAIM_aud);	1✔
53	String token = headers.get(ClaimsCache.OAUTH2_CLAIM_access_token);	1✔
54	String email = headers.get(ClaimsCache.OAUTH2_CLAIM_email);	1✔
55	String name = headers.get(ClaimsCache.OAUTH2_CLAIM_name);	1✔
56	// Name is not a guaranteed header
57	if (name == null) {	1✔
58	name = email;	1✔
59	}
60	if (email == null) {	1✔
61	logWarn(String.format("Reading oauth2 claim headers: email is null, auth user is incomplete. Aud: %s Name: %s", aud, name));	1✔
62	}
63	return new AuthUser()	1✔
64	.setAud(aud)	1✔
65	.setAuthToken(token)	1✔
66	.setEmail(email)	1✔
67	.setName(name);	1✔
68	}
69
70	/**
71	* Attempt to get the registration status of the current user and set the value on AuthUser
72	*
73	* @param authUser The AuthUser
74	* @return A cloned AuthUser with Sam registration status
75	*/
76	private AuthUser getUserWithStatusInfo(AuthUser authUser) {
77	if (authUser == null \|\| authUser.getEmail() == null) {	1✔
78	logWarn("AuthUser/email is null, cannot get user status info");	1✔
79	return null;	1✔
80	}
81	try {
82	UserStatusInfo userStatusInfo = samService.getRegistrationInfo(authUser);	1✔
83	if (Objects.nonNull(userStatusInfo)) {	1✔
84	// safety check in case the call to generic user (i.e. Google) failed.
85	if (Objects.isNull(authUser.getEmail())) {	×
86	authUser.setEmail(userStatusInfo.getUserEmail());	×
87	}
88	if (Objects.isNull(authUser.getName())) {	×
89	authUser.setName(userStatusInfo.getUserEmail());	×
90	}
91	} else {
92	logWarn("Error getting user status info back from Sam for user: " + authUser.getEmail());	1✔
93	}
94	return authUser.deepCopy().setUserStatusInfo(userStatusInfo);	1✔
95	} catch (NotFoundException e) {	1✔
96	Gson gson = new Gson();	1✔
97	// Try to post the user to Sam if they have not registered previously
98	try {
99	UserStatus userStatus = samService.postRegistrationInfo(authUser);	1✔
100	if (Objects.nonNull(userStatus) && Objects.nonNull(userStatus.getUserInfo())) {	1✔
101	authUser.setEmail(userStatus.getUserInfo().getUserEmail());	×
102	} else {
103	logWarn("Error posting to Sam, AuthUser not able to be registered: " + gson.toJson(authUser));	1✔
104	}
105	} catch (Exception exc) {	×
106	logException("AuthUser not able to be registered: '" + gson.toJson(authUser), exc);	×
107	}	1✔
108	} catch (Throwable e) {	×
NEW 109	logWarn(String.format("Exception retrieving Sam user info for '%s'", authUser.getEmail()), e);	×
110	}	1✔
111	return authUser;	1✔
112	}
113
114	}

DataBiosphere / consent / #5048

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous