feat: a new configuration 'allow-login' to turn off login function

eclipse-jifa · Mar 9, 2024 · 609ddc1 · 609ddc1
1 parent e03e14b
commit 609ddc1
Show file tree

Hide file tree

Showing 10 changed files with 108 additions and 40 deletions.
diff --git a/frontend/src/components/layouts/Header.vue b/frontend/src/components/layouts/Header.vue
@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2023 Contributors to the Eclipse Foundation
+    Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
 
     See the NOTICE file(s) distributed with this work for additional
     information regarding copyright ownership.
@@ -60,34 +60,36 @@ const { toolbar } = useHeaderToolbar();
       </div>
 
       <div class="right-side">
-        <el-popover
-          placement="bottom"
-          :show-arrow="false"
-          :popper-style="{ 'min-width': '90px', width: '90px', padding: '5px 0' }"
-          v-if="env.loggedIn"
-        >
-          <template #reference>
-            <el-text style="cursor: pointer">{{ env.user?.name }}</el-text>
-          </template>
-          <template #default>
-            <div class="popover-item" @click="env.logout()">
-              <Logout :size="18" style="margin-right: 5px; height: 18px" />
-              {{ t('header.logout') }}
-            </div>
-          </template>
-        </el-popover>
-
-        <el-button
-          link
-          tag="a"
-          class="ej-header-button"
-          @click="env.loginFormVisible = true"
-          v-else
-        >
-          {{ t('header.login') }}
-        </el-button>
-
-        <el-divider direction="vertical" />
+        <template v-if="env.allowLogin">
+          <el-popover
+            placement="bottom"
+            :show-arrow="false"
+            :popper-style="{ 'min-width': '90px', width: '90px', padding: '5px 0' }"
+            v-if="env.loggedIn"
+          >
+            <template #reference>
+              <el-text style="cursor: pointer">{{ env.user?.name }}</el-text>
+            </template>
+            <template #default>
+              <div class="popover-item" @click="env.logout()">
+                <Logout :size="18" style="margin-right: 5px; height: 18px" />
+                {{ t('header.logout') }}
+              </div>
+            </template>
+          </el-popover>
+
+          <el-button
+            link
+            tag="a"
+            class="ej-header-button"
+            @click="env.loginFormVisible = true"
+            v-else
+          >
+            {{ t('header.login') }}
+          </el-button>
+
+          <el-divider direction="vertical" />
+        </template>
 
         <el-popover
           placement="bottom"

diff --git a/frontend/src/stores/env.ts b/frontend/src/stores/env.ts
@@ -29,6 +29,7 @@ export interface PublicKey {
 }
 
 export interface HandshakeResponse {
+  allowLogin: boolean;
   allowAnonymousAccess: boolean;
   allowRegistration: boolean;
   publicKey: PublicKey;
@@ -50,6 +51,7 @@ function goHome() {
 
 export const useEnv = defineStore('env', {
   state: () => ({
+    allowLogin: false,
     allowAnonymousAccess: false,
     allowRegistration: false,
     oauth2LoginLinks: null as object | null,
@@ -82,6 +84,7 @@ export const useEnv = defineStore('env', {
     },
 
     handleHandshakeData(data: HandshakeResponse) {
+      this.allowLogin = data.allowLogin;
       this.allowAnonymousAccess = data.allowAnonymousAccess;
       this.allowRegistration = data.allowRegistration;
       this.oauth2LoginLinks = data.oauth2LoginLinks;

diff --git a/server/src/main/java/org/eclipse/jifa/server/Configuration.java b/server/src/main/java/org/eclipse/jifa/server/Configuration.java
@@ -19,7 +19,6 @@
 import lombok.Getter;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
 import org.eclipse.jifa.common.util.Validate;
 import org.eclipse.jifa.server.enums.FileTransferMethod;
 import org.eclipse.jifa.server.enums.Role;
@@ -116,14 +115,19 @@ public class Configuration {
     private int elasticWorkerIdleThreshold = 5;
 
