Custos integration related changes

app/controllers/AccountController.php

@@ -147,6 +147,7 @@ public function loginSubmit()
             $authzToken->accessToken = $accessToken;
             $authzToken->claimsMap['gatewayID'] = Config::get('pga_config.airavata')['gateway-id'];
             $authzToken->claimsMap['userName'] = $username;
+            $authzToken->claimsMap['custosId'] = Config::get('pga_config.wsis')['oauth-client-key'];
 
             Session::put('authz-token',$authzToken);
             Session::put('oauth-refresh-code',$refreshToken);
@@ -156,7 +157,7 @@ public function loginSubmit()
             // AIRAVATA-3086: get gateway groups and get the groups this user is a member of
             $gatewayGroups = Airavata::getGatewayGroups($authzToken);
             $groupMemberships = GroupManagerService::getAllGroupsUserBelongs(
-                $authzToken, $username . "@" . Config::get('pga_config.airavata')['gateway-id']);
+                $authzToken, $username);
             $get_group_id = function($group) {
                 return $group->id;
             };

app/controllers/GatewayRequestUpdateController.php

@@ -41,7 +41,7 @@ public function updateDetails(){
             return Redirect::back()->withErrors($validator);
         }
         else {
-            $returnVal = AdminUtilities::user_update_gateway(Input::get("internal-gateway-id"), Input::all());
+            $returnVal = AdminUtilities::user_update_gateway(Input::get("gateway-id"), Input::all());
 
             if ($returnVal == 1) {
                 $email = Config::get('pga_config.portal')['admin-emails'];

app/libraries/AdminUtilities.php

@@ -39,7 +39,16 @@ public static function add_gateway($inputs)
         $gateway->requesterUsername = Session::get('username');
         $gateway->gatewayApprovalStatus = GatewayApprovalStatus::APPROVED;
 
+         $logoutURI = $gateway->gatewayURL;
+         if(!(AdminUtilities::endsWith($logoutURI,"/"))) {
+             $logoutURI = $logoutURI."/";
+         }
+         $redirectURI = $logoutURI."auth/callback*";
+         $gateway->redirectURLs = array($logoutURI,$redirectURI);
+         $gateway->scope = "openid profile email org.cilogon.userinfo" ;
+
         try {
+
             TenantProfileService::addGateway(Session::get('authz-token'), $gateway);
             return 1;
         }
@@ -74,8 +83,7 @@ public static function check_request( $inputs)
         try {
             TenantProfileService::addGateway(Session::get('authz-token'), $gateway);
             return 1;
-        }
-        catch (Exception $ex) {
+        } catch (Exception $ex) {
             return -1;
         }
     }
@@ -105,6 +113,21 @@ public static function request_gateway( $inputs)
         $gateway->gatewayPublicAbstract = $inputs["public-project-description"];
         $gateway->requesterUsername = Session::get('username');
 
+
+        $logoutURI = $gateway->gatewayURL;
+        if(!(AdminUtilities::endsWith($logoutURI,"/"))) {
+            $logoutURI = $logoutURI."/";
+        }
+        $redirectURI = $logoutURI."auth/callback*";
+        $gateway->redirectURLs = array($logoutURI,$redirectURI);
+        $gateway->scope = "openid profile email org.cilogon.userinfo" ;
+
+        $logoutURI = $gateway->gatewayURL;
+        $redirectURI = $logoutURI."auth/callback*";
+        $gateway->redirectURLs = array($logoutURI,$redirectURI);
+        $gateway->scope = "openid profile email org.cilogon.userinfo" ;
+
+
         return TenantProfileService::addGateway(Session::get('authz-token'), $gateway);
     }
 
