Changeset 2225

Show
Ignore:
Timestamp:
25-04-12 22:42:52 (2 years ago)
Author:
work@…
Message:

- changed application wide secret into a user specific api key which is automatically generated when a user is created. The key is available in the user's profile or through the user administration pages

Location:
trunk/grails-app
Files:
5 modified

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/domain/dbnp/authentication/SecUser.groovy

    r2086 r2225  
    1010        String userStatus               // shibboleth request header: coin-user-status 
    1111        String email 
     12    String apiKey           // api key for clients using the API 
    1213        Date dateCreated 
     14 
    1315        boolean shibbolethUser = false 
    1416        boolean enabled 
     
    2830                voName nullable: true 
    2931                userStatus nullable: true 
     32        apiKey nullable: true, unique: true 
    3033        } 
    3134 
     
    6063        } 
    6164 
     65    /** 
     66     * Generate a shared secret for this user 
     67     * @void 
     68     */ 
     69    def beforeInsert = { 
     70        // generate an apiKey for this user 
     71        apiKey = UUID.randomUUID().toString() 
     72    } 
     73 
    6274        /** 
    6375         * return the text representation of this user 
  • trunk/grails-app/services/api/ApiService.groovy

    r2224 r2225  
    2525    // inject the module communication service 
    2626    def moduleCommunicationService 
    27  
    28     // the shared secret used to validate api calls 
    29     static final String API_SECRET = "th!s_sH0uld^Pr0bab7y_m0v3_t%_th3_uSeR_d0Ma!n_ins7ead!" 
    3027 
    3128    // transactional 
     
    7269        // disable validation check on development and ci 
    7370        if (['development', 'ci'].contains(grails.util.GrailsUtil.environment)) { 
    74             return true 
     71//            return true 
    7572        } 
    7673 
     
    8582            // generate the validation checksum 
    8683            MessageDigest digest = MessageDigest.getInstance("MD5") 
    87             String validationSum = new BigInteger(1,digest.digest("${token.deviceToken}${token.sequence}${API_SECRET}".getBytes())).toString(16).padLeft(32,"0") 
     84            String validationSum = new BigInteger(1,digest.digest("${token.deviceToken}${token.sequence}${token.user.apiKey}".getBytes())).toString(16).padLeft(32,"0") 
    8885 
    8986            // check if the validation confirms 
  • trunk/grails-app/views/api/index.gsp

    r2214 r2225  
    5555<h2>prerequisites</h2> 
    5656    <li>a valid username / password with role ROLE_CLIENT (see <a href="#authenticate">authenticate</a>)</li> 
    57     <li>a shared secret (used to calculate the validation md5 hash)</li> 
     57    <li>an api key (used to calculate the validation md5 hash. 
     58        <sec:ifLoggedIn> 
     59            Get your api key <g:link controller="userRegistration" action="profile">here</g:link> 
     60        </sec:ifLoggedIn> 
     61        <sec:ifNotLoggedIn> 
     62            Login to get your api key 
     63        </sec:ifNotLoggedIn> 
     64    )</li> 
    5865    <li>a deviceID / clientID (look <a href="https://github.com/4np/UIDevice-with-UniqueIdentifier-for-iOS-5" target="_new">here</a> for iOS)</li> 
    5966 
     
    6673    <li><a href="#getMeasurementDataForAssay">getMeasurementDataForAssay</a> - fetch all measurement data for a given assay</li> 
    6774 
     75<h2>SDK packages</h2> 
     76    <li><a href="https://github.com/4np/gscf4php" target="_new">PHP</a> - Object Oriented SDK for interacting with GSCF</li> 
     77 
    6878<a name="authenticate"></a> 
    6979<h1>authenticate</h1> 
     
    8999<p> 
    90100    Every subsequent request the client does, needs to contain the validation MD5 hash, which is a MD5 sum of the concatenation of the device token, 
    91     the request sequence and a shared secret (e.g. <i>md5sum( token + sequence + shared secret )</i> ).<br/> 
     101    the request sequence and the api key (e.g. <i>md5sum( token + sequence + api key )</i> ).<br/> 
    92102    <i>Note that in order to be able to successfully authenticate or use the API in general, the user should have the ROLE_CLIENT assigned!</i> 
    93103 
     
    172182            <td>string</td> 
    173183            <td>-</td> 
    174             <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td> 
     184            <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td> 
    175185            <td>9ae87836d38d4b86be6aeff93f2b049a</td> 
    176186            <td>yes</td> 
     
    212222            <td>string</td> 
    213223            <td>-</td> 
    214             <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td> 
     224            <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td> 
    215225            <td>9ae87836d38d4b86be6aeff93f2b049a</td> 
    216226            <td>yes</td> 
     
