Merge branch 'master' into clean-complete

datahub-project · Jun 9, 2022 · 4d142eb · 4d142eb
2 parents ef67909 + e6b66d8
commit 4d142eb
Show file tree

Hide file tree

Showing 87 changed files with 4,308 additions and 338 deletions.
diff --git a/datahub-frontend/app/auth/AuthUtils.java b/datahub-frontend/app/auth/AuthUtils.java
@@ -47,6 +47,11 @@ public class AuthUtils {
     public static final String PASSWORD = "password";
     public static final String ACTOR = "actor";
     public static final String ACCESS_TOKEN = "token";
+    public static final String FULL_NAME = "fullName";
+    public static final String EMAIL = "email";
+    public static final String TITLE = "title";
+    public static final String INVITE_TOKEN = "inviteToken";
+    public static final String RESET_TOKEN = "resetToken";
 
     /**
      * Determines whether the inbound request should be forward to downstream Metadata Service. Today, this simply

diff --git a/datahub-frontend/app/auth/NativeAuthenticationConfigs.java b/datahub-frontend/app/auth/NativeAuthenticationConfigs.java
@@ -0,0 +1,23 @@
+package auth;
+
+/**
+ * Currently, this config enables or disable native user authentication.
+ */
+public class NativeAuthenticationConfigs {
+
+  public static final String NATIVE_AUTHENTICATION_ENABLED_CONFIG_PATH = "auth.native.enabled";
+
+  private Boolean _isEnabled = true;
+
+  public NativeAuthenticationConfigs(final com.typesafe.config.Config configs) {
+    if (configs.hasPath(NATIVE_AUTHENTICATION_ENABLED_CONFIG_PATH)
+        && Boolean.FALSE.equals(
+        Boolean.parseBoolean(configs.getValue(NATIVE_AUTHENTICATION_ENABLED_CONFIG_PATH).toString()))) {
+      _isEnabled = false;
+    }
+  }
+
+  public boolean isNativeAuthenticationEnabled() {
+    return _isEnabled;
+  }
+}
diff --git a/datahub-frontend/app/client/AuthServiceClient.java b/datahub-frontend/app/client/AuthServiceClient.java
@@ -23,19 +23,29 @@
 public class AuthServiceClient {
 
   private static final String GENERATE_SESSION_TOKEN_ENDPOINT = "auth/generateSessionTokenForUser";
+  private static final String SIGN_UP_ENDPOINT = "auth/signUp";
+  private static final String RESET_NATIVE_USER_CREDENTIALS_ENDPOINT = "auth/resetNativeUserCredentials";
+  private static final String VERIFY_NATIVE_USER_CREDENTIALS_ENDPOINT = "auth/verifyNativeUserCredentials";
   private static final String ACCESS_TOKEN_FIELD = "accessToken";
   private static final String USER_ID_FIELD = "userId";
+  private static final String USER_URN_FIELD = "userUrn";
+  private static final String FULL_NAME_FIELD = "fullName";
+  private static final String EMAIL_FIELD = "email";
+  private static final String TITLE_FIELD = "title";
+  private static final String PASSWORD_FIELD = "password";
+  private static final String INVITE_TOKEN_FIELD = "inviteToken";
+  private static final String RESET_TOKEN_FIELD = "resetToken";
+  private static final String IS_NATIVE_USER_CREATED_FIELD = "isNativeUserCreated";
+  private static final String ARE_NATIVE_USER_CREDENTIALS_RESET_FIELD = "areNativeUserCredentialsReset";
+  private static final String DOES_PASSWORD_MATCH_FIELD = "doesPasswordMatch";
 
   private final String metadataServiceHost;
   private final Integer metadataServicePort;
   private final Boolean metadataServiceUseSsl;
   private final Authentication systemAuthentication;
 
