Changeset 2225


Ignore:
Timestamp:
Apr 25, 2012, 10:42:52 PM (5 years ago)
Author:
work@…
Message:
  • changed application wide secret into a user specific api key which is automatically generated when a user is created. The key is available in the user's profile or through the user administration pages
Location:
trunk/grails-app
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/domain/dbnp/authentication/SecUser.groovy

    r2086 r2225  
    1010        String userStatus               // shibboleth request header: coin-user-status
    1111        String email
     12    String apiKey           // api key for clients using the API
    1213        Date dateCreated
     14
    1315        boolean shibbolethUser = false
    1416        boolean enabled
     
    2830                voName nullable: true
    2931                userStatus nullable: true
     32        apiKey nullable: true, unique: true
    3033        }
    3134
     
    6063        }
    6164
     65    /**
     66     * Generate a shared secret for this user
     67     * @void
     68     */
     69    def beforeInsert = {
     70        // generate an apiKey for this user
     71        apiKey = UUID.randomUUID().toString()
     72    }
     73
    6274        /**
    6375         * return the text representation of this user
  • trunk/grails-app/services/api/ApiService.groovy

    r2224 r2225  
    2525    // inject the module communication service
    2626    def moduleCommunicationService
    27 
    28     // the shared secret used to validate api calls
    29     static final String API_SECRET = "th!s_sH0uld^Pr0bab7y_m0v3_t%_th3_uSeR_d0Ma!n_ins7ead!"
    3027
    3128    // transactional
     
    7269        // disable validation check on development and ci
    7370        if (['development', 'ci'].contains(grails.util.GrailsUtil.environment)) {
    74             return true
     71//            return true
    7572        }
    7673
     
    8582            // generate the validation checksum
    8683            MessageDigest digest = MessageDigest.getInstance("MD5")
    87             String validationSum = new BigInteger(1,digest.digest("${token.deviceToken}${token.sequence}${API_SECRET}".getBytes())).toString(16).padLeft(32,"0")
     84            String validationSum = new BigInteger(1,digest.digest("${token.deviceToken}${token.sequence}${token.user.apiKey}".getBytes())).toString(16).padLeft(32,"0")
    8885
    8986            // check if the validation confirms
  • trunk/grails-app/views/api/index.gsp

    r2214 r2225  
    5555<h2>prerequisites</h2>
    5656    <li>a valid username / password with role ROLE_CLIENT (see <a href="#authenticate">authenticate</a>)</li>
    57     <li>a shared secret (used to calculate the validation md5 hash)</li>
     57    <li>an api key (used to calculate the validation md5 hash.
     58        <sec:ifLoggedIn>
     59            Get your api key <g:link controller="userRegistration" action="profile">here</g:link>
     60        </sec:ifLoggedIn>
     61        <sec:ifNotLoggedIn>
     62            Login to get your api key
     63        </sec:ifNotLoggedIn>
     64    )</li>
    5865    <li>a deviceID / clientID (look <a href="https://github.com/4np/UIDevice-with-UniqueIdentifier-for-iOS-5" target="_new">here</a> for iOS)</li>
    5966
     
    6673    <li><a href="#getMeasurementDataForAssay">getMeasurementDataForAssay</a> - fetch all measurement data for a given assay</li>
    6774
     75<h2>SDK packages</h2>
     76    <li><a href="https://github.com/4np/gscf4php" target="_new">PHP</a> - Object Oriented SDK for interacting with GSCF</li>
     77
    6878<a name="authenticate"></a>
    6979<h1>authenticate</h1>
     
    8999<p>
    90100    Every subsequent request the client does, needs to contain the validation MD5 hash, which is a MD5 sum of the concatenation of the device token,
    91     the request sequence and a shared secret (e.g. <i>md5sum( token + sequence + shared secret )</i> ).<br/>
     101    the request sequence and the api key (e.g. <i>md5sum( token + sequence + api key )</i> ).<br/>
    92102    <i>Note that in order to be able to successfully authenticate or use the API in general, the user should have the ROLE_CLIENT assigned!</i>
    93103
     
    172182            <td>string</td>
    173183            <td>-</td>
    174             <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td>
     184            <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td>
    175185            <td>9ae87836d38d4b86be6aeff93f2b049a</td>
    176186            <td>yes</td>
     
    212222            <td>string</td>
    213223            <td>-</td>
    214             <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td>
     224            <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td>
    215225            <td>9ae87836d38d4b86be6aeff93f2b049a</td>
    216226            <td>yes</td>
     
    260270            <td>string</td>
    261271            <td>-</td>
    262             <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td>
     272            <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td>
    263273            <td>9ae87836d38d4b86be6aeff93f2b049a</td>
    264274            <td>yes</td>
     
