Merge branch 'master' into fix-10345-move-treatments-endpoint-to-inte…

…rnal-api-6

.circleci/config.yml

@@ -43,8 +43,7 @@ jobs:
                     export FRONTEND_ORG=$(grep 'frontend\.groupId' pom.xml | sed 's/<frontend\.groupId>//g' | sed 's|</frontend\.groupId>||' | tr -d '[:blank:]' | cut -d. -f3) && \
                     git clone https://github.com/$FRONTEND_ORG/cbioportal-frontend.git && \
                     cd cbioportal-frontend && \
-                    git fetch --tags && \
-                    git checkout demo-rfc72
+                    git fetch --tags
             - persist_to_workspace:
                 root: /tmp/repos
                 paths:

.github/workflows/integration-test.yml

@@ -10,15 +10,9 @@ jobs:
       PORTAL_INFO_DIR: /home/runner/work/cbioportal/cbioportal/portalInfo
     steps:
       - name: 'Checkout cbioportal repo'
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: ./cbioportal
-      - name: 'Install python requirements'
-        working-directory: ./cbioportal
-        run: |
-          sudo apt-get install python3-setuptools && \
-          pip3 install -U wheel && \
-          pip3 install -r ./requirements.txt
       - name: 'Set up JDK 21'
         uses: oracle-actions/setup-java@v1
         with:
@@ -52,11 +46,7 @@ jobs:
               sed 's|spring.datasource.url=.*|spring.datasource.url=jdbc:mysql://cbioportal-database:3306/cbioportal?useSSL=false|' | \
               sed 's|spring.datasource.username=.*|spring.datasource.username=cbio_user|' | \
               sed 's|spring.datasource.password=.*|spring.datasource.password=somepassword|' \
-              > application.properties && \
-          echo "db.user=cbio_user" >> application.properties && \
-          echo "db.password=somepassword" >> application.properties && \
-          echo "db.connection_string=jdbc:mysql://cbioportal-database:3306/cbioportal?useSSL=false" >> application.properties && \
-          echo "db.driver=com.mysql.jdbc.Driver" >> application.properties
+              > application.properties
       - name: 'Copy cgds.sql file into Docker Compose'
         run: cp ./cbioportal/src/main/resources/db-scripts/cgds.sql ./cbioportal-docker-compose/data/.
       - name: 'Dump Properties'
@@ -65,7 +55,7 @@ jobs:
       - name: 'Start cbioportal-docker-compose'
         working-directory: ./cbioportal-docker-compose
         run: |
-          export DOCKER_IMAGE_CBIOPORTAL=cbioportal/cbioportal:demo-rfc72-squash && docker-compose -f docker-compose.yml -f $PORTAL_SOURCE_DIR/test/integration/docker-compose-localbuild.yml up -d
+          docker-compose -f docker-compose.yml -f $PORTAL_SOURCE_DIR/test/integration/docker-compose-localbuild.yml up -d
       - name: 'Wait for cbioportal to initialize ...'
         id: startup
         uses: nev7n/wait_for_response@v1

.github/workflows/security-integration-test.yml

@@ -0,0 +1,36 @@
+name: Security integration tests
+on: [push, pull_request]
+jobs:
+  build:
+    name: Security integration tests
+    runs-on: ubuntu-latest
+    env:
+      PORTAL_SOURCE_DIR: /home/runner/work/cbioportal/cbioportal/cbioportal
+      PORTAL_COMPOSE_DIR: /home/runner/work/cbioportal/cbioportal/cbioportal-docker-compose
+      PORTAL_INFO_DIR: /home/runner/work/cbioportal/cbioportal/portalInfo
+    steps:
+      - name: 'Checkout cbioportal repo'
+        uses: actions/checkout@v2
+        with:
+          path: ./cbioportal
+      - name: 'Set up JDK 21'
+        uses: oracle-actions/setup-java@v1
+        with:
+          website: oracle.com
+          release: 21
+      - name: 'Cache Maven packages'
+        uses: actions/cache@v1
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: 'Download Chrome'
+        uses: browser-actions/setup-chrome@latest
+      - name: 'Copy Application.Properties'
+        working-directory: ./cbioportal
+        run: |
+          cp src/main/resources/application.properties.EXAMPLE src/main/resources/application.properties
+      - name: 'Run integration tests'
+        working-directory: ./cbioportal
+        run: |
+          mvn verify -Pintegration-test

