Merge branch 'develop' into PEPPER-947

pepper-apis/dsm-core/pom.xml

@@ -57,6 +57,11 @@
             <!-- <version>1.4.11</version> -->
         </dependency>
 
+        <dependency>
+            <groupId>commons-validator</groupId>
+            <artifactId>commons-validator</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-dbcp2</artifactId>

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/DSMServer.java

@@ -647,7 +647,6 @@ protected void setupCustomRouting(@NonNull Config cfg) {
         setupDDPConfigurationLookup(cfg.getString(ApplicationConfigConstants.DDP));
 
         AuthenticationRoute authenticationRoute = new AuthenticationRoute(auth0Util,
-                userUtil,
                 cfg.getString(ApplicationConfigConstants.AUTH0_DOMAIN),
                 cfg.getString(ApplicationConfigConstants.AUTH0_MGT_SECRET),
                 cfg.getString(ApplicationConfigConstants.AUTH0_MGT_KEY),
@@ -930,11 +929,11 @@ private void setupAdminRoutes() {
         UserRoleRoute userRoleRoute = new UserRoleRoute();
         get(uiRoot + RoutePath.USER_ROLE, userRoleRoute, new JsonTransformer());
         post(uiRoot + RoutePath.USER_ROLE, userRoleRoute, new JsonTransformer());
-        delete(uiRoot + RoutePath.USER_ROLE, userRoleRoute, new JsonTransformer());
+        put(uiRoot + RoutePath.USER_ROLE, userRoleRoute, new JsonTransformer());
 
         UserRoute userRoute = new UserRoute();
         post(uiRoot + RoutePath.USER, userRoute, new JsonTransformer());
-        delete(uiRoot + RoutePath.USER, userRoute, new JsonTransformer());
+        put(uiRoot + RoutePath.USER, userRoute, new JsonTransformer());
     }
 
 
@@ -1060,6 +1059,8 @@ private void setupRouteGenericErrorHandlers() {
             response.body(exception.getMessage());
         });
         exception(DsmInternalError.class, (exception, request, response) -> {
+            logger.error("Internal error {}", exception.toString());
+            exception.printStackTrace();
             response.status(500);
             response.body(exception.getMessage());
         });

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/db/dao/user/UserDao.java

@@ -29,7 +29,7 @@ public class UserDao implements Dao<UserDto> {
     private static final String SQL_DELETE_USER_BY_ID = "DELETE FROM access_user WHERE user_id = ?";
     private static final String SQL_SELECT_USER_BY_EMAIL =
             "SELECT user.user_id, user.name, user.email, user.phone_number, user.is_active FROM access_user user "
-                    + "WHERE user.email = ?";
+                    + "WHERE UPPER(user.email) = ?";
     private static final String SQL_SELECT_USER_BY_ID =
             "SELECT user.user_id, user.name, user.email, user.phone_number, user.is_active FROM access_user user "
                     + "WHERE user.user_id = ?";
@@ -38,7 +38,7 @@ public Optional<UserDto> getUserByEmail(@NonNull String email) {
         SimpleResult results = inTransaction((conn) -> {
             SimpleResult dbVals = new SimpleResult();
             try (PreparedStatement stmt = conn.prepareStatement(SQL_SELECT_USER_BY_EMAIL)) {
-                stmt.setString(1, email);
+                stmt.setString(1, email.toUpperCase());
                 try (ResultSet rs = stmt.executeQuery()) {
                     if (rs.next()) {
                         dbVals.resultValue = new UserDto(rs.getInt(USER_ID),

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/model/dashboard/BasicChartStrategy.java

@@ -43,7 +43,7 @@ protected void fillLabelsValues() {
             MultiSearchResponse.Item response = msearch.getResponses()[i];
             long count = 0;
             if (response != null && response.getResponse() != null) {
-                count = response.getResponse().getHits().getTotalHits();
+                count = response.getResponse().getHits().getTotalHits().value;
             }
             fillData(values, labels, dashboardDto.getLabels().get(i), count);
         }

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/model/dashboard/CountStrategy.java

@@ -21,7 +21,7 @@ public DashboardData get() {
         if (response != null && response.getResponse() != null) {
             return new CountData(dashboardDto.getDisplayType(), Collections.emptyList(),
                     dashboardDto.getSize(), dashboardDto.getDisplayText(), dashboardDto.getOrder(),
-                    response.getResponse().getHits().getTotalHits()
+                    response.getResponse().getHits().getTotalHits().value
             );
         }
         return null;

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/model/elastic/mapping/FieldTypeExtractor.java

