Merge branch 'develop' into Cache_redundant_util_calls

Author: qqmyers

doc/release-notes/11606-hide-spa-oidc-providers-from-jsf-login-screen.md

@@ -0,0 +1,7 @@
+This release fixes a bug where the value of the dataverse.auth.oidc.enabled setting, available when Provisioning an authentication provider via JVM options (see ref: https://guides.dataverse.org/en/latest/installation/oidc.html#provision-via-jvm-options) was not being not being propagated to the current Dataverse user interface (where enabled=false providers are not displayed for login/registration) or represented in the GET api/admin/authenticationProviders API call.
+
+A new JVM setting ('dataverse.auth.oidc.hidden-jsf') was added to hide an enabled OIDC Provider from the JSF UI. 
+
+For Dataverse instances deploying both the current JSF UI and the new SPA UI, this fix allows the OIDC Keycloak provider configured for the SPA to be hidden in the JSF UI (useful in cases where it would duplicate other configured providers).
+
+Note: The API to create a new Auth Provider can only be used to create a provider for both JSF and SPA. Use JVM / MicroProfile config setting to create SPA only providers.

doc/release-notes/12082-permission-indexing-improvements.md

@@ -0,0 +1,6 @@
+Changes in v6.9 that significantly improved re-indexing performance and lowered memory use in situations
+such as when a user's role on the root collection were changed, also slowed reindexing of individual
+datasets ater editing and publication.
+
+This release restores/improves the individual dataset reindexing performance while retaining the
+benefits of the earlier update. 

doc/sphinx-guides/source/api/native-api.rst

@@ -7654,6 +7654,8 @@ Add new authentication provider. The POST data is in JSON format, similar to the
 
   POST http://$SERVER/api/admin/authenticationProviders
 
+.. note:: This endpoint will create providers for both JSF and SPA. Use :ref:`jvm-options` / *MicroProfile Config* if you need to create SPA only providers.
+
 Show Authentication Provider
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

doc/sphinx-guides/source/installation/oidc.rst

@@ -151,6 +151,10 @@ The following options are available:
     - Enable or disable provisioning the provider via MicroProfile.
     - N
     - ``false``
+  * - ``dataverse.auth.oidc.hidden-jsf``
+    - Show or Hide the provider from the JSF UI via MicroProfile.
+    - N
+    - ``false``
   * - ``dataverse.auth.oidc.client-id``
     - The client-id of the application to identify it at your provider.
     - Y
@@ -187,4 +191,4 @@ The following options are available:
     - Tune the maximum age, in seconds, of all OIDC providers' verifier cache entries. Default is 5 minutes, equivalent to lifetime
       of many OIDC access tokens.
     - N
-    - 300
+    - 300

docker-compose-dev.yml

@@ -22,6 +22,7 @@ services:
       DATAVERSE_MAIL_SYSTEM_EMAIL: "dataverse@localhost"
       DATAVERSE_MAIL_MTA_HOST: "smtp"
       DATAVERSE_AUTH_OIDC_ENABLED: "1"
+      DATAVERSE_AUTH_OIDC_HIDDEN_JSF: "1"
       DATAVERSE_AUTH_OIDC_CLIENT_ID: test
       DATAVERSE_AUTH_OIDC_CLIENT_SECRET: 94XHrfNRwXsjqTqApRrwWmhDLDHpIYV8
       DATAVERSE_AUTH_OIDC_AUTH_SERVER_URL: http://keycloak.mydomain.com:8090/realms/test

src/main/java/edu/harvard/iq/dataverse/DatasetVersionDifference.java

@@ -224,7 +224,13 @@ private void getTermsDifferences() {
             logger.warning("New version does not have TermsOfUseAndAccess");
             newTerms = new TermsOfUseAndAccess();
         }
-        
+
+        //get license name or bundle val for none to test for differences
+        String originalLicenseName = originalTerms.getLicense() != null ? originalTerms.getLicense().getName() : BundleUtil.getStringFromBundle("license.none.chosen");
+        String newLicenseName = newTerms.getLicense() != null ? newTerms.getLicense().getName() : BundleUtil.getStringFromBundle("license.none.chosen");
+
+        checkAndAddToChangeList(originalLicenseName, newLicenseName,
+                BundleUtil.getStringFromBundle("file.dataFilesTab.terms.list.license"));        
         checkAndAddToChangeList(originalTerms.getTermsOfUse(), newTerms.getTermsOfUse(),
                 BundleUtil.getStringFromBundle("file.dataFilesTab.terms.list.termsOfUse.header"));
         checkAndAddToChangeList(originalTerms.getConfidentialityDeclaration(), newTerms.getConfidentialityDeclaration(),

