From bb24a82466da09e8b6258605a638619809cc8c43 Mon Sep 17 00:00:00 2001
From: Johannes Frohnhofen <johannes@frohnhofen.com>
Date: Fri, 1 Dec 2017 14:00:16 +0100
Subject: [PATCH] remove dataStoreToken rom config and use sth random instread

---
 app/controllers/UserTokenController.scala |  8 +++---
 app/models/binary/DataStoreHandler.scala  | 33 ++++++++++++-----------
 conf/application.conf                     |  2 --
 3 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/app/controllers/UserTokenController.scala b/app/controllers/UserTokenController.scala
index 6f78c2a80f7..2a70863b066 100644
--- a/app/controllers/UserTokenController.scala
+++ b/app/controllers/UserTokenController.scala
@@ -5,12 +5,12 @@ package controllers
 
 import javax.inject.Inject
 
-import oxalis.security.WebknossosSilhouette.{UserAwareAction, UserAwareRequest, SecuredRequest, SecuredAction}
+import oxalis.security.WebknossosSilhouette.{SecuredAction, SecuredRequest, UserAwareAction, UserAwareRequest}
 import com.scalableminds.braingames.datastore.services.{AccessMode, AccessResourceType, UserAccessAnswer, UserAccessRequest}
 import com.scalableminds.util.reactivemongo.{DBAccessContext, GlobalAccessContext}
 import com.scalableminds.util.tools.Fox
 import models.annotation._
-import models.binary.DataSetDAO
+import models.binary.{DataSetDAO, DataStoreHandlingStrategy}
 import models.user.{User, UserToken, UserTokenDAO, UserTokenService}
 import net.liftweb.common.{Box, Full}
 import play.api.i18n.MessagesApi
@@ -23,8 +23,6 @@ class UserTokenController @Inject()(val messagesApi: MessagesApi)
     with WKDataStoreActionHelper
     with AnnotationInformationProvider {
 
-  val webKnossosToken = play.api.Play.current.configuration.getString("application.authentication.dataStoreToken").getOrElse("somethingSecure")
-
   def generateUserToken = UserAwareAction.async { implicit request =>
     val context = userAwareRequestToDBAccess(request)
 
@@ -43,7 +41,7 @@ class UserTokenController @Inject()(val messagesApi: MessagesApi)
 
   def validateUserAccess(name: String, token: String) = DataStoreAction(name).async(validateJson[UserAccessRequest]) { implicit request =>
     val accessRequest = request.body
-    if (token == webKnossosToken) {
+    if (token == DataStoreHandlingStrategy.webKnossosToken) {
       Fox.successful(Ok(Json.toJson(UserAccessAnswer(true))))
     } else {
       for {
diff --git a/app/models/binary/DataStoreHandler.scala b/app/models/binary/DataStoreHandler.scala
index b65e4561170..0608c1b53b8 100644
--- a/app/models/binary/DataStoreHandler.scala
+++ b/app/models/binary/DataStoreHandler.scala
@@ -4,6 +4,8 @@
 package models.binary
 
 import java.io.File
+import java.math.BigInteger
+import java.security.SecureRandom
 
 import com.scalableminds.braingames.binary.helpers.ThumbnailHelpers
 import com.scalableminds.braingames.datastore.SkeletonTracing.{SkeletonTracing, SkeletonTracings}
@@ -18,7 +20,6 @@ import net.liftweb.common.Box
 import org.apache.commons.codec.binary.Base64
 import play.api.Play.current
 import play.api.http.Status
-import play.api.libs.Files.TemporaryFile
 import play.api.libs.concurrent.Execution.Implicits._
 import play.api.libs.iteratee.Enumerator
 import play.api.libs.ws.{WS, WSResponse}
@@ -62,6 +63,8 @@ trait DataStoreHandlingStrategy {
 
 object DataStoreHandlingStrategy {
 
+  lazy val webKnossosToken = new BigInteger(130, new SecureRandom()).toString(32)
+
   def apply(dataSet: DataSet): DataStoreHandlingStrategy = dataSet.dataStoreInfo.typ match {
     case WebKnossosStore =>
       new WKStoreHandlingStrategy(dataSet.dataStoreInfo, dataSet)
@@ -72,40 +75,38 @@ object DataStoreHandlingStrategy {
 
 class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) extends DataStoreHandlingStrategy with LazyLogging {
 