@@ -24,9 +24,9 @@ public class FieldTypeExtractor implements TypeExtractor<Map<String, String>> {
     @Override
     public Map<String, String> extract() {
         if (isFieldsNotCached()) {
-            Map<String, GetFieldMappingsResponse.FieldMappingMetaData> mapping = getMapping().get(index);
+            Map<String, GetFieldMappingsResponse.FieldMappingMetadata> mapping = getMapping().get(index);
             Map<String, String> fieldTypeMapping = new HashMap<>();
-            for (Map.Entry<String, GetFieldMappingsResponse.FieldMappingMetaData> entry : mapping.entrySet()) {
+            for (Map.Entry<String, GetFieldMappingsResponse.FieldMappingMetadata> entry : mapping.entrySet()) {
                 fieldTypeMapping.put(getRightMostFieldName(entry.getKey()), extractType(entry.getKey(), entry.getValue()));
             }
             cachedFieldTypes.putAll(fieldTypeMapping);
@@ -44,13 +44,13 @@ private List<String> notCachedFields() {
                 .collect(Collectors.toList());
     }
 
-    private String extractType(String fullFieldName, GetFieldMappingsResponse.FieldMappingMetaData value) {
+    private String extractType(String fullFieldName, GetFieldMappingsResponse.FieldMappingMetadata value) {
         String key = getRightMostFieldName(fullFieldName);
         return (String) ((Map<String, Object>) value.sourceAsMap().get(key)).get(MappingGenerator.TYPE);
     }
 
-    private Map<String, Map<String, GetFieldMappingsResponse.FieldMappingMetaData>> getMapping() {
-        Map<String, Map<String, GetFieldMappingsResponse.FieldMappingMetaData>> result = new HashMap<>();
+    private Map<String, Map<String, GetFieldMappingsResponse.FieldMappingMetadata>> getMapping() {
+        Map<String, Map<String, GetFieldMappingsResponse.FieldMappingMetadata>> result = new HashMap<>();
         GetFieldMappingsRequest request = new GetFieldMappingsRequest();
         request.indices(index);
         String[] fields = this.notCachedFields().toArray(new String[] {});

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/model/elastic/search/ElasticSearch.java

@@ -175,7 +175,7 @@ public ElasticSearch getParticipantsWithinRange(String esParticipantsIndex, int
         }
         List<ElasticSearchParticipantDto> esParticipants = parseSourceMaps(response.getHits().getHits());
         logger.info("Got " + esParticipants.size() + " participants from ES for instance " + esParticipantsIndex);
-        return new ElasticSearch(esParticipants, response.getHits().getTotalHits());
+        return new ElasticSearch(esParticipants, response.getHits().getTotalHits().value);
     }
 
     @Override
@@ -199,7 +199,7 @@ public ElasticSearch getParticipantsByIds(String esIndex, List<String> participa
         List<ElasticSearchParticipantDto> esParticipants = parseSourceMaps(response.getHits().getHits());
 
         logger.info("Got " + esParticipants.size() + " participants from ES for instance " + esIndex);
-        return new ElasticSearch(esParticipants, response.getHits().getTotalHits());
+        return new ElasticSearch(esParticipants, response.getHits().getTotalHits().value);
     }
 
     @Override
@@ -247,7 +247,7 @@ public ElasticSearch getParticipantsByRangeAndFilter(String esParticipantsIndex,
         }
         List<ElasticSearchParticipantDto> esParticipants = parseSourceMaps(response.getHits().getHits());
         logger.info("Got " + esParticipants.size() + " participants from ES for instance " + esParticipantsIndex);
-        return new ElasticSearch(esParticipants, response.getHits().getTotalHits());
+        return new ElasticSearch(esParticipants, response.getHits().getTotalHits().value);
     }
 
     private AbstractQueryBuilder addOsteo2Filter(AbstractQueryBuilder queryBuilder) {
@@ -287,7 +287,7 @@ public ElasticSearch getParticipantsByRangeAndIds(String participantIndexES, int
         }
         List<ElasticSearchParticipantDto> esParticipants = parseSourceMaps(response.getHits().getHits());
         logger.info("Got " + esParticipants.size() + " participants from ES for instance " + participantIndexES);
-        return new ElasticSearch(esParticipants, response.getHits().getTotalHits());
+        return new ElasticSearch(esParticipants, response.getHits().getTotalHits().value);
     }
 
     @Override
@@ -331,7 +331,7 @@ public ElasticSearch getAllParticipantsDataByInstanceIndex(String esParticipants
         }
         List<ElasticSearchParticipantDto> elasticSearchParticipantDtos = parseSourceMaps(searchResponse.getHits().getHits());
         logger.info("Got " + elasticSearchParticipantDtos.size() + " participants from ES for instance " + esParticipantsIndex);
-        return new ElasticSearch(elasticSearchParticipantDtos, searchResponse.getHits().getTotalHits());
+        return new ElasticSearch(elasticSearchParticipantDtos, searchResponse.getHits().getTotalHits().value);
     }
 
     private BoolQueryBuilder getBoolQueryOfParticipantsId(List<String> participantIds) {

