def __init__(self, host, oauth_client=None, headers=None): service = get_services()['document_service'] if host in service: self.host = service[host]['url'] else: self.host = host or service['prod']['url'] L.debug('Using document_service url: %s', self.host) self._api = swagger.ApiClient('api_key', self.host) #save the oauth_client in case we need to refresh the token (not implemented yet) self.oauth_client = oauth_client self.headers = headers or {} sh.patch_swagger_callapi(self._api, self._get_headers) if self.oauth_client: self.headers['Authorization'] = self.oauth_client.get_auth_header() self.headers['User-Agent'] = 'py_document_service_client' #api accessors self._project = ProjectApi.ProjectApi(self._api) self._project.update = ProjectApi.ProjectApi.update_project self._folder = FolderApi.FolderApi(self._api) self._folder.update = FolderApi.FolderApi.update_folder self._file = FileApi.FileApi(self._api) self._file.update = FileApi.FileApi.update_file self._entity = EntityApi.EntityApi(self._api)
def copy_datafiles_to_collab_storage(request, job, local_dir, relative_paths): # upload local files to collab storage from bbp_client.oidc.client import BBPOIDCClient from bbp_client.document_service.client import Client as DocClient import bbp_services.client as bsc services = bsc.get_services() access_token = get_access_token(request.user.social_auth.get()) oidc_client = BBPOIDCClient.bearer_auth( services['oidc_service']['prod']['url'], access_token) doc_client = DocClient(services['document_service']['prod']['url'], oidc_client) project = doc_client.get_project_by_collab_id(job.collab_id) root = doc_client.get_path_by_id(project["_uuid"]) collab_folder = root + "/job_{}".format(job.pk) folder_id = doc_client.mkdir(collab_folder) collab_paths = [] for relative_path in relative_paths: collab_path = os.path.join(collab_folder, relative_path) if os.path.dirname(relative_path): # if there are subdirectories... doc_client.makedirs(os.path.dirname(collab_path)) local_path = os.path.join(local_dir, relative_path) id = doc_client.upload_file(local_path, collab_path) collab_paths.append(collab_path) content_type = mimetypes.guess_type(local_path)[0] if content_type: doc_client.set_standard_attr(collab_path, {'_contentType': content_type}) return collab_paths
def __init__(self, oauth_url=None, oidcconfig=None): '''this is generally not used, as the staticmethod's are better: bearer_auth(oauth_url, token) implicit_auth(user=None, password=None, oauth_url=None, use_cache=True) secret_auth(oauth_url, oidcconfig=None) file_auth(yaml_path, oauth_url=None) ''' service = get_services()['oidc_service'] if oauth_url in service: self.oauth_url = service[oauth_url]['url'] else: self.oauth_url = oauth_url or service['prod']['url'] L.debug('Using url: %s', self.oauth_url) self.oidcconfig = oidcconfig or DEFAULT_OIDC_CONFIG super(BBPOIDCClient, self).__init__( client_id=self.oidcconfig['client_id'], client_secret=self.oidcconfig.get('client_secret', None), user_agent=self.oidcconfig['user_agent'], scope=self.oidcconfig['scope'], auth_uri=self.oauth_url + 'authorize', token_uri=self.oauth_url + 'token', tokeninfo_uri=self.oauth_url + 'tokeninfo', userinfo_uri=self.oauth_url + 'userinfo' ) self.redirect_uri = urljoin(self.oauth_url, 'resources/oauth_code.html') # bundle of X.509 certificates of public Certificate Authorities cacerts_path = joinp(os.path.dirname(__file__), 'cacert/cacert.pem') self.http = httplib2.Http(ca_certs=cacerts_path) self.credentials = None
def __init__(self, host, oauth_client=None, headers=None): service = get_services()['document_service'] if host in service: self.host = service[host]['url'] else: self.host = host or service['prod']['url'] L.debug('Using document_service url: %s', self.host) self._api = swagger.ApiClient('api_key', self.host) #save the oauth_client in case we need to refresh the token (not implemented yet) self.oauth_client = oauth_client self.headers = headers or {} sh.patch_swagger_callapi(self._api, self._get_headers) if self.oauth_client: self.headers['Authorization'] = self.oauth_client.get_auth_header() self.headers['User-Agent'] = 'py_document_service_client' #api accessors self._project = ProjectApi.ProjectApi(self._api) self._project.update = ProjectApi.ProjectApi.update_project self._folder = FolderApi.FolderApi(self._api) self._folder.update = FolderApi.FolderApi.update_folder self._file = FileApi.FileApi(self._api) self._file.update = FileApi.FileApi.update_file self._entity = EntityApi.EntityApi(self._api)
