Authentication (#14)

Co-authored-by: Marco Vogt <[email protected]>

Author: VishalDalwadi

.github/workflows/ci.yml

@@ -10,6 +10,7 @@ jobs:
       matrix:
         java: [ 11, 17 ]
         os: [ macos-latest, ubuntu-latest, windows-latest ]
+        withAuth: [ testWithoutAuth, testWithAuth ]
     name: Java ${{ matrix.java }} @ ${{ matrix.os }}
     steps:
       - name: Checkout
@@ -20,4 +21,6 @@ jobs:
           distribution: 'adopt'
           java-version: ${{ matrix.java }}
       - name: Build with Gradle
-        run: ./gradlew build
+        run: ./gradlew assemble
+      - name: Run tests
+        run: ./gradlew ${{ matrix.withAuth }}

README.md

@@ -48,6 +48,59 @@ In order to start Polypheny-DB, we first need to trigger a build. This can be do
 
 You can now open the Polypheny-UI by opening `localhost:8080` in your browser. 
 
+### Authentication
+
+Polypheny Control now allows you to use authentication to allow only verified users to use it. Authentication is available both in the command line and in the browser.
+CLI authentication can be enabled/disabled using the `pcrtl.auth.cli` config option. It is disabled by default.
+Authentication for `localhost` can be enabled/disabled using the `pcrtl.auth.local` config option. It is also disabled by default.
+Authentication itself for be fully enabled/disabled using the `pcrtl.auth.enable` config option. It is enabled by default.
+
+#### The passwd file
+
+Polypheny Control stores user information in a file name **passwd**. This file is NOT protected. You can protect the file against modification by setting the immutable flag using `chattr` on Linux / MacOS and `attrib` on Windows.
+But, remember to reset the flag when modifying the file using polypheny control.
+
+#### Admin User
+
+Polypheny Control requires a **admin** user to create and manage other users. So, before you can create any other user you will need to create a **admin** user using the following command:
+
+```
+java -jar polypheny-control.jar adduser
+```
+
+This will prompt you to enter a name and password. Enter "admin" as the name and a strong password for the user.
+All of the user management actions need to be authorized using the admin password.
+
+An example run of the user management features:
+
+```
+# Creating the admin user (The password is mandatory but won't be visible when you type it out)
+> java -jar polypheny-control.jar adduser
+Name: admin
+Password: 
+Confirm Password: 
+
+# Creating a user
+> java -jar polypheny-control.jar adduser
+Name: Loki
+Password: 
+Confirm Password: 
+Enter 'admin' password (Try 1/3):
+
+# Modifying a user's password
+> java -jar polypheny-control.jar moduser
+Name: Loki
+Password: 
+Confirm Password: 
+Enter 'admin' password (Try 1/3):
+
+# Remove a user
+> java -jar polypheny-control.jar remuser
+Name: Loki
+Enter 'admin' password (Try 1/3):
+
+```
+
 
 ## Roadmap
 See the [open issues](https://github.com/polypheny/Polypheny-DB/labels/A-control) for a list of proposed features (and known issues).

build.gradle

@@ -74,9 +74,8 @@ dependencies {
 
     // Log4J
     implementation group: "org.slf4j", name: "slf4j-api", version: slf4j_version // MIT
-    implementation group: "org.apache.logging.log4j", name: "log4j-slf4j-impl", version: log4j_version // Apache 2.0
+    implementation group: "org.apache.logging.log4j", name: "log4j-slf4j2-impl", version: log4j_version // Apache 2.0
     implementation group: "org.apache.logging.log4j", name: "log4j-core", version: log4j_version // Apache 2.0
-    implementation group: "org.apache.logging.log4j", name: "log4j-api", version: log4j_version // Apache 2.0
 
     // Configuration management
     implementation group: "com.typesafe", name: "config", version: typesafe_config_version // Apache 2.0
@@ -150,6 +149,7 @@ jar {
         attributes "Implementation-Version": project.version
         attributes "Multi-Release": "true"
         attributes "Version": project.version
+        attributes "Main-Class": mainClassName
         attributes "Add-Opens": "java.base/java.lang"
     }
 }
@@ -188,6 +188,26 @@ task extractWebjars(type: Copy) {
 }
 classes.dependsOn(extractWebjars)
 
