Merge branch 'develop' into dependabot/pip/doc/src/sphinx/certifi-202…

…2.12.7

CHANGELOG.md

@@ -13,12 +13,19 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Extractors can now specify an extractor_key and an owner (email address) when sending a
 registration or heartbeat to Clowder that will restrict use of that extractor to them.
 - Added a dropdown menu to select all spaces, your spaces and also the spaces you have access to. [#374](https://github.com/clowder-framework/clowder/issues/374)
+- Add SMTP_FROM in docker-compose yml file. [#417](https://github.com/clowder-framework/clowder/issues/417)
+- Keycloak provider with secure social [#419](https://github.com/clowder-framework/clowder/issues/419)
 - Documentation on how to do easy testing of pull requests
 
 ## Fixed
 - Updated lastModifiesDate when updating file or metadata to a dataset, added lastModified to UI  [386](https://github.com/clowder-framework/clowder/issues/386)
 - Disabled button while create dataset ajax call is still going on [#311](https://github.com/clowder-framework/clowder/issues/311)
 
+## Unreleased
+
+### Added
+- added a citation.cff file
+
 ## 1.21.0 - 2022-08-23
 
 **_Important:_** This update requires a MongoDB update schema due to a bug in the original migration  of showing summary statistics at the

app/services/KeycloakProvider.scala

@@ -0,0 +1,103 @@
+package services
+
+import play.api.libs.ws.WS
+import play.api.{Application, Logger}
+import play.api.libs.json.JsObject
+import securesocial.core._
+import scala.collection.JavaConverters._
+
+
+/**
+ * A Keycloak OAuth2 Provider
+ */
+class KeycloakProvider(application: Application) extends OAuth2Provider(application) {
+  val Error = "error"
+  val Message = "message"
+  val Type = "type"
+  val Sub = "sub"
+  val Name = "name"
+  val GivenName = "given_name"
+  val FamilyName = "family_name"
+  //  todo: picture wont work
+  val Picture = "picture"
+  val Email = "email"
+  val Groups = "groups"
+
+  override def id = KeycloakProvider.Keycloak
+
+  def fillProfile(user: SocialUser): SocialUser = {
+    val UserInfoApi = loadProperty("userinfoUrl").getOrElse(throwMissingPropertiesException())
+    val accessToken = user.oAuth2Info.get.accessToken
+    val promise = WS.url(UserInfoApi.toString).withHeaders(("Authorization", "Bearer " + accessToken)).get()
+
+    try {
+      val response = awaitResult(promise)
+      val me = response.json
+      Logger.debug("Got back from Keycloak : " + me.toString())
+      (me \ Error).asOpt[JsObject] match {
+        case Some(error) =>
+          val message = (error \ Message).as[String]
+          val errorType = ( error \ Type).as[String]
+          Logger.error("[securesocial] error retrieving profile information from Keycloak. Error type = %s, message = %s"
+            .format(errorType,message))
+          throw new AuthenticationException()
+        case _ =>
+          val userId = (me \ Sub).as[String]
+          val firstName = (me \ GivenName).asOpt[String]
+          val lastName = (me \ FamilyName).asOpt[String]
+          val fullName = (me \ Name).asOpt[String]
+          val avatarUrl = ( me \ Picture).asOpt[String]
+          val email = ( me \ Email).asOpt[String]
+          val groups = ( me \ Groups).asOpt[List[String]]
+          val roles = ( me \ "resource_access" \ "account" \ "roles").asOpt[List[String]]
+          (application.configuration.getList("securesocial.keycloak.groups"), groups) match {
+            case (Some(conf), Some(keycloak)) => {
+              val conflist = conf.unwrapped().asScala.toList
+              if (keycloak.intersect(conflist).isEmpty) {
+                throw new AuthenticationException()
+              }
+            }
+            case (Some(_), None) => throw new AuthenticationException()
+            case (None, _) => Logger.debug("[securesocial] No check needed for groups")
+          }
+          (application.configuration.getList("securesocial.keycloak.roles"), roles) match {
+            case (Some(conf), Some(keycloak)) => {
+              val conflist = conf.unwrapped().asScala.toList
+              if (keycloak.intersect(conflist).isEmpty) {
+                throw new AuthenticationException()
+              }
+            }
+            case (Some(_), None) => throw new AuthenticationException()
+            case (None, _) => Logger.debug("[securesocial] No check needed for roles")
+          }
+          user.copy(
+            identityId = IdentityId(userId, id),
+            firstName = firstName.getOrElse(""),
+            lastName = lastName.getOrElse(""),
+            fullName = fullName.getOrElse({
+              if (firstName.isDefined && lastName.isDefined) {
+                firstName.get + " " + lastName.get
+              } else if (firstName.isDefined) {
+                firstName.get
+              } else if (lastName.isDefined) {
+                lastName.get
+              } else {
+                ""
+              }
+            }),
+            avatarUrl = avatarUrl,
+            email = email
+          )
+      }
+    } catch {
+      case e: Exception => {
+        Logger.error( "[securesocial] error retrieving profile information from Keycloak", e)
+        throw new AuthenticationException()
+      }
+    }
+  }
+}
+
+object KeycloakProvider {
+  val Keycloak = "keycloak"
+}

