Skip to content
GitLab
Select Git revision
  • release-5.1.0
  • release-5.1.0-student-login-endpoint
  • main default
  • patch-1
  • patch-2
  • helmchart
  • master
  • dependabot/maven/core/notification-utils/com.fasterxml.jackson.core-jackson-databind-2.12.7.1
  • dependabot/maven/controller/com.fasterxml.jackson.core-jackson-databind-2.12.7.1
  • dependabot/maven/core/cassandra-utils/com.fasterxml.jackson.core-jackson-databind-2.12.7.1
  • dependabot/maven/core/actor-core/com.fasterxml.jackson.core-jackson-databind-2.12.7.1
  • dependabot/maven/core/platform-common/com.fasterxml.jackson.core-jackson-databind-2.12.7.1
  • release-5.0.1
  • release-5.0.2
  • release-5.0.0
  • release-4.10.1
  • dependabot/maven/core/platform-common/org.apache.kafka-kafka-clients-0.10.2.2
  • release-4.10.0
  • release-4.9.0
  • dependabot/maven/core/platform-common/org.jboss.resteasy-resteasy-client-3.14.0.Final
  • release-5.0.1_RC1
  • release-5.0.0_RC5
  • release-5.0.0_RC4
  • release-5.0.0_RC3
  • release-5.0.0_RC2
  • release-5.0.0_RC1
  • release-4.10.1_RC1
  • release-4.10.0_RC5
  • release-4.10.0_RC4
  • release-4.10.0_RC3
  • release-4.10.0_RC2
  • release-4.9.0_RC3
  • release-4.9.0_RC2
  • release-4.10.0_RC1
  • release-4.9.0_RC1
  • release-4.7.0_RC11
  • release-4.7.0_RC10
  • release-4.7.0_RC9
  • release-4.7.0_RC8
  • release-4.7.0_RC7
Find file BlameHistoryPermalink
RequestInterceptor.java 9.06 KiB
1 
package util;
2
3 
import com.fasterxml.jackson.databind.JsonNode;
4 
import java.nio.file.Path;
5 
import java.nio.file.Paths;
6 
import java.util.ArrayList;
7 
import java.util.HashMap;
8 
import java.util.List;
9 
import java.util.Map;
10 
import java.util.Optional;
11 
import java.util.UUID;
12 
import java.util.concurrent.ConcurrentHashMap;
13 
import org.apache.commons.lang3.StringUtils;
14 
import org.sunbird.auth.verifier.AccessTokenValidator;
15 
import org.sunbird.keys.JsonKey;
16 
import org.sunbird.logging.LoggerUtil;
17 
import org.sunbird.request.HeaderParam;
18 
import play.mvc.Http;
19
20 
/**
21 
 * Request interceptor responsible to authenticated HTTP requests
22 
 *
23 
 * @author Amit Kumar
24 
 */
25 
public class RequestInterceptor {
26
27 
  private static LoggerUtil logger = new LoggerUtil(RequestInterceptor.class);
28 
  public static List<String> restrictedUriList = null;
29 
  private static ConcurrentHashMap<String, Short> apiHeaderIgnoreMap = new ConcurrentHashMap<>();
30
31 
  private RequestInterceptor() {}
32
33 
  static {
34 
    restrictedUriList = new ArrayList<>();
35 
    restrictedUriList.add("/v1/user/update");
36 
    restrictedUriList.add("/v1/note/create");
37 
    restrictedUriList.add("/v1/note/update");
38 
    restrictedUriList.add("/v1/note/search");
39 
    restrictedUriList.add("/v1/note/read");
40 
    restrictedUriList.add("/v1/note/delete");
41 
    restrictedUriList.add("/v1/user/feed");
42
43 
    // ---------------------------
44 
    short var = 1;
45 
    apiHeaderIgnoreMap.put("/v1/user/create", var);
46 
    apiHeaderIgnoreMap.put("/v2/user/create", var);
47 
    apiHeaderIgnoreMap.put("/v2/org/search", var);
48 
    apiHeaderIgnoreMap.put("/v3/user/create", var);
49 
    apiHeaderIgnoreMap.put("/v1/user/signup", var);
50 
    apiHeaderIgnoreMap.put("/v2/user/signup", var);
51 
    apiHeaderIgnoreMap.put("/v1/ssouser/create", var);
52 
