Commit 5e0cb589 authored by Varunkumar Manohar's avatar Varunkumar Manohar
Browse files

refactor!: Set the subproject and dataset creator using the subid/sub value from the payload jwt

parent 4c975232
......@@ -930,6 +930,4 @@ The following software have components provided under the terms of this license:
- jmespath (from https://www.npmjs.com/package/jmespath)
- json-schema (from http://github.com/kriszyp/json-schema)
- querystring (from https://www.npmjs.com/package/querystring)
- sax (from https://www.npmjs.com/package/sax)
- sax (from https://www.npmjs.com/package/sax)
\ No newline at end of file
......@@ -16,9 +16,7 @@
import { Request as expRequest } from 'express';
import { DatasetModel } from '.';
import { Config } from '../../cloud';
import { SeistoreFactory } from '../../cloud/seistore';
import { Error, Params } from '../../shared';
import { Error, Params, Utils } from '../../shared';
export class DatasetParser {
......@@ -47,8 +45,10 @@ export class DatasetParser {
const dataset = this.createDatasetModelFromRequest(req);
dataset.ltag = (req.headers.ltag) as string;
dataset.type = req.body ? req.body.type : undefined;
dataset.created_by = await SeistoreFactory.build(
Config.CLOUDPROVIDER).getEmailFromTokenPayload(req.headers.authorization, true);
dataset.created_by = Utils.getSubIDFromPayload(req.headers.authorization) ||
Utils.getSubFromPayload(req.headers.authorization) ||
undefined;
dataset.created_date = dataset.last_modified_date = new Date().toString();
dataset.gtags = req.body ? req.body.gtags : undefined;
......
......@@ -129,7 +129,6 @@ export class SubProjectDAO {
// check if a subproject exists
public static async exist(journalClient: IJournal, tenantName: string, subprojectName: string): Promise<boolean> {
const res = await this._cache.get(this.getCacheKey(tenantName, subprojectName));
if (res !== undefined && res) { return true; };
......@@ -140,10 +139,6 @@ export class SubProjectDAO {
const [entity] = await journalClient.get(entityKey);
if (entity) {
await this._cache.set(this.getCacheKey(entity.tenant, entity.name), entity);
}
return entity !== undefined;
}
......
......@@ -20,7 +20,7 @@ import { SubProjectModel } from '.';
import { Auth, AuthGroups } from '../../auth';
import { Config, JournalFactoryTenantClient, LoggerFactory, StorageFactory } from '../../cloud';
import { SeistoreFactory } from '../../cloud/seistore';
import { Error, Feature, FeatureFlags, Response } from '../../shared';
import { Error, Feature, FeatureFlags, Response, Utils } from '../../shared';
import { DatasetDAO, PaginationModel } from '../dataset';
import { TenantGroups, TenantModel } from '../tenant';
import { TenantDAO } from '../tenant/dao';
......@@ -92,8 +92,6 @@ export class SubProjectHandler {
const userEmail = await SeistoreFactory.build(
Config.CLOUDPROVIDER).getEmailFromTokenPayload(req.headers.authorization, true);
subproject.admin = subproject.admin || userEmail;
// enforce the datasets schema by key for newly create subproject.
// this will mainly affect google for which the initial implementation
// of the journal was query-based (lack in performance)
......@@ -153,18 +151,22 @@ export class SubProjectHandler {
subproject.gcs_bucket,
subproject.storage_location, subproject.storage_class);
const subprojectCreatorEmail = subproject.admin || userEmail;
subproject.admin = Utils.getSubIDFromPayload(req.headers.authorization) ||
Utils.getSubFromPayload(req.headers.authorization) || undefined;
// Register the subproject
await SubProjectDAO.register(journalClient, subproject);
if (FeatureFlags.isEnabled(Feature.AUTHORIZATION)) {
// if admin is not the requestor, assign the admin and rm the requestor, has to be a sequential op
if (subproject.admin !== userEmail) {
if (subprojectCreatorEmail !== userEmail) {
await AuthGroups.addUserToGroup(userToken, adminGroup, subproject.admin,
await AuthGroups.addUserToGroup(userToken, adminGroup, subprojectCreatorEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY], 'OWNER', true);
await AuthGroups.addUserToGroup(userToken, viewerGroup, subproject.admin,
await AuthGroups.addUserToGroup(userToken, viewerGroup, subprojectCreatorEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY], 'OWNER', true);
}
......
......@@ -14,10 +14,10 @@
// limitations under the License.
// ============================================================================
import * as crypto from 'crypto'
import * as crypto from 'crypto';
import { Config } from '../cloud';
export class Utils {
public static getPropertyFromTokenPayload(base64JwtPayload: string, property: string): string {
......@@ -44,7 +44,7 @@ export class Utils {
}
public static getAudienceFromPayload(base64JwtPayload: string): string {
return this.getPayloadFromStringToken(base64JwtPayload).aud
return this.getPayloadFromStringToken(base64JwtPayload).aud;
}
public static getSubFromPayload(base64JwtPayload: string): string {
......@@ -92,7 +92,7 @@ export class Utils {
return {
encryptedText: encrypted.toString('hex'),
encryptedTextIV: iv.toString('hex')
}
};
}
public static decrypt(encryptedText: string, encryptedTextIV: string, key: string) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment