Merge pull request #347 from GOCDB/release-5.9.0

Release 5.9.0 to master

.travis/mysql_bootstrap_doctrine.php → .github/actions/mysql_bootstrap_doctrine.php

@@ -13,11 +13,11 @@
 $config = Setup::createAnnotationMetadataConfiguration(array(__DIR__."/../../lib/Doctrine/entities"), $isDevMode);
 
 $conn = array(
-	'driver' => 'pdo_mysql',
-	'user' => 'travis',
-	'password' => '',
-	'host' => 'localhost',
-	'dbname' => 'doctrine',
+    'driver' => 'pdo_mysql',
+    'user' => 'user',
+    'password' => 'password',
+    'host' => '172.18.0.1',
+    'dbname' => 'doctrine',
     'charset' => 'UTF8'
 );
 

.travis/mysql_bootstrap_pdo.php → .github/actions/mysql_bootstrap_pdo.php

@@ -15,6 +15,6 @@
  * @return PHPUnit_Extensions_Database_DB_IDatabaseConnection
  */
 function getConnectionToTestDB() {
-    $pdo = new PDO('mysql:host=localhost;dbname=doctrine;charset=UTF8', 'travis', '');
+    $pdo = new PDO('mysql:host=172.18.0.1;dbname=doctrine;charset=UTF8', 'user', 'password');
     return new PHPUnit_Extensions_Database_DB_DefaultDatabaseConnection($pdo);
 }

.travis/run_tests.sh → .github/actions/run_tests.sh

@@ -1,14 +1,12 @@
 #!/bin/bash
 
-if [[ $TRAVIS ]]; then
-    cd "$TRAVIS_BUILD_DIR" || exit 2
-
+if [[ $GITHUB_ACTIONS ]]; then
     # Check modified PHP files with PHP's internal syntax checker
     git diff --name-only --diff-filter=ACMRTUXB HEAD^ | grep '\.php$' | xargs -r -n 1 php -l || exit 1
 
     # Run test suite
     vendor/bin/phpunit --coverage-clover=coverage.xml tests/DoctrineTestSuite1.php
 else
-    echo 'ABORTED: NOT RUNNING ON TRAVIS'
+    echo 'ABORTED: NOT RUNNING ON GITHUB ACTIONS'
     exit 2
 fi

.github/actions/setup.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+doctrine="$PWD/vendor/bin/doctrine"
+
+if [[ -n "$DB" ]]; then
+    echo "Configuring unit tests for a $DB database"
+    cp .github/actions/${DB}_bootstrap_doctrine.php tests/doctrine/bootstrap_doctrine.php
+    cp .github/actions/${DB}_bootstrap_pdo.php tests/doctrine/bootstrap_pdo.php
+    cd tests/doctrine
+    $doctrine orm:schema-tool:create
+    if [[ "$DB" = "mysql" ]]; then
+        mysql --host '172.18.0.1' -u root -e 'set global max_connections = 200;'
+    fi
+else
+    echo 'Cannot setup unit tests, $DB is not defined.'
+    exit 1
+fi

.travis/sqlite_bootstrap_pdo.php → .github/actions/sqlite_bootstrap_pdo.php

@@ -15,9 +15,9 @@
  * @return PHPUnit_Extensions_Database_DB_IDatabaseConnection
  */
 function getConnectionToTestDB() {
-     $sqliteFile = '/tmp/gocdb.sqlite';
-     $pdo = new PDO("sqlite:" . $sqliteFile);
-     return new PHPUnit_Extensions_Database_DB_DefaultDatabaseConnection($pdo, 'sqlite');
+    $sqliteFile = '/tmp/gocdb.sqlite';
+    $pdo = new PDO("sqlite:" . $sqliteFile);
+    return new PHPUnit_Extensions_Database_DB_DefaultDatabaseConnection($pdo, 'sqlite');
 }
 
