Beispiel #1
0
    def __init__(self, host, oauth_client=None, headers=None):
        service = get_services()['document_service']
        if host in service:
            self.host = service[host]['url']
        else:
            self.host = host or service['prod']['url']
        L.debug('Using document_service url: %s', self.host)

        self._api = swagger.ApiClient('api_key', self.host)

        #save the oauth_client in case we need to refresh the token (not implemented yet)
        self.oauth_client = oauth_client
        self.headers = headers or {}

        sh.patch_swagger_callapi(self._api, self._get_headers)

        if self.oauth_client:
            self.headers['Authorization'] = self.oauth_client.get_auth_header()
        self.headers['User-Agent'] = 'py_document_service_client'

        #api accessors
        self._project = ProjectApi.ProjectApi(self._api)
        self._project.update = ProjectApi.ProjectApi.update_project
        self._folder = FolderApi.FolderApi(self._api)
        self._folder.update = FolderApi.FolderApi.update_folder
        self._file = FileApi.FileApi(self._api)
        self._file.update = FileApi.FileApi.update_file
        self._entity = EntityApi.EntityApi(self._api)
Beispiel #2
0
def copy_datafiles_to_collab_storage(request, job, local_dir, relative_paths):

    # upload local files to collab storage
    from bbp_client.oidc.client import BBPOIDCClient
    from bbp_client.document_service.client import Client as DocClient
    import bbp_services.client as bsc
    services = bsc.get_services()

    access_token = get_access_token(request.user.social_auth.get())
    oidc_client = BBPOIDCClient.bearer_auth(
        services['oidc_service']['prod']['url'], access_token)
    doc_client = DocClient(services['document_service']['prod']['url'],
                           oidc_client)

    project = doc_client.get_project_by_collab_id(job.collab_id)
    root = doc_client.get_path_by_id(project["_uuid"])
    collab_folder = root + "/job_{}".format(job.pk)
    folder_id = doc_client.mkdir(collab_folder)

    collab_paths = []
    for relative_path in relative_paths:
        collab_path = os.path.join(collab_folder, relative_path)
        if os.path.dirname(relative_path):  # if there are subdirectories...
            doc_client.makedirs(os.path.dirname(collab_path))
        local_path = os.path.join(local_dir, relative_path)
        id = doc_client.upload_file(local_path, collab_path)
        collab_paths.append(collab_path)
        content_type = mimetypes.guess_type(local_path)[0]
        if content_type:
            doc_client.set_standard_attr(collab_path,
                                         {'_contentType': content_type})

    return collab_paths
Beispiel #3
0
    def __init__(self, oauth_url=None, oidcconfig=None):
        '''this is generally not used, as the staticmethod's are better:

            bearer_auth(oauth_url, token)
            implicit_auth(user=None, password=None, oauth_url=None, use_cache=True)
            secret_auth(oauth_url, oidcconfig=None)
            file_auth(yaml_path, oauth_url=None)
        '''
        service = get_services()['oidc_service']
        if oauth_url in service:
            self.oauth_url = service[oauth_url]['url']
        else:
            self.oauth_url = oauth_url or service['prod']['url']
        L.debug('Using url: %s', self.oauth_url)

        self.oidcconfig = oidcconfig or DEFAULT_OIDC_CONFIG

        super(BBPOIDCClient, self).__init__(
            client_id=self.oidcconfig['client_id'],
            client_secret=self.oidcconfig.get('client_secret', None),
            user_agent=self.oidcconfig['user_agent'],
            scope=self.oidcconfig['scope'],
            auth_uri=self.oauth_url + 'authorize',
            token_uri=self.oauth_url + 'token',
            tokeninfo_uri=self.oauth_url + 'tokeninfo',
            userinfo_uri=self.oauth_url + 'userinfo'
        )

        self.redirect_uri = urljoin(self.oauth_url, 'resources/oauth_code.html')

        # bundle of X.509 certificates of public Certificate Authorities
        cacerts_path = joinp(os.path.dirname(__file__), 'cacert/cacert.pem')
        self.http = httplib2.Http(ca_certs=cacerts_path)

        self.credentials = None
Beispiel #4
0
    def __init__(self, host, oauth_client=None, headers=None):
        service = get_services()['document_service']
        if host in service:
            self.host = service[host]['url']
        else:
            self.host = host or service['prod']['url']
        L.debug('Using document_service url: %s', self.host)

        self._api = swagger.ApiClient('api_key', self.host)