+task testWithAuth(type: Test) {
+    systemProperty "config.auth.local", "true"
+    description = "Runs test with local authentication enabled."
+    group = "verification"
+}
+testWithAuth.dependsOn(testClasses)
+
+task testWithoutAuth(type: Test) {
+    systemProperty "config.auth.local", "false"
+    description = "Runs test with local authentication disabled."
+    group = "verification"
+}
+testWithoutAuth.dependsOn(testClasses)
+
+test {
+    systemProperty "config.auth.local", "false"
+}
+test.dependsOn(testWithAuth)
+
+
 
 //////////////
 // IntelliJ //

control-connector/src/main/java/org/polypheny/control/client/ClientData.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2019-2023 The Polypheny Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.polypheny.control.client;
+
+
+public class ClientData {
+
+    private final ClientType clientType;
+    private final String username;
+    private final String password;
+
+
+    public ClientData( ClientType clientType, String username, String password ) {
+        this.clientType = clientType;
+        this.username = username;
+        this.password = password;
+    }
+
+
+    public ClientType getClientType() {
+        return clientType;
+    }
+
+
+    public String getUsername() {
+        return username;
+    }
+
+
+    public String getPassword() {
+        return password;
+    }
+
+}

control-connector/src/main/java/org/polypheny/control/client/HttpConnector.java

@@ -0,0 +1,109 @@
+/*
+ * Copyright 2019-2023 The Polypheny Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.polypheny.control.client;
+
+import kong.unirest.Cookie;
+import kong.unirest.GetRequest;
+import kong.unirest.HttpRequest;
+import kong.unirest.HttpRequestWithBody;
+import kong.unirest.HttpResponse;
+import kong.unirest.MultipartBody;
+import kong.unirest.Unirest;
+
+
+interface POSTComposer {
+
+    MultipartBody composeRequest( HttpRequestWithBody request );
+
+}
+
+
+interface SessionTimeoutHandler {
+
+    boolean handleSessionTimeout();
+
+}
+
+
+public class HttpConnector {
+
+    private Cookie jsessionid;
+    private SessionTimeoutHandler sessionTimeoutHandler;
+
+
+    public HttpConnector() {
+        Unirest.config().connectTimeout( 0 );
+        Unirest.config().socketTimeout( 0 );
+        Unirest.config().concurrency( 200, 100 );
+    }
+
+
+    public void authenticate( String url, String username, String password ) {
+        HttpResponse<String> response = Unirest.get( url )
+                .basicAuth( username, password )
+                .asString();
+        jsessionid = response.getCookies().getNamed( "JSESSIONID" );
+    }
+
+
+    public HttpResponse<String> post( String url, POSTComposer composer ) {
+        HttpRequestWithBody request = Unirest.post( url );
+        MultipartBody multipartBody = composer.composeRequest( request );
+        ensureJSESSIONIDAttached( multipartBody );
+        HttpResponse<String> response = multipartBody.asString();
+
+        // Handle Session Timeout
+        if ( response.getStatus() == 401 ) {
+            boolean shouldResendRequest = sessionTimeoutHandler.handleSessionTimeout();
+            if ( shouldResendRequest ) {
+                return post( url, composer );
+            }
+        }
+
+        return response;
+    }
+
+
+    public HttpResponse<String> get( String url ) {
+        GetRequest request = Unirest.get( url );
+        ensureJSESSIONIDAttached( request );
+        HttpResponse<String> response = request.asString();
+
+        // Handle Session Timeout
+        if ( response.getStatus() == 401 ) {
+            boolean shouldResendRequest = sessionTimeoutHandler.handleSessionTimeout();
+            if ( shouldResendRequest ) {
+                return get( url );
+            }
+        }
+
+        return response;
+    }
+
+
+    public void setSessionTimeoutHandler( SessionTimeoutHandler sessionTimeoutHandler ) {
+        this.sessionTimeoutHandler = sessionTimeoutHandler;
+    }
+
+
+    private void ensureJSESSIONIDAttached( HttpRequest request ) {
+        if ( jsessionid != null ) {
+            request.cookie( jsessionid );
+        }
+    }
+
+}

control-connector/src/main/java/org/polypheny/control/client/PolyphenyControlConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The Polypheny Project
+ * Copyright 2019-2023 The Polypheny Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.polypheny.control.client;
 
+
 import com.google.common.reflect.TypeToken;
 import com.google.gson.Gson;
 import java.lang.reflect.Type;
@@ -39,21 +40,28 @@ public class PolyphenyControlConnector {
 
     private final String controlUrl;
     private static int clientId = -1;
-    private final ClientType clientType;
+    private final ClientData clientData;
+    private final HttpConnector httpConnector;
 
     private final Gson gson = new Gson();
 
     private final LogHandler logHandler;
 
 
-    public PolyphenyControlConnector( String controlUrl, ClientType clientType, LogHandler logHandler ) throws URISyntaxException {
-        this.clientType = clientType;
+    public PolyphenyControlConnector( String controlUrl, ClientData clientData, LogHandler logHandler ) throws URISyntaxException {
+        this.clientData = clientData;
         this.logHandler = logHandler;
 
-        Unirest.config().connectTimeout( 0 );
-        Unirest.config().socketTimeout( 0 );
-        Unirest.config().concurrency( 200, 100 );
         this.controlUrl = "http://" + controlUrl;
+
+        httpConnector = new HttpConnector();
+        httpConnector.setSessionTimeoutHandler( () -> {
+            httpConnector.authenticate( this.controlUrl + "/", clientData.getUsername(), clientData.getPassword() );
+            // After authenticating, try again.
+            return true;
+        } );
+        httpConnector.authenticate( this.controlUrl + "/", clientData.getUsername(), clientData.getPassword() );
+
         WebSocket webSocket = new WebSocket( new URI( "ws://" + controlUrl + "/socket/" ) );
         webSocket.connect();
 
@@ -74,7 +82,7 @@ public PolyphenyControlConnector( String controlUrl, ClientType clientType, LogH
     public void stopPolypheny() {
         setClientType(); // Set the client type (again) - does not hurt and makes sure its set
         try {
-            Unirest.post( controlUrl + "/control/stop" ).field( "clientId", clientId ).asString();
+            httpConnector.post( controlUrl + "/control/stop", request -> request.field( "clientId", clientId ) );
         } catch ( UnirestException e ) {
             log.error( "Error while stopping Polypheny-DB", e );
         }
@@ -84,7 +92,7 @@ public void stopPolypheny() {
     public void startPolypheny() {
         setClientType(); // Set the client type (again) - does not hurt and makes sure its set
         try {
-            Unirest.post( controlUrl + "/control/start" ).field( "clientId", clientId ).asString();
+            httpConnector.post( controlUrl + "/control/start", request -> request.field( "clientId", clientId ) );
         } catch ( UnirestException e ) {
             log.error( "Error while starting Polypheny-DB", e );
         }
@@ -99,7 +107,7 @@ public void updatePolypheny() {
         }
         // Trigger update
         try {
-            Unirest.post( controlUrl + "/control/update" ).field( "clientId", clientId ).asString();
+            httpConnector.post( controlUrl + "/control/update", request -> request.field( "clientId", clientId ) );
         } catch ( UnirestException e ) {
             log.error( "Error while updating Polypheny-DB", e );
         }
@@ -121,7 +129,9 @@ public void setConfig( Map<String, String> map ) {
             obj.put( entry.getKey(), entry.getValue() );
         }
         try {
-            Unirest.post( controlUrl + "/config/set" ).field( "clientId", clientId ).field( "config", obj.toString() ).asString();
+            httpConnector.post(
+                    controlUrl + "/config/set",
+                    request -> request.field( "clientId", clientId ).field( "config", obj.toString() ) );
         } catch ( UnirestException e ) {
             log.error( "Error while setting client type", e );
         }
@@ -130,7 +140,9 @@ public void setConfig( Map<String, String> map ) {
 
     void setClientType() {
         try {
-            Unirest.post( controlUrl + "/client/type" ).field( "clientId", clientId ).field( "clientType", clientType.name() ).asString();
+            httpConnector.post(
+                    controlUrl + "/client/type",
+                    request -> request.field( "clientId", clientId ).field( "clientType", clientData.getClientType().name() ) );
         } catch ( UnirestException e ) {
             log.error( "Error while setting client type", e );
         }
@@ -155,7 +167,7 @@ String getStatus() {
     private String executeGet( String command ) {
         HttpResponse<String> httpResponse;
         try {
-            httpResponse = Unirest.get( controlUrl + command ).asString();
+            httpResponse = httpConnector.get( controlUrl + command );
             return httpResponse.getBody();
         } catch ( UnirestException e ) {
             log.error( "Exception while sending request", e );