def get_related_data(self, user): # assume for now that data is in collab from bbp_client.oidc.client import BBPOIDCClient from bbp_client.document_service.client import Client as DocClient import bbp_services.client as bsc services = bsc.get_services() access_token = get_access_token(user.social_auth.get()) oidc_client = BBPOIDCClient.bearer_auth( services['oidc_service']['prod']['url'], access_token) doc_client = DocClient(services['document_service']['prod']['url'], oidc_client) parse_result = urlparse(self.object.results_storage) if parse_result.scheme == "collab": collab_folder = parse_result.path #return doc_client.listdir(collab_folder) folder_uuid = doc_client.get_standard_attr(collab_folder)['_uuid'] data = { "folder": { "path": collab_folder, } } if self.object.project: data["folder"]["url"] = self.get_collab_storage_url( ) + "?state=uuid={}".format(folder_uuid) return data else: print("Storage not yet supported") return {}
def context_url(self, context): '''return url to navitem by context''' url = joinp(self._host, 'collab/context/%s/' % context) resp = requests.get(url, headers=self._get_headers()) resp.raise_for_status() return joinp( get_services()['collaboratory'][self.environment]['url'], '#/collab/%s/nav/%s' % (resp.json()['collab']['id'], resp.json()['id']))
def new(cls, environment='prod', user=None, password=None, token=None): '''create new collab service client''' services = get_services() oauth_url = services['oidc_service'][environment]['url'] service_url = services['stream_service'][environment]['url'] if token: oauth_client = BBPOIDCClient.bearer_auth(oauth_url, token) else: oauth_client = BBPOIDCClient.implicit_auth(user, password, oauth_url) return cls(service_url, oauth_client, environment)
def new(cls, environment='prod', user=None, password=None, token=None): '''create new documentservice client''' services = get_services() oauth_url = services['oidc_service'][environment]['url'] ds_url = services['document_service'][environment]['url'] if token: oauth_client = BBPOIDCClient.bearer_auth(oauth_url, token) else: oauth_client = BBPOIDCClient.implicit_auth(user, password, oauth_url) return cls(ds_url, oauth_client)
def create_doc_client(access_token): services = bsc.get_services() # get clients from bbp python packages oidc_client = BBPOIDCClient.bearer_auth( services['oidc_service']['prod']['url'], access_token) bearer_client = BBPOIDCClient.bearer_auth('prod', access_token) doc_client = DocClient(services['document_service']['prod']['url'], oidc_client) return doc_client
def get_collab_name(self): import bbp_services.client as bsc services = bsc.get_services() headers = { 'Authorization': get_auth_header(self.request.user.social_auth.get()) } url = services['collab_service']['prod']['url'] + "collab/{}/".format( self.object.project) response = requests.get(url, headers=headers) collab_name = response.json()["title"] return collab_name
def __init__(self, host, oidc, environment='prod'): ''' Args: host: host to connnect to, ie: http://localhost:8888 oauth_client: instance of the bbp_client.oidc.client ''' services = get_services() if services['collab_service'].get(host): self._host = services['collab_service'][environment]['url'] else: self._host = host self._oidc = oidc self.environment = environment
def main(args=None): '''Main function''' args = args or sys.argv[1:] args = get_parser().parse_args(args) if hasattr(args, 'ex_yaml') and args.ex_yaml: print EXAMPLE_YAML return L.debug('Environment: %s Username: %s', args.env, args.user) logging.basicConfig(level=VERBOSITY_LEVELS[min(args.verbose, len(VERBOSITY_LEVELS) - 1)], format=DEFAULT_LOG_FORMAT) if args.subcommand == 'path': if os.path.isfile(args.src): if args.type is not None or args.ignore_type: all_info = [ collect_single_file(args.src, args.dst, args.type, args.upload) ] else: raise SystemExit( _get_missing_contenttype_msg(args.src, args.type)) else: all_info = collect_from_local_fs(args.src, args.dst, args.upload) else: assert args.subcommand == 'yaml' if not args.src: raise SystemExit('Must supply at least one yaml file to import') all_info = collect_from_registry(args.src) oidc_client = BBPOIDCClient.implicit_auth(user=args.user, password=args.password, oauth_url=args.env) ds_server = args.server or args.env ds_client = DSClient(ds_server, oidc_client) services = get_services() hbp_portal_url = services['hbp_portal'][args.env]['url'] new_imports, _ = do_import(ds_client, all_info, args.fail_hard) if not args.return_imports: for i in new_imports: print 'Link:', viewer_url(hbp_portal_url, i.dst) print 'imported', len(new_imports), 'items' else: return new_imports