    308318        <td>string</td>
    309319        <td>-</td>
    310         <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td>
     320        <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td>
    311321        <td>9ae87836d38d4b86be6aeff93f2b049a</td>
    312322        <td>yes</td>
     
    516526        <td>string</td>
    517527        <td>-</td>
    518         <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + shared secret )</td>
     528        <td><a href="http://www.miraclesalad.com/webtools/md5.php" target="_new">md5sum</a>( token + sequence + api key )</td>
    519529        <td>9ae87836d38d4b86be6aeff93f2b049a</td>
    520530        <td>yes</td>
  • trunk/grails-app/views/user/edit.gsp

    r2084 r2225  
    33        <g:set var="entityName" value="${message(code: 'user.label', default: 'User')}"/>
    44        <title><g:message code="default.edit.label" args="[entityName]"/></title>
    5 
    6         <script type="text/javascript">
    7                 // This method is called on the event body.onLoad
    8                 $(function() {
    9                         $("#tabs").tabs();
    10                 });
    11         </script>
     5    <link rel="stylesheet" href="${resource(dir: 'css', file: 'tipTip.css')}"/>
     6    <script type="text/javascript" src="${resource(dir: 'js', file: 'jquery.tipTip.minified.js')}"></script>
     7    <script type="text/javascript">
     8        $(document).ready(function() {
     9            $(".tooltip").tipTip();
     10            $("#tabs").tabs();
     11        });
     12    </script>
    1213        <style type="text/css">
    1314        div.usermanagement {
     
    4546                                <g:if test="${user.shibbolethUser}">
    4647                                        <tr><td>Shibboleth user</td><td>yes</td></tr>
    47                                         <tr><td>Username/Urn</td><td>${user?.username}</td></tr>
     48                    <tr>
     49                        <td>API key</td>
     50                        <td valign="top" class="value">
     51                            <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" />
     52                            <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, a user needs his api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." />
     53                        </td>
     54                    </tr>
     55                    <tr><td>Username/Urn</td><td>${user?.username}</td></tr>
    4856                                        <tr><td>Uid</td><td>${user?.uid}</td></tr>
    4957                                        <tr><td>Email address</td><td><g:textField name="email" value="${user?.email}"/></td></tr>
     
    5462                                <g:else>
    5563                                        <tr><td>Shibboleth user</td><td>no</td></tr>
    56                                         <tr><td>Username</td><td><g:textField name="username" value="${user?.username}"/></td></tr>
     64                    <tr>
     65                        <td>API key</td>
     66                        <td valign="top" class="value">
     67                            <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" />
     68                            <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, a user needs his api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." />
     69                        </td>
     70                    </tr>
     71                    <tr><td>Username</td><td><g:textField name="username" value="${user?.username}"/></td></tr>
    5772                                        <tr><td>Password</td><td><g:passwordField name="password" value="${user?.password}"/></td></tr>
    5873                                        <tr><td>Email address</td><td><g:textField name="email" value="${user?.email}"/></td></tr>
  • trunk/grails-app/views/userRegistration/profile.gsp

    r2084 r2225  
    44        <meta name="layout" content="main"/>
    55        <title>User profile</title>
     6    <link rel="stylesheet" href="${resource(dir: 'css', file: 'tipTip.css')}"/>
     7    <script type="text/javascript" src="${resource(dir: 'js', file: 'jquery.tipTip.minified.js')}"></script>
     8    <script type="text/javascript">
     9        $(document).ready(function() {
     10            $(".tooltip").tipTip();
     11        });
     12    </script>
    613</head>
    714
     
    2229                                <td>${user.organization}</td>
    2330                        </tr>
    24                         <sec:ifAllGranted roles="ROLE_ADMIN">
     31            <tr>
     32                <td>API key</td>
     33                <td valign="top" class="value">
     34                    <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" />
     35                    <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, you need the api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." />
     36                </td>
     37            </tr>
     38            <sec:ifAllGranted roles="ROLE_ADMIN">
    2539                        <tr>
    2640                                <td>Administrator</td>
     
    4660                                        <tbody>
    4761
    48                                         <tr class="prop">
     62                    <tr class="prop">
     63                        <td valign="top" class="name">API Key</td>
     64                        <td valign="top" class="value">
     65                            <g:textField disabled="disabled" name="secret" value="${user.apiKey}" style="width:250px" />
     66                            <img src="${fam.icon(name: 'help')}" class="tooltip" title="in order to programmatically interface with gscf, you need the api key to communicate with the api. Refer to the api documentation at ${createLink(controller:'api')} for more information about how to use the api and the api key." />
     67                        </td>
     68                    </tr>
     69                    <tr class="prop">
    4970                                                <td valign="top" class="name">
    5071                                                        <label for="username">Username</label>
Note: See TracChangeset for help on using the changeset viewer.