Merge pull request #288 from slr71/main

CORE-2013: removed support for CAS and WSO2 authentication.

.clj-kondo/config.edn

@@ -0,0 +1,7 @@
+{:lint-as {common-swagger-api.schema/defapi clojure.core/def
+           slingshot.slingshot/try+         clojure.core/try
+           pronto.core/defmapper            clojure.core/def}
+ :linters {:clojure-lsp/unused-public-var {:exclude [terrain.routes/app-wrapper]}
+           :unresolved-var                {:exclude [clojure-commons.error-codes
+                                                     ring.util.http-response]}
+           :unresolved-symbol             {:exclude [&throw-context]}}}

.gitignore

@@ -32,5 +32,6 @@ Dockerfile.local
 terrain.properties
 .eastwood
 .calva
-.clj-kondo
+.clj-kondo/*
+!.clj-kondo/config.edn
 .lsp

src/terrain/auth/user_attributes.clj

@@ -1,14 +1,12 @@
 (ns terrain.auth.user-attributes
-  (:use [slingshot.slingshot :only [try+]])
   (:require [clojure.string :as string]
             [clojure.tools.logging :as log]
             [clojure-commons.response :as resp]
-            [clojure-commons.exception :as cx]
             [clojure-commons.exception-util :as cxu]
+            [slingshot.slingshot :refer [try+]]
             [terrain.clients.iplant-groups.subjects :as subjects]
             [terrain.util.config :as cfg]
             [terrain.util.jwt :as jwt]
-            [terrain.util.oauth :as oauth-util]
             [terrain.util.keycloak-oidc :as keycloak-oidc-util]))
 
 (def
@@ -57,11 +55,6 @@
   [{:keys [jwt-claims]}]
   (jwt/terrain-user-from-jwt-claims jwt-claims))
 
-(defn user-from-wso2-jwt-claims
-  "Creates a map of values from JWT claims stored int he request by WSO2."
-  [{:keys [jwt-claims]}]
-  (jwt/terrain-user-from-jwt-claims jwt-claims jwt/user-from-wso2-assertion))
-
 (defn lookup-user
   "Looks up the user with the given username."
   [username]
@@ -76,7 +69,7 @@
       :commonName    (:description subject)})
    (catch [:status 404] _
      (cxu/internal-system-error (str "fake user " username " not found")))
-   (catch Object o
+   (catch Object _
      (cxu/internal-system-error (str "fake user lookup for username " username " failed")))))
 
 (defn fake-user-from-attributes
@@ -139,13 +132,6 @@
   [request]
   (get (:headers request) "x-iplant-de-jwt"))
 
-(defn- get-wso2-jwt-assertion
-  "Extracts a JWT assertion from the request header used by WSO2, returning nil if none is
-   found."
-  [request]
-  (when-let [header-name (cfg/wso2-jwt-header)]
-    (get (:headers request) (string/lower-case header-name))))
-
 (defn- get-authorization-header
   "Extracts the authorization header from the reqeust if present and splits it into its components."
   [request]
@@ -163,13 +149,6 @@
   [[_ token]]
   (re-find #"^(?:[\p{Alnum}_-]+=*[.]){1,2}(?:[\p{Alnum}_-]+=*)$" token))
 
-(defn- get-cas-oauth-token
-  "Returns a non-nil value if we appear to have received a CAS OAuth token."
-  [request]
-  (when-let [header (get-authorization-header request)]
-    (when (and (is-bearer? header) (not (is-jwt? header)))
-      (second header))))
-
 (defn- get-keycloak-oidc-token
   "Returns a non-nil value if we appear to have received a Keycloak bearer token."
   [request]
@@ -186,16 +165,6 @@
   (-> (wrap-current-user handler user-from-de-jwt-claims)
       (jwt/validate-jwt-assertion get-de-jwt-assertion)))
 
-(defn- wrap-wso2-jwt-auth
-  [handler]
-  (-> (wrap-current-user handler user-from-wso2-jwt-claims)
-      (jwt/validate-jwt-assertion get-wso2-jwt-assertion jwt/user-from-wso2-assertion)))
-
-(defn- wrap-cas-oauth
-  [handler]
-  (-> (wrap-current-user handler oauth-util/user-from-oauth-profile)
-      (oauth-util/validate-oauth-token get-cas-oauth-token)))
-
 (defn- wrap-keycloak-oidc
   [handler]
   (-> handler
@@ -212,8 +181,6 @@
   [handler]
   (wrap-auth-selection [[get-fake-auth           (wrap-fake-auth handler)]
                         [get-de-jwt-assertion    (wrap-de-jwt-auth handler)]
-                        [get-wso2-jwt-assertion  (wrap-wso2-jwt-auth handler)]
-                        [get-cas-oauth-token     (wrap-cas-oauth handler)]
                         [get-keycloak-oidc-token (wrap-keycloak-oidc handler)]
                         [(constantly true)       handler]]))
 
@@ -223,8 +190,6 @@
   (wrap-auth-selection
    [[get-fake-auth           handler]
     [get-de-jwt-assertion    (jwt/validate-group-membership handler cfg/allowed-groups)]
-    [get-wso2-jwt-assertion  (constantly (resp/forbidden "Admin not supported for WSO2."))]
-    [get-cas-oauth-token     (oauth-util/validate-group-membership handler cfg/allowed-groups)]
     [get-keycloak-oidc-token (keycloak-oidc-util/validate-group-membership handler cfg/allowed-groups)]
     [(constantly true)       (constantly (resp/unauthorized "Admin endpoints require authentication."))]]))
 