     /**
-     * Whether to allow anonymous access, default is true
+     * Whether to allow login, false by default
+     */
+    private boolean allowLogin = false;
+
+    /**
+     * Whether to allow anonymous access, true by default
      */
     private boolean allowAnonymousAccess = true;
 
     /**
-     * Whether to allow registration, default is true
+     * Whether to allow registration, false by default
      */
-    private boolean allowRegistration = true;
+    private boolean allowRegistration = false;
 
     /**
      * default admin username
@@ -172,5 +176,16 @@ private void init() {
                 Validate.isTrue(Files.isDirectory(storagePath), "jifa.storage-path must be a directory");
             }
         }
+
+        if (!allowLogin) {
+            if (!allowAnonymousAccess) {
+                allowAnonymousAccess = true;
+                log.debug("Set jifa.allow-anonymous-access to true because jifa.allow-login is disabled");
+            }
+            if (allowRegistration) {
+                allowRegistration = false;
+                log.debug("Set jifa.registration to true because jifa.allow-login is disabled");
+            }
+        }
     }
 }
diff --git a/server/src/main/java/org/eclipse/jifa/server/controller/AnalysisApiStompController.java b/server/src/main/java/org/eclipse/jifa/server/controller/AnalysisApiStompController.java
@@ -1,5 +1,5 @@
 /********************************************************************************
- * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -59,6 +59,7 @@ public AnalysisApiStompController(AnalysisApiService apiService) {
                   @Header(name = Constant.STOMP_ANALYSIS_API_REQUEST_ID_KEY, required = false, defaultValue = "") String requestId,
                   Message<byte[]> message) {
         StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
+        assert accessor != null;
         JifaAuthenticationToken token = (JifaAuthenticationToken) accessor.getUser();
         SecurityContextHolder.getContext().setAuthentication(token != null ? token : ANONYMOUS);
 

diff --git a/server/src/main/java/org/eclipse/jifa/server/controller/HandshakeController.java b/server/src/main/java/org/eclipse/jifa/server/controller/HandshakeController.java
@@ -22,9 +22,11 @@
 import org.eclipse.jifa.server.service.UserService;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -61,10 +63,11 @@ public HandshakeResponse handshake() {
         UserEntity userEntity = userService.getCurrentUser();
         User user = userEntity == null ? null : new User(userEntity.getName(), userEntity.isAdmin());
         return new HandshakeResponse(getRole(),
+                                     config.isAllowLogin(),
+                                     config.isAllowLogin() ? oauth2LoginLinks : Collections.emptyMap(),
                                      config.isAllowAnonymousAccess(),
                                      config.isAllowRegistration(),
                                      cipherService.getPublicKeyString(),
-                                     oauth2LoginLinks,
                                      config.getDisabledFileTransferMethods(),
                                      user);
     }

diff --git a/server/src/main/java/org/eclipse/jifa/server/controller/UserController.java b/server/src/main/java/org/eclipse/jifa/server/controller/UserController.java
@@ -1,5 +1,5 @@
 /********************************************************************************
- * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -38,6 +38,10 @@ public UserController(UserService userService) {
 
     @PostMapping(value = HTTP_LOGIN_MAPPING)
     public void login(@RequestBody LoginRequest request, HttpServletResponse response) throws InterruptedException {
+        if (!config.isAllowLogin()) {
+            response.setStatus(HttpStatus.NOT_FOUND.value());
+            return;
+        }
         response.addHeader(HttpHeaders.AUTHORIZATION, userService.login(request.username, request.password).getToken());
     }
 

diff --git a/server/src/main/java/org/eclipse/jifa/server/domain/dto/HandshakeResponse.java b/server/src/main/java/org/eclipse/jifa/server/domain/dto/HandshakeResponse.java
@@ -19,10 +19,11 @@
 import java.util.Set;
 