citation.cff

@@ -0,0 +1,207 @@
+cff-version: 1.2.0
+message: If you use this software, please cite it using these metadata.
+title: "Clowder: Open Source Data Management for Long Tail Data"
+abstract: "A customizable and scalable data management system you can install in the cloud or on your own hardware."
+type: software
+version: "1.21.0"
+license: "NCSA"
+repository-code: "https://github.com/clowder-framework/clowder"
+keywords:
+  - data-management
+  - cyberinfrastructure
+  - clowder
+  - open-data
+  - open-science
+preferred-citation:
+  type: article
+  title: "Clowder: Open Source Data Management for Long Tail Data"
+  abstract: "Clowder is an open source data management system to support data curation of long tail data and metadata across multiple research domains and diverse data types. Institutions and labs can install and customize their own instance of the framework on local hardware or on remote cloud computing resources to provide a shared service to distributed communities of researchers. Data can be ingested directly from instruments or manually uploaded by users and then shared with remote collaborators using a web front end. We discuss some of the challenges encountered in designing and developing a system that can be easily adapted to different scientific areas including digital preservation, geoscience, material science, medicine, social science, cultural heritage and the arts. Some of these challenges include support for large amounts of data, horizontal scaling of domain specific preprocessing algorithms, ability to provide new data visualizations in the web browser, a comprehensive Web service API for automatic data ingestion and curation, a suite of social annotation and metadata management features to support data annotation by communities of users and algorithms, and a web based front-end to interact with code running on heterogeneous clusters, including HPC resources."
+  isbn: 9781450364461
+  publisher:
+    name: "Association for Computing Machinery"
+  doi: 10.1145/3219104.3219159
+  collection-title: "Proceedings of the Practice and Experience on Advanced Research Computing"
+  keywords:
+    - scientific gateways
+    - metadata management
+    - linked data
+    - data management
+    - data curation
+  location:
+    name: "Pittsburgh, PA, USA"
+  year: 2018
+  authors:
+    - family-names: Marini
+      given-names: Luigi
+    - family-names: Gutierrez-Polo
+      given-names: Indira
+    - family-names: Kooper
+      given-names: Rob
+    - family-names: Satheesan
+      given-names: Sandeep Puthanveetil
+    - family-names: Burnette
+      given-names: Maxwell
+    - family-names: Lee
+      given-names: Jong
+    - family-names: Nicholson
+      given-names: Todd
+    - family-names: Zhao
+      given-names: Yan
+    - family-names: McHenry
+      given-names: Kenton
+references:
+  - institution: "National Science Foundation" 
+    number: "#BCS-0941268" 
+  - institution: "National Science Foundation"  
+    number: "#EAR- 331906"
+  - institution: "National Science Foundation"  
+    number: "#ACI-1261582"
+  - institution: "National Science Foundation"  
+    number: "#ACI-1443013"
+  - institution: "National Science Foundation"  
+    number: "#OCI-0940824"
+  - institution: "National Science Foundation"  
+    number: "#OCI-0525308"
+  - institution: "National Science Foundation"  
+    number: "#OAC-1835834"
+  - institution: "National Institutes of Health"
+    number: "#1P01AI089556-01A1"
+  - institution: "Illinois - Indiana Sea Grant"
+    number: "#DW92329201"
+  - institution: "European Commission"
+    number: "#RI-261600"
+  - institution: "XSEDE"
+    number: "#OCI-1053575"
+  - institution: "ARPA-E"
+    number: "#DE-AR0000594"
+authors:
+  - family-names: "Marini"
+    given-names: "Luigi"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+    orcid: "0000-0002-8511-0211"
+  - family-names: "Kooper"
+    given-names: "Rob"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+    orcid: "0000-0002-5781-7287"
+  - family-names: "Gutierrez"
+    given-names: "Indira"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+    orcid: "0000-0001-5684-3419"
+  - family-names: "Sophocleous"
+    given-names: "Constantinos"
+  - family-names: "Burnette"
+    given-names: "Max"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Nicholson"
+    given-names: "Todd"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Ondrejcek"
+    given-names: "Michal"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Zhang"
+    given-names: "Bing"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Zharnitsky"
+    given-names: "Inna"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Puthanveetil Satheesan"
+    given-names: "Sandeep Puthanveetil"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+    orcid: "0000-0001-9075-3740"
+  - family-names: "Padhy"
+    given-names: "Smruti"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Zhao"
+    given-names: "Yan"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Liu"
+    given-names: "Rui"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Vaidya"
+    given-names: "Ashwini"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Myers"
+    given-names: "Jim"
+    orcid: "0000-0001-8462-650X"
+  - family-names: "Felarca"
+    given-names: "Mario"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Angelo"
+    given-names: "Brock"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Roeder"
+    given-names: "Gene"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Lee"
+    given-names: "Jong"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Hennessy"
+    given-names: "Will"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Issaranon"
+    given-names: "Theerasit"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Guo"
+    given-names: "Yibo"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Yuan"
+    given-names: "Xiaocheng"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Kethineedi"
+    given-names: "Varun"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Kumar"
+    given-names: "Avinash"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Nayudu"
+    given-names: "Nishant"
+    affiliation: "University of Illinois at Urbana-Champaign"
+  - family-names: "Poelmans"
+    given-names: "Ward"
+    affiliation: "Center for Molecular Modeling, Ghent University"
+  - family-names: "Jansz"
+    given-names: "Winston"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Jansen"
+    given-names: "Gregory"
+    affiliation: "College of Information Studies, University of Maryland"
+  - family-names: "Navarro"
+    given-names: "Chris"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Pitcel"
+    given-names: "Michelle"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Tenczar"
+    given-names: "Nicholas"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Wang"
+    given-names: "Chen"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Lambert"
+    given-names: "Mike"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "McHenry"
+    given-names: "Kenton"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+    orcid: "0000-0003-0367-2550"
+  - family-names: "Habib"
+    given-names: "Aaraj"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Galewsky"
+    given-names: "Ben"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Constantinou"
+    given-names: "Chrysovalantis"
+  - family-names: "Karimi-Asli"
+    given-names: "Kaveh"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Tzima"
+    given-names: "Maria-Spyridoula"
+  - family-names: "Johnson"
+    given-names: "Michael"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Bobak"
+    given-names: "Mike"
+    affiliation: "National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign"
+  - family-names: "Yardley"
+    given-names: "Tim"