.github/workflows/sonarcloud.yml

@@ -34,6 +34,17 @@ jobs:
           cp src/main/resources/application.properties.EXAMPLE src/main/resources/application.properties
       - name: Build and analyze
         env:
-          SONAR_TOKEN:  de1b5cc660cd210dde840f492c371da6cc801763
+          SONAR_TOKEN:  ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: mvn -DskipTests clean install verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+        run: mvn clean install verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+      - name: 'Add host.testcontainers.internal to /etc/hosts'
+        run: |
+            echo "127.0.0.1 host.testcontainers.internal" | sudo tee -a /etc/hosts
+      - name: 'Run integration tests'
+        run: |
+          mvn verify -Pintegration-test
+      - name: Code Coverage
+        env:
+          SONAR_TOKEN:  ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: mvn sonar:sonar -Pcoverage

.gitignore

@@ -73,7 +73,7 @@ portal/src/main/webapp/WEB-INF/logback.xml
 !src/main/resource/*.EXAMPLE
 firehose-importer/reference_data/gene_info
 portal.properties
-application.properties
+src/main/resources/application.properties
 importer.properties
 log4j.properties
 build.properties
@@ -103,7 +103,6 @@ package.json
 *.tramp_history
 pom.version.*
 pom.xml.*
-pom.xml.*
 Dockerfile.local
 .factorypath
 .retype

CONTRIBUTING.md

@@ -146,9 +146,8 @@ New features:
 ### Devops
 New features:
 
-- Does the configuration style follow the config guidelines? That is compile
-  (Maven) config goes in the appriopriate `pom.xml` (root, `scripts/`, `portal/`, `core/`).
-  Runtime (Spring) goes in `portal.properties`. Default values should be in `GlobalProperties.java`.
+- Does the configuration style follow the config guidelines? That is compile.
+- Runtime (Spring) goes in `application.properties`. Default values should be in `GlobalProperties.java`.
 - Non-stable configuration should be done through war overlays.
 - Is the configuration tested as part of the CI tests? It's not a necessity but be
   aware that untested configuration will be tough to maintain.

README.md

@@ -26,11 +26,9 @@ If you want to run the cBioPortal web app from the command line please follow th
 docker compose -f docker-compose.yml -f open-ports.yml up
 ```
 This should open the ports. Now we are ready to run the cBioPortal web app locally. You can compile the backend code with:
+
 ```
-export JAVA_HOME=/Library/Java/JavaVirtualMachines/temurin-11.jdk/Contents/Home/ && mvn -DskipTests clean install
-```
-Note: change `JAVA_HOME` to point to a JDK 11 version. If everything compiles correctly you can then run the app like this:
-```
+
 java -Xms2g -Xmx4g \
      -Dauthenticate=noauthsessionservice \
      -Dsession.service.url=http://localhost:5000/api/sessions/my_portal/ \
@@ -47,6 +45,7 @@ java -Xms2g -Xmx4g \
      -cp "$PWD:$PWD/BOOT-INF/lib/*" \
      org.cbioportal.PortalApplication
 ```
+
 The app should now show up at http://localhost:8080.
 
 #### Deploy your development image inside Docker Compose
@@ -86,6 +85,7 @@ You can then use a JAVA IDE to connect to that port. E.g. in [VSCode](https://co
 ```
 
 ## 🌳 Branch Information
+
 | | main branch | upcoming release branch | later release candidate branch |
 | --- | --- | --- | --- |
 | Branch name | [`master`](https://github.com/cBioPortal/cbioportal/tree/master) |  -- |  [`rc`](https://github.com/cBioPortal/cbioportal/tree/rc) |