 public record HandshakeResponse(Role serverRole,
+                                boolean allowLogin,
+                                Map<String, String> oauth2LoginLinks,
                                 boolean allowAnonymousAccess,
                                 boolean allowRegistration,
                                 PublicKey publicKey,
-                                Map<String, String> oauth2LoginLinks,
                                 Set<FileTransferMethod> disabledFileTransferMethods,
                                 User user) {
 }
diff --git a/server/src/main/java/org/eclipse/jifa/server/service/impl/UserServiceImpl.java b/server/src/main/java/org/eclipse/jifa/server/service/impl/UserServiceImpl.java
@@ -40,7 +40,6 @@
 
 import static org.eclipse.jifa.common.domain.exception.CommonException.CE;
 import static org.eclipse.jifa.server.enums.ServerErrorCode.INCORRECT_PASSWORD;
-import static org.eclipse.jifa.server.enums.ServerErrorCode.UNSUPPORTED_NAMESPACE;
 import static org.eclipse.jifa.server.enums.ServerErrorCode.USERNAME_EXISTS;
 import static org.eclipse.jifa.server.enums.ServerErrorCode.USER_NOT_FOUND;
 
@@ -144,6 +143,10 @@ public JifaAuthenticationToken register(String name, String username, String pas
 
     @Override
     public Long getCurrentUserId() {
+        if (!config.isAllowLogin()) {
+            return null;
+        }
+
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication instanceof JifaAuthenticationToken token) {
             return token.getUserId();
@@ -158,6 +161,10 @@ public Long getCurrentUserId() {
 
     @Override
     public boolean isCurrentUserAdmin() {
+        if (!config.isAllowLogin()) {
+            return false;
+        }
+
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication instanceof JifaAuthenticationToken token) {
             return token.isAdmin();
@@ -172,6 +179,10 @@ public boolean isCurrentUserAdmin() {
 
     @Override
     public String getCurrentUserJwtTokenOrNull() {
+        if (!config.isAllowLogin()) {
+            return null;
+        }
+
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication == null) {
             return null;
@@ -190,6 +201,10 @@ public String getCurrentUserJwtTokenOrNull() {
 
     @Override
     public UserEntity getCurrentUser() {
+        if (!config.isAllowLogin()) {
+            return null;
+        }
+
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication instanceof JifaAuthenticationToken token) {
             return userRepo.findById(token.getUserId()).orElseThrow(() -> CE(USER_NOT_FOUND));
@@ -204,6 +219,10 @@ public UserEntity getCurrentUser() {
 
     @Override
     public UserEntity getCurrentUserRef() {
+        if (!config.isAllowLogin()) {
+            return null;
+        }
+
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication instanceof JifaAuthenticationToken token) {
             return userRepo.getReferenceById(token.getUserId());

diff --git a/site/docs/guide/configuration.md b/site/docs/guide/configuration.md
@@ -119,6 +119,16 @@ Type: int
 
 Default: 5
 
+## allow-login
+
+Whether to allow login.
+
+When it is false, allow-anonymous-access will be set to true and allow-registration will be set to false automatically.
+
+Type: boolean
+
+Default: false
+
 ## allow-anonymous-access
 
 Whether to allow anonymous user access.
@@ -133,7 +143,7 @@ Whether to allow the registration of new users.
 
 Type: boolean
 
-Default: true
+Default: false
 
 ## admin-username
 

diff --git a/site/docs/zh/guide/configuration.md b/site/docs/zh/guide/configuration.md
@@ -117,6 +117,16 @@
 
 默认值：5
 
+## allow-login
+
+是否允许登陆。
+
+当其值为 false 时，allow-anonymous-access 将被设置为 true，allow-registration 将被设置为 false。
+
+Type: boolean
+
+Default: false
+
 ## allow-anonymous-access
 
 是否允许匿名用户访问。
@@ -131,7 +141,7 @@
 
 类型：boolean
 
-默认值：true
+默认值：false
 
 ## admin-username