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/route/AuthenticationRoute.java

@@ -8,17 +8,19 @@
 
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
+import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
-import com.google.gson.JsonSyntaxException;
 import lombok.NonNull;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.entity.ContentType;
 import org.broadinstitute.dsm.db.UserSettings;
 import org.broadinstitute.dsm.db.dao.user.UserDao;
 import org.broadinstitute.dsm.db.dto.user.UserDto;
 import org.broadinstitute.dsm.exception.AuthenticationException;
-import org.broadinstitute.dsm.util.UserUtil;
+import org.broadinstitute.dsm.exception.DSMBadRequestException;
+import org.broadinstitute.dsm.exception.DsmInternalError;
 import org.broadinstitute.dsm.security.Auth0Util;
+import org.broadinstitute.dsm.util.UserUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import spark.Request;
@@ -37,18 +39,16 @@ public class AuthenticationRoute implements Route {
 
     private final Auth0Util auth0Util;
 
-    private final UserUtil userUtil;
     private final String auth0Domain;
     private final String clientSecret;
     private final String auth0ClientId;
     private final String auth0MgmntAudience;
     private final String audienceNameSpace;
 
-    public AuthenticationRoute(@NonNull Auth0Util auth0Util, @NonNull UserUtil userUtil, @NonNull String auth0Domain,
+    public AuthenticationRoute(@NonNull Auth0Util auth0Util, @NonNull String auth0Domain,
                                @NonNull String clientSecret, @NonNull String auth0ClientId, @NonNull String auth0MgmntAudience,
                                @NonNull String audienceNameSpace) {
         this.auth0Util = auth0Util;
-        this.userUtil = userUtil;
         this.auth0Domain = auth0Domain;
         this.clientSecret = clientSecret;
         this.auth0ClientId = auth0ClientId;
@@ -58,65 +58,59 @@ public AuthenticationRoute(@NonNull Auth0Util auth0Util, @NonNull UserUtil userU
 
     @Override
     public Object handle(Request request, Response response) {
-        logger.info("Check user...");
         try {
             JsonObject jsonObject = JsonParser.parseString(request.body()).getAsJsonObject();
             String auth0Token = jsonObject.get(payloadToken).getAsString();
-            if (StringUtils.isNotBlank(auth0Token)) {
-                // checking if Auth0 knows that token
-                try {
-                    Auth0Util.Auth0UserInfo auth0UserInfo = auth0Util.getAuth0UserInfo(auth0Token, auth0Domain);
-                    if (auth0UserInfo != null) {
-                        String email = auth0UserInfo.getEmail();
-                        logger.info("User (" + email + ") was found ");
-                        Gson gson = new Gson();
-                        Map<String, String> claims = new HashMap<>();
-                        UserDao userDao = new UserDao();
-                        UserDto userDto =
-                                userDao.getUserByEmail(email).orElseThrow(() -> new RuntimeException("User " + email + " not found!"));
-                        if (userDto == null) {
-                            userUtil.insertUser(email, email);
-                            userDto = userDao.getUserByEmail(email)
-                                    .orElseThrow(() -> new RuntimeException("new inserted user " + email + " not found!"));
-                            claims.put(userAccessRoles, "user needs roles and groups");
-                        } else {
-                            String userSetting = gson.toJson(userUtil.getUserAccessRoles(email), ArrayList.class);
-                            claims.put(userAccessRoles, userSetting);
-                            logger.info(userSetting);
-                            claims.put(userSettings, gson.toJson(UserSettings.getUserSettings(email), UserSettings.class));
-                        }
-                        claims.put(authUserId, String.valueOf(userDto.getId()));
-                        claims.put(authUserName, userDto.getName().orElse(""));
-                        claims.put(authUserEmail, email);
-
-                        try {
-                            String dsmToken = auth0Util.getNewAuth0TokenWithCustomClaims(claims, clientSecret, auth0ClientId, auth0Domain,
-                                    auth0MgmntAudience, audienceNameSpace);
-                            if (dsmToken != null) {
-                                return new DSMToken(dsmToken);
-                            } else {
-                                haltWithErrorMsg(401, response, "DSMToken was null! Not authorized user");
-                            }
-                        } catch (AuthenticationException e) {
-                            haltWithErrorMsg(401, response, "DSMToken was null! Not authorized user", e);
-                        }
-                    } else {
-                        haltWithErrorMsg(400, response, "user was null");
-                    }
-                } catch (AuthenticationException e) {
-                    haltWithErrorMsg(400, response, "Problem getting user info from Auth0 token", e);
-                }
-            } else {
-                haltWithErrorMsg(400, response, "There was no token in the payload");
+            if (StringUtils.isBlank(auth0Token)) {
+                haltWithErrorMsg(400, response, "There was no Auth0 token in the payload");
             }
-        } catch (JsonSyntaxException e) {
-            haltWithErrorMsg(400, response, "The provided JSON in the request was malformed", e);
+            return new DSMToken(updateToken(auth0Token));
+        } catch (AuthenticationException e) {
+            haltWithErrorMsg(400, response, "Unable to get user information from Auth0 token", e);
+        } catch (JsonParseException e) {
+            haltWithErrorMsg(400, response, "Unable to get Auth0 token from request", e);
         }
+        // DSMInternalError and DSMBadRequestException are handled via Spark
         return response;
     }
 
