Merge branch 'release/3.0.1'

AtlasOfLivingAustralia · Jul 29, 2022 · e9acd50 · e9acd50
2 parents 9a6b205 + 898a29f
commit e9acd50
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 34 deletions.
diff --git a/build.gradle b/build.gradle
@@ -17,7 +17,7 @@ plugins {
     id "com.gorylenko.gradle-git-properties" version "2.4.1" // TODO
 }
 
-version "3.0.0"
+version "3.0.1"
 group "au.org.ala"
 
 apply plugin:"eclipse"
@@ -162,7 +162,7 @@ dependencies {
         exclude module: 'bootstrap' // dependency from skin
     }
 
-    implementation('au.org.ala.plugins:openapi:1.0.0')
+    implementation('au.org.ala.plugins:openapi:1.1.0')
 
     testImplementation('com.squareup.retrofit2:retrofit-mock:2.9.0')
 }

diff --git a/grails-app/conf/application.yml b/grails-app/conf/application.yml
@@ -56,14 +56,14 @@ spring:
           - 'logback.groovy'
           - '*.properties'
 server:
-  use-forward-headers: true
+  forward-headers-strategy: native
   tomcat:
-    remote_ip_header: x-forwarded-for
-    port-header: x-forwarded-port
-    protocol_header: x-forwarded-proto
-    protocol-header-https-value: https
-    # Add IPv6 localhost to default list
-    # internal-proxies: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1|::1
+    remoteip:
+      protocol-header: x-forwarded-proto
+      port-header: x-forwarded-port
+      remote-ip-header: x-forwarded-for
+      protocol-header-https-value: https
+
 ---
 grails:
     mime:
@@ -136,7 +136,7 @@ security:
       allowUnsignedIdTokens: true # Disable once CAS no longer suggests the none algorithm
     jwt:
       enabled: true
-      fallbackToLegacyKeys: true # Reset to false once legacy api keys no longer supported
+      fallbackToLegacyBehaviour: true # Reset to false once legacy api keys no longer supported
     filterOrder: 0
 #    basic:
 #        enabled: true
@@ -269,8 +269,8 @@ openapi:
     security:
       oauth2:
         scopes:
-          users\read: Read or list any or all user records
-          users\write: Write to a user's record, eg update a user's attributes.
+          users/read: Read or list any or all user records
+          users/write: Write to a user's record, eg update a user's attributes.
 
 supportEmail: [email protected]
 homeUrl: https://www.ala.org.au

diff --git a/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy b/grails-app/controllers/au/org/ala/userdetails/PropertyController.groovy
@@ -50,7 +50,7 @@ class PropertyController extends BaseController {
             tags = "properties",
             summary = "Get Property",
             operationId = "getProperty",
-            description = "Get a property value for a user.  Required scopes: 'users\\read'.",
+            description = "Get a property value for a user.  Required scopes: 'users/read'.",
             parameters = [
                     @Parameter(
                             name = "alaId",
@@ -85,11 +85,11 @@ class PropertyController extends BaseController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Path("getProperty")
     @Produces("application/json")
-    @PreAuthorise(requiredScope = 'users\\read')
+    @PreAuthorise(requiredScope = 'users/read')
     def getProperty() {
         String name = params.name
         Long alaId = params.long('alaId')
@@ -116,7 +116,7 @@ class PropertyController extends BaseController {
             tags = "properties",
             summary = "Save a Property",
             operationId = "saveProperty",
-            description = "Saves a property value for a user.  Required scopes: 'users\\write'.",
+            description = "Saves a property value for a user.  Required scopes: 'users/write'.",
             parameters = [
                     @Parameter(
                             name = "alaId",
@@ -162,11 +162,11 @@ class PropertyController extends BaseController {
                             content = [@Content(mediaType = "text/plain")]
                     ),
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\write'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/write'])]
     )
     @Path("saveProperty")
     @Produces("application/json")
-    @PreAuthorise(requiredScope = 'users\\write')
+    @PreAuthorise(requiredScope = 'users/write')
     def saveProperty(){
         String name = params.name;
         String value = params.value;