-  public AuthServiceClient(
-      @Nonnull final String metadataServiceHost,
-      @Nonnull final Integer metadataServicePort,
-      @Nonnull final Boolean useSsl,
-      @Nonnull final Authentication systemAuthentication) {
+  public AuthServiceClient(@Nonnull final String metadataServiceHost, @Nonnull final Integer metadataServicePort,
+      @Nonnull final Boolean useSsl, @Nonnull final Authentication systemAuthentication) {
     this.metadataServiceHost = Objects.requireNonNull(metadataServiceHost);
     this.metadataServicePort = Objects.requireNonNull(metadataServicePort);
     this.metadataServiceUseSsl = Objects.requireNonNull(useSsl);
@@ -88,6 +98,154 @@ public String generateSessionTokenForUser(@Nonnull final String userId) {
     }
   }
 
+  /**
+   * Call the Auth Service to create a native Datahub user.
+   */
+  @Nonnull
+  public boolean signUp(@Nonnull final String userUrn, @Nonnull final String fullName, @Nonnull final String email,
+      @Nonnull final String title, @Nonnull final String password, @Nonnull final String inviteToken) {
+    Objects.requireNonNull(userUrn, "userUrn must not be null");
+    Objects.requireNonNull(fullName, "fullName must not be null");
+    Objects.requireNonNull(email, "email must not be null");
+    Objects.requireNonNull(title, "title must not be null");
+    Objects.requireNonNull(password, "password must not be null");
+    Objects.requireNonNull(inviteToken, "inviteToken must not be null");
+    CloseableHttpClient httpClient = HttpClients.createDefault();
+
+    try {
+
+      final String protocol = this.metadataServiceUseSsl ? "https" : "http";
+      final HttpPost request =
+          new HttpPost(String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, this.metadataServicePort,
+              SIGN_UP_ENDPOINT));
+
+      // Build JSON request to verify credentials for a native user.
+      String json =
+          String.format("{ \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\" }",
+              USER_URN_FIELD, userUrn, FULL_NAME_FIELD, fullName, EMAIL_FIELD, email, TITLE_FIELD, title,
+              PASSWORD_FIELD, password, INVITE_TOKEN_FIELD, inviteToken);
+      request.setEntity(new StringEntity(json));
+
+      // Add authorization header with DataHub frontend system id and secret.
+      request.addHeader(Http.HeaderNames.AUTHORIZATION, this.systemAuthentication.getCredentials());
+
+      CloseableHttpResponse response = httpClient.execute(request);
+      final HttpEntity entity = response.getEntity();
+      if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && entity != null) {
+        // Successfully generated a token for the User
+        final String jsonStr = EntityUtils.toString(entity);
+        return getIsNativeUserCreatedFromJson(jsonStr);
+      } else {
+        throw new RuntimeException(
+            String.format("Bad response from the Metadata Service: %s %s", response.getStatusLine().toString(),
+                response.getEntity().toString()));
+      }
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to create user", e);
+    } finally {
+      try {
+        httpClient.close();
+      } catch (Exception e) {
+        log.warn("Failed to close http client", e);
+      }
+    }
+  }
+
+  /**
+   * Call the Auth Service to reset credentials for a native DataHub user.
+   */
+  @Nonnull
+  public boolean resetNativeUserCredentials(@Nonnull final String userUrn, @Nonnull final String password,
+      @Nonnull final String resetToken) {
+    Objects.requireNonNull(userUrn, "userUrn must not be null");
+    Objects.requireNonNull(password, "password must not be null");
+    Objects.requireNonNull(resetToken, "reset token must not be null");
+    CloseableHttpClient httpClient = HttpClients.createDefault();
+
+    try {
+
+      final String protocol = this.metadataServiceUseSsl ? "https" : "http";
+      final HttpPost request = new HttpPost(
+          String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, this.metadataServicePort,
+              RESET_NATIVE_USER_CREDENTIALS_ENDPOINT));
+
+      // Build JSON request to verify credentials for a native user.
+      String json =
+          String.format("{ \"%s\":\"%s\", \"%s\":\"%s\", \"%s\":\"%s\" }", USER_URN_FIELD, userUrn,
+              PASSWORD_FIELD, password, RESET_TOKEN_FIELD, resetToken);
+      request.setEntity(new StringEntity(json));
+
+      // Add authorization header with DataHub frontend system id and secret.
