scalable login page #3338

scripts/api/data/authentication-providers/github.json

@@ -0,0 +1,8 @@
+{
+    "id":"github",
+    "factoryAlias":"oauth2",
+    "title":"GitHub",
+    "subtitle":"",
+    "factoryData":"type: github | userEndpoint: NONE | clientId: FIXME | clientSecret: FIXME",
+    "enabled":true
+}

scripts/api/data/authentication-providers/google.json

@@ -0,0 +1,8 @@
+{
+    "id":"google",
+    "factoryAlias":"oauth2",
+    "title":"Google",
+    "subtitle":"",
+    "factoryData":"type: google | userEndpoint: NONE | clientId: FIXME | clientSecret: FIXME",
+    "enabled":true
+}

scripts/api/data/authentication-providers/orcid-sandbox.json

@@ -1,7 +1,7 @@
 {
     "id":"orcid-sandbox",
     "factoryAlias":"oauth2",
-    "title":"Login using ORCiD (sandbox)",
+    "title":"ORCID Sandbox",
     "subtitle":"ORCiD - sandbox",
     "factoryData":"type: orcid | userEndpoint: https://api.sandbox.orcid.org/v1.2/{ORCID}/orcid-profile | clientId: APP-HIV99BRM37FSWPH6 | clientSecret: ee844b70-f223-4f15-9b6f-4991bf8ed7f0",
     "enabled":true

scripts/api/data/authentication-providers/orcid.json

@@ -0,0 +1,8 @@
+{
+    "id":"orcid",
+    "factoryAlias":"oauth2",
+    "title":"ORCID",
+    "subtitle":"",
+    "factoryData":"type: orcid | userEndpoint: https://api.orcid.org/v1.2/{ORCID}/orcid-profile | clientId: FIXME | clientSecret: FIXME",
+    "enabled":true
+}

scripts/api/setup-identity-providers.sh

@@ -4,6 +4,6 @@ SERVER=http://localhost:8080/api
 echo "Setting up internal user provider"
 curl -H "Content-type:application/json" -d @data/aupr-builtin.json http://localhost:8080/api/admin/authenticationProviders/
 
-echo "Setting up Echo providers"
-curl -H "Content-type:application/json" -d @data/aupr-echo.json http://localhost:8080/api/admin/authenticationProviders/
-curl -H "Content-type:application/json" -d @data/aupr-echo-dignified.json http://localhost:8080/api/admin/authenticationProviders/
+#echo "Setting up Echo providers"
+#curl -H "Content-type:application/json" -d @data/aupr-echo.json http://localhost:8080/api/admin/authenticationProviders/
+#curl -H "Content-type:application/json" -d @data/aupr-echo-dignified.json http://localhost:8080/api/admin/authenticationProviders/

scripts/database/upgrades/3338-oauth-login.sql

@@ -0,0 +1,2 @@
+DELETE FROM authenticationproviderrow where id = 'echo-simple';
+DELETE FROM authenticationproviderrow where id = 'echo-dignified';

src/main/java/Bundle.properties

@@ -1461,4 +1461,16 @@ oauth2.convertAccount.explanation=Please log in to the account you wish to conve
 oauth2.convertAccount.username=Existing username
 oauth2.convertAccount.password=Password
 oauth2.convertAccount.authenticationFailed=Authentication failed - bad username or password.
-oauth2.convertAccount.buttonTitle=Convert Account
+oauth2.convertAccount.buttonTitle=Convert Account
+
+# authentication providers
+auth.providers.title.builtin=Local
+auth.providers.title.shib=Your Institution
+auth.providers.title.orcid=ORCID
+auth.providers.title.orcid-sandbox=ORCID Sandbox
+auth.providers.title.google=Google
+auth.providers.title.github=GitHub
+auth.providers.title.blurb.orcid=Log in with your ORCID credentials. Having trouble? Please contact support.
+auth.providers.title.blurb.orcid-sandbox=Log in with your ORCID Sandbox credentials. Having trouble? Please contact support.
+auth.providers.title.blurb.google=Log in with your Google credentials. Having trouble? Please contact support.
+auth.providers.title.blurb.github=Log in with your GitHub credentials. Having trouble? Please contact support.

src/main/java/edu/harvard/iq/dataverse/LoginPage.java

@@ -13,6 +13,7 @@
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.JsfHelper;
 import static edu.harvard.iq.dataverse.util.JsfHelper.JH;
+import edu.harvard.iq.dataverse.util.SystemConfig;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.util.Iterator;
@@ -84,6 +85,9 @@ public enum EditMode {LOGIN, SUCCESS, FAILED};
 
     @EJB
     SettingsServiceBean settingsService;
+
+    @EJB
+    SystemConfig systemConfig;
 
