Add support for deposit to the DSpace REST API

[markpatton]

A new deposit option is added which uses the DSpace REST API.

Also:

• Cleaned up DSpace configuration properties
• Small fix to the duplicate JSONObject warnings when running tests.

DSpace deposit takes three calls and tries to handle resumption after an error in the last two calls.

Operational changes:

• Can now use repository key DSpace to use the new direct deposit
• Will need to set additional DSPACE_ variables. See documentation pr below.
• The metadata set is slightly different. Need to review on stage.

Required prs:

• Fix publication date handling in metadata pass-core#104
• Handle publication date being required pass-acceptance-testing#28
• Switch DSpace deposit to use its REST API pass-docker#387
• Fix publication date parsing of doi metadata  pass-ui#1297

Related prs:

• Update for DSpace env variables pass-documentation#39

Test by building the pass-core, pass-ui, and pass-support prs. Then using the pass-docker pr, start up PASS with dspace support. Finally attempt to do some deposits and verify that they work. You should notice that publication date is now required.

Notes on interacting directly with the DSpace REST API:

Generate a CSRF token. Note that this endpoint returns 404.

CSRF_TOKEN=`curl -I http://localhost:9000/server/api/security/csrf -w '%header{DSPACE-XSRF-TOKEN}' -o /dev/null`

Login and get the auth token

AUTH_TOKEN=`curl -v -X POST http://localhost:9000/server/api/authn/# --data "user=xxx&password=yyy" -H "X-XSRF-TOKEN: $CSRF_TOKEN" -b "DSPACE-XSRF-COOKIE=$CSRF_TOKEN" -w '%header{Authorization}'`

Create a workspace item

export COLLECTION=8d80c978-5cf3-46bb-a5ea-dd8425f1af2f

curl -v -X POST "http://localhost:9000/server/api/submission/workspaceitems?owningCollection=$COLLECTION" --form 'file=@/home/msp/Downloads/test.pdf' --form 'file=@/home/msp/Downloads/test2.pdf' -H "Authorization: $AUTH_TOKEN" -H "X-XSRF-TOKEN: $CSRF_TOKEN" -b "DSPACE-XSRF-COOKIE=$CSRF_TOKEN"

export WSI_ID=49

See workspace items

curl -v "http://localhost:9000/server/api/submission/workspaceitems/" -H "Authorization: Bearer $AUTH_TOKEN"

Set required metadata

curl -v -X PATCH "http://localhost:9000/server/api/submission/workspaceitems/$WSI_ID" -H 'Content-Type: application/json' --data-binary "@/home/msp/work/pass/pass-support/md.patch" -H "Authorization: $AUTH_TOKEN" -H "X-XSRF-TOKEN: $CSRF_TOKEN" -b "DSPACE-XSRF-COOKIE=$CSRF_TOKEN"

Create a workflow item for workspace item

 curl -v -X POST http://localhost:9000/server/api/workflow/workflowitems -H "Content-Type:text/uri-list" --data "http://localhost:9000/server/api/submission/workspaceitems/$WSI_ID" -H "Authorization: $AUTH_TOKEN" -H "X-XSRF-TOKEN: $CSRF_TOKEN" -b "DSPACE-XSRF-COOKIE=$CSRF_TOKEN"

Example of patch

[
    {
        "op": "add",
        "path": "/sections/teste/dc.title",
        "value": [
            {
                "authority": null,
                "confidence": -1,
                "display": "AROLDO TEST WITH REST",
                "language": null,
                "otherInformation": null,
                "place": 0,
                "value": "AROLDO TEST WITH REST"
            }
        ]
    },
{
        "op": "add",
        "path": "/sections/license/granted",
        "value": "true"
    }
]





[
    {
        "op": "add",
        "path": "/sections/teste/dc.title",
        "value": [
            {
                "authority": null,
                "confidence": -1,
                "display": "AROLDO TEST WITH REST",
                "language": null,
                "otherInformation": null,
                "place": 0,
                "value": "AROLDO TEST WITH REST"
            }
        ]
    },
{
        "op": "add",
        "path": "/sections/license/granted",
        "value": "true"
    }
]

[rpoet-jh]

Nice job, Mark! Just a few comments, but in general it looks good. I still need to test and review the other PRs, but this is a first pass at the review for this main PR.

[rpoet-jh]

Do the method deletions in this class affect the sword deposit for dspace? I know we are going to deprecate the sword deposit eventually, but should these changes be done at that time?

[markpatton]

These were unused methods. It wasn't really meaningful to delete them. But I did it during another cleanup.

[rpoet-jh]

What about the retry case? Is it possible deposit.getDepositStatusRef() has a value, then after retry it needs to be updated?

[rpoet-jh]

Probably want to use repositoryConnectivityService .verifyConnectByURL(dspaceApiUrl ).

[markpatton]

I'm not sure if that url would work. I think it would give a 404.

[markpatton]

I sort of see this as making sure the host is running and can be connected to on a port. The problem is that dspaceApiUrl is not a valid service call. It's the base for other service calls. This is what I was writing and then I did some testing. It turns out that, completely undocumented, that it is in fact a service endpoint and returns links to the other service endpoints. There is actually an health endpoint that could be used, but just the api service endpoint seems fine.

[rpoet-jh]

the api service endpoint seems fine -> yes, better to use this to cover cases where response code is > 500, like 502 Bad Gateway when the server is unreachable but there is a proxy in front of it.

[markpatton]

Done.

[rpoet-jh]

Do you know what the spring RestClient does with a post body like this, will it stream the contents of the Resources to the server? I ask for concern of memory for large files that risk of OOM exceptions?

[markpatton]

I believe it will stream, but I will poke around.

[markpatton]

The body is composed of resources and the default is to stream, not buffer. I tested with some larger files and I think it is ok.

[rpoet-jh]

Style comment: this method a bit long. The logic in this method could be split up into maybe three methods like createWorkspace, updateMetadata, and createWorkflow. These methods can then be called from this one.

[rpoet-jh]

Should change to LOG.warn so it shows up in default deployed logging level.

[markpatton]

This seems a bit odd to be at level warn instead of info. As in this isn't a warning. This is normal operation.

[rpoet-jh]

Should change to LOG.warn so it shows up in default deployed logging level.

[sonarqubecloud]

Quality Gate passed

Issues
25 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.1% Duplication on New Code

See analysis details on SonarQube Cloud