paulscherrerinstitute · consolethinks · Oct 1, 2024 · Oct 2, 2024 · Oct 2, 2024 · Oct 4, 2024
diff --git a/cmd/commands/authenticate.go b/cmd/commands/authenticate.go
@@ -14,7 +14,7 @@ import (
 // An interface with the methods so that we can mock them in tests
 type Authenticator interface {
 	AuthenticateUser(httpClient *http.Client, APIServer string, username string, password string) (map[string]string, []string)
-	GetUserInfoFromToken(httpClient *http.Client, APIServer string, token string) (map[string]string, []string)
+	GetUserInfoFromToken(httpClient *http.Client, APIServer string, token string) (map[string]string, []string, error)
 }
 
 type RealAuthenticator struct{}
@@ -23,7 +23,7 @@ func (r RealAuthenticator) AuthenticateUser(httpClient *http.Client, APIServer s
 	return datasetUtils.AuthenticateUser(httpClient, APIServer, username, password)
 }
 
-func (r RealAuthenticator) GetUserInfoFromToken(httpClient *http.Client, APIServer string, token string) (map[string]string, []string) {
+func (r RealAuthenticator) GetUserInfoFromToken(httpClient *http.Client, APIServer string, token string) (map[string]string, []string, error) {
 	return datasetUtils.GetUserInfoFromToken(httpClient, APIServer, token)
 }
 
@@ -38,7 +38,10 @@ func authenticate(authenticator Authenticator, httpClient *http.Client, apiServe
 		fatalExit = overrideFatalExit[0]
 	}
 	if token != "" {
-		user, accessGroups := authenticator.GetUserInfoFromToken(httpClient, apiServer, token)
+		user, accessGroups, err := authenticator.GetUserInfoFromToken(httpClient, apiServer, token)
+		if err != nil {
+			log.Fatal(err)
+		}
 		uSplit := strings.Split(userpass, ":")
 		if len(uSplit) > 1 {
 			user["password"] = uSplit[1]

diff --git a/datasetIngestor/checkMetadata.go b/datasetIngestor/checkMetadata.go
@@ -31,32 +31,36 @@ func ReadAndCheckMetadata(client *http.Client, APIServer string, metadatafile st
 	if err != nil {
 		return nil, "", false, err
 	}
+	sourceFolder, beamlineAccount, err = CheckMetadata(client, APIServer, metaDataMap, user, accessGroups)
+	return metaDataMap, sourceFolder, beamlineAccount, err
+}
 
+func CheckMetadata(client *http.Client, APIServer string, metaDataMap map[string]interface{}, user map[string]string, accessGroups []string) (sourceFolder string, beamlineAccount bool, err error) {
 	if keys := CollectIllegalKeys(metaDataMap); len(keys) > 0 {
-		return nil, "", false, errors.New(ErrIllegalKeys + ": \"" + strings.Join(keys, "\", \"") + "\"")
+		return "", false, errors.New(ErrIllegalKeys + ": \"" + strings.Join(keys, "\", \"") + "\"")
 	}
 
 	beamlineAccount, err = CheckUserAndOwnerGroup(user, accessGroups, metaDataMap)
 	if err != nil {
-		return nil, "", false, err
+		return "", false, err
 	}
 
 	err = GatherMissingMetadata(user, metaDataMap, client, APIServer, accessGroups)
 	if err != nil {
-		return nil, "", false, err
+		return "", false, err
 	}
 
 	err = CheckMetadataValidity(client, APIServer, metaDataMap)
 	if err != nil {
-		return nil, "", false, err
+		return "", false, err
 	}
 
 	sourceFolder, err = GetSourceFolder(metaDataMap)
 	if err != nil {
-		return nil, "", false, err
+		return "", false, err
 	}
 
-	return metaDataMap, sourceFolder, beamlineAccount, nil
+	return sourceFolder, beamlineAccount, nil
 }
 
 // ReadMetadataFromFile reads the metadata from the file and unmarshals it into a map.
@@ -175,7 +179,7 @@ func CheckUserAndOwnerGroup(user map[string]string, accessGroups []string, metaD
 }
 
 // getHost is a function that attempts to retrieve and return the fully qualified domain name (FQDN) of the current host.
-// If it encounters any error during the process, it gracefully falls back to returning the simple hostname or "unknown".
+// If it encounters any error during the process, it falls back to returning "unknown", as a simple hostname won't work with v4 backend
 func getHost() string {
 	// Try to get the hostname of the current machine.
 	hostname, err := os.Hostname()
@@ -185,24 +189,24 @@ func getHost() string {
 
 	addrs, err := net.LookupIP(hostname)
 	if err != nil {
-		return hostname
+		return unknown
 	}
 
 	for _, addr := range addrs {
 		if ipv4 := addr.To4(); ipv4 != nil {
 			ip, err := ipv4.MarshalText()
 			if err != nil {
-				return hostname
+				return unknown
 			}
 			hosts, err := net.LookupAddr(string(ip))
 			if err != nil || len(hosts) == 0 {
-				return hostname
+				return unknown
 			}
 			fqdn := hosts[0]
 			return strings.TrimSuffix(fqdn, ".") // return fqdn without trailing dot
 		}
 	}
-	return hostname
+	return unknown
 }
 