+      request.addHeader(Http.HeaderNames.AUTHORIZATION, this.systemAuthentication.getCredentials());
+
+      CloseableHttpResponse response = httpClient.execute(request);
+      final HttpEntity entity = response.getEntity();
+      if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && entity != null) {
+        // Successfully generated a token for the User
+        final String jsonStr = EntityUtils.toString(entity);
+        return getAreNativeUserCredentialsResetFromJson(jsonStr);
+      } else {
+        throw new RuntimeException(
+            String.format("Bad response from the Metadata Service: %s %s", response.getStatusLine().toString(),
+                response.getEntity().toString()));
+      }
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to reset credentials for user", e);
+    } finally {
+      try {
+        httpClient.close();
+      } catch (Exception e) {
+        log.warn("Failed to close http client", e);
+      }
+    }
+  }
+
+  /**
+   * Call the Auth Service to verify the credentials for a native Datahub user.
+   */
+  @Nonnull
+  public boolean verifyNativeUserCredentials(@Nonnull final String userUrn, @Nonnull final String password) {
+    Objects.requireNonNull(userUrn, "userUrn must not be null");
+    Objects.requireNonNull(password, "password must not be null");
+    CloseableHttpClient httpClient = HttpClients.createDefault();
+
+    try {
+
+      final String protocol = this.metadataServiceUseSsl ? "https" : "http";
+      final HttpPost request = new HttpPost(
+          String.format("%s://%s:%s/%s", protocol, this.metadataServiceHost, this.metadataServicePort,
+              VERIFY_NATIVE_USER_CREDENTIALS_ENDPOINT));
+
+      // Build JSON request to verify credentials for a native user.
+      String json =
+          String.format("{ \"%s\":\"%s\", \"%s\":\"%s\" }", USER_URN_FIELD, userUrn, PASSWORD_FIELD, password);
+      request.setEntity(new StringEntity(json));
+
+      // Add authorization header with DataHub frontend system id and secret.
+      request.addHeader(Http.HeaderNames.AUTHORIZATION, this.systemAuthentication.getCredentials());
+
+      CloseableHttpResponse response = httpClient.execute(request);
+      final HttpEntity entity = response.getEntity();
+      if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK && entity != null) {
+        // Successfully generated a token for the User
+        final String jsonStr = EntityUtils.toString(entity);
+        return getDoesPasswordMatchFromJson(jsonStr);
+      } else {
+        throw new RuntimeException(
+            String.format("Bad response from the Metadata Service: %s %s", response.getStatusLine().toString(),
+                response.getEntity().toString()));
+      }
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to verify credentials for user", e);
+    } finally {
+      try {
+        httpClient.close();
+      } catch (Exception e) {
+        log.warn("Failed to close http client", e);
+      }
+    }
+  }
+
   private String getAccessTokenFromJson(final String jsonStr) {
     ObjectMapper mapper = new ObjectMapper();
     try {
@@ -97,4 +255,31 @@ private String getAccessTokenFromJson(final String jsonStr) {
       throw new IllegalArgumentException("Failed to parse JSON received from the MetadataService!");
     }
   }
+
+  private boolean getIsNativeUserCreatedFromJson(final String jsonStr) {
+    ObjectMapper mapper = new ObjectMapper();
+    try {
+      return mapper.readTree(jsonStr).get(IS_NATIVE_USER_CREATED_FIELD).asBoolean();
+    } catch (Exception e) {
+      throw new IllegalArgumentException("Failed to parse JSON received from the MetadataService!");
+    }
+  }
+
+  private boolean getAreNativeUserCredentialsResetFromJson(final String jsonStr) {
+    ObjectMapper mapper = new ObjectMapper();
+    try {
+      return mapper.readTree(jsonStr).get(ARE_NATIVE_USER_CREDENTIALS_RESET_FIELD).asBoolean();
+    } catch (Exception e) {
+      throw new IllegalArgumentException("Failed to parse JSON received from the MetadataService!");
+    }
+  }
+
+  private boolean getDoesPasswordMatchFromJson(final String jsonStr) {
+    ObjectMapper mapper = new ObjectMapper();
+    try {
+      return mapper.readTree(jsonStr).get(DOES_PASSWORD_MATCH_FIELD).asBoolean();
+    } catch (Exception e) {
+      throw new IllegalArgumentException("Failed to parse JSON received from the MetadataService!");
+    }
+  }
 }