Enable auth and bearer token validation.

[Ayush5120]

• proTES needs to be deployed with Auth enabled, such that a valid access token is required. It is also a pre-requisite for adding access control.
• Currently, api.specs.disable_auth is set to True. To make it true it should be set to False.
• All requests without a valid Bearer token in the Authentication header should lead to a 401 response for all requests.

Issue: Even after setting the api.specs.disable_auth to False, It does not reflect any changes.

[uniqueg]

The problem is that there are no securitySchemes defined in the (pro)TES specification, neither are they applied globally or to individual operations (see steps 1 and 2 here: https://swagger.io/docs/specification/authentication/)

Now, ideally we should be able to add these through the app config via FOCA. So, e.g., by specifying the following API configuration, we should get what we need:

api:
  specs:
    - path:
        - api/9e9c5aa.task_execution_service.openapi.yaml
        - api/additional_logs.yaml
      add_operation_fields:
        x-openapi-router-controller: ga4gh.tes.server
        security:
          - bearerAuth: []
      add_security_fields:
        bearerAuth:
          type: http
          scheme: bearer
          bearerFormat: JWT
          x-bearerInfoFunc: foca.security.auth.validate_token

However, we can currently only add fields to existing operations and security definitions. Therefore, add the security properties to each operation works well with the above example, but adding securitySchemes when there isn't already one defined, does not work with the current implementation in FOCA (link to code):

        if not spec.disable_auth and spec.add_security_fields is not None:
            for key, val in spec.add_security_fields.items():
                # OpenAPI 2
                sec_defs = spec_parsed.get('securityDefinitions', {})
                for sec_def in sec_defs.values():
                    sec_def[key] = val
                # OpenAPI 3
                sec_schemes = spec_parsed.get(
                    'components', {'securitySchemes': {}}
                ).get('securitySchemes', {})  # type: ignore
                for sec_scheme in sec_schemes.values():
                    sec_scheme[key] = val
            logger.debug(f"Added security fields: {spec.add_security_fields}")

Therefore, without changing the implementation in FOCA, we need to add an additional, partial OpenAPI file, e.g., api/security_schemes.yaml, with the following content:

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

And then use the following FOCA API configuration:

api:
  specs:
    - path:
        - api/9e9c5aa.task_execution_service.openapi.yaml
        - api/additional_logs.yaml
        - api/security_schemes.yaml
      add_operation_fields:
        x-openapi-router-controller: ga4gh.tes.server
        security:
          - bearerAuth: []
      add_security_fields:
        x-bearerInfoFunc: foca.security.auth.validate_token

I suggest that we commit the api/security_schemes.yaml file and configuration changes to version control. I will raise a PR.

[uniqueg]

Closed by #163