diff --git a/grails-app/controllers/au/org/ala/userdetails/UserDetailsController.groovy b/grails-app/controllers/au/org/ala/userdetails/UserDetailsController.groovy
@@ -49,7 +49,7 @@ class UserDetailsController {
             tags = "users",
             summary = "Search users",
             operationId = "search",
-            description = "Search for users by username, email or display name.  Required scopes: 'users\\read'.",
+            description = "Search for users by username, email or display name.  Required scopes: 'users/read'.",
             parameters = [
                 @Parameter(
                         name = "q",
@@ -76,7 +76,7 @@ class UserDetailsController {
                         ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Path("search")
     @Produces("application/json")
@@ -104,7 +104,7 @@ class UserDetailsController {
             method = "GET",
             tags = "users",
             summary = "Get Users by Role",
-            description = "Get Users by Role.  Required scopes: 'users\\read'.",
+            description = "Get Users by Role.  Required scopes: 'users/read'.",
             parameters = [
                     @Parameter(
                             name = "role",
@@ -137,7 +137,7 @@ class UserDetailsController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Path("byRole")
     @Produces("application/json")
@@ -217,7 +217,7 @@ class UserDetailsController {
             method = "POST",
             tags = "users",
             summary = "Get User Details",
-            description = "Get User Details.  Required scopes: 'users\\read'.",
+            description = "Get User Details.  Required scopes: 'users/read'.",
             parameters = [
                     @Parameter(
                             name = "userName",
@@ -244,7 +244,7 @@ class UserDetailsController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Path('getUserDetails')
     @Produces('application/json')
@@ -284,7 +284,7 @@ class UserDetailsController {
             method = "POST",
             tags = "users",
             summary = "Get User List",
-            description = "Get a list of all users.  Required scopes: 'users\\read'.",
+            description = "Get a list of all users.  Required scopes: 'users/read'.",
             deprecated = true,
             responses = [
                     @ApiResponse(
@@ -298,7 +298,7 @@ class UserDetailsController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Deprecated
     @Path("getUserList")
@@ -313,7 +313,7 @@ class UserDetailsController {
             method = "POST",
             tags = "users",
             summary = "Get User List With Ids",
-            description = "Get a list of all users by their user id.  Required scopes: 'users\\read'.",
+            description = "Get a list of all users by their user id.  Required scopes: 'users/read'.",
             deprecated = true,
             responses = [
                     @ApiResponse(
@@ -327,7 +327,7 @@ class UserDetailsController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Deprecated
     @Path("getUserListWithIds")
@@ -342,7 +342,7 @@ class UserDetailsController {
             method = "POST",
             tags = "users",
             summary = "Get User List With Ids",
-            description = "Get a list of all users by their user id.  Required scopes: 'users\\read'.",
+            description = "Get a list of all users by their user id.  Required scopes: 'users/read'.",
             deprecated = true,
             responses = [
                     @ApiResponse(
@@ -356,7 +356,7 @@ class UserDetailsController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Deprecated
     @Path("getUserListFull")
@@ -373,7 +373,7 @@ class UserDetailsController {
             tags = "users",
             operationId = "getUserDetailsFromIdList",
             summary = "Get User Details by id list",
-            description = "Get a list of user details for a list of user ids.  Required scopes: 'users\\read'.",
+            description = "Get a list of user details for a list of user ids.  Required scopes: 'users/read'.",
             requestBody = @RequestBody(
                     description = "The list of user ids to request and whether to include extended properties",
                     required = true,
@@ -394,7 +394,7 @@ class UserDetailsController {
                             ]
                     )
             ],
-            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users\\read'])]
+            security = [@SecurityRequirement(name = 'openIdConnect', scopes = ['users/read'])]
     )
     @Path("getUserDetailsFromIdList")
     @Consumes("application/json")

diff --git a/grails-app/controllers/au/org/ala/userdetails/UserDetailsWebServicesInterceptor.groovy b/grails-app/controllers/au/org/ala/userdetails/UserDetailsWebServicesInterceptor.groovy
@@ -30,7 +30,7 @@ class UserDetailsWebServicesInterceptor {
     }
 
     boolean before() {
-        if (!authorisedSystemService.isAuthorisedRequest(request, response, null, 'users\\read')) {
+        if (!authorisedSystemService.isAuthorisedRequest(request, response, null, 'users/read')) {
             log.warn("Denying access to $actionName from remote addr: ${request.remoteAddr}, remote host: ${request.remoteHost}")
             response.sendError(HttpStatus.SC_UNAUTHORIZED)
 

diff --git a/src/main/groovy/au/org/ala/auth/PreAuthorise.groovy b/src/main/groovy/au/org/ala/auth/PreAuthorise.groovy
@@ -33,6 +33,6 @@ public @interface PreAuthorise {
     String requiredRole() default "ROLE_ADMIN"
     String redirectController() default "userdetails"
     String redirectAction() default "index"
-    String requiredScope() default "users\\read"
+    String requiredScope() default "users/read"
 }