feat: customize accesstring etc from commandline and env files

Informasjonsforvaltning · Nov 29, 2019 · da18180 · da18180
1 parent 80abdd5
commit da18180
Show file tree

Hide file tree

Showing 9 changed files with 97 additions and 43 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .idea/
 target/
 *.iml
-.DS_Store
+.DS_Store
+.env
diff --git a/Dockerfile b/Dockerfile
@@ -5,9 +5,9 @@ RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
 VOLUME /tmp
 ARG JAR_FILE
-ENV PORT 8084
-ENV TYPE publisher
-ENV isDocker yes
+ENV port 8084
+ENV type organization
+ENV org 910244132
 ENV file.encoding Base64
 ADD target/${JAR_FILE} app.jar
 RUN sh -c 'touch /app.jar'

diff --git a/FAQ.md b/FAQ.md
@@ -1,5 +1,8 @@
 #FAQ
 
+##What is the access string?
+The access string is passed in the jwt and is used to define the rights a user has on a system. 
+
 ##How do I know if I have the correct access string?
 1. Open a browser and go to ut1
 2. Open the developers console on the tab network
@@ -8,6 +11,9 @@
 5. Copy the token and decode it for example using [jwt.io](https://jwt.io/)
 6. See "authorities" field in token
 
+##What is the audience?
+The audience field in the jwt defines which services a user has access to. 
+
 ##How do I know if I have the correct audience?
 1. Open a browser and go to ut1
 2. Open the developers console on the tab network

diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ Module for mocking authentication
 - Maven
 
 ## Running
-The module can be run either as a  jar running on localhost, in a docker container from local image, or a docker container from an 
+The module can be run either as a jar running on localhost, in a docker container from local image, or a docker container from an 
 image hosted on [Informasjonsforvaltnings package repository](https://github.com/orgs/Informasjonsforvaltning/packages)  
 
 ### Setup
@@ -36,38 +36,41 @@ set env variable `SPRING_ACTIVE_PROFILE
 #### Change port
 *Default: 8084* <br> 
 
-In commandline<br>
-`java -jar -DPORT=8201 ./target/auth-utils-java-1.0-SNAPSHOT-jar-with-dependencies.jar`
+- In terminal<br>
+`java -jar -custom.port=8201 ./target/auth-utils-java-1.0-SNAPSHOT-jar-with-dependencies.jar`
 
-In docker: change hostport mapping <br>
+- In docker: change hostport mapping <br>
 `docker container run -p 8021:8084 --name auth auth-utils-java`<br><br>
 
 #### Change access string type
 *format: `[type]:[orgnumber]:[rights]`*<br>
 *default:  `organisation:910244132:[rights]`* <br>
 
-In commandline:
-`java -jar -DTYPE=different ./target/auth-utils-java-1.0-SNAPSHOT-jar-with-dependencies.jar`<br>
+ - In terminal:<br>
+`java -jar -Dcustom.type=different -Dcustom.org=91919191 ./target/auth-utils-java-1.0-SNAPSHOT-jar-with-dependencies.jar`<br>
 
-In docker you change type by setting the env variable `TYPE`<br>
-`docker container run -p 8084:8084 -e TYPE='different' --name auth auth-utils-java`
+ - In docker you change type by setting env variables `type`, `port` and `org` <br>
+`docker container run -p 8084:8084 -e type='different' --name auth auth-utils-java`
 