    260270            <td>string</td> 
    261271            <td>-</td> 
    262             <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td> 
     272            <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td> 
    263273            <td>9ae87836d38d4b86be6aeff93f2b049a</td> 
    264274            <td>yes</td> 
     
    308318        <td>string</td> 
    309319        <td>-</td> 
    310         <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td> 
     320        <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td> 
    311321        <td>9ae87836d38d4b86be6aeff93f2b049a</td> 
    312322        <td>yes</td> 
     
    516526        <td>string</td> 
    517527        <td>-</td> 
    518         <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td> 
     528        <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td> 
    519529        <td>9ae87836d38d4b86be6aeff93f2b049a</td> 
    520530        <td>yes</td> 
  • trunk/grails-app/views/user/edit.gsp

    r2084 r2225  
    33        <g:set var="entityName" value="${message(code: 'user.label', default: 'User')}"/> 
    44        <title><g:message code="default.edit.label" args="[entityName]"/></title> 
    5  
    6         <script type="text/javascript"> 
    7                 // This method is called on the event body.onLoad 
    8                 $(function() { 
    9                         $("#tabs").tabs(); 
    10                 }); 
    11         </script> 
     5    <link rel="stylesheet" href="${resource(dir: 'css', file: 'tipTip.css')}"/> 
     6    <script type="text/javascript" src="${resource(dir: 'js', file: 'jquery.tipTip.minified.js')}"></script> 
     7    <script type="text/javascript"> 
     8        $(document).ready(function() { 
     9            $(".tooltip").tipTip(); 
     10            $("#tabs").tabs(); 
     11        }); 
     12    </script> 
    1213        <style type="text/css"> 
    1314        div.usermanagement { 
     
    4546                                <g:if test="${user.shibbolethUser}"> 
    4647                                        <tr><td>Shibboleth user</td><td>yes</td></tr> 
    47                                         <tr><td>Username/Urn</td><td>${user?.username}</td></tr> 
     48                    <tr> 
     49                        <td>API key</td> 
     50                        <td valign="top" class="value"> 
     51                            <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" /> 
     52                            <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, a user needs his api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." /> 
     53                        </td> 
     54                    </tr> 
     55                    <tr><td>Username/Urn</td><td>${user?.username}</td></tr> 
    4856                                        <tr><td>Uid</td><td>${user?.uid}</td></tr> 
    4957                                        <tr><td>Email address</td><td><g:textField name="email" value="${user?.email}"/></td></tr> 
     
    5462                                <g:else> 
    5563                                        <tr><td>Shibboleth user</td><td>no</td></tr> 
    56                                         <tr><td>Username</td><td><g:textField name="username" value="${user?.username}"/></td></tr> 
     64                    <tr> 
     65                        <td>API key</td> 
     66                        <td valign="top" class="value"> 
     67                            <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" /> 
     68                            <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, a user needs his api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." /> 
     69                        </td> 
     70                    </tr> 
     71                    <tr><td>Username</td><td><g:textField name="username" value="${user?.username}"/></td></tr> 
    5772                                        <tr><td>Password</td><td><g:passwordField name="password" value="${user?.password}"/></td></tr> 
    5873                                        <tr><td>Email address</td><td><g:textField name="email" value="${user?.email}"/></td></tr> 
  • trunk/grails-app/views/userRegistration/profile.gsp

    r2084 r2225  
    44        <meta name="layout" content="main"/> 
    55        <title>User profile</title> 
     6    <link rel="stylesheet" href="${resource(dir: 'css', file: 'tipTip.css')}"/> 
     7    <script type="text/javascript" src="${resource(dir: 'js', file: 'jquery.tipTip.minified.js')}"></script> 
     8    <script type="text/javascript"> 
     9        $(document).ready(function() { 
     10            $(".tooltip").tipTip(); 
     11        }); 
     12    </script> 
    613</head> 
    714 
     
    2229                                <td>${user.organization}</td> 
    2330                        </tr> 
    24                         <sec:ifAllGranted roles="ROLE_ADMIN"> 
     31            <tr> 
     32                <td>API key</td> 
     33                <td valign="top" class="value"> 
     34                    <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" /> 
     35                    <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, you need the api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." /> 
     36                </td> 
     37            </tr> 
     38            <sec:ifAllGranted roles="ROLE_ADMIN"> 
    2539                        <tr> 
    2640                                <td>Administrator</td> 
     
    4660                                        <tbody> 
    4761 
    48                                         <tr class="prop"> 
     62                    <tr class="prop"> 
     63                        <td valign="top" class="name">API Key</td> 
     64                        <td valign="top" class="value"> 
     65                            <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" /> 
     66                            <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, you need the api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." /> 
     67                        </td> 
     68                    </tr> 
     69                    <tr class="prop"> 
    4970                                                <td valign="top" class="name"> 
    5071                                                        <label for="username">Username</label>