def __init__(self, host, oidc, collab_id, environment='prod'): '''simple wrapper around the collab concept: gives it auth, which server and what collab_id Args: host: host to connnect to, ie: http://localhost:8888 oauth_client: instance of the bbp_client.oidc.client ''' services = get_services() if services['collab_service'].get(host): self._host = services['collab_service'][environment]['url'] else: self._host = host self._oidc = oidc self.collab_id = int(collab_id) self.environment = environment
def authenticate_oidc(): """ Authentication to OIDC Service """ # TODO: decorator authentication global user user = raw_input("Username of Gaspar's account ") services = get_services() env = get_environments() oauth_url = services['oidc_service'][env[0]]['url'] # print oauth_url # TODO: try ... catch exception BBPOIDCClient.implicit_auth(user, oauth_url=oauth_url) # root token can get expired, need to login again with Gaspar-pass # create Client-instance cl = Client.new() return cl
def main(args=None): '''Main function''' args = args or sys.argv[1:] args = get_parser().parse_args(args) if hasattr(args, 'ex_yaml') and args.ex_yaml: print EXAMPLE_YAML return L.debug('Environment: %s Username: %s', args.env, args.user) logging.basicConfig(level=VERBOSITY_LEVELS[min(args.verbose, len(VERBOSITY_LEVELS) - 1)], format=DEFAULT_LOG_FORMAT) if args.subcommand == 'path': if os.path.isfile(args.src): if args.type is not None or args.ignore_type: all_info = [collect_single_file(args.src, args.dst, args.type, args.upload)] else: raise SystemExit(_get_missing_contenttype_msg(args.src, args.type)) else: all_info = collect_from_local_fs(args.src, args.dst, args.upload) else: assert args.subcommand == 'yaml' if not args.src: raise SystemExit('Must supply at least one yaml file to import') all_info = collect_from_registry(args.src) oidc_client = BBPOIDCClient.implicit_auth(user=args.user, password=args.password, oauth_url=args.env) ds_server = args.server or args.env ds_client = DSClient(ds_server, oidc_client) services = get_services() hbp_portal_url = services['hbp_portal'][args.env]['url'] new_imports, _ = do_import(ds_client, all_info, args.fail_hard) if not args.return_imports: for i in new_imports: print 'Link:', viewer_url(hbp_portal_url, i.dst) print 'imported', len(new_imports), 'items' else: return new_imports
def upload_zip_file_to_storage(request): access_token = get_access_token(request.user.social_auth.get()) # retrieve data from request.session headers = request.session['headers'] collab_id = request.session['collab_id'] st_rel_user_results_folder = request.session['st_rel_user_results_folder'] st_rel_user_uploaded_folder = request.session[ 'st_rel_user_uploaded_folder'] crr_user_folder = request.session['time_info'] output_path = request.session['result_file_zip'] context = request.session['context'] services = bsc.get_services() # get clients from bbp python packages oidc_client = BBPOIDCClient.bearer_auth(\ services['oidc_service']['prod']['url'], access_token) bearer_client = BBPOIDCClient.bearer_auth('prod', access_token) doc_client = DocClient(\ services['document_service']['prod']['url'], oidc_client) context = request.session['context'] #logout(request) nextUrl = urllib.quote('%s?ctx=%s' % (request.path, context)) # extract project from collab_id project = doc_client.get_project_by_collab_id(collab_id) # extract collab storage root path storage_root = doc_client.get_path_by_id(project["_uuid"]) crr_collab_storage_folder = os.path.join(storage_root, \ st_rel_user_results_folder) if not doc_client.exists(crr_collab_storage_folder): doc_client.makedirs(crr_collab_storage_folder) # final zip collab storage path zip_collab_storage_path = os.path.join(crr_collab_storage_folder, \ crr_user_folder + '_results.zip') # bypassing uploading data to collab storage if not doc_client.exists(zip_collab_storage_path): doc_client.upload_file(output_path, zip_collab_storage_path) # render to html page return HttpResponse("")
def get_collab_storage_url(self): import bbp_services.client as bsc services = bsc.get_services() headers = { 'Authorization': get_auth_header(self.request.user.social_auth.get()) } url = services['collab_service']['prod'][ 'url'] + "collab/{}/nav/all/".format(self.object.project) response = requests.get(url, headers=headers) if response.ok: nav_items = response.json() for item in nav_items: if item["app_id"] == "31": # Storage app return "https://collab.humanbrainproject.eu/#/collab/{}/nav/{}".format( self.object.project, item["id"]) else: return ""