-In request:<br>
-If you need a token for a different organisation or type, you can append pararmeters `type` and `org` to your
-jwt request<br>
+-  In docker with .env file
+`container run -p 8084:8084 --env-file ./env.list --name auth auth-utils-java`<br>
+see [env.list](./env.list) for an example.
+
+#####Change in request
+
+Append pararmeters `type` and/or `org` to your jwt request<br>
 ```curl localhost:8084/jwt/read?org=6786876``` 
 ```curl localhost:8084/jwt/write?org=6786876&type=special``` 
 ```curl localhost:8084/jwt/write?type=special``` 
 
 
-
 ### Audience
 #### Updating audience temporarily
-In commandline seoerated by comma:<br>
-`java -jar -DAUD=other-audience,yet-another-audience ./target/auth-utils-java-1.0-SNAPSHOT-jar-with-dependencies.jar`<br>
+- In terminal seperated by comma:<br>
+`java -jar -Dcustom.aud=other-audience,yet-another-audience ./target/auth-utils-java-1.0-SNAPSHOT-jar-with-dependencies.jar`<br>
 
-In docker you change type by setting the env variable `AUD`<br>
-`docker container run -p 8084:8084 -e AUD=other-audience,yet-another-audience --name auth auth-utils-java`
+- In docker you change type by setting the env variable `aud`<br>
+`docker container run -p 8084:8084 -e aud=other-audience,yet-another-audience --name auth auth-utils-java`
 
 
 #### Updating audience permanently

diff --git a/env.list b/env.list
@@ -0,0 +1,2 @@
+type=publisher
+org=77778888
diff --git a/src/main/kotlin/no/brreg/informasjonsforvaltning/MockServer.kt b/src/main/kotlin/no/brreg/informasjonsforvaltning/MockServer.kt
@@ -5,18 +5,22 @@ import com.github.tomakehurst.wiremock.client.WireMock.*
 import com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig
 import no.brreg.informasjonsforvaltning.extensions.JwtReadTransformer
 import no.brreg.informasjonsforvaltning.extensions.JwtWriteTransformer
+import no.brreg.informasjonsforvaltning.jwk.AccessStringParts
 import no.brreg.informasjonsforvaltning.jwk.JwkStore
 import no.brreg.informasjonsforvaltning.jwk.JwtToken
+import no.brreg.informasjonsforvaltning.jwk.JwtToken.buildRead
+import no.brreg.informasjonsforvaltning.jwk.JwtToken.buildRoot
+import no.brreg.informasjonsforvaltning.jwk.JwtToken.buildWrite
 
 class MockServer {
     private val mockServer : WireMockServer
-    private val config : ServerConfig;
 
-     constructor(config: ServerConfig){
-        mockServer = WireMockServer(wireMockConfig()
+     constructor(){
+         val port: Int  = (System.getenv("port") ?: System.getProperty("custom.port") ?: "8084").toInt()
+
+         mockServer = WireMockServer(wireMockConfig()
             .extensions(JwtReadTransformer::class.java,JwtWriteTransformer::class.java)
-            .port(config.port))
-        this.config = config
+            .port(port))
     }
 
     fun startMockServer() {
@@ -46,10 +50,19 @@ class MockServer {
 
             mockServer.stubFor(
                 get(urlMatching("/jwt/admin[a-z\\?\\=]*"))
-                    .willReturn(okJson("{ token: ${JwtToken.buildRoot(config.type)}}"))
+                    .willReturn(okJson("{ token: ${JwtToken.buildRoot()}}"))
             )
             mockServer.start()
-            println("Auth server is listening on port ${config.port} with type value ${config.type}")
+            val infoString = JwtToken.config()
+            println("Auth server is listening on port ${mockServer.port()}")
+            println("AccessString values are ${infoString}")
+            println("\n---  READ TOKEN -----")
+            println(buildRead())
+            println("\n---  WRITE TOKEN -----")
+            println(buildWrite())
+            println("\n---  ROOT TOKEN -----")
+            println(buildRoot())
+
         }
     }
 
@@ -59,5 +72,3 @@ class MockServer {
 
     }
 }
-
-data class ServerConfig(val port: Int = 8084, val type : String = "publisher" )
diff --git a/src/main/kotlin/no/brreg/informasjonsforvaltning/Start.kt b/src/main/kotlin/no/brreg/informasjonsforvaltning/Start.kt
@@ -4,12 +4,11 @@ import no.brreg.informasjonsforvaltning.jwk.JwtToken.addAudience
 
 fun startServer() {
 
-        val port: Int  = (System.getenv("PORT") ?: System.getProperty("PORT") ?: "8084").toInt()
-        val type : String = System.getenv("TYPE") ?: System.getProperty("TYPE") ?: "organisation"