        #save the oauth_client in case we need to refresh the token (not implemented yet)
        self.oauth_client = oauth_client
        self.headers = headers or {}

        sh.patch_swagger_callapi(self._api, self._get_headers)

        if self.oauth_client:
            self.headers['Authorization'] = self.oauth_client.get_auth_header()
        self.headers['User-Agent'] = 'py_document_service_client'

        #api accessors
        self._project = ProjectApi.ProjectApi(self._api)
        self._project.update = ProjectApi.ProjectApi.update_project
        self._folder = FolderApi.FolderApi(self._api)
        self._folder.update = FolderApi.FolderApi.update_folder
        self._file = FileApi.FileApi(self._api)
        self._file.update = FileApi.FileApi.update_file
        self._entity = EntityApi.EntityApi(self._api)
Beispiel #5
0
    def get_related_data(self, user):
        # assume for now that data is in collab
        from bbp_client.oidc.client import BBPOIDCClient
        from bbp_client.document_service.client import Client as DocClient
        import bbp_services.client as bsc
        services = bsc.get_services()

        access_token = get_access_token(user.social_auth.get())
        oidc_client = BBPOIDCClient.bearer_auth(
            services['oidc_service']['prod']['url'], access_token)
        doc_client = DocClient(services['document_service']['prod']['url'],
                               oidc_client)

        parse_result = urlparse(self.object.results_storage)
        if parse_result.scheme == "collab":
            collab_folder = parse_result.path
            #return doc_client.listdir(collab_folder)
            folder_uuid = doc_client.get_standard_attr(collab_folder)['_uuid']
            data = {
                "folder": {
                    "path": collab_folder,
                }
            }
            if self.object.project:
                data["folder"]["url"] = self.get_collab_storage_url(
                ) + "?state=uuid={}".format(folder_uuid)
            return data
        else:
            print("Storage not yet supported")
            return {}
Beispiel #6
0
 def context_url(self, context):
     '''return url to navitem by context'''
     url = joinp(self._host, 'collab/context/%s/' % context)
     resp = requests.get(url, headers=self._get_headers())
     resp.raise_for_status()
     return joinp(
         get_services()['collaboratory'][self.environment]['url'],
         '#/collab/%s/nav/%s' %
         (resp.json()['collab']['id'], resp.json()['id']))
Beispiel #7
0
 def new(cls, environment='prod', user=None, password=None, token=None):
     '''create new collab service client'''
     services = get_services()
     oauth_url = services['oidc_service'][environment]['url']
     service_url = services['stream_service'][environment]['url']
     if token:
         oauth_client = BBPOIDCClient.bearer_auth(oauth_url, token)
     else:
         oauth_client = BBPOIDCClient.implicit_auth(user, password, oauth_url)
     return cls(service_url, oauth_client, environment)
Beispiel #8
0
 def new(cls, environment='prod', user=None, password=None, token=None):
     '''create new documentservice client'''
     services = get_services()
     oauth_url = services['oidc_service'][environment]['url']
     ds_url = services['document_service'][environment]['url']
     if token:
         oauth_client = BBPOIDCClient.bearer_auth(oauth_url, token)
     else:
         oauth_client = BBPOIDCClient.implicit_auth(user, password, oauth_url)
     return cls(ds_url, oauth_client)
Beispiel #9
0
def create_doc_client(access_token):

    services = bsc.get_services()

    # get clients from bbp python packages
    oidc_client = BBPOIDCClient.bearer_auth(
        services['oidc_service']['prod']['url'], access_token)
    bearer_client = BBPOIDCClient.bearer_auth('prod', access_token)
    doc_client = DocClient(services['document_service']['prod']['url'],
                           oidc_client)

    return doc_client
Beispiel #10
0
 def get_collab_name(self):
     import bbp_services.client as bsc
     services = bsc.get_services()
     headers = {
         'Authorization':
         get_auth_header(self.request.user.social_auth.get())
     }
     url = services['collab_service']['prod']['url'] + "collab/{}/".format(
         self.object.project)
     response = requests.get(url, headers=headers)
     collab_name = response.json()["title"]
     return collab_name
Beispiel #11
0
 def __init__(self, host, oidc, environment='prod'):
     '''
     Args:
        host: host to connnect to, ie: http://localhost:8888
        oauth_client: instance of the bbp_client.oidc.client
     '''
     services = get_services()
     if services['collab_service'].get(host):
         self._host = services['collab_service'][environment]['url']
     else:
         self._host = host
     self._oidc = oidc
     self.environment = environment
Beispiel #12
0
def main(args=None):
    '''Main function'''
    args = args or sys.argv[1:]
    args = get_parser().parse_args(args)

    if hasattr(args, 'ex_yaml') and args.ex_yaml:
        print EXAMPLE_YAML
        return