@@ -129,9 +152,19 @@ public static function user_update_gateway( $gatewayId, $gatewayData){
         $gateway->gatewayURL = $gatewayData["gateway-url"];
         $gateway->reviewProposalDescription = $gatewayData["project-details"];
         $gateway->gatewayPublicAbstract = $gatewayData["public-project-description"];
+
+        $logoutURI = $gateway->gatewayURL;
+        if(!(AdminUtilities::endsWith($logoutURI,"/"))) {
+            $logoutURI = $logoutURI."/";
+        }
+        $redirectURI = $logoutURI."auth/callback*";
+        $gateway->redirectURLs = array($logoutURI,$redirectURI);
+        $gateway->scope = "openid profile email org.cilogon.userinfo" ;
+
+
         if( TenantProfileService::updateGateway( Session::get('authz-token'), $gateway) ){
             return 1;
-        }
+              }
         else{
             //Need to find a better way for this.
             // retun echo "Tenant Name is already in use";
@@ -166,6 +199,14 @@ public static function update_gateway( $gatewayId, $gatewayData){
                     return -1;
                 }
             }
+            $logoutURI = $gateway->gatewayURL;
+            if(!(AdminUtilities::endsWith($logoutURI,"/"))) {
+                $logoutURI = $logoutURI."/";
+            }
+            $redirectURI = $logoutURI."auth/callback*";
+            $gateway->redirectURLs = array($logoutURI,$redirectURI);
+            $gateway->scope = "openid profile email org.cilogon.userinfo" ;
+
             $gateway = IamAdminServices::setUpGateway( Session::get('authz-token'), $gateway);
             $gateway->gatewayApprovalStatus = GatewayApprovalStatus::CREATED;
         }
@@ -177,6 +218,7 @@ public static function update_gateway( $gatewayId, $gatewayData){
             $gateway->gatewayAdminEmail = $gatewayData["gatewayAdminEmail"];
             $gateway->identityServerUserName = $gatewayData["identityServerUserName"];
             if (!empty($gatewayData["gatewayAdminPassword"])) {
+
                 $token = AdminUtilities::create_pwd_token([
                     "username" => $gatewayData["identityServerUserName"],
                     "password" => $gatewayData["gatewayAdminPassword"],
@@ -187,6 +229,15 @@ public static function update_gateway( $gatewayId, $gatewayData){
             $gateway->reviewProposalDescription = $gatewayData["reviewProposalDescription"];
             $gateway->gatewayPublicAbstract = $gatewayData["gatewayPublicAbstract"];
             $gateway->gatewayApprovalStatus = GatewayApprovalStatus::APPROVED;
+
+            $logoutURI = $gateway->gatewayURL;
+            $logoutURI = $gateway->gatewayURL;
+            if(!(AdminUtilities::endsWith($logoutURI,"/"))) {
+                $logoutURI = $logoutURI."/";
+            }
+            $redirectURI = $logoutURI."auth/callback*";
+            $gateway->redirectURLs = array($logoutURI,$redirectURI);
+            $gateway->scope = "openid profile email org.cilogon.userinfo" ;
         }
         elseif( isset( $gatewayData["denyRequest"])){
             $gateway->gatewayApprovalStatus = GatewayApprovalStatus::DENIED;
@@ -209,6 +260,13 @@ public static function update_gateway( $gatewayId, $gatewayData){
             $gateway->reviewProposalDescription = $gatewayData["reviewProposalDescription"];
             $gateway->gatewayPublicAbstract = $gatewayData["gatewayPublicAbstract"];
             $gateway->gatewayApprovalStatus = GatewayApprovalStatus::APPROVED;
+            $logoutURI = $gateway->gatewayURL;
+            if(!(AdminUtilities::endsWith($logoutURI,"/"))) {
+                $logoutURI = $logoutURI."/";
+            }
+            $redirectURI = $logoutURI."auth/callback*";
+            $gateway->redirectURLs = array($logoutURI,$redirectURI);
+            $gateway->scope = "openid profile email org.cilogon.userinfo" ;
         }
         elseif( isset( $gatewayData["deployGateway"])){
             $gateway->gatewayApprovalStatus = GatewayApprovalStatus::DEPLOYED;
@@ -217,6 +275,7 @@ public static function update_gateway( $gatewayId, $gatewayData){
             $gateway->gatewayApprovalStatus = GatewayApprovalStatus::DEACTIVATED;
         }
 
+
         if( TenantProfileService::updateGateway( Session::get('authz-token'), $gateway) ){
             return 1;
         }
@@ -321,6 +380,7 @@ public static function create_pwd_token($inputs){
         $username = $inputs['username'];
         $password = $inputs['password'];
         $description = $inputs['description'];
+
         return $newToken = Airavata::registerPwdCredential( Session::get('authz-token'),
             $username, $password, $description);
 