-        val aud : String? = System.getenv("AUD") ?: System.getProperty("AUD")
+
+        val aud : String? = System.getenv("aud") ?: System.getProperty("custom.aud")
         if(aud!=null) {addAudience(aud)}
 
-        val mockServer = MockServer(ServerConfig(port, type))
+        val mockServer = MockServer()
         mockServer.startMockServer();
 
 }
diff --git a/src/main/kotlin/no/brreg/informasjonsforvaltning/jwk/JwtToken.kt b/src/main/kotlin/no/brreg/informasjonsforvaltning/jwk/JwtToken.kt
@@ -7,8 +7,9 @@ import java.util.*
 
 object JwtToken {
     private var aud : MutableList<String> = mutableListOf<String>("a-backend-service","concept-catalogue","organization-catalogue ","fdk-admin-harvester","registration-api")
-    private var orgNumber : String = "910244132"
+    private var config = AccessStringParts();
 
+    fun config():AccessStringParts = config
     fun addAudience(addValues: String){
         val values = addValues.split(",")
         values.forEach {
@@ -17,23 +18,23 @@ object JwtToken {
         println("[INFO]$addValues added to audience jwt field")
     }
 
-    fun buildRead(type: String?,org: String?): String{
-        val auth = getAccess(type ?: "organization", org ?: orgNumber,Priveliges.READ)
+    fun buildRead(type: String? = config.type, org: String? = config.orgNumber): String{
+        val auth = getAccess(type ?: config.type ,org ?: config.orgNumber, Priveliges.READ)
         return buildToken(auth)
     }
 
-    fun buildWrite(type: String?,org: String?): String{
-        val auth = getAccess(type ?: "organization", org ?: orgNumber,Priveliges.WRITE)
+    fun buildWrite(type: String? = config.type , org: String? = config.orgNumber): String{
+        val auth = getAccess(type ?: config.type, org ?: config.orgNumber,Priveliges.WRITE)
         return buildToken(auth)
     }
-    fun buildRoot(path: String = "organization"): String{
-        val auth = getAccess(type = path, priveliges = Priveliges.ROOT)
+    fun buildRoot(): String{
+        val auth = getAccess(priveliges = Priveliges.ROOT);
         return buildToken(auth)
     }
 
 
     private fun buildToken(auth : String) : String{
-        val claimset = JWTClaimsSet.Builder()
+        val claimSet = JWTClaimsSet.Builder()
                 .audience(aud)
                 .expirationTime(Date(Date().time + 3600 * 3600))
                 .claim("user_name","1924782563")
@@ -43,14 +44,14 @@ object JwtToken {
                 .claim("authorities", auth)
                 .build()
 
-        val signed = SignedJWT(JwkStore.jwtHeader(), claimset)
+        val signed = SignedJWT(JwkStore.jwtHeader(), claimSet)
         signed.sign(JwkStore.signer())
 
         return signed.serialize()
 
     }
 
-    private fun getAccess(type : String, org: String? = orgNumber, priveliges : Priveliges) : String{
+    private fun getAccess(type: String = config.type, org: String = config.orgNumber, priveliges: Priveliges) : String{
         return when (priveliges) {
             Priveliges.READ ->  "$type:$org:${access.ORG_READ}"
             Priveliges.WRITE ->  "$type:$org:${access.ORG_WRITE}"
@@ -62,10 +63,13 @@ object JwtToken {
         val ORG_WRITE = "admin"
         val ROOT = "system:root:admin"
     }
+
 }
 
 enum class Priveliges{
     READ,
     WRITE,
     ROOT
 }
+
+data class AccessStringParts(val type : String = System.getenv("type") ?: System.getProperty("custom.type") ?: "organisation", var orgNumber : String = System.getenv("org") ?: System.getProperty("custom.org") ?:  "910244132" )
diff --git a/writeEnvFile.sh b/writeEnvFile.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Ask the user for their name
+echo port -- press enter to keep default
+read customPort
+echo type -- press enter to keep defaul
+read customType
+echo org -- press enter to keep default
+read customOrg
+
+
+
+if [ -z "$customPort" ] && [ -z "$customOrg" ] && [ -z "$customType" ] ; then
+    echo "no variables set"
+    exit
+else
+  if [ -f "env.list" ]; then
+    rm env.list
+  fi
+  touch env.list
+  if [ -n "$customPort" ] ; then echo "port=$customPort" >> env.list
+  fi
+  if [ -n "$customType" ] ; then echo "type=$customType" >> env.list
+  fi
+  if [ -n "$customOrg" ] ; then echo "org=$customOrg" >> env.list
+  fi
+  cat env.list
+fi
+