     @Inject
     DataverseRequestServiceBean dvRequestService;
@@ -93,13 +97,17 @@ public enum EditMode {LOGIN, SUCCESS, FAILED};
     private List<FilledCredential> filledCredentials;
 
     private String redirectPage = "dataverse.xhtml";
-
+    private String provider;
+
     public void init() {
         Iterator<String> credentialsIterator = authSvc.getAuthenticationProviderIdsOfType( CredentialsAuthenticationProvider.class ).iterator();
         if ( credentialsIterator.hasNext() ) {
             setCredentialsAuthProviderId(credentialsIterator.next());
         }
         resetFilledCredentials(null);
+        if (provider == null) {
+            provider = systemConfig.getDefaultAuthProvider();
+        }
     }
 
     public boolean isAuthenticationProvidersAvailable() {
@@ -229,5 +237,13 @@ public String getRedirectPage() {
     public void setRedirectPage(String redirectPage) {
         this.redirectPage = redirectPage;
     }
-
+
+    public String getProvider() {
+        return provider;
+    }
+
+    public void setProvider(String provider) {
+        this.provider = provider;
+    }
+
 }

src/main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/BuiltinAuthenticationProvider.java

@@ -40,7 +40,7 @@ public String getId() {
 
     @Override
     public AuthenticationProviderDisplayInfo getInfo() {
-        return new AuthenticationProviderDisplayInfo(getId(), "Build-in Provider", "Internal user repository");
+        return new AuthenticationProviderDisplayInfo(getId(), BundleUtil.getStringFromBundle("auth.providers.title.builtin"), "Internal user repository");
     }
 
     @Override

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/impl/GitHubOAuth2AP.java

@@ -5,6 +5,7 @@
 import edu.emory.mathcs.backport.java.util.Collections;
 import edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.AbstractOAuth2AuthenticationProvider;
+import edu.harvard.iq.dataverse.util.BundleUtil;
 import java.io.StringReader;
 import javax.json.Json;
 import javax.json.JsonObject;
@@ -18,7 +19,7 @@ public class GitHubOAuth2AP extends AbstractOAuth2AuthenticationProvider {
 
     public GitHubOAuth2AP(String aClientId, String aClientSecret) {
         id = "github";
-        title = "GitHub";
+        title = BundleUtil.getStringFromBundle("auth.providers.title.github");
         clientId = aClientId;
         clientSecret = aClientSecret;
         baseUserEndpoint = "https://api.github.com/user";

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/impl/GoogleOAuth2AP.java

@@ -4,6 +4,7 @@
 import com.github.scribejava.core.builder.api.BaseApi;
 import edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.AbstractOAuth2AuthenticationProvider;
+import edu.harvard.iq.dataverse.util.BundleUtil;
 import java.io.StringReader;
 import java.util.UUID;
 import javax.json.Json;
@@ -18,7 +19,7 @@ public class GoogleOAuth2AP extends AbstractOAuth2AuthenticationProvider {
 
     public GoogleOAuth2AP(String aClientId, String aClientSecret) {
         id = "google";
-        title = "Google";
+        title = BundleUtil.getStringFromBundle("auth.providers.title.google");
         clientId = aClientId;
         clientSecret = aClientSecret;
         scope =  "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email";

src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibAuthenticationProvider.java

@@ -2,6 +2,7 @@
 
 import edu.harvard.iq.dataverse.authorization.AuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.AuthenticationProviderDisplayInfo;
+import edu.harvard.iq.dataverse.util.BundleUtil;
 
 public class ShibAuthenticationProvider implements AuthenticationProvider {
 
@@ -14,7 +15,7 @@ public String getId() {
 
     @Override
     public AuthenticationProviderDisplayInfo getInfo() {
-        return new AuthenticationProviderDisplayInfo(getId(), "Shibboleth Provider", "Shibboleth user repository");
+        return new AuthenticationProviderDisplayInfo(getId(), BundleUtil.getStringFromBundle("auth.providers.title.shib"), "Shibboleth user repository");
     }
 
  }

src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java

@@ -33,6 +33,8 @@ public class SettingsServiceBean {
      * So there.
      */
     public enum Key {
+        /** @todo document DefaultAuthProvider in guides */
+        DefaultAuthProvider,
         FooterCopyright,
         FileFixityChecksumAlgorithm,
         MinutesUntilConfirmEmailTokenExpires,

src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java

@@ -2,6 +2,7 @@
 
 import com.ocpsoft.pretty.PrettyContext;
 import edu.harvard.iq.dataverse.DataFile;
+import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -547,4 +548,17 @@ public DataFile.ChecksumType getFileFixityChecksumAlgorithm() {
             return saneDefault;
         }
     }
+
+    public String getDefaultAuthProvider() {
+        String saneDefault = BuiltinAuthenticationProvider.PROVIDER_ID;
+        String settingInDatabase = settingsService.getValueForKey(SettingsServiceBean.Key.DefaultAuthProvider, saneDefault);
+        if (settingInDatabase != null && !settingInDatabase.isEmpty()) {
+            /**
+             * @todo Add more sanity checking.
+             */
+            return settingInDatabase;
+        }
+        return saneDefault;
+    }
+
 }