Switch first request to login-whoAmI.api (#50)

Author: labkey-adam

CHANGELOG.md

@@ -1,8 +1,16 @@
 # The LabKey Remote API Library for Java - Change Log
 
-## version 5.1.0-SNAPSHOT
+## version 5.2.0-SNAPSHOT
 *Released*: TBD
+
+## version 5.1.0
+*Released*: 3 March 2023
+* Delegate first request behavior to the configured `CredentialsProvider`. Connection-based providers invoke
+  `login-ensureLogin.api` and connection-less providers invoke `login-whoAmI.api`.
+* Restore connection-based authentication for `BasicCredentialsProvider`
+* Add logging to `NetrcFileParser` to help with debugging authentication problems
 * Optional parameters to `GetContainersCommand` to reduce the size of the response payload
+* Upgrade to most recent JSON-java, Gradle, and Gradle Plugins versions
 
 ## version 5.0.1
 *Released*: 30 January 2023

build.gradle

@@ -48,7 +48,7 @@ repositories {
 
 group "org.labkey.api"
 
-version "5.1.0-SNAPSHOT"
+version "5.2.0-SNAPSHOT"
 
 dependencies {
     api "org.json:json:${jsonObjectVersion}"

gradle.properties

@@ -7,7 +7,7 @@ artifactory_contextUrl=https://labkey.jfrog.io/artifactory
 sourceCompatibility=17
 targetCompatibility=17
 
-gradlePluginsVersion=1.39.1
+gradlePluginsVersion=1.40.1
 
 commonsCodecVersion=1.15
 commonsLoggingVersion=1.2
@@ -17,7 +17,7 @@ hamcrestVersion=1.3
 httpclient5Version=5.2.1
 httpcore5Version=5.2.1
 
-jsonObjectVersion=20220924
+jsonObjectVersion=20230227
 
 junitVersion=4.13.2
 

src/org/labkey/remoteapi/ApiKeyCredentialsProvider.java

@@ -16,8 +16,11 @@
 package org.labkey.remoteapi;
 
 import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.labkey.remoteapi.security.WhoAmICommand;
 
+import java.io.IOException;
 import java.net.URI;
 
 public class ApiKeyCredentialsProvider implements CredentialsProvider
@@ -29,9 +32,21 @@ public ApiKeyCredentialsProvider(String apiKey)
         _apiKey = apiKey;
     }
 
+    @Override
+    public void configureClientBuilder(URI baseURI, HttpClientBuilder builder)
+    {
+    }
+
     @Override
     public void configureRequest(URI baseURI, HttpUriRequest request, HttpClientContext httpClientContext)
     {
         request.setHeader("apikey", _apiKey);
     }
+
+    @Override
+    public void initializeConnection(Connection connection) throws IOException, CommandException
+    {
+        // No point in calling ensureLogin.api since the server doesn't "log in" the session when using an API key
+        new WhoAmICommand().execute(connection, "/home");
+    }
 }

src/org/labkey/remoteapi/BasicAuthCredentialsProvider.java

@@ -17,11 +17,16 @@
 
 import org.apache.hc.client5.http.auth.AuthScope;
 import org.apache.hc.client5.http.auth.Credentials;
+import org.apache.hc.client5.http.auth.StandardAuthScheme;
 import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
 import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
 import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
+import org.apache.hc.client5.http.impl.auth.BasicScheme;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.labkey.remoteapi.security.EnsureLoginCommand;
 
+import java.io.IOException;
 import java.net.URI;
 
 public class BasicAuthCredentialsProvider implements CredentialsProvider
@@ -36,12 +41,34 @@ public BasicAuthCredentialsProvider(String email, String password)
     }
 
     @Override
-    public void configureRequest(URI baseURI, HttpUriRequest request, HttpClientContext httpClientContext)
+    public void configureClientBuilder(URI baseURI, HttpClientBuilder builder)
     {
         BasicCredentialsProvider provider = new BasicCredentialsProvider();
         AuthScope scope = new AuthScope(baseURI.getHost(), baseURI.getPort());
         Credentials credentials = new UsernamePasswordCredentials(_email, _password.toCharArray());
         provider.setCredentials(scope, credentials);
-        httpClientContext.setCredentialsProvider(provider);
+        builder.setDefaultCredentialsProvider(provider);
+
+        // HttpClient doesn't provide a simple way to dictate connection-based Basic authentication, so jump through
+        // some hoops: set a custom AuthSchemeRegistry that returns a customized version of BasicScheme.
+        builder.setDefaultAuthSchemeRegistry(name -> !StandardAuthScheme.BASIC.equals(name) ? null : context -> new BasicScheme()
+        {
+            @Override
+            public boolean isConnectionBased()
+            {
+                return true;
+            }
+        });
+    }
+
+    @Override
+    public void configureRequest(URI baseURI, HttpUriRequest request, HttpClientContext httpClientContext)
+    {
+    }
+
+    @Override
+    public void initializeConnection(Connection connection) throws IOException, CommandException
+    {
+        new EnsureLoginCommand().execute(connection, "/home");
     }
 }

src/org/labkey/remoteapi/Connection.java

@@ -34,7 +34,6 @@
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.HttpRequest;
 import org.apache.hc.core5.ssl.SSLContextBuilder;
-import org.labkey.remoteapi.security.EnsureLoginCommand;
 import org.labkey.remoteapi.security.ImpersonateUserCommand;
 import org.labkey.remoteapi.security.LogoutCommand;
 import org.labkey.remoteapi.security.StopImpersonatingCommand;
@@ -225,7 +224,7 @@ public CloseableHttpClient getHttpClient()
     }
 