 // GatherMissingMetadata augments missing metadata fields.
@@ -288,25 +292,7 @@ func addPrincipalInvestigatorFromProposal(user map[string]string, metaDataMap ma
 
 // CheckMetadataValidity checks the validity of the metadata by calling the appropriate API.
 func CheckMetadataValidity(client *http.Client, APIServer string, metaDataMap map[string]interface{}) error {
-	dstype, ok := metaDataMap["type"].(string)
-	if !ok {
-		return fmt.Errorf("metadata type isn't a string")
-	}
-
-	myurl := ""
-	switch dstype {
-	case raw:
-		myurl = APIServer + "/RawDatasets/isValid"
-	case "derived":
-		myurl = APIServer + "/DerivedDatasets/isValid"
-	case "base":
-		myurl = APIServer + "/Datasets/isValid"
-	default:
-		return fmt.Errorf("unknown dataset type encountered: %s", dstype)
-	}
-
 	// add dummy data for fields which can only be filled after file scan to pass the validity test
-
 	if _, exists := metaDataMap["ownerGroup"]; !exists {
 		metaDataMap["ownerGroup"] = DUMMY_OWNER
 	}
@@ -320,7 +306,6 @@ func CheckMetadataValidity(client *http.Client, APIServer string, metaDataMap ma
 	}
 
 	// add accessGroups entry for beamline if creationLocation is defined
-
 	if value, exists := metaDataMap["creationLocation"]; exists {
 		var parts = strings.Split(value.(string), "/")
 		var groups []string
@@ -347,7 +332,7 @@ func CheckMetadataValidity(client *http.Client, APIServer string, metaDataMap ma
 		return err
 	}
 
-	req, err := http.NewRequest("POST", myurl, bytes.NewBuffer(bmm))
+	req, err := http.NewRequest("POST", "datasets/isValid", bytes.NewBuffer(bmm))
 	if err != nil {
 		return err
 	}

diff --git a/datasetIngestor/ingestDataset.go b/datasetIngestor/ingestDataset.go
@@ -83,53 +83,31 @@ func createDataset(client *http.Client, APIServer string, metaDataMap map[string
 	cmm, _ := json.Marshal(metaDataMap)
 	datasetId := ""
 
-	if val, ok := metaDataMap["type"]; ok {
-		dstype := val.(string)
-		endpoint, err := getEndpoint(dstype)
-		if err != nil {
-			return "", err
-		}
-		myurl := APIServer + endpoint + "/?access_token=" + user["accessToken"]
-		resp, err := sendRequest(client, "POST", myurl, cmm)
+	resp, err := sendRequest(client, "POST", APIServer+"/datasets", user["accessToken"], cmm)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == 200 {
+		datasetId, err = decodePid(resp)
 		if err != nil {
 			return "", err
 		}
-		defer resp.Body.Close()
-
-		if resp.StatusCode == 200 {
-			datasetId, err = decodePid(resp)
-			if err != nil {
-				return "", err
-			}
-		} else {
-			return "", fmt.Errorf("SendIngestCommand: Failed to create new dataset: status code %v", resp.StatusCode)
-		}
 	} else {
-		return "", fmt.Errorf("no dataset type defined for dataset %v", metaDataMap)
+		return "", fmt.Errorf("SendIngestCommand: Failed to create new dataset: status code %v", resp.StatusCode)
 	}
 
 	return datasetId, nil
 }
 
-func getEndpoint(dstype string) (string, error) {
-	switch dstype {
-	case "raw":
-		return "/RawDatasets", nil
-	case "derived":
-		return "/DerivedDatasets", nil
-	case "base":
-		return "/Datasets", nil
-	default:
-		return "", fmt.Errorf("unknown dataset type encountered: %s", dstype)
-	}
-}
-
-func sendRequest(client *http.Client, method, url string, body []byte) (*http.Response, error) {
+func sendRequest(client *http.Client, method, url string, accessToken string, body []byte) (*http.Response, error) {
 	req, err := http.NewRequest(method, url, bytes.NewBuffer(body))
 	if err != nil {
 		return nil, err
 	}
 	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
 
 	resp, err := client.Do(req)
 	if err != nil {
@@ -192,8 +170,7 @@ func createOrigDatablocks(client *http.Client, APIServer string, fullFileArray [
 		origBlock := createOrigBlock(start, end, fullFileArray, datasetId)
 
 		payloadString, _ := json.Marshal(origBlock)
-		myurl := APIServer + "/OrigDatablocks" + "?access_token=" + user["accessToken"]
-		resp, err := sendRequest(client, "POST", myurl, payloadString)
+		resp, err := sendRequest(client, "POST", APIServer+"/origdatablocks", user["accessToken"], payloadString)
 		if err != nil {
 			return err
 		}

diff --git a/datasetUtils/getUserInfoFromToken.go b/datasetUtils/getUserInfoFromToken.go
@@ -2,53 +2,93 @@ package datasetUtils
 
 import (
 	"encoding/json"
-	"io/ioutil"
-	"log"
+	"fmt"
+	"io"
 	"net/http"
+	"net/url"
 )
 