-  val webKnossosToken = play.api.Play.current.configuration.getString("application.authentication.dataStoreToken").getOrElse("somethingSecure")
-
   override def getSkeletonTracing(reference: TracingReference): Fox[SkeletonTracing] = {
     logger.debug("Called to get SkeletonTracing. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/${reference.id}/getProto")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .getWithProtoResponse[SkeletonTracing](SkeletonTracing)
   }
 
   override def getSkeletonTracings(references: List[TracingReference]): Fox[SkeletonTracings] = {
     logger.debug("Called to get multiple SkeletonTracings. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/getMultiple")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .postJsonWithProtoResponse[List[TracingSelector], SkeletonTracings](references.map(r => TracingSelector(r.id)))(SkeletonTracings)
   }
 
   override def saveSkeletonTracing(tracing: SkeletonTracing): Fox[TracingReference] = {
     logger.debug("Called to save SkeletonTracing. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/save")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .postProtoWithJsonResponse[SkeletonTracing, TracingReference](tracing)
   }
 
   override def saveSkeletonTracings(tracings: SkeletonTracings): Fox[List[Box[TracingReference]]] = {
     logger.debug("Called to save SkeletonTracings. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/saveMultiple")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .postProtoWithJsonResponse[SkeletonTracings, List[Box[TracingReference]]](tracings)
   }
 
   override def duplicateSkeletonTracing(tracingReference: TracingReference, versionString: Option[String] = None): Fox[TracingReference] = {
     logger.debug("Called to duplicate SkeletonTracing. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/${tracingReference.id}/duplicate")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .withQueryStringOptional("version", versionString)
       .getWithJsonResponse[TracingReference]
   }
@@ -113,7 +114,7 @@ class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) ex
   override def mergeSkeletonTracingsByIds(references: List[TracingReference], persistTracing: Boolean): Fox[TracingReference] = {
     logger.debug("Called to merge SkeletonTracings by ids. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/mergedFromIds")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .withQueryString("persist" -> persistTracing.toString)
       .postWithJsonResponse[List[TracingSelector], TracingReference](references.map(r => TracingSelector(r.id)))
   }
@@ -121,7 +122,7 @@ class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) ex
   override def mergeSkeletonTracingsByContents(tracings: SkeletonTracings, persistTracing: Boolean): Fox[TracingReference] = {
     logger.debug("Called to merge SkeletonTracings by contents. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     RPC(s"${dataStoreInfo.url}/data/tracings/skeleton/mergedFromContents")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .withQueryString("persist" -> persistTracing.toString)
       .postProtoWithJsonResponse[SkeletonTracings, TracingReference](tracings)
   }
@@ -130,12 +131,12 @@ class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) ex
     logger.debug("Called to create VolumeTracing. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     for {
       tracingReference <- RPC(s"${dataStoreInfo.url}/data/tracings/volume/save")
-        .withQueryString("token" -> webKnossosToken)
+        .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
         .postProtoWithJsonResponse[VolumeTracing, TracingReference](tracing)
       _ <- initialData match {
         case Some(file) =>
           RPC(s"${dataStoreInfo.url}/data/tracings/volume/${tracingReference.id}/initialData")
-            .withQueryString("token" -> webKnossosToken)
+            .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
             .post(file)
         case _ =>
           Fox.successful(())
@@ -149,10 +150,10 @@ class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) ex
     logger.debug("Called to get VolumeTracing. Base: " + dataSet.name + " Datastore: " + dataStoreInfo)
     for {
       tracing <- RPC(s"${dataStoreInfo.url}/data/tracings/volume/${reference.id}/getProto")
-        .withQueryString("token" -> webKnossosToken)
+        .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
         .getWithProtoResponse[VolumeTracing](VolumeTracing)
       data <- RPC(s"${dataStoreInfo.url}/data/tracings/volume/${reference.id}/data")
-        .withQueryString("token" -> webKnossosToken)
+        .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
         .getStream.map(_._2)
     } yield {
       (tracing, data)
@@ -162,7 +163,7 @@ class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) ex
   override def requestDataLayerThumbnail(dataLayerName: String, width: Int, height: Int): Fox[Array[Byte]] = {
     logger.debug("Thumbnail called for: " + dataSet.name + " Layer: " + dataLayerName)
     RPC(s"${dataStoreInfo.url}/data/datasets/${dataSet.urlEncodedName}/layers/$dataLayerName/thumbnail.json")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .withQueryString( "width" -> width.toString, "height" -> height.toString)
       .getWithJsonResponse[ImageThumbnail].map(thumbnail => Base64.decodeBase64(thumbnail.value))
   }
@@ -170,7 +171,7 @@ class WKStoreHandlingStrategy(dataStoreInfo: DataStoreInfo, dataSet: DataSet) ex
   override def importDataSource: Fox[WSResponse] = {
     logger.debug("Import called for: " + dataSet.name)
     RPC(s"${dataStoreInfo.url}/data/datasets/${dataSet.urlEncodedName}/import")
-      .withQueryString("token" -> webKnossosToken)
+      .withQueryString("token" -> DataStoreHandlingStrategy.webKnossosToken)
       .post()
   }
 }
diff --git a/conf/application.conf b/conf/application.conf
index e134df68672..72dade77e5d 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -52,8 +52,6 @@ application{
       password="secret"
     }
     ssoKey="something secure"
-    # token used to authenticate webknossos to the datastore
-    dataStoreToken="somethingSecure"
   }
 }