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+We release security releases for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 6.x   | :white_check_mark: |
+| 5.x   | :white_check_mark:  |
+| < 5.0   | :x: |
+
+## Reporting a Vulnerability
+If there are any vulnerabilities, don't hesitate to report them.
+
+Use the private contact address [email protected] to report the fix. 
+
+Describe the vulnerability.
+
+If you have a fix, that is most welcome -- please attach or summarize it in your message!
+
+We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
+
+Please do not disclose the vulnerability publicly until a fix is released!
+
+Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.

dev/.env

@@ -0,0 +1,4 @@
+DOCKER_IMAGE_SESSION_SERVICE=cbioportal/session-service:0.6.1
+DOCKER_IMAGE_MYSQL=mysql:8.1.0
+DOCKER_IMAGE_KEYCLOAK=quay.io/keycloak/keycloak:23.0
+DOCKER_IMAGE_MONGODB=mongo:4.2

dev/README.md

@@ -0,0 +1,58 @@
+# Tools for development
+
+In this folder is some additional configuration that can be useful for local development. None of this should be deployed directly to production
+
+# Set up keycloak for cBioPortal >v6
+
+Requirements:
+- System runs docker (including docker compose)
+
+  1. Run from the root of the repository:
+
+```
+cd dev
+docker compose up -d 
+```
+
+2. (Option 1) Apply SAML2 configuration to _security.properties_ in cBioPortal:
+
+```properties
+authenticate=saml
+spring.security.saml2.relyingparty.registration.keycloak.assertingparty.metadata-uri=http://localhost:8084/realms/cbio/protocol/saml/descriptor
+spring.security.saml2.relyingparty.registration.keycloak.assertingparty.entity-id=http://localhost:8084/realms/cbio
+spring.security.saml2.relyingparty.registration.keycloak.entity-id=cbioportal
+spring.security.saml2.relyingparty.registration.keycloak.signing.credentials[0].certificate-location=classpath:/dev/security/signing-cert.pem
+spring.security.saml2.relyingparty.registration.keycloak.signing.credentials[0].private-key-location=classpath:/dev/security/signing-key.pem
+```
+
+3. (Option 2) Apply OIDC configuration to _security.properties_ in cBioPortal:
+
+```properties
+authenticate=oauth2
+spring.security.oauth2.client.registration.keycloak.redirect-uri=http://localhost:8080/login/oauth2/code/keycloak
+spring.security.oauth2.client.registration.keycloak.client-name=cbioportal_oauth2
+spring.security.oauth2.client.registration.keycloak.client-id=cbioportal_oauth2
+spring.security.oauth2.client.registration.keycloak.client-secret=client_secret
+spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.keycloak.client-authentication-method=client_secret_post
+spring.security.oauth2.client.registration.keycloak.scope=openid,email,roles
+spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8084/realms/cbio
+spring.security.oauth2.client.provider.keycloak.user-name-attribute=email
+```
+
+4. Set the following in _application.properties_:
+
+```properties
+persistence.cache_type=no-cache
+session.service.url=http://localhost:5000/api/sessions/my_portal/
+
+spring.datasource.url=jdbc:mysql://localhost:3306/cbioportal?useSSL=false&allowPublicKeyRetrieval=true
+spring.datasource.username=cbio_user
+spring.datasource.password=somepassword
+spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
+spring.datasource.driver-class-name=com.mysql.jdbc.Driver
+```
+
+4. Start cBioPortal application on port 8080. The login credentials are `testuser:P@assword1`.
+
+⚠️ Warning: Do not use this directly for production use as it takes several shortcuts to get a quick keycloak instance up.