    L.debug('Environment: %s Username: %s', args.env, args.user)

    logging.basicConfig(level=VERBOSITY_LEVELS[min(args.verbose,
                                                   len(VERBOSITY_LEVELS) - 1)],
                        format=DEFAULT_LOG_FORMAT)

    if args.subcommand == 'path':
        if os.path.isfile(args.src):
            if args.type is not None or args.ignore_type:
                all_info = [
                    collect_single_file(args.src, args.dst, args.type,
                                        args.upload)
                ]
            else:
                raise SystemExit(
                    _get_missing_contenttype_msg(args.src, args.type))
        else:
            all_info = collect_from_local_fs(args.src, args.dst, args.upload)

    else:
        assert args.subcommand == 'yaml'
        if not args.src:
            raise SystemExit('Must supply at least one yaml file to import')
        all_info = collect_from_registry(args.src)

    oidc_client = BBPOIDCClient.implicit_auth(user=args.user,
                                              password=args.password,
                                              oauth_url=args.env)
    ds_server = args.server or args.env
    ds_client = DSClient(ds_server, oidc_client)

    services = get_services()
    hbp_portal_url = services['hbp_portal'][args.env]['url']

    new_imports, _ = do_import(ds_client, all_info, args.fail_hard)

    if not args.return_imports:
        for i in new_imports:
            print 'Link:', viewer_url(hbp_portal_url, i.dst)
        print 'imported', len(new_imports), 'items'
    else:
        return new_imports
Beispiel #13
0
    def __init__(self, host, oidc, collab_id, environment='prod'):
        '''simple wrapper around the collab concept:
        gives it auth, which server and what collab_id

        Args:
           host: host to connnect to, ie: http://localhost:8888
           oauth_client: instance of the bbp_client.oidc.client
        '''
        services = get_services()
        if services['collab_service'].get(host):
            self._host = services['collab_service'][environment]['url']
        else:
            self._host = host
        self._oidc = oidc
        self.collab_id = int(collab_id)
        self.environment = environment
Beispiel #14
0
def authenticate_oidc():
    """ Authentication to OIDC Service
    """
    # TODO: decorator authentication
    global user
    user = raw_input("Username of Gaspar's account ")
    services = get_services()
    env = get_environments()
    oauth_url = services['oidc_service'][env[0]]['url']
    # print oauth_url
    # TODO: try ... catch exception
    BBPOIDCClient.implicit_auth(user, oauth_url=oauth_url)
    # root token can get expired, need to login again with Gaspar-pass

    # create Client-instance
    cl = Client.new()
    return cl
Beispiel #15
0
def main(args=None):
    '''Main function'''
    args = args or sys.argv[1:]
    args = get_parser().parse_args(args)

    if hasattr(args, 'ex_yaml') and args.ex_yaml:
        print EXAMPLE_YAML
        return

    L.debug('Environment: %s Username: %s', args.env, args.user)

    logging.basicConfig(level=VERBOSITY_LEVELS[min(args.verbose, len(VERBOSITY_LEVELS) - 1)],
                        format=DEFAULT_LOG_FORMAT)

    if args.subcommand == 'path':
        if os.path.isfile(args.src):
            if args.type is not None or args.ignore_type:
                all_info = [collect_single_file(args.src, args.dst, args.type, args.upload)]
            else:
                raise SystemExit(_get_missing_contenttype_msg(args.src, args.type))
        else:
            all_info = collect_from_local_fs(args.src, args.dst, args.upload)

    else:
        assert args.subcommand == 'yaml'
        if not args.src:
            raise SystemExit('Must supply at least one yaml file to import')
        all_info = collect_from_registry(args.src)

    oidc_client = BBPOIDCClient.implicit_auth(user=args.user, password=args.password,
                                              oauth_url=args.env)
    ds_server = args.server or args.env
    ds_client = DSClient(ds_server, oidc_client)

    services = get_services()
    hbp_portal_url = services['hbp_portal'][args.env]['url']

    new_imports, _ = do_import(ds_client, all_info, args.fail_hard)

    if not args.return_imports:
        for i in new_imports:
            print 'Link:', viewer_url(hbp_portal_url, i.dst)
        print 'imported', len(new_imports), 'items'
    else:
        return new_imports
Beispiel #16
0
def upload_zip_file_to_storage(request):

    access_token = get_access_token(request.user.social_auth.get())
    # retrieve data from request.session
    headers = request.session['headers']
    collab_id = request.session['collab_id']
    st_rel_user_results_folder = request.session['st_rel_user_results_folder']
    st_rel_user_uploaded_folder = request.session[
        'st_rel_user_uploaded_folder']
    crr_user_folder = request.session['time_info']
    output_path = request.session['result_file_zip']
    context = request.session['context']
    services = bsc.get_services()

