Merge pull request #492 from vimc/mrc-343

mrc-343 remove onetime tokens

docs/spec/Changelog.schema.json

@@ -16,9 +16,12 @@
       },
       "from_file": {
         "type": "boolean"
+      },
+      "public": {
+        "type": "boolean"
       }
     },
     "additionalProperties": false,
     "required": ["report_version", "label", "value", "from_file"]
   }
-}
+}

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/APIEndpoint.kt

@@ -17,7 +17,6 @@ data class APIEndpoint(
         override val transform: Boolean = false,
         override val requiredPermissions: List<PermissionRequirement> = listOf(),
         override val authenticateWithExternalProvider: Boolean = false,
-        override val allowParameterAuthentication: Boolean = false,
         override val secure: Boolean = false,
         val spark: SparkWrapper = SparkServiceWrapper(),
         val configFactory: APISecurityConfigFactory? = null
@@ -42,11 +41,6 @@ data class APIEndpoint(
 
         factory = factory.setRequiredPermissions(this.requiredPermissions.toSet())
 
-        if (allowParameterAuthentication)
-        {
-            factory = factory.allowParameterAuthentication()
-        }
-
         if (authenticateWithExternalProvider)
         {
             factory = factory.externalAuthentication()
@@ -68,11 +62,6 @@ data class APIEndpoint(
     }
 }
 
-fun APIEndpoint.allowParameterAuthentication(): APIEndpoint
-{
-    return this.copy(allowParameterAuthentication = true)
-}
-
 fun APIEndpoint.secure(permissions: Set<String> = setOf()): APIEndpoint
 {
     val allPermissions = (permissions).map {

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/EndpointDefinition.kt

@@ -13,7 +13,6 @@ interface EndpointDefinition
     val contentType: String
     val transform: Boolean
     val requiredPermissions: List<PermissionRequirement>
-    val allowParameterAuthentication: Boolean
     val authenticateWithExternalProvider: Boolean
     val secure: Boolean
 

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/WebEndpoint.kt

@@ -28,7 +28,6 @@ data class WebEndpoint(
         val authenticationConfig: AuthenticationConfig = OrderlyWebAuthenticationConfig()
 ) : EndpointDefinition
 {
-    override val allowParameterAuthentication = false
     override val authenticateWithExternalProvider: Boolean = true
 
     override fun additionalSetup(url: String)

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/app_start/SparkApp.kt

@@ -3,7 +3,6 @@ package org.vaccineimpact.orderlyweb.app_start
 import freemarker.template.Configuration
 import org.slf4j.LoggerFactory
 import org.vaccineimpact.orderlyweb.db.AppConfig
-import org.vaccineimpact.orderlyweb.db.TokenStore
 import org.vaccineimpact.orderlyweb.security.AllowedOriginsFilter
 import spark.Spark.staticFiles
 import java.io.File
@@ -72,8 +71,6 @@ class OrderlyWeb
 
         logger.info("Expecting orderly database at ${AppConfig()["db.location"]}")
 
-        TokenStore.instance.setup()
-
         val router = Router(freeMarkerConfig)
 
         val apiUrls = router.mapEndpoints(APIRouteConfig, Router.apiUrlBase)

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/app_start/routing/api/DataRouteConfig.kt

@@ -11,11 +11,9 @@ object DataRouteConfig : RouteConfig
 
     override val endpoints: List<EndpointDefinition> = listOf(
             APIEndpoint("/data/csv/:id/", controller, "downloadCSV", ContentTypes.csv)
-                    .secure(readReports)
-                    .allowParameterAuthentication(),
+                    .secure(readReports),
 
             APIEndpoint("/data/rds/:id/", controller, "downloadRDS")
                     .secure(readReports)
-                    .allowParameterAuthentication()
     )
 }

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/app_start/routing/api/HomeRouteConfig.kt

@@ -3,17 +3,10 @@ package org.vaccineimpact.orderlyweb.app_start.routing.api
 import org.vaccineimpact.orderlyweb.*
 import org.vaccineimpact.orderlyweb.app_start.RouteConfig
 import org.vaccineimpact.orderlyweb.controllers.api.HomeController
-import org.vaccineimpact.orderlyweb.controllers.api.OnetimeTokenController
 
 object HomeRouteConfig : RouteConfig
 {
     override val endpoints: List<EndpointDefinition> = listOf(
-
-            APIEndpoint("/onetime_token/", OnetimeTokenController::class, "get")
-                    .json()
-                    .secure()
-                    .transform(),
-
             APIEndpoint("/", HomeController::class, "index")
                     .json()
                     .transform()