+    private String updateToken(String auth0Token) {
+        Auth0Util.Auth0UserInfo auth0UserInfo = auth0Util.getAuth0UserInfo(auth0Token, auth0Domain);
+        String email = auth0UserInfo.getEmail();
+
+        logger.info("Authenticating user {}", email);
+        UserDao userDao = new UserDao();
+        UserDto userDto = userDao.getUserByEmail(email).orElseThrow(() ->
+                new DSMBadRequestException("User not found: " + email));
+
+        Map<String, String> claims = updateClaims(userDto);
+        String dsmToken = auth0Util.getNewAuth0TokenWithCustomClaims(claims, clientSecret, auth0ClientId, auth0Domain,
+                auth0MgmntAudience, audienceNameSpace);
+        if (dsmToken == null) {
+            throw new DsmInternalError("Assert: Auth token should not be null");
+        }
+        return dsmToken;
+    }
+
+    private Map<String, String> updateClaims(UserDto userDto) {
+        Map<String, String> claims = new HashMap<>();
+        try {
+            Gson gson = new Gson();
+            String email = userDto.getEmail().orElseThrow(() -> new DsmInternalError("User email cannot be null"));
+            String roles = gson.toJson(UserUtil.getUserAccessRoles(email), ArrayList.class);
+            claims.put(userAccessRoles, roles);
+            claims.put(userSettings, gson.toJson(UserSettings.getUserSettings(email), UserSettings.class));
+            claims.put(authUserId, String.valueOf(userDto.getId()));
+            claims.put(authUserName, userDto.getName().orElse(""));
+            claims.put(authUserEmail, email);
+        } catch (JsonParseException e) {
+            throw new DsmInternalError("Error converting class to JSON", e);
+        }
+        return claims;
+    }
+
     private static class DSMToken {
-        private String dsmToken;
+        private final String dsmToken;
 
         public DSMToken(String token) {
             this.dsmToken = token;
@@ -128,13 +122,17 @@ public DSMToken(String token) {
      */
     public static void haltWithErrorMsg(int responseStatus, Response response, String message) {
         response.type(ContentType.APPLICATION_JSON.getMimeType());
+        // TODO: this is currently called for bad request status. Do we want to log that at error level?
+        //  Or perhaps we could use the return status to determine the log level? -DC
         logger.error(message);
         String errorMsgJson = new Gson().toJson(new Error(message));
         halt(responseStatus, errorMsgJson);
     }
 
     public static void haltWithErrorMsg(int responseStatus, Response response, String message, Throwable t) {
         if (t != null) {
+            // TODO: this is currently called for bad request status. Do we want to log that at error level?
+            //  Or perhaps we could use the return status to determine the log level? -DC
             logger.error("Authentication Error", t);
         }
         haltWithErrorMsg(responseStatus, response, message);

pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/route/KitDiscardRoute.java

@@ -4,6 +4,7 @@
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.List;
 
 import com.google.gson.Gson;
 import lombok.NonNull;
@@ -129,7 +130,7 @@ public Object processRequest(Request request, Response response, String userId)
                         String email = auth0UserInfo.getEmail();
                         UserDto userDto = new UserDao().getUserByEmail(email).orElseThrow();
                         if (userDto != null && userDto.getId() > 0) {
-                            ArrayList<String> userSetting = userUtil.getUserAccessRoles(email);
+                            List<String> userSetting = userUtil.getUserAccessRoles(email);
                             if (userSetting.contains(DBConstants.KIT_SHIPPING) || userSetting.contains(DBConstants.DISCARD_SAMPLE)) {
                                 KitDiscard kit = KitDiscard.getKitDiscard(kitAction.getKitDiscardId());
                                 if (kit.getChangedById() != userDto.getId()) {