Merge branch 'release/21.0.0'

.github/workflows/build.yml

@@ -0,0 +1,36 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build sonarqube --info

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+21.0.0 (02-03-2020)
+===================
+
+OSF CAS third release with web flow updates, institution SSO, and FE rework
+
+* Login and logout web flow fixes and improvements
+* Fully functional institution SSO, BE and FE
+* FE rework and UI / UX improvements
+
+Extra features
+
+* Institution SSO migration
+* TOS consent check
+* SonarQube integraiton
+
 20.1.0 (11-05-2020)
 ===================
 

Dockerfile-local

@@ -13,12 +13,13 @@ RUN mkdir -p ~/.gradle \
     && ./gradlew --version;
 
 RUN cd cas-overlay && ./gradlew clean build --parallel --no-daemon;
-# The build process above in docker may takes a long time depending on your local resources. This OK if you only use
+# The build process above in docker may take a long time depending on your local resources. This OK if you only use
 # CAS by building it once. For local development, building in local shell or with your IDE such as IntelliJ is much
-# faster. Afterwards, simply comment out the above "RUN" command and enable the following "COPY" one. In fact, this
-# stage can be skipped if you have the WAR built locally. Just need run the second stage with a modified WAR source.
+# faster. Afterwards, simply comment out the above "RUN" command above and enable the "COPY" one below.
 # COPY ./build cas-overlay/build/
 
+# In fact, the above "overlay" stage can be skipped if you have the WAR built locally. Simply run this second stage
+# "cas" with a modified WAR source.
 FROM adoptopenjdk/openjdk11:alpine-jre AS cas
 
 LABEL "Organization"="Center for Open Science"
@@ -33,9 +34,9 @@ RUN cd / \
 COPY etc/cas/ /etc/cas/
 
 COPY etc/cas/config/ /etc/cas/config/
-# Use "cas-local.properties" and "log4j2-local.xml" for local development
-RUN rm etc/cas/config/cas.properties
+# Use "cas-local.properties", "instn-authn-local.xsl" and "log4j2-local.xml" for local development
 COPY etc/cas/config/local/cas-local.properties etc/cas/config/cas.properties
+COPY etc/cas/config/local/instn-authn-local.xsl etc/cas/config/instn-authn.xsl
 COPY etc/cas/config/local/log4j2-local.xml etc/cas/config/log4j2.xml
 RUN rm -r etc/cas/config/local
 

build.gradle

@@ -23,6 +23,7 @@ buildscript {
         classpath "gradle.plugin.com.google.cloud.tools:jib-gradle-plugin:${project.jibVersion}"
         classpath "io.freefair.gradle:maven-plugin:${project.gradleMavenPluginVersion}"
         classpath "io.freefair.gradle:lombok-plugin:${project.gradleLombokPluginVersion}"
+        classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.1.1"
     }
 }
 
@@ -58,8 +59,13 @@ def casWebApplicationBinaryName = "cas.war"
 project.ext."casServerVersion" = casServerVersion
 project.ext."casWebApplicationBinaryName" = casWebApplicationBinaryName
 
+apply plugin: "war"
 apply plugin: "io.freefair.war-overlay"
 
+apply from: rootProject.file("gradle/tasks.gradle")
+apply from: rootProject.file("gradle/springboot.gradle")
+apply from: rootProject.file("gradle/dockerjib.gradle")
+
 apply plugin: "io.freefair.lombok"
 lombok {
     config["config.stopBubbling"] = "true"
@@ -70,14 +76,30 @@ lombok {
     config["lombok.toString.doNotUseGetters"] = "true"
 }
 
-apply from: rootProject.file("gradle/tasks.gradle")
-
-apply plugin: "war"
 apply plugin: "eclipse"
+eclipse {
+    classpath {
+        downloadSources = true
+        downloadJavadoc = true
+    }
+}
+
 apply plugin: "idea"
+idea {
+    module {
+        downloadJavadoc = true
+        downloadSources = true
+    }
+}
 