    apiHeaderIgnoreMap.put("/v1/org/search", var);
53 
    apiHeaderIgnoreMap.put("/service/health", var);
54 
    apiHeaderIgnoreMap.put("/health", var);
55 
    apiHeaderIgnoreMap.put("/v1/notification/email", var);
56 
    apiHeaderIgnoreMap.put("/v2/notification", var);
57 
    apiHeaderIgnoreMap.put("/v1/data/sync", var);
58 
    apiHeaderIgnoreMap.put("/v1/file/upload", var);
59 
    apiHeaderIgnoreMap.put("/v1/user/getuser", var);
60 
    // making org read as public access
61 
    apiHeaderIgnoreMap.put("/v1/org/read", var);
62 
    // making location APIs public access
63 
    apiHeaderIgnoreMap.put("/v1/location/create", var);
64 
    apiHeaderIgnoreMap.put("/v1/location/update", var);
65 
    apiHeaderIgnoreMap.put("/v1/location/search", var);
66 
    apiHeaderIgnoreMap.put("/v1/location/delete", var);
67 
    apiHeaderIgnoreMap.put("/v1/otp/generate", var);
68 
    apiHeaderIgnoreMap.put("/v1/otp/verify", var);
69 
    apiHeaderIgnoreMap.put("/v1/user/get/email", var);
70 
    apiHeaderIgnoreMap.put("/v1/user/get/phone", var);
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
apiHeaderIgnoreMap.put("/v1/system/settings/get", var); apiHeaderIgnoreMap.put("/v1/system/settings/list", var); apiHeaderIgnoreMap.put("/private/user/v1/search", var); apiHeaderIgnoreMap.put("/private/user/v1/migrate", var); apiHeaderIgnoreMap.put("/private/user/v1/identifier/freeup", var); apiHeaderIgnoreMap.put("/private/user/v1/password/reset", var); apiHeaderIgnoreMap.put("/v1/user/exists/email", var); apiHeaderIgnoreMap.put("/v1/user/exists/phone", var); apiHeaderIgnoreMap.put("/v1/role/read", var); apiHeaderIgnoreMap.put("/private/user/v1/lookup", var); apiHeaderIgnoreMap.put("/private/user/feed/v1/create", var); } private static String getUserRequestedFor(Http.Request request) { String requestedForUserID = null; JsonNode jsonBody = request.body().asJson(); try { if (!(jsonBody == null) && !(jsonBody.get(JsonKey.REQUEST) == null)) { // for search and update and create_mui api's if (!(jsonBody.get(JsonKey.REQUEST).get(JsonKey.USER_ID) == null)) { requestedForUserID = jsonBody.get(JsonKey.REQUEST).get(JsonKey.USER_ID).asText(); } } else { // for read-api String uuidSegment = null; Path path = Paths.get(request.uri()); if (request.queryString().isEmpty()) { uuidSegment = path.getFileName().toString(); } else { String[] queryPath = path.getFileName().toString().split("\\?"); uuidSegment = queryPath[0]; } try { requestedForUserID = UUID.fromString(uuidSegment).toString(); } catch (IllegalArgumentException iae) { logger.error("Perhaps this is another API, like search that doesn't carry user id.", iae); } } } catch (Exception e) { logger.error("Likely a possibility? " + request.uri(), e); } return requestedForUserID; } /** * Authenticates given HTTP request context * * @param request HTTP play request * @return User or Client ID for authenticated request. For unauthenticated requests, UNAUTHORIZED * is returned release-3.0.0 on-wards validating managedBy token. */ public static Map verifyRequestData(Http.Request request) { Map userAuthentication = new HashMap<String, String>(); userAuthentication.put(JsonKey.USER_ID, JsonKey.UNAUTHORIZED); userAuthentication.put(JsonKey.MANAGED_FOR, null); String clientId = JsonKey.UNAUTHORIZED; String managedForId = null; Optional<String> accessToken = request.header(HeaderParam.X_Authenticated_User_Token.getName()); if (!isRequestInExcludeList(request.path()) && !isRequestPrivate(request.path())) { // The API must be invoked with either access token or client token. if (accessToken.isPresent()) { clientId = AccessTokenValidator.verifyUserToken(accessToken.get()); logger.info("**learner accesstoken verified :" + clientId); if (!JsonKey.USER_UNAUTH_STATES.contains(clientId)) { // Now we have some valid token, next verify if the token is matching the request. String requestedForUserID = getUserRequestedFor(request); if (StringUtils.isNotEmpty(requestedForUserID) && !requestedForUserID.equals(clientId)) { // LUA - MUA user combo, check the 'for' token and its parent, child identifiers Optional<String> forTokenHeader =
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
request.header(HeaderParam.X_Authenticated_For.getName()); String managedAccessToken = forTokenHeader.isPresent() ? forTokenHeader.get() : ""; if (StringUtils.isNotEmpty(managedAccessToken)) { String managedFor = AccessTokenValidator.verifyManagedUserToken( managedAccessToken, clientId, requestedForUserID); if (!JsonKey.USER_UNAUTH_STATES.contains(managedFor)) { managedForId = managedFor; } else { clientId = JsonKey.UNAUTHORIZED; } logger.info("**learner managed accesstoken verified :" + clientId); } } else { logger.debug("Ignoring x-authenticated-for token..."); } } logger.info("**learner added userid to userAuthentication :" + clientId); userAuthentication.put(JsonKey.USER_ID, clientId); userAuthentication.put(JsonKey.MANAGED_FOR, managedForId); } } else { if (accessToken.isPresent()) { String clientAccessTokenId = null; try { clientAccessTokenId = AccessTokenValidator.verifyUserToken(accessToken.get()); if (JsonKey.UNAUTHORIZED.equalsIgnoreCase(clientAccessTokenId)) { clientAccessTokenId = null; } } catch (Exception ex) { logger.error(ex.getMessage(), ex); clientAccessTokenId = null; } userAuthentication.put( JsonKey.USER_ID, StringUtils.isNotBlank(clientAccessTokenId) ? clientAccessTokenId : JsonKey.ANONYMOUS); } else { userAuthentication.put(JsonKey.USER_ID, JsonKey.ANONYMOUS); } } logger.info("**learner userAuthentication :" + userAuthentication.toString()); return userAuthentication; } private static boolean isRequestPrivate(String path) { return path.contains(JsonKey.PRIVATE); } /** * Checks if request URL is in excluded (i.e. public) URL list or not * * @param requestUrl Request URL * @return True if URL is in excluded (public) URLs. Otherwise, returns false */ public static boolean isRequestInExcludeList(String requestUrl) { boolean resp = false; if (!StringUtils.isBlank(requestUrl)) { if (apiHeaderIgnoreMap.containsKey(requestUrl)) { resp = true; } else { String[] splitPath = requestUrl.split("[/]"); String urlWithoutPathParam = removeLastValue(splitPath); if (apiHeaderIgnoreMap.containsKey(urlWithoutPathParam)) { resp = true; } } } return resp; }
211212213214215216217218219220221222223224225226227228
/** * Returns URL without path and query parameters. * * @param splitPath URL path split on slash (i.e. /) * @return URL without path and query parameters */ private static String removeLastValue(String splitPath[]) { StringBuilder builder = new StringBuilder(); if (splitPath != null && splitPath.length > 0) { for (int i = 1; i < splitPath.length - 1; i++) { builder.append("/" + splitPath[i]); } } return builder.toString(); } }