     /**
-     * Create the HttpClientBuilder based on this Connection's configuration options.
+     * Create the HttpClientBuilder based on this Connection's configuration options and the CredentialsProvider's wishes.
      * @return The builder for an HttpClient
      */
     private HttpClientBuilder clientBuilder()
@@ -242,6 +241,8 @@ private HttpClientBuilder clientBuilder()
         if (null != _userAgent)
             builder.setUserAgent(_userAgent);
 
+        _credentialsProvider.configureClientBuilder(getBaseURI(), builder);
+
         return builder;
     }
 
@@ -280,12 +281,11 @@ protected void beforeExecute(HttpRequest request)
     {
         if (_firstRequest)
         {
-            // Make an initial request to ensure login (especially important when invoking @RequiresNoPermission actions),
-            // get a JSESSIONID, and get a CSRF token
             try
             {
                 _firstRequest = false;
-                ensureAuthenticated();
+                // First request on this connection: delegate to CredentialsProvider for initialization appropriate to the provider
+                _credentialsProvider.initializeConnection(this);
             }
             catch (Exception ignored)
             {
@@ -297,7 +297,6 @@ protected void beforeExecute(HttpRequest request)
             request.setHeader(JSESSIONID, _sessionId);
     }
 
-
     protected void afterExecute()
     {
         // Always update our CSRF token as the session may be new since our last request
@@ -311,15 +310,9 @@ protected void afterExecute()
         }
     }
 
-    /**
-     * Ensures that the credentials have been used to authenticate the users and returns a client that can be used for other requests
-     *
-     * @throws IOException      if there is an IO problem executing the command to ensure login
-     * @throws CommandException if the server returned a non-success status code.
-     */
+    @Deprecated // Not used. Left for backwards compatibility with AccountsManager.updateSiteExpirationBanner(). TODO: Delete!
     public void ensureAuthenticated() throws IOException, CommandException
     {
-        new EnsureLoginCommand().execute(this, "/home");
     }
 
     /**

src/org/labkey/remoteapi/CredentialsProvider.java

@@ -17,11 +17,20 @@
 
 import org.apache.hc.client5.http.auth.AuthenticationException;
 import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
 
+import java.io.IOException;
 import java.net.URI;
 
 public interface CredentialsProvider
 {
+    void configureClientBuilder(URI baseURI, HttpClientBuilder builder);
     void configureRequest(URI baseURI, HttpUriRequest request, HttpClientContext httpClientContext) throws AuthenticationException;
+
+    /**
+     * Initialize the connection before its first request. If connection-based, authenticate the user. In all cases,
+     * retrieve the CSRF token and session ID to use with subsequent requests on this connection.
+     */
+    void initializeConnection(Connection connection) throws IOException, CommandException;
 }

src/org/labkey/remoteapi/GuestCredentialsProvider.java

@@ -16,8 +16,11 @@
 package org.labkey.remoteapi;
 
 import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.labkey.remoteapi.security.WhoAmICommand;
 
+import java.io.IOException;
 import java.net.URI;
 
 /**
@@ -26,10 +29,22 @@
  */
 public class GuestCredentialsProvider implements CredentialsProvider
 {
+    @Override
+    public void configureClientBuilder(URI baseURI, HttpClientBuilder builder)
+    {
+    }
+
     @Override
     public void configureRequest(URI baseURI, HttpUriRequest request, HttpClientContext httpClientContext)
     {
         httpClientContext.setCredentialsProvider(null);
         request.removeHeaders("Authenticate");
+        request.removeHeaders("Authorization");
+    }
+
+    @Override
+    public void initializeConnection(Connection connection) throws IOException, CommandException
+    {
+        new WhoAmICommand().execute(connection, "/home");
     }
 }

src/org/labkey/remoteapi/NetrcCredentialsProvider.java

@@ -17,6 +17,7 @@
 
 import org.apache.hc.client5.http.auth.AuthenticationException;
 import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
 
 import java.io.IOException;
@@ -58,9 +59,21 @@ public NetrcCredentialsProvider(String host) throws IOException
             _wrappedCredentialsProvider = new GuestCredentialsProvider();
     }
 
+    @Override
+    public void configureClientBuilder(URI baseURI, HttpClientBuilder builder)
+    {
+        _wrappedCredentialsProvider.configureClientBuilder(baseURI, builder);
+    }
+
     @Override
     public void configureRequest(URI baseURI, HttpUriRequest request, HttpClientContext httpClientContext) throws AuthenticationException
     {
         _wrappedCredentialsProvider.configureRequest(baseURI, request, httpClientContext);
     }
+
+    @Override
+    public void initializeConnection(Connection connection) throws IOException, CommandException
+    {
+        _wrappedCredentialsProvider.initializeConnection(connection);
+    }
 }