add bearer token with no api token signed url functionality

Author: stevenwinship

src/main/java/edu/harvard/iq/dataverse/api/Access.java

@@ -8,6 +8,7 @@
 
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
+import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
@@ -487,8 +488,15 @@ private Response returnSignedUrl(ContainerRequestContext crc, UriInfo uriInfo, U
         if (user != null && user instanceof AuthenticatedUser) {
             AuthenticatedUser requestor = (AuthenticatedUser) user;
             userIdentifier = requestor.getUserIdentifier();
+            // Find the latest token: Use for signing
+            // Could be null if no token was generated: Generate one to be used for signing (expire in 1 minute to match timeout in signedUrl)
+            // Could be expired: The user was already authenticated (possible by bearer token). Only used for signing so we don't care
             ApiToken apiToken = authSvc.findApiTokenByUser(requestor);
-            if (apiToken != null && !apiToken.isExpired() && !apiToken.isDisabled()) {
+            if (apiToken == null) {
+                logger.fine("Generating temporary API token for user " + userIdentifier);
+                apiToken = authSvc.generateApiTokenForUser(requestor, AuthenticationServiceBean.INTERVAL.MINUTES, 1);
+            }
+            if (apiToken != null) {
                 key = apiToken.getTokenString();
             }
         } else {