Merging in U of Chicago changes Spring 2024 #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* fix: reinstate tests * tmp: skip broken CohortCharacterizationServiceTest tests This allows the other tests to be reinstated while these two can then be fixed separately. * tmp: skip broken PermissionTest tests This allows the other tests to be reinstated while these two can then be fixed separately. * tmp: skip broken StudyInfoTest ...this one seems to only work depending on the order of execution... it lacks the setup() method where a pre-filled db is guaranteed, like for example in CohortCharacterizationServiceTest * fix: mark abstract class as abstract
feat: add CTDS CI build and push Co-authored-by: Andrew Prokhorenkov <[email protected]>
- feat: introduce custom configuration option Update pom.xml with a better default authorization url - feat: improve logging of jwt - fix: add "Atlas users" as default system role - feat: add more log statements for PermissionManager - feat: ensure /user/me endpoint also triggers the UPDATE_TOKEN filter - feat: ensure the teamproject is stored per user ...and allow reading current teamproject from cache in case of a request to /user/refresh endpoint - feat: main logic in new filter class TeamProjectBasedAuthorizingFilter - fix: ensure reset of roles always happens - feat: remove unnecessary method from PermissionManager - fix: use lower() in SQL query itself for finding login - fix: take login from shiro-parsed principal instead of DB ... to avoid the issue where the login is all lowercase in db - feat: move the defaultRoles definition into AtlasSecurity - fix: move authorizationMode check to PostConstruct ...to avoid NullPointerException as attributes are not yet wired when in constructor - fix: remove session.stop() call from UpdateAccessTokenFilter ...and therefore from the flow of endpoints like /user/refresh. Not sure why this was added there, as the /user/logout should be the place to remove a session. This solves a org.apache.shiro.subject.support.DisabledSessionException. If the worry is that logout won`t be called, then the expiry time should just be set to a short period. The adjustment in JwtAuthRealm.java was to deal with the side effect that occurred after the removal of the .stop in the UpdateAccessTokenFilter filter: java.lang.ClassCastException: io.buji.pac4j.subject.Pac4jPrincipal cannot be cast to java.lang.String - fix: do not create a new session when requesting current session
downgrade pac4j
…_permission Update src/main/resources/db/migration/postgresql/V2.15.0.20240515220400_atlas_global_share_permission.sql
i.e. also add the "Source user (omop)" role to the list of defaultRoles for each user. TODO - replace with final solution from https://ctds-planx.atlassian.net/browse/VADC-1086
* fix: pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-IONETTY-2812456 - https://snyk.io/vuln/SNYK-JAVA-IONETTY-5725787 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-6241853 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945453 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5426161 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5902998 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-5958847 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTYHTTP2-5958845 - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTYHTTP2-5958918 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-570203 - https://snyk.io/vuln/SNYK-JAVA-ORGXERIALSNAPPY-5710959 - https://snyk.io/vuln/SNYK-JAVA-ORGXERIALSNAPPY-5710960 - https://snyk.io/vuln/SNYK-JAVA-ORGXERIALSNAPPY-5710961 * some reverts --------- Co-authored-by: snyk-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These changes are important for bringing in global artifacts sharing