From a52a311c7b87963aa4bf4146cf0e8e792f42a793 Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 28 Jul 2020 12:06:02 -0400 Subject: [PATCH 1/7] Allow http and rethrow so partial bags aren't created exceptions in reading a file were being caught/logged but did not cause bag creation to fail, leading to the possibility of bad bags. --- .../edu/harvard/iq/dataverse/util/bagit/BagGenerator.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java b/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java index 66fabefd4c4..cc8977c24f7 100644 --- a/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java +++ b/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java @@ -56,6 +56,7 @@ import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.socket.PlainConnectionSocketFactory; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; @@ -158,6 +159,7 @@ public BagGenerator(OREMap oreMap, String dataciteXml) throws JsonSyntaxExceptio SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE); Registry registry = RegistryBuilder.create() + .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslConnectionFactory).build(); cm = new PoolingHttpClientConnectionManager(registry); @@ -567,8 +569,8 @@ private void processContainer(JsonObject item, String currentPath) throws IOExce } } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.severe("Failed to read " + childPath); + throw e; } finally { IOUtils.closeQuietly(inputStream); } From 3995c61b546b9900ba31d3e71621973e15e9a389 Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 11 Aug 2020 12:02:11 -0400 Subject: [PATCH 2/7] Bug fix - related to #3254 The DataverseSession user is also set in API calls where there is no FacesContext/no session to change. So adding a null check before trying to change the session id. --- .../java/edu/harvard/iq/dataverse/DataverseSession.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java index d99937a3a09..895162999a9 100644 --- a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java +++ b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java @@ -63,7 +63,11 @@ public void setUser(User aUser) { new ActionLogRecord(ActionLogRecord.ActionType.SessionManagement,(aUser==null) ? "logout" : "login") .setUserIdentifier((aUser!=null) ? aUser.getIdentifier() : (user!=null ? user.getIdentifier() : "") )); //#3254 - change session id when user changes - SessionUtil.changeSessionId((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()); + FacesContext context = FacesContext.getCurrentInstance(); + if(context != null) { + //Change the session id if we're using the UI and have a session (versus an API call with no session) + SessionUtil.changeSessionId((HttpServletRequest) context.getExternalContext().getRequest()); + } this.user = aUser; } From a19d3de337a41ef4339d112e7fe98b8e275d0fbd Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 11 Aug 2020 12:32:52 -0400 Subject: [PATCH 3/7] don't add user to session --- src/main/java/edu/harvard/iq/dataverse/api/Admin.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java index 11947876cc3..736f864b9d2 100644 --- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java +++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java @@ -1674,8 +1674,7 @@ public Response validateDataFileHashValue(@PathParam("fileId") String fileId) { public Response submitDatasetVersionToArchive(@PathParam("id") String dsid, @PathParam("version") String versionNumber) { try { - AuthenticatedUser au = findAuthenticatedUserOrDie(); - session.setUser(au); + findAuthenticatedUserOrDie(); Dataset ds = findDatasetOrDie(dsid); DatasetVersion dv = datasetversionService.findByFriendlyVersionNumber(ds.getId(), versionNumber); From 0c9005f688b163d6bdba189698d90989344913d0 Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 11 Aug 2020 12:40:32 -0400 Subject: [PATCH 4/7] Revert "Bug fix - related to #3254" This reverts commit 3995c61b546b9900ba31d3e71621973e15e9a389. --- .../java/edu/harvard/iq/dataverse/DataverseSession.java | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java index 895162999a9..d99937a3a09 100644 --- a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java +++ b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java @@ -63,11 +63,7 @@ public void setUser(User aUser) { new ActionLogRecord(ActionLogRecord.ActionType.SessionManagement,(aUser==null) ? "logout" : "login") .setUserIdentifier((aUser!=null) ? aUser.getIdentifier() : (user!=null ? user.getIdentifier() : "") )); //#3254 - change session id when user changes - FacesContext context = FacesContext.getCurrentInstance(); - if(context != null) { - //Change the session id if we're using the UI and have a session (versus an API call with no session) - SessionUtil.changeSessionId((HttpServletRequest) context.getExternalContext().getRequest()); - } + SessionUtil.changeSessionId((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()); this.user = aUser; } From 7fd53440c90d0e9109169da1965241ad50e90e30 Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 11 Aug 2020 12:57:51 -0400 Subject: [PATCH 5/7] Revert "don't add user to session" This reverts commit a19d3de337a41ef4339d112e7fe98b8e275d0fbd. --- src/main/java/edu/harvard/iq/dataverse/api/Admin.