@@ -402,4 +462,10 @@ public static function add_or_update_IDP($inputs)
 
         return true;
     }
+
+
+     public static  function endsWith($haystack, $needle) {
+        return substr_compare($haystack, $needle, -strlen($needle)) === 0;
+     }
+
 }

app/libraries/GrouperUtilities.php

@@ -19,12 +19,8 @@ public static function getAllGatewayUsers()
      */
     public static function shareResourceWithUsers($resourceId, $userPermissionMap)
     {
-        $newUserPermissionsMap = [];
-        foreach($userPermissionMap as $key=> $value){
-            $key = $key . "@" . Config::get('pga_config.airavata')['gateway-id'];
-            $newUserPermissionsMap[$key] = $value;
-        }
-        Airavata::shareResourceWithUsers(Session::get('authz-token'), $resourceId, $newUserPermissionsMap);
+
+        Airavata::shareResourceWithUsers(Session::get('authz-token'), $resourceId, $userPermissionMap);
     }
 
     /**
@@ -33,12 +29,8 @@ public static function shareResourceWithUsers($resourceId, $userPermissionMap)
      */
     public static function revokeSharingOfResourceFromUsers($resourceId, $userPermissionMap)
     {
-        $newUserPermissionsMap = [];
-        foreach($userPermissionMap as $key=> $value){
-            $key = $key . "@" . Config::get('pga_config.airavata')['gateway-id'];
-            $newUserPermissionsMap[$key] = $value;
-        }
-        Airavata::revokeSharingOfResourceFromUsers(Session::get('authz-token'), $resourceId, $newUserPermissionsMap);
+
+        Airavata::revokeSharingOfResourceFromUsers(Session::get('authz-token'), $resourceId, $userPermissionMap);
     }
 
     /**
@@ -65,7 +57,7 @@ public static function getAllAccessibleUsers($resourceId, $permissionType)
      * @param $group            Airavata/Model/Group/GrouoModel
      */
     public static function createGroup($group){
-        $group->ownerId = $group->ownerId . "@" . Config::get('pga_config.airavata')['gateway-id'];
+
         Airavata::createGroup(Session::get('authz-token'),$group);
     }
 
@@ -74,7 +66,7 @@ public static function createGroup($group){
      * @param $group            Airavata/Model/Group/GrouoModel
      */
     public static function updateGroup($group){
-        $group->ownerId = $group->ownerId . "@" . Config::get('pga_config.airavata')['gateway-id'];
+
         Airavata::updateGroup(Session::get('authz-token'),$group);
     }
 

app/libraries/Keycloak/API/BaseKeycloakAPIEndpoint.php

@@ -13,17 +13,25 @@ class BaseKeycloakAPIEndpoint {
     protected $admin_password;
     protected $verify_peer;
     protected $cafile_path;
+    protected  $client_id;
+    protected  $client_secret;
+    protected $openid_discovery_endpoint_url;
+    protected  $custos_credential_uri;
 
-    function __construct($base_endpoint_url, $admin_username, $admin_password, $verify_peer, $cafile_path) {
+    function __construct($openid_discovery_endpoint_url, $base_endpoint_url, $admin_username, $admin_password, $verify_peer, $cafile_path, $client_id, $client_secret, $custos_credential_uri) {
         $this->base_endpoint_url = $base_endpoint_url;
         $this->admin_username = $admin_username;
         $this->admin_password = $admin_password;
         $this->verify_peer = $verify_peer;
         $this->cafile_path = $cafile_path;
+        $this->client_id = $client_id;
+        $this->client_secret = $client_secret;
+        $this->openid_discovery_endpoint_url = $openid_discovery_endpoint_url;
+        $this->custos_credential_uri = $custos_credential_uri;
     }
 
-    protected function getAPIAccessToken($realm) {
+    protected function getAPIAccessToken() {
 
-        return KeycloakUtil::getAPIAccessToken($this->base_endpoint_url, $realm, $this->admin_username, $this->admin_password, $this->verify_peer, $this->cafile_path);
+        return KeycloakUtil::getAPIAccessToken($this->openid_discovery_endpoint_url, $this->custos_credential_uri, $this->admin_username, $this->admin_password, $this->verify_peer, $this->cafile_path, $this->client_id, $this->client_secret);
     }
 }