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/app_start/routing/api/VersionRouteConfig.kt

@@ -45,7 +45,6 @@ object VersionRouteConfig : RouteConfig
                     "getZippedByNameAndVersion",
                     ContentTypes.zip
             )
-            .allowParameterAuthentication()
             .secure(readReports),
 
             APIEndpoint(
@@ -65,8 +64,7 @@ object VersionRouteConfig : RouteConfig
             )
             .json()
             .transform()
-            .secure(readReports)
-            .allowParameterAuthentication(),
+            .secure(readReports),
 
             APIEndpoint(
                     "/reports/:name/versions/:version/artefacts/",
@@ -82,8 +80,7 @@ object VersionRouteConfig : RouteConfig
                     artefactController,
                     "getFile"
             )
-            .secure(readReports)
-            .allowParameterAuthentication(),
+            .secure(readReports),
 
             APIEndpoint(
                     "/reports/:name/versions/:version/resources/",
@@ -99,8 +96,7 @@ object VersionRouteConfig : RouteConfig
                     resourceController,
                     "download"
             )
-            .secure(readReports)
-            .allowParameterAuthentication(),
+            .secure(readReports),
 
             APIEndpoint(
                     "/reports/:name/versions/:version/data/",
@@ -116,17 +112,15 @@ object VersionRouteConfig : RouteConfig
                     dataController,
                     "downloadData"
             )
-            .secure(readReports)
-            .allowParameterAuthentication(),
+            .secure(readReports),
 
             APIEndpoint(
                     "/reports/:name/versions/:version/data/:data/",
                     dataController,
                     "downloadData",
                     contentType = ContentTypes.csv
             )
-            .secure(readReports)
-            .allowParameterAuthentication(),
+            .secure(readReports),
 
             APIEndpoint(
                     "/reports/:name/versions/:version/run-meta/",
@@ -135,6 +129,5 @@ object VersionRouteConfig : RouteConfig
                     contentType = ContentTypes.binarydata
             )
             .secure(readReports)
-            .allowParameterAuthentication()
     )
 }

src/app/src/main/kotlin/org/vaccineimpact/orderlyweb/security/APISecurityConfigFactory.kt

@@ -5,21 +5,18 @@ import org.pac4j.core.client.Client
 import org.pac4j.core.config.Config
 import org.pac4j.core.config.ConfigFactory
 import org.vaccineimpact.orderlyweb.db.AppConfig
-import org.vaccineimpact.orderlyweb.db.TokenStore
 import org.vaccineimpact.orderlyweb.models.PermissionRequirement
 import org.vaccineimpact.orderlyweb.security.authentication.AuthenticationConfig
 import org.vaccineimpact.orderlyweb.security.authentication.OrderlyWebAuthenticationConfig
 import org.vaccineimpact.orderlyweb.security.authorization.OrderlyWebAPIAuthorizer
 import org.vaccineimpact.orderlyweb.security.clients.APIActionAdaptor
 import org.vaccineimpact.orderlyweb.security.clients.JWTHeaderClient
-import org.vaccineimpact.orderlyweb.security.clients.JWTParameterClient
 import org.vaccineimpact.orderlyweb.security.clients.OrderlyWebTokenCredentialClient
 
 interface APISecurityConfigFactory : ConfigFactory
 {
     fun allClients(): String
     fun setRequiredPermissions(requiredPermissions: Set<PermissionRequirement>): APISecurityConfigFactory
-    fun allowParameterAuthentication(): APISecurityConfigFactory
     fun externalAuthentication(): APISecurityConfigFactory
 }
 
@@ -30,7 +27,6 @@ class APISecurityClientsConfigFactory(
     companion object
     {
         val headerClient = JWTHeaderClient(WebTokenHelper.instance.verifier)
-        val parameterClient = JWTParameterClient(WebTokenHelper.instance.verifier, TokenStore.instance)
     }
 
     private val allClients = mutableListOf<OrderlyWebTokenCredentialClient>(headerClient)
@@ -66,12 +62,6 @@ class APISecurityClientsConfigFactory(
         return this
     }
 
-    override fun allowParameterAuthentication(): APISecurityConfigFactory
-    {
-        allClients.add(APISecurityClientsConfigFactory.parameterClient)
-        return this
-    }
-
     override fun externalAuthentication(): APISecurityConfigFactory
     {
         allClients.clear()