src/terrain/clients/app_exposer.clj

@@ -1,12 +1,7 @@
 (ns terrain.clients.app-exposer
-  (:use [kameleon.uuids :only [uuidify]])
   (:require [cemerick.url :as curl]
             [clj-http.client :as client]
             [terrain.util.config :as config]
-            [terrain.clients.apps.raw :as apps]
-            [ring.util.io :as ring-io]
-            [clojure.tools.logging :as log]
-            [clojure.java.io :as io]
             [terrain.auth.user-attributes :refer [current-user]]))
 
 (defn- augment-query
@@ -48,7 +43,7 @@
   (:body (client/post (app-exposer-url ["vice" "admin" "analyses" analysis-id "time-limit"] {} :no-user true) {:as :json})))
 
 (defn get-resources
-  "Calls app-exposer's GET /vice/listing endpoint, with filter as the query filter map. 
+  "Calls app-exposer's GET /vice/listing endpoint, with filter as the query filter map.
   Returns only results applicable to the user."
   [filter]
   (:body (client/get (app-exposer-url ["vice" "listing"] filter) {:as :json})))
@@ -211,8 +206,8 @@
       (client/delete {:as :json})
       (:body)))
 
-;;; For the (list-metadata) function, we bypass the query map handling built 
-;;; into (app-exposer-url) to use the one from clj-http because the former 
+;;; For the (list-metadata) function, we bypass the query map handling built
+;;; into (app-exposer-url) to use the one from clj-http because the former
 ;;; does not handle having an seq of values for an entry while the latter does.
 ;;; This isn't necessary for other calls, so the change was not made in the
 ;;; (app-exposer-url) function.
@@ -256,4 +251,4 @@
   []
   (-> (app-exposer-url ["instantlaunches" "quicklaunches" "public"] {})
       (client/get {:as :json})
-      (:body)))
+      (:body)))

src/terrain/clients/apps/raw.clj

@@ -1,10 +1,10 @@
 (ns terrain.clients.apps.raw
-  (:use [clojure-commons.core :only [remove-nil-values]]
-        [terrain.util :only [disable-redirects]]
-        [terrain.util.transformers :only [secured-params]])
   (:require [cemerick.url :as curl]
             [clj-http.client :as client]
-            [terrain.util.config :as config]))
+            [clojure-commons.core :refer [remove-nil-values]]
+            [terrain.util :refer [disable-redirects]]
+            [terrain.util.config :as config]
+            [terrain.util.transformers :refer [secured-params]]))
 
 (def apps-sort-params [:limit :offset :sort-field :sort-dir :app-type])
 (def base-search-params (conj apps-sort-params :search))

src/terrain/clients/async_tasks.clj

@@ -1,6 +1,5 @@
 (ns terrain.clients.async-tasks
   (:require [async-tasks-client.core :as async-tasks-client]
-            [clojure.string :as string]
             [terrain.util.config :as config]))
 
 (defn run-async-thread

src/terrain/clients/bags.clj

@@ -1,9 +1,6 @@
 (ns terrain.clients.bags
-  (:use [clojure-commons.error-codes]
-        [slingshot.slingshot :only [try+ throw+]])
   (:require [clj-http.client :as http]
             [cemerick.url :refer [url]]
-            [clojure.tools.logging :as log]
             [terrain.util.config :as config]))
 
 (defn- bags-url
@@ -48,7 +45,6 @@
   nil)
 
 (defn get-default-bag
-  [username]
   [username]
   (:body (http/get (bags-url [username "default"]) {:as :json})))
 

src/terrain/clients/coge.clj

@@ -1,13 +1,12 @@
 (ns terrain.clients.coge
-  (:use [clojure-commons.core :only [remove-nil-values]]
-        [terrain.auth.user-attributes :only [current-user]]
-        [terrain.clients.util :only [with-trap]]
-        [slingshot.slingshot :only [throw+ try+]])
   (:require [cemerick.url :as curl]
             [cheshire.core :as cheshire]
             [clj-http.client :as http]
             [clojure.tools.logging :as log]
-            [clojure-commons.error-codes :as ce]
+            [clojure-commons.core :refer [remove-nil-values]]
+            [slingshot.slingshot :refer [throw+]]
+            [terrain.auth.user-attributes :refer [current-user]]
+            [terrain.clients.util :refer [with-trap]]
             [terrain.util.config :as config]
             [terrain.util.jwt :as jwt]))
 
@@ -34,7 +33,7 @@
 
 (defn- export-fasta-request
   "Builds the request to export the FastA file for a genome into iRODS."
-  [user genome-id {:keys [notify overwrite destination]}]
+  [user genome-id {:keys [notify overwrite]}]
   (cheshire/encode
    {:type       export-fasta-job-type
     :parameters (remove-nil-values

src/terrain/clients/dashboard_aggregator.clj

@@ -1,10 +1,6 @@
 (ns terrain.clients.dashboard-aggregator
-    (:use [clojure-commons.error-codes]
-          [slingshot.slingshot :only [try+ throw+]])
-    (:require [clj-http.client :as http]
+  (:require [clj-http.client :as http]
               [cemerick.url :refer [url]]
-              [cheshire.core :as json]
-              [clojure.tools.logging :as log]
               [terrain.util.config :as config]))
 
 (defn- dashboard-aggregator-url
@@ -21,4 +17,4 @@
     (:body (http/get (dashboard-aggregator-url  ["users" username] limit) {:as :json})))
 
   ([{:keys [limit] :or {limit 8}}]
-    (:body (http/get (dashboard-aggregator-url limit) {:as :json}))))
+    (:body (http/get (dashboard-aggregator-url limit) {:as :json}))))