3900 tokenless search api

doc/sphinx-guides/source/installation/config.rst

@@ -498,6 +498,13 @@ The key required to create users via API as documented at :doc:`/api/native-api`
 
 ``curl -X PUT -d builtInS3kretKey http://localhost:8080/api/admin/settings/BuiltinUsers.KEY``
 
+:SearchApiRequiresToken
++++++++++++++++++++++++
+
+In Dataverse 4.7 and lower, the :doc:`/api/search` required an API token, but as of Dataverse 4.7.1 this is no longer the case. If you prefer the old behavior of requiring API tokens to use the Search API, set ``:SearchApiRequiresToken`` to ``true``.
+
+``curl -X PUT -d true http://localhost:8080/api/admin/settings/:SearchApiRequiresToken``
+
 :SystemEmail
 ++++++++++++
 

src/main/java/edu/harvard/iq/dataverse/api/Search.java

@@ -201,13 +201,20 @@ private User getUser() throws WrappedResponse {
          * see permission documents (all Solr documents, really) and we get a
          * NPE when trying to determine the DvObject type if their query matches
          * a permission document.
-         *
-         * @todo Check back on https://github.com/IQSS/dataverse/issues/1838 for
-         * when/if the Search API is opened up to not require a key.
          */
-        AuthenticatedUser authenticatedUser = findAuthenticatedUserOrDie();
+        User userToExecuteSearchAs = GuestUser.get();
+        try {
+            AuthenticatedUser authenticatedUser = findAuthenticatedUserOrDie();
+            if (authenticatedUser != null) {
+                userToExecuteSearchAs = authenticatedUser;
+            }
+        } catch (WrappedResponse ex) {
+            if (!tokenLessSearchAllowed()) {
+                throw ex;
+            }
+        }
         if (nonPublicSearchAllowed()) {
-            return authenticatedUser;
+            return userToExecuteSearchAs;
         } else {
             return GuestUser.get();
         }
@@ -218,6 +225,13 @@ public boolean nonPublicSearchAllowed() {
         return settingsSvc.isTrueForKey(SettingsServiceBean.Key.SearchApiNonPublicAllowed, safeDefaultIfKeyNotFound);
     }
 
+    public boolean tokenLessSearchAllowed() {
+        boolean outOfBoxBehavior = false;
+        boolean tokenLessSearchAllowed = settingsSvc.isFalseForKey(SettingsServiceBean.Key.SearchApiRequiresToken, outOfBoxBehavior);
+        logger.fine("tokenLessSearchAllowed: " + tokenLessSearchAllowed);
+        return tokenLessSearchAllowed;
+    }
+
     private boolean getDataRelatedToMe() {
         /**
          * @todo support Data Related To Me:

src/main/java/edu/harvard/iq/dataverse/search/SearchServiceBean.java

@@ -734,7 +734,7 @@ public SolrQueryResponse search(DataverseRequest dataverseRequest, Dataverse dat
             solrQueryResponse.setFilterQueriesActual(actualFilterQueries);
         } else {
             // how often is this null?
-            logger.info("solrQuery.getFilterQueries() was null");
+            logger.fine("solrQuery.getFilterQueries() was null");
         }
 
         solrQueryResponse.setDvObjectCounts(queryResponse.getFacetField("dvObjectType"));

src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java

@@ -74,7 +74,12 @@ public enum Key {
          * Search API. See also https://github.com/IQSS/dataverse/issues/1299
          */
         SearchApiNonPublicAllowed,
-
+        /**
+         * In Dataverse 4.7 and earlier, an API token was required to use the
+         * Search API. Tokens are no longer required but you can revert to the
+         * old behavior by setting this to false.
+         */
+        SearchApiRequiresToken,
         /**
          * Experimental: Use Solr to power the file listing on the dataset page.
          */
@@ -388,6 +393,10 @@ public boolean isTrue( String name, boolean defaultValue ) {
     public boolean isTrueForKey( Key key, boolean defaultValue ) {
         return isTrue( key.toString(), defaultValue );
     }
+
+    public boolean isFalseForKey( Key key, boolean defaultValue ) {
+        return ! isTrue( key.toString(), defaultValue );
+    }
 
     public void deleteValueForKey( Key name ) {
         delete( name.toString() );