    # get clients from bbp python packages
    oidc_client = BBPOIDCClient.bearer_auth(\
            services['oidc_service']['prod']['url'], access_token)
    bearer_client = BBPOIDCClient.bearer_auth('prod', access_token)
    doc_client = DocClient(\
            services['document_service']['prod']['url'], oidc_client)

    context = request.session['context']
    #logout(request)
    nextUrl = urllib.quote('%s?ctx=%s' % (request.path, context))

    # extract project from collab_id
    project = doc_client.get_project_by_collab_id(collab_id)

    # extract collab storage root path
    storage_root = doc_client.get_path_by_id(project["_uuid"])
    crr_collab_storage_folder = os.path.join(storage_root, \
            st_rel_user_results_folder)
    if not doc_client.exists(crr_collab_storage_folder):
        doc_client.makedirs(crr_collab_storage_folder)

    # final zip collab storage path
    zip_collab_storage_path = os.path.join(crr_collab_storage_folder, \
            crr_user_folder + '_results.zip')

    # bypassing uploading data to collab storage
    if not doc_client.exists(zip_collab_storage_path):
        doc_client.upload_file(output_path, zip_collab_storage_path)

    # render to html page
    return HttpResponse("")
Beispiel #17
0
 def get_collab_storage_url(self):
     import bbp_services.client as bsc
     services = bsc.get_services()
     headers = {
         'Authorization':
         get_auth_header(self.request.user.social_auth.get())
     }
     url = services['collab_service']['prod'][
         'url'] + "collab/{}/nav/all/".format(self.object.project)
     response = requests.get(url, headers=headers)
     if response.ok:
         nav_items = response.json()
         for item in nav_items:
             if item["app_id"] == "31":  # Storage app
                 return "https://collab.humanbrainproject.eu/#/collab/{}/nav/{}".format(
                     self.object.project, item["id"])
     else:
         return ""
Beispiel #18
0
 def __init__(self, host, oauth_client=None, headers=None):
     '''
     Args:
        host: host to connnect to, ie: http://localhost:8888 (can be dev or prod as well)
        oauth_client: instance of the bbp_client.oidc.client
        headers: HTTP headers passed to server
     '''
     services = get_services()
     if services['idm_service'].get(host):
         self.base_url = services['idm_service'][host]['url']
     else:
         self.base_url = host
     self.oauth_client = oauth_client
     self.session = requests.Session()
     self.session.headers.update(
         {'Authorization': self.oauth_client.get_auth_header()})
     if headers:
         self.session.headers.update(headers)
Beispiel #19
0
    def new(cls, environment='prod', user=None, password=None):
        '''create a new cross-service client'''
        services = get_services()

        oauth_client = BBPOIDCClient().implicit_auth(
            user=user, password=password, oauth_url=services['oidc_service'][environment]['url'])

        return cls(
            task_client=TaskClient(
                host=services['task_service'][environment]['url'],
                oauth_client=oauth_client),
            prov_client=ProvClient(
                host=services['prov_service'][environment]['url'],
                oauth_client=oauth_client),
            document_client=DocumentClient(
                host=services['document_service'][environment]['url'],
                oauth_client=oauth_client),
            mimetype_client=MIMETypeClient(
                host=services['mimetype_service'][environment]['url']))
Beispiel #20
0
    def new(cls, environment='prod', user=None, password=None):
        '''create a new cross-service client'''
        services = get_services()

        oauth_client = BBPOIDCClient().implicit_auth(
            user=user,
            password=password,
            oauth_url=services['oidc_service'][environment]['url'])

        return cls(task_client=TaskClient(
            host=services['task_service'][environment]['url'],
            oauth_client=oauth_client),
                   prov_client=ProvClient(
                       host=services['prov_service'][environment]['url'],
                       oauth_client=oauth_client),
                   document_client=DocumentClient(
                       host=services['document_service'][environment]['url'],
                       oauth_client=oauth_client),
                   mimetype_client=MIMETypeClient(
                       host=services['mimetype_service'][environment]['url']))
Beispiel #21
0
    def __init__(self, oauth_url=None, oidcconfig=None):
        '''this is generally not used, as the staticmethod's are better:

