Updated client info API

Replaced user authorization requirement with super client authentication

Change-Id: I7201c2d321267cdaa04359654f431164b45cbd63
diff --git a/full/Changes b/full/Changes
index bd5d6c9..805109e 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,11 +1,23 @@
 # version 0.69.2
 
+2022-12-05
+- Upgrade version for E2E-simplified Docker images (diewald)
+2023-01-27
+- Updated client info API (replaced user authorization requirement with super 
+  client authentication)
+
+
 # version 0.69.1
 
+- Upgrade version for docker including indexer (diewald)
+
+
 # version 0.69
 
  - Migrated to Java 11 and Jersey 2
  - Updated dependencies
+ - Use LDAP authentication in Kustvakt-full oauth2 example config (kupietz)
+
 
 # version 0.68
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index 4fee392..ee7aa91 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -338,17 +338,17 @@
         return clientDao.retrieveClientById(clientId);
     }
 
-    public OAuth2ClientInfoDto retrieveClientInfo (String username,
-            String clientId) throws KustvaktException {
+    public OAuth2ClientInfoDto retrieveClientInfo (String clientId)
+            throws KustvaktException {
         OAuth2Client client = clientDao.retrieveClientById(clientId);
-        if (adminDao.isAdmin(username)
-                || username.equals(client.getRegisteredBy())) {
+//        if (adminDao.isAdmin(username)
+//                || username.equals(client.getRegisteredBy())) {
             return new OAuth2ClientInfoDto(client);
-        }
-        else {
-            throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
-                    "Unauthorized operation for user: " + username, username);
-        }
+//        }
+//        else {
+//            throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
+//                    "Unauthorized operation for user: " + username, username);
+//        }
     }
 
     public OAuth2Client retrieveClient (String clientId)
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index 7e4b75e..7ec4758 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -18,10 +18,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 
-import de.ids_mannheim.korap.web.utils.ResourceFilters;
-
 import de.ids_mannheim.korap.constant.OAuth2Scope;
-import de.ids_mannheim.korap.dto.InstalledPluginDto;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientDto;
 import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientInfoDto;
@@ -33,6 +30,7 @@
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+import de.ids_mannheim.korap.web.utils.ResourceFilters;
 
 /**
  * Defines controllers for OAuth2 clients, namely applications
@@ -165,18 +163,18 @@
     }
 
 
-    @GET
+    @POST
     @Path("{client_id}")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
     @Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
+    @ResourceFilters({ APIVersionFilter.class})
     public OAuth2ClientInfoDto retrieveClientInfo (
-            @Context SecurityContext securityContext,
-            @PathParam("client_id") String clientId) {
-        TokenContext context =
-                (TokenContext) securityContext.getUserPrincipal();
+            @PathParam("client_id") String clientId,
+            @FormParam("super_client_id") String superClientId,
+            @FormParam("super_client_secret") String superClientSecret) {
         try {
-            scopeService.verifyScope(context, OAuth2Scope.CLIENT_INFO);
-            return clientService.retrieveClientInfo(context.getUsername(),
-                    clientId);
+            clientService.verifySuperClient(superClientId, superClientSecret);
+            return clientService.retrieveClientInfo(clientId);
         }
         catch (KustvaktException e) {
             throw responseHandler.throwit(e);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index c12a921..6006b74 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
@@ -7,26 +7,24 @@
 import java.io.IOException;
 import java.net.URI;
 
+import javax.ws.rs.ProcessingException;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Form;
-import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 
 import org.apache.http.entity.ContentType;
 import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.message.types.GrantType;
+import org.glassfish.jersey.uri.UriComponent;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
-import javax.ws.rs.ProcessingException;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.client.WebTarget;
-
-import org.glassfish.jersey.uri.UriComponent;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
@@ -315,12 +313,18 @@
     protected JsonNode retrieveClientInfo (String clientId, String username)
             throws ProcessingException,
             KustvaktException {
+        Form form = new Form();
+        form.param("super_client_id", superClientId);
+        form.param("super_client_secret", clientSecret);
+        
         Response response = target().path(API_VERSION).path("oauth2")
                 .path("client").path(clientId)
                 .request()
-                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
-                        .createBasicAuthorizationHeaderValue(username, "pass"))
-                .get();
+//                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+//                        .createBasicAuthorizationHeaderValue(username, "pass"))
+                .header(HttpHeaders.CONTENT_TYPE,
+                        ContentType.APPLICATION_FORM_URLENCODED)
+                .post(Entity.form(form));
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());