From 4c0e06c380a794c25b2b95d144d96310200928e5 Mon Sep 17 00:00:00 2001 From: Nanjiang Shu Date: Tue, 18 Feb 2025 11:19:49 +0100 Subject: [PATCH] [auth] make sure only the download token is shown when login via AAI as FEGA user --- .github/integration/sda-s3-integration.yml | 3 +++ .../integration/sda/aai-mock/clients/aai-auth.yaml | 2 +- .../sda/aai-mock/clients/cega-auth.yaml | 8 ++++++++ sda/cmd/auth/frontend/templates/oidc.html | 14 ++++++++------ sda/cmd/auth/main.go | 1 + 5 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 .github/integration/sda/aai-mock/clients/cega-auth.yaml diff --git a/.github/integration/sda-s3-integration.yml b/.github/integration/sda-s3-integration.yml index 5e303114c..5ae0a4391 100644 --- a/.github/integration/sda-s3-integration.yml +++ b/.github/integration/sda-s3-integration.yml @@ -282,6 +282,9 @@ services: - AUTH_RESIGNJWT=true - AUTH_CEGA_ID=test - AUTH_CEGA_SECRET=test + - OIDC_REDIRECTURL=http://localhost:8888/oidc/login + - OIDC_ID=XC56EL11zz + - OIDC_SECRET=wHPVQaYXmdDHa - DB_PASSWORD=auth - DB_USER=auth extra_hosts: diff --git a/.github/integration/sda/aai-mock/clients/aai-auth.yaml b/.github/integration/sda/aai-mock/clients/aai-auth.yaml index e785e83cf..b6ec2ed32 100644 --- a/.github/integration/sda/aai-mock/clients/aai-auth.yaml +++ b/.github/integration/sda/aai-mock/clients/aai-auth.yaml @@ -1,4 +1,4 @@ -client-name: "auth" +client-name: "aai-auth" client-id: "XC56EL11xx" client-secret: "wHPVQaYXmdDHg" redirect-uris: ["http://localhost:8801/oidc/login"] diff --git a/.github/integration/sda/aai-mock/clients/cega-auth.yaml b/.github/integration/sda/aai-mock/clients/cega-auth.yaml new file mode 100644 index 000000000..c0c28a73f --- /dev/null +++ b/.github/integration/sda/aai-mock/clients/cega-auth.yaml @@ -0,0 +1,8 @@ +client-name: "cega-auth" +client-id: "XC56EL11zz" +client-secret: "wHPVQaYXmdDHa" +redirect-uris: ["http://localhost:8888/oidc/login"] +token-endpoint-auth-method: "client_secret_basic" +scope: ["openid", "profile", "email", "ga4gh_passport_v1", "eduperson_entitlement"] +grant-types: ["authorization_code"] +post-logout-redirect-uris: ["http://localhost:8888/oidc/login"] \ No newline at end of file diff --git a/sda/cmd/auth/frontend/templates/oidc.html b/sda/cmd/auth/frontend/templates/oidc.html index 9dbc30934..012388737 100644 --- a/sda/cmd/auth/frontend/templates/oidc.html +++ b/sda/cmd/auth/frontend/templates/oidc.html @@ -30,13 +30,15 @@

Welcome, {{.Fullname}}!

- {{if .ResignedToken}} -

- For uploading to the Inbox, your access token {{if .ExpDateResigned}}(expires at {{.ExpDateResigned}} UTC){{end}} is: -

- 
{{.ResignedToken}}
+ {{if (not .cegaID)}} + {{if .ResignedToken}} +

+ For uploading to the Inbox, your access token {{if .ExpDateResigned}}(expires at {{.ExpDateResigned}} UTC){{end}} is: +

+ 
{{.ResignedToken}}
+ {{end}} + Download credentials to upload to the Inbox {{end}} - Download credentials to upload to the Inbox {{if .RawToken}}

For downloading from the Archive, your access token {{if .ExpDateRaw}}(expires at {{.ExpDateRaw}} UTC){{end}} is: diff --git a/sda/cmd/auth/main.go b/sda/cmd/auth/main.go index 794dfd99b..576b4266e 100644 --- a/sda/cmd/auth/main.go +++ b/sda/cmd/auth/main.go @@ -308,6 +308,7 @@ func (auth AuthHandler) getOIDCLogin(ctx iris.Context) { s := sessions.Get(ctx) s.SetFlash("oidcInbox", oidcData.S3ConfInbox) s.SetFlash("oidcDownload", oidcData.S3ConfDownload) + ctx.ViewData("cegaID", auth.Config.Cega.ID) ctx.ViewData("infoUrl", auth.Config.InfoURL) ctx.ViewData("infoText", auth.Config.InfoText) ctx.ViewData("User", oidcData.OIDCID.User)