-apply from: rootProject.file("gradle/springboot.gradle")
-apply from: rootProject.file("gradle/dockerjib.gradle")
+apply plugin: "org.sonarqube"
+sonarqube {
+    properties {
+        property "sonar.projectKey", "CenterForOpenScience_osf-cas"
+        property "sonar.organization", "centerforopenscience"
+        property "sonar.host.url", "https://sonarcloud.io"
+    }
+}
 
 dependencies {
     // Other CAS dependencies/modules may be listed here...
@@ -123,6 +145,12 @@ dependencies {
 
     // Google GSON
     implementation "com.google.code.gson:gson:${gsonVersion}"
+
+    // Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)
+    implementation "com.nimbusds:nimbus-jose-jwt:${nimbusJoseVersion}"
+
+    // Apache HttpComponents Client fluent API
+    implementation "org.apache.httpcomponents:fluent-hc:${fluentHcVersion}"
 }
 
 tasks.findByName("jibDockerBuild")
@@ -146,17 +174,3 @@ configurations.all {
         }
     }
 }
-
-eclipse {
-    classpath {
-       downloadSources = true
-       downloadJavadoc = true
-    }
-}
-
-idea {
-    module {
-        downloadJavadoc = true
-        downloadSources = true
-    }
-}

docker-reload.sh

@@ -1,18 +1,37 @@
-#!/bin/bash
+#!/bin/zsh
 
 # Rebuild locally and replace the WAR
+echo "######## Rebuild & Replace WAR ########"
+echo "./gradlew clean build"
 ./gradlew clean build
+echo "docker cp ./build/libs/cas.war cas:/cas-overlay"
 docker cp ./build/libs/cas.war cas:/cas-overlay
+echo "################# Done ################"
 
 # Sync configuration files
+echo "########## Sync Config Files ##########"
+echo "docker exec -d cas sh -c \"rm -rf /etc/cas/config/*\""
 docker exec -d cas sh -c "rm -rf /etc/cas/config/*"
+echo "docker cp ./etc/cas/config/local/cas-local.properties cas:/etc/cas/config/cas.properties"
 docker cp ./etc/cas/config/local/cas-local.properties cas:/etc/cas/config/cas.properties
+echo "docker cp ./etc/cas/config/local/instn-authn-local.xsl cas:/etc/cas/config/instn-authn.xsl"
+docker cp ./etc/cas/config/local/instn-authn-local.xsl cas:/etc/cas/config/instn-authn.xsl
+echo "docker cp ./etc/cas/config/local/log4j2-local.xml cas:/etc/cas/config/log4j2.xml"
 docker cp ./etc/cas/config/local/log4j2-local.xml cas:/etc/cas/config/log4j2.xml
+echo "################# Done ################"
 
 # Sync JSON registered service files
+echo "####### Sync Service Definition #######"
+echo "docker exec -d cas sh -c \"rm -rf /etc/cas/services/*\""
 docker exec -d cas sh -c "rm -rf /etc/cas/services/*"
+echo "docker cp ./etc/cas/services/local/. cas:/etc/cas/services"
 docker cp ./etc/cas/services/local/. cas:/etc/cas/services
+echo "################# Done ################"
 
 # Restart the container
+echo "########## Restart Container ##########"
+echo "docker restart cas"
 docker restart cas
+echo "docker logs -f --tail 0 cas"
+echo "####### OSF CAS LOG STARTS HERE #######"
 docker logs -f --tail 0 cas

etc/cas/config/cas.properties

@@ -15,12 +15,6 @@ cas.server.prefix=${cas.server.name}
 # Tomcat Server
 #
 cas.server.tomcat.server-name=OSF CAS
-# Enable additional HTTP connections for the embedded Tomcat container (when SSL is enabled by default)
-# cas.server.tomcat.http.port=${TOMCAT_HTTP_PORT:80}
-# cas.server.tomcat.http.protocol=org.apache.coyote.http11.Http11NioProtocol
-# cas.server.tomcat.http.enabled=true
-# cas.server.tomcat.http.attributes=
-# e.g. cas.server.tomcat.http.attributes.{attribute-name}={attributeValue}
 ########################################################################################################################
 
