Add support for JWT authentication

[alxp]

Issue #25

Related PR: https://github.com/mjordan/islandora_bagger_integration/pull/29

This PR replaces all uses of HTTP basic authentication, which was not working in some cases, with the following flow:

Either

• A token is passed in on the command-line, added by the Drupal module when in local mode, or
• The Generate Bag command makes a POST request to /user/login with the credentials in settings, and, thanks to the "Get JWT On Login" module, gets a token in the login response. Then all subsequent HTTP requests pass the JWT in the headers.

To test:

Run composer install to grab required updates.

Check out the related PR branch for islandora_drupal_integration. Drush updatedb will print an error until https://drupal.org/project/getjwtonlogin is installed and enabled.

Existing workflows should be unchanged. No new settings are needed.

However you can now generate bags from unpublished content as long as the user in the settings file has all the needed permissions.

[mjordan]

Thanks @alxp I'll test. How does one generate a token to pass on the command line?

[alxp]

If running directly from the command line you should not need a token, since it will do a login via POST with the credentials in the config settings.

For testing you can supply the token with the --token= command line parameter.

If Get JWT On Login is enabled, you will receive a JWT in the response to this curl command:

$ curl --header "Content-type: application/json" --request POST --data '{"name":"baggerbot", "pass":"xxx"}' http://localhost:8000/user/login?_format=json
{"current_user":{"uid":"91","name":"baggerbot"},"csrf_token":"xxx","logout_token":"xxx","access_token":"xxx"}

Where "access_token" contains the JWT.

[mjordan]

This all appears to work when Islandora Bagger is executed via the CLI, but when executed via the "Create Bag" button in the block, I'm not seeing the generated Bag. Let me troubleshoot that a bit.

[alxp]

If islandora_bagger_integration:29 is checked out it should add the JWT as the last parameter when it invokes the CLI, which should show up in the log.

[mjordan]

I'm in issue-25, can you confirm that's the correct branch (I don't see an issue-29)?

[alxp]

Just want to make sure you also have islandora_bagger_integration PR checked out at the same time https://github.com/mjordan/islandora_bagger_integration/pull/29

[mjordan]

In islandora_bagger_integration, the branch I'm in is jwt-auth. Is that the correct branch?

[mjordan]

My fault - I hadn't run composer install in the issue-25 branch of Islandora Bagger to test in "local" mode on a fresh Playbook (20.04.2/PHP 7.4.2). When I run `composer install, I'm getting the following error at the end of the install command's run:

Executing script cache:clear [KO]
 [KO]
Script cache:clear returned with error code 255
!!  PHP Fatal error:  Declaration of ContainerXrRl9ia\srcApp_KernelDevDebugContainer::getParameter(string $name) must be compatible with Symfony\Component\DependencyInjection\Container::getParameter($name) in /home/vagrant/islandora_bagger/var/cache/dev/ContainerXrRl9ia/srcApp_KernelDevDebugContainer.php on line 564
!!  
!!  In srcApp_KernelDevDebugContainer.php line 564:
!!                                                                                 
!!    Compile Error: Declaration of ContainerXrRl9ia\srcApp_KernelDevDebugContain  
!!    er::getParameter(string $name) must be compatible with Symfony\Component\De  
!!    pendencyInjection\Container::getParameter($name)                             
!!                                                                                 
!!  
!!  
Script @auto-scripts was called via post-install-cmd

On my bare metal laptop (Ubuntu 20.04.3//PHP 7.4.3), when I run composer install, everything works as expected. No error.

[alxp]

I updated the composer dependencies and pushed, not sure if that would have an effect or not.

I just ran ./console cache:clear and get the following:

vagrant@islandora8:~/islandora_bagger/bin$ ./console cache:clear

 // Clearing the cache for the dev environment with debug                       
 // true                                                                        

 [OK] Cache for the "dev" environment (debug=true) was successfully cleared.    

vagrant@islandora8:~/islandora_bagger/bin$ 

[mjordan]

Thanks I'll make some time to retest this evening.

[mjordan]

After your most recent commits, I can't replicate that error. Thanks! Still smoke testing though.

[alxp]

Just tested generating a bag from Drupal, I have it set up to run in local mode, which passes the JWT as the final command-line option. Are you running in that mode or using the agent? I don't think any changes in this PR would affect the agent mode since it should have the credentials in the config file like usual.

[mjordan]

I won't have access to my test instance until tonight but I'll take a look then.

[mjordan]

I'm obviously missing something. Both Islandora Bagger and the integration module are up to date (roblib/issue-25:5b8ee71422df7887109bd9c7c0b2733180fdd8c3 with successful composer install and roblib/jwt-auth:4445d4144386ac0261c8cbe1964286269ec68aed respectively). Creating a Bag from the GUI results in a positive log entry:

[2022-02-08T08:54:10.641497-06:00] app.INFO: Bag created. {"node URL":"http://localhost:8000/node/2","node UUID":"d96caa43-8cb9-4edb-bbd0-f6c3669d40ce","Bag location":"/tmp","Bag name":"2"} []

But there is no Bag in /tmp. I'm running in local mode, and all paths in the config check out. Generating Bags from the CLI works as expected.

I'm going to add some debugging to see what's going on.