            bearer_auth(oauth_url, token)
            implicit_auth(user=None, password=None, oauth_url=None, use_cache=True)
            secret_auth(oauth_url, oidcconfig=None)
            file_auth(yaml_path, oauth_url=None)
        '''
        service = get_services()['oidc_service']
        if oauth_url in service:
            self.oauth_url = service[oauth_url]['url']
        else:
            self.oauth_url = oauth_url or service['prod']['url']
        L.debug('Using url: %s', self.oauth_url)

        self.oidcconfig = oidcconfig or DEFAULT_OIDC_CONFIG

        super(BBPOIDCClient,
              self).__init__(client_id=self.oidcconfig['client_id'],
                             client_secret=self.oidcconfig.get(
                                 'client_secret', None),
                             user_agent=self.oidcconfig['user_agent'],
                             scope=self.oidcconfig['scope'],
                             auth_uri=self.oauth_url + 'authorize',
                             token_uri=self.oauth_url + 'token',
                             tokeninfo_uri=self.oauth_url + 'tokeninfo',
                             userinfo_uri=self.oauth_url + 'userinfo')

        self.redirect_uri = urljoin(self.oauth_url,
                                    'resources/oauth_code.html')

        # bundle of X.509 certificates of public Certificate Authorities
        cacerts_path = joinp(os.path.dirname(__file__), 'cacert/cacert.pem')
        self.http = httplib2.Http(ca_certs=cacerts_path)

        self.credentials = None
Beispiel #22
0
class HbpAuth(BaseOAuth2):
    '''HBP OpenID Connect authentication backend'''

    name = 'hbp'

    oidc_service = get_services()['oidc_service'][s.ENV]
    oidc_url = oidc_service['url']
    oidc_api_url = oidc_service['api_url']

    AUTHORIZATION_URL = oidc_url + 'authorize'

    ACCESS_TOKEN_URL = oidc_url + 'token'
    ACCESS_TOKEN_METHOD = 'POST'

    REVOKE_TOKEN_URL = oidc_url + 'revoke'
    REVOKE_TOKEN_METHOD = 'GET'

    USER_DATA_URL = oidc_api_url + '/user/me'

    REDIRECT_STATE = False

    EXTRA_DATA = [
        ('refresh_token', 'refresh_token', True),
        ('expires_in', 'expires'),
        ('token_type', 'token_type', True),
    ]

    def get_key_and_secret(self):
        """Return tuple with Consumer Key and Consumer Secret for current
        service provider. Must return (key, secret), order *must* be respected.
        """
        return s.SOCIAL_AUTH_HBP_KEY, s.SOCIAL_AUTH_HBP_SECRET

    def uses_redirect(self):
        '''Return True if this provider uses redirect url method,
        otherwise return false. We return false so auth_html can
        return our custom script to logout if necessary'''
        return False

    def auth_html(self):
        '''Return login HTML content'''
        return '''
            <html><body><script>
                var oReq = new XMLHttpRequest();
                oReq.onload = function() {
                    if (this.status !== 200 && window.parent && window !== window.top) {
                        window.parent.postMessage({eventName: "oidc.logout",
                                                   data: { clientId: "%s"}},
                                                   "*");
                    } else {
                        window.location.href = "%s"
                    };
                };
                oReq.open("get", "%ssession", true);
                oReq.withCredentials = true;
                oReq.send();
            </script></body></html>''' % (s.SOCIAL_AUTH_HBP_KEY,
                                          self.auth_url(), self.oidc_url)

    def revoke_token_params(self, token, uid):
        return {'token': token}

    def revoke_token_headers(self, token, uid):
        return {'Content-type': 'application/json'}

    def get_user_details(self, response):
        '''Return user details from HBP account'''
        email = next(obj['value'] for obj in response.get('emails')
                     if obj['primary'])

        data = {
            'username': response.get('username'),
            'email': email or '',
            'first_name': response.get('familyName'),
            'last_name': response.get('givenName'),
        }
        # only set those if there is a positive match to allow resetting
        # existing values
        if data['username'] in s.SUPER_USER_NAMES:
            data['is_superuser'] = True
        if data['username'] in s.STAFF_USER_NAMES:
            data['is_staff'] = True
        return data

    def user_data(self, access_token, *args, **kwargs):
        '''Return user data from HBP API'''
        return self.get_json(
            self.USER_DATA_URL,
            headers={'Authorization': 'Bearer %s' % access_token})