def __init__(self,
dbGaP,
DB,
project_mapping,
storage_credentials=None,
db_session=None,
sync_from_dir=None):
'''
Syncs ACL files from dbGap to auth database and storage backends
Args:
dbGaP: a dict containing creds to access dbgap sftp
DB: database connection string
project_mapping: a dict containing how dbgap ids map to projects
storage_credentials: a dict containing creds for storage backends
sync_from_dir: path to an alternative dir to sync from instead of
dbGaP
'''
self.sync_from_dir = sync_from_dir
if sync_from_dir is None:
self.sftp = dbGaP['sftp']
self.dbgap_key = dbGaP['decrypt_key']
self.session = db_session
self.driver = SQLAlchemyDriver(DB)
self._projects = dict()
self.project_mapping = project_mapping
self.logger = get_logger('dbgap_syncer')
if storage_credentials:
self.storage_manager = StorageManager(storage_credentials,
logger=self.logger)
def __init__(
self,
dbGaP,
DB,
project_mapping,
storage_credentials=None,
db_session=None,
is_sync_from_dbgap_server=False,
sync_from_local_csv_dir=None,
sync_from_local_yaml_file=None,
arborist=None,
):
"""
Syncs ACL files from dbGap to auth database and storage backends
Args:
dbGaP: a dict containing creds to access dbgap sftp
DB: database connection string
project_mapping: a dict containing how dbgap ids map to projects
storage_credentials: a dict containing creds for storage backends
sync_from_dir: path to an alternative dir to sync from instead of
dbGaP
arborist:
base URL for arborist service if the syncer should also create
resources in arborist
"""
self.sync_from_local_csv_dir = sync_from_local_csv_dir
self.sync_from_local_yaml_file = sync_from_local_yaml_file
self.is_sync_from_dbgap_server = is_sync_from_dbgap_server
if is_sync_from_dbgap_server:
self.server = dbGaP["info"]
self.protocol = dbGaP["protocol"]
self.dbgap_key = dbGaP["decrypt_key"]
self.parse_consent_code = dbGaP.get("parse_consent_code", True)
self.session = db_session
self.driver = SQLAlchemyDriver(DB)
self.project_mapping = project_mapping or {}
self._projects = dict()
self.logger = get_logger("user_syncer")
self.arborist_client = None
if arborist:
self.arborist_client = ArboristClient(arborist_base_url=arborist,
logger=self.logger)
if storage_credentials:
self.storage_manager = StorageManager(storage_credentials,
logger=self.logger)
#!/usr/bin/env python2
from docopt import docopt, DocoptExit
from cdispyutils.log import get_logger
from scheduler.utils import create_user
from scheduler.models.driver import SQLAlchemyDriver
from scheduler.settings import DB
logger = get_logger('scheduler-user')
doc = """Usage: scheduler-user.py create USERNAME PASSWORD"""
if __name__ == "__main__":
try:
arguments = docopt(doc)
db = SQLAlchemyDriver(DB)
if arguments['create']:
create_user(db, arguments['USERNAME'], arguments['PASSWORD'])
print 'User {} created'.format(arguments['USERNAME'])
except DocoptExit as e:
print "Invalid arguments"
print e.message
import flask
import psqlgraph
from sheepdog import dictionary
from sheepdog.errors import (
InternalError,
NotFoundError,
UnsupportedError,
UserError,
)
from sheepdog.globals import (
DELIMITERS,
SUPPORTED_FORMATS,
)
log = get_logger(__name__)
TEMPLATE_NAME = 'submission_templates.tar.gz'
def parse_ids(ids):
"""
Parse a list of ids from `ids` of unknown type.
Args:
ids: valid types are string, unicode, and list of strings
Return:
list: ids from `ids` of unknown type
Raises:
class OAuth2Client(object):
"""
OAuth2 client that can be used by CDIS internal microservices.
"""
logger = get_logger("OAuth2Client")
def __init__(
self,
client_id,
client_secret,
redirect_uri,
oauth_provider=_PDC,
internal_oauth_provider=None,
scope="user",
):
"""
According to the Flask-OAuthlib docs, the Client should have (at least)
the following properties:
`client_id`
A random string.
`client_secret`
A random string.
`client_type`
A string representing if 'it is confidential' (quote from the docs)
`redirect_uris`
A list of redirect uris.
`default_redirect_uri`
One of the redirect uris to default to.
`default_scopes`
The default scopes of the client.
An example using SQLAlchemy can be found here:
https://flask-oauthlib.readthedocs.io/en/latest/oauth2.html
"""
self.client_id = client_id
self.client_secret = client_secret
self.oauth_provider = oauth_provider
self.internal_oauth = internal_oauth_provider or oauth_provider
self.redirect_uri = redirect_uri
self.scope = scope
@property
def authorization_url(self):
"""Return the URL at which the authorization can be obtained."""
tail = urllib.parse.urlencode({
"client_id": self.client_id,
"redirect_uri": self.redirect_uri,
"response_type": "code",
"scope": self.scope,
})
return urllib.parse.urljoin(self.oauth_provider,
"authorize") + "?" + tail
def _post_to_internal_oauth(self, data):
"""
Post data to the URL at ``self.internal_oauth``.
This is used for retrieving or refreshing the OAuth credentials (see
``get_token`` and ``refresh_token``, which also have examples for what
``data`` should look like).
"""
try:
url = urllib.parse.urljoin(self.internal_oauth, "token")
return requests.post(url, data=data).json()
except requests.RequestException as e:
msg = "request failed to reach oauth provider: " + str(e.message)
self.logger.exception(msg)
return {"error": msg}
except Exception as e: # pylint: disable=broad-except
msg = "unexpected error trying to reach oauth provider: " + str(
e.message)
self.logger.exception(msg)
return {"error": msg}
def get_token(self, code):
"""
Retrieve the oauth credentials.
An example of the credentials returned:
{
u'access_token': u'9ydWQi1SqGU82hAGf8M0JoNJbXhxQ1',
u'expires_in': 3600, u'refresh_token':
u'Ll6PfksjrCSJHtkEQV41mRRbR4tUxU', u'scope': u'user',
u'token_type': u'Bearer'
}
:param code: usually flask.request.args.get('code')
:type code: str
:return: dictionary of OAuth credentials (see above)
:rtype: dict
"""
# Formulate the data for posting to the OAuth provider.
data = {
"code": code,
"client_id": self.client_id,
"client_secret": self.client_secret,
"grant_type": "authorization_code",
"redirect_uri": self.redirect_uri,
}
return self._post_to_internal_oauth(data)
def get_access_token(self, code):
"""
Get specifically the access_token from the OAuth token response.
"""
token_response = self.get_token(code)
access_token = token_response.get("access_token")
if not access_token:
raise OAuth2Error(message="did not receive access token",
json=token_response)
return access_token
def refresh_token(self, refresh_token):
"""
Refresh the OAuth access token.
The credentials returned should be the same as the example in
``get_token``.
"""
# Formulate the data for posting to the OAuth provider.
data = {
"refresh_token": refresh_token,
"client_id": self.client_id,
"client_secret": self.client_secret,
"grant_type": "refresh_token",
"redirect_uri": self.redirect_uri,
}
return self._post_to_internal_oauth(data)
from .models.models import User
from cdispyutils.log import get_logger
import bcrypt
logger = get_logger('utils')
def create_user(db, username, password):
try:
with db.session as s:
u = User(username=username,
password=bcrypt.hashpw(password, bcrypt.gensalt()))
s.add(u)
return True
except:
logger.exception("Fail to create user")
return False