conf/play.plugins

@@ -21,6 +21,7 @@
 #10050:services.CrowdProvider
 #10051:services.CILogonProvider
 #10052:services.LdapProvider
+#10053:services.KeycloakProvider
 #10090:services.MailerPlugin
 #10091:services.AdminsNotifierPlugin
 #10100:services.TempFilesPlugin

conf/securesocial.conf

@@ -161,6 +161,18 @@ securesocial {
         #groups=["cn=org_isda,ou=Groups,dc=ncsa,dc=illinois,dc=edu"]
     }
 
+    keycloak {
+        authorizationUrl="http://localhost:8080/keycloak/realms/clowder/protocol/openid-connect/auth"
+        accessTokenUrl="http://localhost:8080/keycloak/realms/clowder/protocol/openid-connect/token"
+        userinfoUrl="http://localhost:8080/keycloak/realms/clowder/protocol/openid-connect/userinfo"
+        clientId=your_client_id
+        clientSecret=your_client_secret
+        scope="profile email roles"
+        # Example of filtering by groups and/or roles
+        # groups=["group1", "group2"]
+        # roles=["role1", "role2"]
+    }
+
     ldap {
         url="http://localhost/ldap"
         hostname="ldap.example.com"

docker-compose.yml

@@ -67,6 +67,7 @@ services:
       - RABBITMQ_CLOWDERURL=${RABBITMQ_CLOWDERURL:-http://clowder:9000}
       - SMTP_MOCK=${SMTP_MOCK:-true}
       - SMTP_SERVER=${SMTP_SERVER:-smtp}
+      - SMTP_FROM=${SMTP_FROM:[email protected]}
       - CLOWDER_STORAGE=${CLOWDER_STORAGE:-services.filesystem.DiskByteStorageService}
       - CLOWDER_DISKPATH=${CLOWDER_DISKPATH:-/home/clowder/data}
       - S3_ENDPOINT=${S3_ENDPOINT:-http://minio:9000}

docker/custom.conf

@@ -32,6 +32,8 @@ smtp.mock=true
 smtp.mock=${?SMTP_MOCK}
 smtp.host="smtp"
 smtp.host=${?SMTP_SERVER}
+smtp.from="[email protected]"
+smtp.from=${?SMTP_FROM}
 
 # storage
 service.byteStorage=services.filesystem.DiskByteStorageService