Merge pull request #1410 from phac-nml/hotfix/remote-api-refresh-toke…

…n-syncing HOTFIX: 22.09.3 Remote Project Syncing Issues
phac-nml · Nov 10, 2022 · b4f1c7b · b4f1c7b
2 parents b8ada8b + 6acfdec
commit b4f1c7b
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,9 @@
 
 # Changelog
 
+## [22.09.3] - 2022/11/10
+* [REST]: Fixed remote project syncing issues, caused by invalid refresh tokens, invalid status updates, and bad error handling of unauthorized tokens. Also fixed issue with project owners not being to able see remote settings menu or delete menu. See [PR 1410](https://github.com/phac-nml/irida/pull/1410)
+
 ## [22.09.2] - 2022/11/04
 * [UI]: Fixed bug causing associated project samples to be added to the cart with the wrong project identifier. See [PR 1395](https://github.com/phac-nml/irida/pull/1395)
 * [UI]: Fixed bug preventing the removal of locked samples within a project. See [PR 1396](https://github.com/phac-nml/irida/pull/1396)
@@ -141,6 +144,7 @@
 
 ## [...previous](https://github.com/phac-nml/irida/blob/21.09.2/CHANGELOG.md)
 
+[22.09.3]: https://github.com/phac-nml/irida/compare/22.09.2...22.09.3
 [22.09.2]: https://github.com/phac-nml/irida/compare/22.09.1...22.09.2
 [22.09.1]: https://github.com/phac-nml/irida/compare/22.09...22.09.1
 [22.09]: https://github.com/phac-nml/irida/compare/22.05.5...22.09

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -14,7 +14,7 @@ plugins {
 }
 
 group = "ca.corefacility.bioinformatics"
-version = "22.09.2"
+version = "22.09.3"
 description = "irida"
 
 java {
@@ -170,7 +170,7 @@ dependencies {
     implementation("org.pf4j:pf4j:2.4.0")
     implementation("org.biojava:biojava3-core:3.0")
     implementation("com.google.code.gson:gson")
-    implementation("com.github.pjfanning:excel-streaming-reader:4.0.1")
+    implementation("com.github.pjfanning:excel-streaming-reader:4.0.4")
     implementation("org.springdoc:springdoc-openapi-webmvc-core:1.6.11") {
         exclude(group = "jakarta.xml.bind", module = "jakarta.xml.bind-api")
         exclude(group = "jakarta.validation", module = "jakarta.validation-api")

diff --git a/...n/java/ca/corefacility/bioinformatics/irida/config/security/IridaOauthSecurityConfig.java b/...n/java/ca/corefacility/bioinformatics/irida/config/security/IridaOauthSecurityConfig.java
@@ -252,7 +252,7 @@ public String encode(CharSequence rawPassword) {
 		public OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
 			return context -> {
 				Set<AuthorizationGrantType> grantTypes = Set.of(AuthorizationGrantType.AUTHORIZATION_CODE,
-						AuthorizationGrantType.PASSWORD);
+						AuthorizationGrantType.REFRESH_TOKEN, AuthorizationGrantType.PASSWORD);
 				if (grantTypes.contains(context.getAuthorizationGrantType())
 						&& OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
 					Authentication principal = context.getPrincipal();

diff --git a/...a/ca/corefacility/bioinformatics/irida/repositories/remote/impl/RemoteRepositoryImpl.java b/...a/ca/corefacility/bioinformatics/irida/repositories/remote/impl/RemoteRepositoryImpl.java
@@ -20,6 +20,7 @@
 import ca.corefacility.bioinformatics.irida.model.user.User;
 import ca.corefacility.bioinformatics.irida.repositories.remote.RemoteRepository;
 import ca.corefacility.bioinformatics.irida.repositories.remote.resttemplate.OAuthTokenRestTemplate;
+import ca.corefacility.bioinformatics.irida.security.ProjectSynchronizationAuthenticationToken;
 import ca.corefacility.bioinformatics.irida.service.RemoteAPITokenService;
 import ca.corefacility.bioinformatics.irida.service.user.UserService;
 
@@ -113,7 +114,8 @@ protected <T extends IridaRepresentationModel> T setRemoteStatus(T entity, Remot
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		RemoteStatus remoteStatus = new RemoteStatus(selfHref, api);
 
-		if (authentication instanceof UsernamePasswordAuthenticationToken) {
+		if (authentication instanceof UsernamePasswordAuthenticationToken
+				|| authentication instanceof ProjectSynchronizationAuthenticationToken) {
 			remoteStatus.setReadBy((User) authentication.getPrincipal());
 		} else if (authentication instanceof JwtAuthenticationToken) {
 			User user = userService.getUserByUsername(authentication.getName());

diff --git a/...acility/bioinformatics/irida/repositories/remote/resttemplate/IridaOAuthErrorHandler.java b/...acility/bioinformatics/irida/repositories/remote/resttemplate/IridaOAuthErrorHandler.java
@@ -12,19 +12,16 @@
 import ca.corefacility.bioinformatics.irida.model.RemoteAPI;
 
 /**
- * Error handler for use in {@link OAuthTokenRestTemplate}. Catches HTTP
- * UNAUTHORIZED (401) errors to translate to IridaOAuthExceptions
- * 
- *
+ * Error handler for use in {@link OAuthTokenRestTemplate}. Catches HTTP UNAUTHORIZED (401) and FORBIDDEN (403) errors
+ * to translate to IridaOAuthExceptions
  */
 public class IridaOAuthErrorHandler extends DefaultResponseErrorHandler {
 	private static final Logger logger = LoggerFactory.getLogger(IridaOAuthErrorHandler.class);
 
 	private RemoteAPI remoteAPI;
 
 	/**
-	 * Overriding this method to throw a {@link IridaOAuthException} in case of
-	 * an HTTP UNAUTHORIZED response.
+	 * Overriding this method to throw a {@link IridaOAuthException} in case of an HTTP UNAUTHORIZED response.
 	 */
 	@Override
 	public void handleError(ClientHttpResponse response) throws IOException {
@@ -35,6 +32,9 @@ public void handleError(ClientHttpResponse response) throws IOException {
 		case UNAUTHORIZED:
 			logger.trace("Throwing new IridaOAuthException for this error");
 			throw new IridaOAuthException("User is unauthorized for this service", remoteAPI);
+		case FORBIDDEN:
+			logger.trace("Throwing new IridaOAuthException for this error");
+			throw new IridaOAuthException("User is unauthorized for this service", remoteAPI);
 		default:
 			logger.trace("Passing error to superclass");
 			super.handleError(response);
@@ -44,8 +44,7 @@ public void handleError(ClientHttpResponse response) throws IOException {
 	/**
 	 * Set the {@link RemoteAPI} to return to the caller if an error occurs
 	 * 
-	 * @param remoteAPI
-	 *            the {@link RemoteAPI} to include in the exception.
+	 * @param remoteAPI the {@link RemoteAPI} to include in the exception.
 	 */
 	public void setRemoteAPI(RemoteAPI remoteAPI) {
 		this.remoteAPI = remoteAPI;

diff --git a/src/main/webapp/resources/js/pages/projects/settings/index.js b/src/main/webapp/resources/js/pages/projects/settings/index.js
@@ -123,8 +123,8 @@ const ProjectSettings = () => {
       <Sider width={200} style={{ backgroundColor: grey1 }}>
         <SettingsNav
           basePath={basePath}
-          canManage={project.canManage}
-          showRemote={project.canManage && project.remote}
+          canManage={project.canManage || project.canManageRemote}
+          showRemote={project.canManageRemote && project.remote}
         />
       </Sider>
       <Layout>