 ?>

.github/workflows/continuous-integration.yml

@@ -0,0 +1,144 @@
+name: "Continuous Integration"
+
+on: [push, pull_request]
+
+jobs:
+
+  phpunit-sqlite:
+    # The SQLite version depends on the current environment. See documentation:
+    # https://github.com/actions/virtual-environments/tree/main/images/linux
+    name: "PHPUnit with SQLite, PHP: ${{ matrix.php-version }}"
+    runs-on: ubuntu-latest
+    # If true, allow this job to fail:
+    continue-on-error: true
+    strategy:
+      matrix:
+        # Define jobs for all combinations of values given to be tested:
+        php-version: ["5.6"]
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+        with:
+          fetch-depth: 2
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          php-version: "${{ matrix.php-version }}"
+          coverage: "xdebug"
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Cache Composer packages
+        id: composer-cache
+        uses: actions/cache@v2
+        with:
+          path: vendor
+          key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-php-
+
+      - name: Install dependencies
+        run: composer install --no-progress
+
+      - name: Set up unit testing
+        run: .github/actions/setup.sh
+        env:
+          DB: sqlite
+
+      - name: Run unit tests
+        run: .github/actions/run_tests.sh
+
+      - name: "Upload to Codecov"
+        uses: "codecov/codecov-action@v1"
+
+
+  phpunit-mariadb:
+    name: "PHPUnit with MariaDB: ${{ matrix.mariadb-version }}, PHP: ${{ matrix.php-version }}, extension: ${{ matrix.extension }}"
+    runs-on: ubuntu-latest
+    # If true, allow the job to fail:
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      # If true, stop jobs if a required job fails:
+      fail-fast: false
+      matrix:
+        # Define jobs for all combinations of php, mariadb and extension, up to "include"
+        # Tests will be performed for each combination
+        # These can fail if "experimental" is true. Currently all must pass
+        php-version: ["5.4", "5.5", "5.6", "7.0", "7.1"]
+        mariadb-version: ["10.3"]
+        extension: ["pdo_mysql"]
+        experimental: [false]
+        include:
+          # Define jobs for individual combinations to be tested
+          # These can fail if "experimental" is true. Currently all can fail
+          - php-version: "7.2"
+            mariadb-version: "10.3"
+            extension: "pdo_mysql"
+            experimental: true
+          - php-version: "7.3"
+            mariadb-version: "10.3"
+            extension: "pdo_mysql"
+            experimental: true
+          - php-version: "7.4"
+            mariadb-version: "10.3"
+            extension: "pdo_mysql"
+            experimental: true
+          - php-version: "8.0"
+            mariadb-version: "10.3"
+            extension: "pdo_mysql"
+            experimental: true
+
+    services:
+      mariadb:
+        image: "mariadb:${{ matrix.mariadb-version }}"
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: "doctrine"
+          MYSQL_USER: "user"
+          MYSQL_PASSWORD: "password"
+
+        options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
+        ports:
+          - "3306:3306"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v2"
+        with:
+          fetch-depth: 2
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          php-version: "${{ matrix.php-version }}"
+          coverage: "xdebug"
+          extensions: "${{ matrix.extension }}"
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Cache Composer packages
+        id: composer-cache
+        uses: actions/cache@v2
+        with:
+          path: vendor
+          key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-php-
+
+      - name: Install dependencies
+        run: composer install --no-progress
+
+      - name: Set up unit testing
+        run: .github/actions/setup.sh
+        env:
+          DB: mysql
+
+      - name: Run unit tests
+        run: .github/actions/run_tests.sh
+
+      - name: "Upload to Codecov"
+        uses: "codecov/codecov-action@v1"