-type UserInfo struct {
-	CurrentUser      string   `json:"currentUser"`
-	CurrentUserEmail string   `json:"currentUserEmail"`
-	CurrentGroups    []string `json:"currentGroups"`
+type ReturnedUser struct {
+	Id string `json:"id"`
 }
 
-func GetUserInfoFromToken(client *http.Client, APIServer string, token string) (map[string]string, []string) {
-	u := make(map[string]string)
-	accessGroups := make([]string, 0)
+type UserIdentity struct {
+	Profile Profile `json:"profile"`
+}
+
+type Profile struct {
+	Username     string   `json:"username"`
+	DisplayName  string   `json:"displayName"`
+	AccessGroups []string `json:"accessGroups"`
+	Emails       []Email  `json:"emails"`
+}
 
-	url := APIServer + "/Users/userInfos?access_token=" + token
-	req, err := http.NewRequest("GET", url, nil)
-	req.Header.Set("Content-Type", "application/json")
+type Email struct {
+	Value string `json:"value"`
+}
+
+func GetUserInfoFromToken(client *http.Client, APIServer string, token string) (map[string]string, []string, error) {
+	var newUserInfo ReturnedUser
+	var accessGroups []string
+	u := map[string]string{}
+	bearerToken := fmt.Sprintf("Bearer %s", token)
 
-	resp, err := client.Do(req)
+	// get user info (does not contain access groups) [1st request]
+	req1, err := http.NewRequest("GET", APIServer+"/users/my/self", nil)
 	if err != nil {
-		log.Fatal(err)
+		return map[string]string{}, []string{}, err
+	}
+	req1.Header.Set("Authorization", bearerToken)
+	resp1, err := client.Do(req1)
+	if err != nil {
+		return map[string]string{}, []string{}, err
+	}
+	defer resp1.Body.Close()
+	body1, err := io.ReadAll(resp1.Body)
+	if err := json.Unmarshal(body1, &newUserInfo); err != nil {
+		return map[string]string{}, []string{}, err
 	}
-	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
 
-	if resp.StatusCode != 200 {
-		log.Fatalf("Could not login with token:%v, status %v", token, resp.StatusCode)
+	// get extra details about user [2nd request]
+	var respObj UserIdentity
+	if err != nil {
+		return map[string]string{}, []string{}, err
+	}
+	filterString := url.QueryEscape(fmt.Sprintf("{\"where\":{\"userId\":\"%s\"}}", newUserInfo.Id))
+	req2, err := http.NewRequest("GET", APIServer+"/useridentities/findOne?filter="+filterString, nil)
+	if err != nil {
+		return map[string]string{}, []string{}, err
 	}
+	req2.Header.Set("Authorization", bearerToken)
 
-	var respObj UserInfo
-	err = json.Unmarshal(body, &respObj)
+	resp2, err := client.Do(req2)
 	if err != nil {
-		log.Fatal(err)
-	}
-
-	if respObj.CurrentUser != "" {
-		//log.Printf("Found the following user for this token %v", respObj[0])
-		u["username"] = respObj.CurrentUser
-		u["mail"] = respObj.CurrentUserEmail
-		u["displayName"] = respObj.CurrentUser
-		u["accessToken"] = token
-		log.Printf("User authenticated: %s %s\n", u["displayName"], u["mail"])
-		accessGroups = respObj.CurrentGroups
-		log.Printf("User is member in following groups: %v\n", accessGroups)
-	} else {
-		log.Fatalf("Could not map a user to the token %v", token)
-	}
-	return u, accessGroups
+		return map[string]string{}, []string{}, err
+	}
+	defer resp2.Body.Close()
+	if resp2.StatusCode != 200 {
+		return map[string]string{}, []string{}, fmt.Errorf("could not login with token:%v, status %v", token, resp1.StatusCode)
+	}
+	body2, err := io.ReadAll(resp2.Body)
+	if err != nil {
+		return map[string]string{}, []string{}, err
+	}
+	err = json.Unmarshal(body2, &respObj)
+	if err != nil {
+		return map[string]string{}, []string{}, err
+	}
+
+	// return important user informations
+	if respObj.Profile.Username == "" {
+		return map[string]string{}, []string{}, fmt.Errorf("could not map a user to the token '%v'", token)
+	}
+	u["username"] = respObj.Profile.Username
+	if len(respObj.Profile.Emails) > 0 {
+		u["mail"] = respObj.Profile.Emails[0].Value
+	}
+	u["displayName"] = respObj.Profile.DisplayName
+	u["accessToken"] = token
+	accessGroups = respObj.Profile.AccessGroups
+
+	return u, accessGroups, nil
 }