 ########################################################################################################################
@@ -64,6 +58,39 @@ cas.logout.confirm-logout=false
 cas.logout.remove-descendant-tickets=false
 ########################################################################################################################
 
+########################################################################################################################
+# OSF URLs
+########################################################################################################################
+# OSF
+#
+cas.authn.osf-url.home=https://{{ .Values.osfDomain }}/
+cas.authn.osf-url.dashboard=https://{{ .Values.osfDomain }}/dashboard/
+cas.authn.osf-url.login-with-next=https://{{ .Values.osfDomain }}/login?next=
+cas.authn.osf-url.logout=https://{{ .Values.osfDomain }}/logout/
+cas.authn.osf-url.resend-confirmation=https://{{ .Values.osfDomain }}/resend/
+cas.authn.osf-url.forgot-password=https://{{ .Values.osfDomain }}/forgotpassword/
+cas.authn.osf-url.forgot-password-institution=https://{{ .Values.osfDomain }}/forgotpassword-institution/
+cas.authn.osf-url.register=https://{{ .Values.osfDomain }}/register/
+cas.authn.osf-url.institutions-home=https://{{ .Values.osfDomain }}/institutions/
+########################################################################################################################
+
+########################################################################################################################
+# OSF API Settings for Institution Authentication
+########################################################################################################################
+# Authentication Endpoint
+#
+cas.authn.osf-api.instn-authn-endpoint=https://{{ .Values.apiDomain }}/v2/institutions/auth/
+#
+# JWT / JWE secrets for signing and encrypting authentication request payload
+#
+cas.authn.osf-api.instn-authn-jwt-secret=${OSF_JWT_SECRET}
+cas.authn.osf-api.instn-authn-jwe-secret=${OSF_JWE_SECRET}
+#
+# Path of the XSL file for parsing and transforming XML authentication responses
+#
+cas.authn.osf-api.instn-authn-xsl-location=file:/etc/cas/institutions-auth.xsl
+########################################################################################################################
+
 ########################################################################################################################
 # OSF PostgreSQL Authentication
 # See: https://apereo.github.io/cas/6.2.x/installation/Configuring-Custom-Authentication.html
@@ -91,8 +118,6 @@ cas.authn.osf-postgres.jpa.dialect=${OSF_DB_HIBERNATE_DIALECT:io.cos.cas.osf.hib
 cas.jdbc.show-sql=false
 cas.jdbc.gen-ddl=true
 cas.jdbc.case-insensitive=false
-# cas.jdbc.physical-table-names=
-# e.g. cas.jdbc.physical-table-names.{table-name}={new-table-name}
 #
 # General JPA Settings
 #
@@ -204,13 +229,13 @@ cas.authn.pac4j.orcid.callback-url-type=QUERY_PARAMETER
 #
 # Delegation Client: CAS
 #
-cas.authn.pac4j.cas[0].login-url=https://accounts.staging.osf.io/login
-cas.authn.pac4j.cas[0].client-name=stage1cas
+cas.authn.pac4j.cas[0].login-url=https://bprdeis.cord.edu:8443/cas/login
+cas.authn.pac4j.cas[0].client-name=cord
 cas.authn.pac4j.cas[0].protocol=SAML
 cas.authn.pac4j.cas[0].callback-url-type=QUERY_PARAMETER
 #
-cas.authn.pac4j.cas[1].login-url=https://accounts.staging2.osf.io/login
-cas.authn.pac4j.cas[1].client-name=stage2cas
-cas.authn.pac4j.cas[1].protocol=CAS30
+cas.authn.pac4j.cas[1].login-url=https://stwcas.okstate.edu/cas/login
+cas.authn.pac4j.cas[1].client-name=okstate
+cas.authn.pac4j.cas[1].protocol=SAML
 cas.authn.pac4j.cas[1].callback-url-type=QUERY_PARAMETER
 ########################################################################################################################