Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DHIS2-18837: add headers and query params auth schemes to Route API #19804

Merged
merged 4 commits into from
Feb 3, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
/*
* Copyright (c) 2004-2025, University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* Neither the name of the HISP project nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.hisp.dhis.common.auth;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.AbstractMap;
import java.util.HashMap;
import java.util.Map;
import java.util.function.UnaryOperator;
import java.util.stream.Collectors;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.experimental.Accessors;
import org.springframework.util.MultiValueMap;

@Getter
@Setter
@EqualsAndHashCode(callSuper = true)
@Accessors(chain = true)
public class ApiHeadersAuthScheme extends AuthScheme {
public static final String API_HEADERS_TYPE = "api-headers";

@JsonProperty(required = true)
private Map<String, String> headers = new HashMap<>();

public ApiHeadersAuthScheme() {
super(API_HEADERS_TYPE);
}

@Override
public void apply(
MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
for (Map.Entry<String, String> header : this.headers.entrySet()) {
headers.set(header.getKey(), header.getValue());
}
}

@Override
public ApiHeadersAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
Map<String, String> encryptedHeaders =
headers.entrySet().stream()
.map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), encryptFunc.apply(e.getValue())))
.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
return copy(encryptedHeaders);
}

@Override
public ApiHeadersAuthScheme decrypt(UnaryOperator<String> decryptFunc) {
Map<String, String> encryptedHeaders =
headers.entrySet().stream()
.map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), decryptFunc.apply(e.getValue())))
.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
return copy(encryptedHeaders);
}

protected ApiHeadersAuthScheme copy(Map<String, String> headers) {
ApiHeadersAuthScheme apiHeadersAuth = new ApiHeadersAuthScheme();
apiHeadersAuth.setHeaders(headers);

return apiHeadersAuth;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
/*
* Copyright (c) 2004-2025, University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* Neither the name of the HISP project nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.hisp.dhis.common.auth;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.AbstractMap;
import java.util.HashMap;
import java.util.Map;
import java.util.function.UnaryOperator;
import java.util.stream.Collectors;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.experimental.Accessors;
import org.springframework.util.MultiValueMap;

@Getter
@Setter
@EqualsAndHashCode(callSuper = true)
@Accessors(chain = true)
public class ApiQueryParamsAuthScheme extends AuthScheme {
public static final String API_QUERY_PARAMS_TYPE = "api-query-params";

@JsonProperty(required = true)
private Map<String, String> queryParams = new HashMap<>();

public ApiQueryParamsAuthScheme() {
super(API_QUERY_PARAMS_TYPE);
}

@Override
public void apply(
MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
for (Map.Entry<String, String> queryParam : this.queryParams.entrySet()) {
queryParams.set(queryParam.getKey(), queryParam.getValue());
}
}

@Override
public ApiQueryParamsAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
Map<String, String> encryptedQueryParams =
queryParams.entrySet().stream()
.map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), encryptFunc.apply(e.getValue())))
.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
return copy(encryptedQueryParams);
}

@Override
public ApiQueryParamsAuthScheme decrypt(UnaryOperator<String> decryptFunc) {
Map<String, String> encryptedQueryParams =
queryParams.entrySet().stream()
.map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), decryptFunc.apply(e.getValue())))
.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
return copy(encryptedQueryParams);
}

protected ApiQueryParamsAuthScheme copy(Map<String, String> queryParams) {
ApiQueryParamsAuthScheme apiQueryParamsAuth = new ApiQueryParamsAuthScheme();
apiQueryParamsAuth.setQueryParams(queryParams);

return apiQueryParamsAuth;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
package org.hisp.dhis.common.auth;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.function.UnaryOperator;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
Expand All @@ -45,22 +46,40 @@
@Setter
@EqualsAndHashCode(callSuper = true)
@Accessors(chain = true)
public class ApiTokenAuth extends Auth {
public static final String TYPE = "api-token";
public class ApiTokenAuthScheme extends AuthScheme {
public static final String API_TOKEN_TYPE = "api-token";

@JsonProperty(required = true)
private String token;

public ApiTokenAuth() {
super(TYPE);
public ApiTokenAuthScheme() {
super(API_TOKEN_TYPE);
}