src/main/java/edu/harvard/iq/dataverse/LoginPage.java

@@ -143,7 +143,7 @@ public List<AuthenticationProviderDisplayInfo> listAuthenticationProviders() {
         Collections.sort(idps, Comparator.comparing(AuthenticationProvider::getOrder).thenComparing(AuthenticationProvider::getId));
 
         for (AuthenticationProvider idp : idps) {
-            if (idp != null) {
+            if (idp != null && !idp.isHidden()) {
                 infos.add(idp.getInfo());
             }
         }

src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationProvider.java

@@ -18,7 +18,7 @@
  *                "authenticationProvider.name." + "ship" ->
  *            (c)  Bundle.properties entry: "authenticationProvider.name.shib=Shibboleth"
  *          
- * {@code AuthenticationPrvider}s are normally registered at startup in {@link AuthenticationServiceBean#startup()}.
+ * {@code AuthenticationProvider}s are normally registered at startup in {@link AuthenticationServiceBean#startup()}.
  * 
  * @author michael
  */
@@ -33,9 +33,13 @@ public interface AuthenticationProvider {
     default boolean isUserInfoUpdateAllowed() { return false; };
     default boolean isUserDeletionAllowed() { return false; };
     default boolean isOAuthProvider() { return false; };
-    
-    
-    
+    default boolean isEnabled() {
+        return true;
+    };
+    default boolean isHidden() {
+        return false;
+    };
+
     /**
      * Some providers (e.g organizational ones) provide verified email addresses.
      * @return {@code true} if we can treat email addresses coming from this provider as verified, {@code false} otherwise.

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/AbstractOAuth2AuthenticationProvider.java

@@ -93,6 +93,8 @@ public String toString() {
     protected String clientSecret;
     protected String baseUserEndpoint;
     protected String redirectUrl;
+    protected boolean enabled = true;
+    protected boolean hidden = false; // Special flag to hide this provider in JSF UI
 
     /**
      * List of scopes to be requested for authorization at identity provider.
@@ -272,6 +274,21 @@ public String getSubTitle() {
 
     public String getSpacedScope() { return String.join(" ", getScope()); }
 
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setHidden(boolean hidden) {
+        this.hidden = hidden;
+    }
+    public boolean isHidden() {
+        return hidden;
+    }
+
     @Override
     public int hashCode() {
         int hash = 7;

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/oidc/OIDCAuthenticationProviderFactory.java

@@ -49,6 +49,7 @@ public AuthenticationProvider buildProvider( AuthenticationProviderRow aRow ) th
         oidc.setId(aRow.getId());
         oidc.setTitle(aRow.getTitle());
         oidc.setSubTitle(aRow.getSubtitle());
+        oidc.setEnabled(aRow.isEnabled());
 
         return oidc;
     }
@@ -70,6 +71,8 @@ public static AuthenticationProvider buildFromSettings() throws AuthorizationSet
         oidc.setId("oidc-mpconfig");
         oidc.setTitle(JvmSettings.OIDC_TITLE.lookupOptional().orElse("OpenID Connect"));
         oidc.setSubTitle(JvmSettings.OIDC_SUBTITLE.lookupOptional().orElse("OpenID Connect"));
+        oidc.setEnabled(JvmSettings.OIDC_ENABLED.lookupOptional(Boolean.class).orElse(true));
+        oidc.setHidden(JvmSettings.OIDC_HIDDEN_JSF.lookupOptional(Boolean.class).orElse(false));
 
         return oidc;
     }