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java index 736f864b9d2..11947876cc3 100644 --- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java +++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java @@ -1674,7 +1674,8 @@ public Response validateDataFileHashValue(@PathParam("fileId") String fileId) { public Response submitDatasetVersionToArchive(@PathParam("id") String dsid, @PathParam("version") String versionNumber) { try { - findAuthenticatedUserOrDie(); + AuthenticatedUser au = findAuthenticatedUserOrDie(); + session.setUser(au); Dataset ds = findDatasetOrDie(dsid); DatasetVersion dv = datasetversionService.findByFriendlyVersionNumber(ds.getId(), versionNumber); From e7cafcd7162b1106ddc4808e280fa67b0e40e6af Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 11 Aug 2020 12:58:33 -0400 Subject: [PATCH 6/7] Revert "Revert "Bug fix - related to #3254"" This reverts commit 0c9005f688b163d6bdba189698d90989344913d0. --- .../java/edu/harvard/iq/dataverse/DataverseSession.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java index d99937a3a09..895162999a9 100644 --- a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java +++ b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java @@ -63,7 +63,11 @@ public void setUser(User aUser) { new ActionLogRecord(ActionLogRecord.ActionType.SessionManagement,(aUser==null) ? "logout" : "login") .setUserIdentifier((aUser!=null) ? aUser.getIdentifier() : (user!=null ? user.getIdentifier() : "") )); //#3254 - change session id when user changes - SessionUtil.changeSessionId((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()); + FacesContext context = FacesContext.getCurrentInstance(); + if(context != null) { + //Change the session id if we're using the UI and have a session (versus an API call with no session) + SessionUtil.changeSessionId((HttpServletRequest) context.getExternalContext().getRequest()); + } this.user = aUser; } From f78c92b6e0d4321655212664efd6711f4da17e07 Mon Sep 17 00:00:00 2001 From: qqmyers Date: Tue, 11 Aug 2020 13:07:56 -0400 Subject: [PATCH 7/7] avoid changing session id when not in the UI added some notes about why the submit To Archive api is setting the user in the session. --- .../harvard/iq/dataverse/DataverseSession.java | 16 ++++++++++------ .../java/edu/harvard/iq/dataverse/api/Admin.java | 4 ++++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java index 895162999a9..e15badc994b 100644 --- a/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java +++ b/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java @@ -59,13 +59,17 @@ public User getUser() { } public void setUser(User aUser) { - logSvc.log( - new ActionLogRecord(ActionLogRecord.ActionType.SessionManagement,(aUser==null) ? "logout" : "login") - .setUserIdentifier((aUser!=null) ? aUser.getIdentifier() : (user!=null ? user.getIdentifier() : "") )); - //#3254 - change session id when user changes + FacesContext context = FacesContext.getCurrentInstance(); - if(context != null) { - //Change the session id if we're using the UI and have a session (versus an API call with no session) + // Log the login/logout and Change the session id if we're using the UI and have + // a session, versus an API call with no session - (i.e. /admin/submitToArchive() + // which sets the user in the session to pass it through to the underlying command) + if(context != null) { + logSvc.log( + new ActionLogRecord(ActionLogRecord.ActionType.SessionManagement,(aUser==null) ? "logout" : "login") + .setUserIdentifier((aUser!=null) ? aUser.getIdentifier() : (user!=null ? user.getIdentifier() : "") )); + + //#3254 - change session id when user changes SessionUtil.changeSessionId((HttpServletRequest) context.getExternalContext().getRequest()); } this.user = aUser; diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java index 11947876cc3..226f39d0f52 100644 --- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java +++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java @@ -1675,6 +1675,10 @@ public Response submitDatasetVersionToArchive(@PathParam("id") String dsid, @Pat try { AuthenticatedUser au = findAuthenticatedUserOrDie(); + // Note - the user is being set in the session so it becomes part of the + // DataverseRequest and is sent to the back-end command where it is used to get + // the API Token which is then used to retrieve files (e.g. via S3 direct + // downloads) to create the Bag session.setUser(au); Dataset ds = findDatasetOrDie(dsid);