config/gocdb_schema.xml

@@ -245,11 +245,6 @@
 	    <length>255</length>
 	    <regex>/^[a-zA-Z\s\-']*$/</regex>
 	</field>
-	<field>
-	    <fname>CERTIFICATE_DN</fname>
-	    <length>255</length>
-	    <!--<regex>/^(\/[a-zA-Z]+=[a-zA-Z0-9\-\_\s\.@,'\/\)\(]+)+$/</regex>-->
-	</field>
 	<field>
 	    <fname>WORKINGHOURS_START</fname>
 	</field>
@@ -482,6 +477,26 @@
 	</field>
     </entity>
     <!-- ==========================================================  -->
+    <entity>
+	<name>useridentifier</name>
+	<field>
+	    <!-- Identifier key name-->
+	    <fname>NAME</fname>
+	    <length>255</length>
+        <!-- Allows whitespace in the key, but not trailing or leading -->
+        <regex>/^[a-zA-Z0-9@_\-\[\]\+\.]+(\s*[a-zA-Z0-9@_\-\[\]\+\.]+)*$/</regex>
+	</field>
+	<field>
+	    <!-- Identifier key value -->
+	    <fname>VALUE</fname>
+	    <length>255</length>
+	    <!-- negation regex - allow all chars except negated -->
+        <!--Allows most characters, including whitespace. However, no trailing or leading whitespace permitted -->
+        <!-- <regex>/^[^`'\"&lt;&gt;\s]+(\s*[^`'\"&lt;&gt;\s]+)*$/</regex> -->
+        <regex>/^[^`'\"&lt;&gt;\s]+(\s*[^`'\"&lt;&gt;\s]+)*$/</regex>
+	</field>
+    </entity>
+    <!-- ==========================================================  -->
     <entity>
 	<name>serviceproperty</name>
 	<field>
@@ -589,7 +604,7 @@
         <field>
             <fname>TYPE</fname>
             <length>255</length>
-            <regex>/^X509$/</regex>
+            <regex>/^(X509|OIDC Subject)$/</regex>
         </field>
     </entity>
 </schema>

config/local_info.xml

@@ -131,7 +131,6 @@
       <ServiceGroups>show</ServiceGroups>
       <AddSite>show</AddSite>
       <Scopes>show</Scopes>
-      <AdminScopes>show</AdminScopes>
     </menus>
 
     <!-- css
@@ -173,6 +172,12 @@
         <endpoint>endpoint</endpoint>
       </Service>
     </name_mapping>
+
+    <!-- If set to true, output individual tags for CERTDN, EGICHECKIN and IRISIAM in API
+    If set to false, output single ID string in CERTDN tag, with preference defined by
+    order of tokens in MyConfig1 if user has multiple identifiers -->
+    <API_all_auth_realms>false</API_all_auth_realms>
+
   </local_info>
 
   <!--

config/web_portal/menu.xml

@@ -45,7 +45,7 @@
     <Scopes>
       <show_on_instance>all</show_on_instance>
       <name>Scopes</name>
-      <link>index.php?Page_Type=Scope_Help</link>
+      <link>index.php?Page_Type=Scopes</link>
     </Scopes>
 
     <RoleActionMappings>
@@ -149,12 +149,6 @@
       <link>index.php?Page_Type=Admin_Move_Site</link>
     </MoveSite>
 
-    <AdminScopes>
-	  <show_on_instance>admin</show_on_instance>
-      <name>Scopes</name>
-      <link>index.php?Page_Type=Admin_Scopes</link>
-    </AdminScopes>
-
     <ServiceTypes>
 	  <show_on_instance>admin</show_on_instance>
       <name>Service Types</name>

htdocs/PI/index.php

@@ -369,8 +369,8 @@ function getXml() {
 
     function authAnyCert() {
         if (empty($this->dn))
-            die("<No valid certificate found. A trusted certificate is " .
-                    "required to access this resource. Try accessing the " .
+            die("<No valid credentials provided. A suitable credential is " .
+                    "required to access this resource. Try accessing this " .
                     "resource through the private interface.");
     }
 

htdocs/PI/write/utils.php

@@ -51,9 +51,10 @@ function returnJsonWriteAPIResult ($httpResponseCode, $object) {
  */
 function getAuthenticationInfo () {
   require_once __DIR__ . '/../../web_portal/components/Get_User_Principle.php';
-  #Only x509 authentication is currently supported. If in the future we support
-  #API keys then I suggest we only look for a x509 DN if an API key isn't presented
-  $identifierType = 'X509';
+  #Check if associated cert/token is set to define identifier type
+  if(isset($_SERVER['SSL_CLIENT_CERT'])){$identifierType = 'X509';}
+  if(isset($_SERVER['OIDC_access_token'])){$identifierType = 'OIDC Subject';}
+
   #This will return null if no cert is presented
   $identifier = Get_User_Principle_PI();