dev/docker-compose.yml

@@ -0,0 +1,57 @@
+version: '3'
+
+services:
+  cbioportal-database:
+    restart: unless-stopped
+    image: ${DOCKER_IMAGE_MYSQL}
+    container_name: cbioportal-database
+    environment:
+      MYSQL_DATABASE: cbioportal
+      MYSQL_USER: cbio_user
+      MYSQL_PASSWORD: somepassword
+      MYSQL_ROOT_PASSWORD: somepassword
+    volumes:
+      - $PWD/../src/main/resources/db-scripts/cgds.sql:/docker-entrypoint-initdb.d/cgds.sql:ro
+      - $PWD/../src/test/resources/seed_mini.sql:/docker-entrypoint-initdb.d/seed.sql:ro
+    ports:
+      - 3306:3306
+  cbioportal-session:
+    restart: unless-stopped
+    image: ${DOCKER_IMAGE_SESSION_SERVICE}
+    container_name: cbioportal-session
+    environment:
+      SERVER_PORT: 5000
+      JAVA_OPTS: -Dspring.data.mongodb.uri=mongodb://cbioportal-session-database:27017/session-service
+    depends_on:
+      - cbioportal-session-database
+    ports:
+      - 5000:5000
+    networks:
+      - cbio-net
+  cbioportal-session-database:
+    restart: unless-stopped
+    image: ${DOCKER_IMAGE_MONGODB}
+    container_name: cbioportal-session-database
+    environment:
+      MONGO_INITDB_DATABASE: session-service
+    networks:
+      - cbio-net
+  keycloak:
+    restart: unless-stopped
+    container_name: keycloak
+    image: ${DOCKER_IMAGE_KEYCLOAK}
+    volumes:
+      - $PWD/../src/main/resources/dev/security/keycloak-configuration-generated.json:/opt/keycloak/data/import/realm.json:ro
+    environment:
+      - KC_HOSTNAME=localhost
+      - KC_DB_USERNAME=keycloak
+      - KC_DB_PASSWORD=password
+      - KC_DB_DATABASE=keycloak
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+    ports:
+      - 8084:8080
+    command: start-dev --import-realm
+
+networks:
+  cbio-net:

docker/web-and-data/Dockerfile

@@ -45,15 +45,14 @@ RUN apt-get update; apt-get install -y --no-install-recommends \
 RUN mkdir -p /cbioportal
 
 #Download core files
-RUN wget https://github.com/cBioPortal/cbioportal-core/releases/download/1.0.4/core-1.0.4.jar -P core/ ; cd core ; jar -xf core-1.0.4.jar scripts/ ; chmod -R a+x scripts/ ; cd ..;
+RUN wget https://github.com/cBioPortal/cbioportal-core/releases/download/1.0.6/core-1.0.6.jar -P core/ ; cd core ; jar -xf core-1.0.6.jar scripts/ requirements.txt ; chmod -R a+x scripts/ ; cd ..;
 
 
 COPY --from=build /cbioportal/src/main/resources/db-scripts /cbioportal/db-scripts
-COPY --from=build /cbioportal/requirements.txt /cbioportal/requirements.txt
 
 # install build and runtime dependencies
 # ignore update failure980[1298[01 w2308s
-RUN  pip3 install -r /cbioportal/requirements.txt
+RUN  pip3 install -r /core/requirements.txt
 
 # add importer scripts to PATH for easy running in containers
 RUN find /core/scripts/ -type f -executable \! -name '*.pl' -print0 | xargs -0 -- ln -st /usr/local/bin
@@ -75,4 +74,4 @@ COPY --from=build ${DEPENDENCY}/BOOT-INF/classes             $PORTAL_WEB_HOME/
 # add entrypoint
 COPY --from=build /cbioportal/docker/web-and-data/docker-entrypoint.sh /usr/local/bin/
 ENTRYPOINT ["docker-entrypoint.sh"]
-CMD ["sh", "-c", "java $(echo $JAVA_OPTS) -cp /cbioportal-webapp:/cbioportal-webapp/lib/* org.cbioportal.PortalApplication $(echo $WEBAPP_OPTS)"]
+CMD ["sh", "-c", "java $(echo $JAVA_OPTS) -cp /cbioportal-webapp:/cbioportal-webapp/lib/* org.cbioportal.PortalApplication $(echo $WEBAPP_OPTS)"]