@Override
public void apply(MultiValueMap<String, String> headers) {
public void apply(
MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
if (!StringUtils.hasText(token)) {
return;
}

headers.set("Authorization", "ApiToken " + token);
}

@Override
public ApiTokenAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
return copy(encryptFunc.apply(token));
}

@Override
public AuthScheme decrypt(UnaryOperator<String> decryptFunc) {
return copy(decryptFunc.apply(token));
}

protected ApiTokenAuthScheme copy(String token) {
ApiTokenAuthScheme newApiTokenAuth = new ApiTokenAuthScheme();
newApiTokenAuth.setToken(token);

return newApiTokenAuth;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import com.fasterxml.jackson.annotation.JsonSubTypes;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.io.Serializable;
import java.util.function.UnaryOperator;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
Expand All @@ -50,16 +51,23 @@
include = JsonTypeInfo.As.EXISTING_PROPERTY,
property = "type")
@JsonSubTypes({
@JsonSubTypes.Type(value = HttpBasicAuth.class, name = "http-basic"),
@JsonSubTypes.Type(value = ApiTokenAuth.class, name = "api-token")
@JsonSubTypes.Type(value = HttpBasicAuthScheme.class, name = "http-basic"),
@JsonSubTypes.Type(value = ApiTokenAuthScheme.class, name = "api-token"),
@JsonSubTypes.Type(value = ApiHeadersAuthScheme.class, name = "api-headers"),
@JsonSubTypes.Type(value = ApiQueryParamsAuthScheme.class, name = "api-query-params")
})
public abstract class Auth implements Serializable {
public abstract class AuthScheme implements Serializable {
@JsonProperty protected final String type;

@JsonCreator
protected Auth(@JsonProperty("type") String type) {
protected AuthScheme(@JsonProperty("type") String type) {
this.type = type;
}

public abstract void apply(MultiValueMap<String, String> headers);
public abstract void apply(
MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams);

public abstract AuthScheme encrypt(UnaryOperator<String> encryptFunc);

public abstract AuthScheme decrypt(UnaryOperator<String> decryptFunc);
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
/*
* Copyright (c) 2004-2023, University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* Neither the name of the HISP project nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.hisp.dhis.common.auth;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Base64;
import java.util.function.UnaryOperator;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.experimental.Accessors;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/**
* @author Morten Olav Hansen
*/
@Getter
@Setter
@EqualsAndHashCode(callSuper = true)
@Accessors(chain = true)
public class HttpBasicAuthScheme extends AuthScheme {
public static final String HTTP_BASIC_TYPE = "http-basic";

@JsonProperty(required = true)
private String username;

@JsonProperty(required = true)
private String password;

public HttpBasicAuthScheme() {
super(HTTP_BASIC_TYPE);
}

@Override
public void apply(
MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
if (!(StringUtils.hasText(username) && StringUtils.hasText(password))) {
return;
}

headers.add("Authorization", getBasicAuth(username, password));
}

@Override
public HttpBasicAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
return copy(encryptFunc.apply(password));
}

@Override
public HttpBasicAuthScheme decrypt(UnaryOperator<String> decryptFunc) {
return copy(decryptFunc.apply(password));
}

protected HttpBasicAuthScheme copy(String password) {
HttpBasicAuthScheme newHttpBasicAuth = new HttpBasicAuthScheme();
newHttpBasicAuth.setUsername(username);
newHttpBasicAuth.setPassword(password);

return newHttpBasicAuth;
}

private String getBasicAuth(String username, String password) {
String string = String.format("%s:%s", username, password);
return "Basic " + Base64.getEncoder().encodeToString(string.getBytes());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
import lombok.Setter;
import lombok.experimental.Accessors;
import org.hisp.dhis.common.CodeGenerator;
import org.hisp.dhis.common.auth.Auth;
import org.hisp.dhis.common.auth.AuthScheme;
import org.hisp.dhis.eventhook.Target;

/**
Expand All @@ -59,7 +59,7 @@ public class WebhookTarget extends Target {

@JsonProperty private Map<String, String> headers = new HashMap<>();

@JsonProperty private Auth auth;
@JsonProperty private AuthScheme auth;

public WebhookTarget() {
super(TYPE);
Expand Down
Loading