def __init__(self, host, oauth_client=None, headers=None): ''' Args: host: host to connnect to, ie: http://localhost:8888 (can be dev or prod as well) oauth_client: instance of the bbp_client.oidc.client headers: HTTP headers passed to server ''' services = get_services() if services['idm_service'].get(host): self.base_url = services['idm_service'][host]['url'] else: self.base_url = host self.oauth_client = oauth_client self.session = requests.Session() self.session.headers.update( {'Authorization': self.oauth_client.get_auth_header()}) if headers: self.session.headers.update(headers)
def new(cls, environment='prod', user=None, password=None): '''create a new cross-service client''' services = get_services() oauth_client = BBPOIDCClient().implicit_auth( user=user, password=password, oauth_url=services['oidc_service'][environment]['url']) return cls( task_client=TaskClient( host=services['task_service'][environment]['url'], oauth_client=oauth_client), prov_client=ProvClient( host=services['prov_service'][environment]['url'], oauth_client=oauth_client), document_client=DocumentClient( host=services['document_service'][environment]['url'], oauth_client=oauth_client), mimetype_client=MIMETypeClient( host=services['mimetype_service'][environment]['url']))
def new(cls, environment='prod', user=None, password=None): '''create a new cross-service client''' services = get_services() oauth_client = BBPOIDCClient().implicit_auth( user=user, password=password, oauth_url=services['oidc_service'][environment]['url']) return cls(task_client=TaskClient( host=services['task_service'][environment]['url'], oauth_client=oauth_client), prov_client=ProvClient( host=services['prov_service'][environment]['url'], oauth_client=oauth_client), document_client=DocumentClient( host=services['document_service'][environment]['url'], oauth_client=oauth_client), mimetype_client=MIMETypeClient( host=services['mimetype_service'][environment]['url']))
def __init__(self, oauth_url=None, oidcconfig=None): '''this is generally not used, as the staticmethod's are better: bearer_auth(oauth_url, token) implicit_auth(user=None, password=None, oauth_url=None, use_cache=True) secret_auth(oauth_url, oidcconfig=None) file_auth(yaml_path, oauth_url=None) ''' service = get_services()['oidc_service'] if oauth_url in service: self.oauth_url = service[oauth_url]['url'] else: self.oauth_url = oauth_url or service['prod']['url'] L.debug('Using url: %s', self.oauth_url) self.oidcconfig = oidcconfig or DEFAULT_OIDC_CONFIG super(BBPOIDCClient, self).__init__(client_id=self.oidcconfig['client_id'], client_secret=self.oidcconfig.get( 'client_secret', None), user_agent=self.oidcconfig['user_agent'], scope=self.oidcconfig['scope'], auth_uri=self.oauth_url + 'authorize', token_uri=self.oauth_url + 'token', tokeninfo_uri=self.oauth_url + 'tokeninfo', userinfo_uri=self.oauth_url + 'userinfo') self.redirect_uri = urljoin(self.oauth_url, 'resources/oauth_code.html') # bundle of X.509 certificates of public Certificate Authorities cacerts_path = joinp(os.path.dirname(__file__), 'cacert/cacert.pem') self.http = httplib2.Http(ca_certs=cacerts_path) self.credentials = None
class HbpAuth(BaseOAuth2): '''HBP OpenID Connect authentication backend''' name = 'hbp' oidc_service = get_services()['oidc_service'][s.ENV] oidc_url = oidc_service['url'] oidc_api_url = oidc_service['api_url'] AUTHORIZATION_URL = oidc_url + 'authorize' ACCESS_TOKEN_URL = oidc_url + 'token' ACCESS_TOKEN_METHOD = 'POST' REVOKE_TOKEN_URL = oidc_url + 'revoke' REVOKE_TOKEN_METHOD = 'GET' USER_DATA_URL = oidc_api_url + '/user/me' REDIRECT_STATE = False EXTRA_DATA = [ ('refresh_token', 'refresh_token', True), ('expires_in', 'expires'), ('token_type', 'token_type', True), ] def get_key_and_secret(self): """Return tuple with Consumer Key and Consumer Secret for current service provider. Must return (key, secret), order *must* be respected. """ return s.SOCIAL_AUTH_HBP_KEY, s.SOCIAL_AUTH_HBP_SECRET def uses_redirect(self): '''Return True if this provider uses redirect url method, otherwise return false. We return false so auth_html can return our custom script to logout if necessary''' return False def auth_html(self): '''Return login HTML content''' return ''' <html><body><script> var oReq = new XMLHttpRequest(); oReq.onload = function() { if (this.status !== 200 && window.parent && window !== window.top) { window.parent.postMessage({eventName: "oidc.logout", data: { clientId: "%s"}}, "*"); } else { window.location.href = "%s" }; }; oReq.open("get", "%ssession", true); oReq.withCredentials = true; oReq.send(); </script></body></html>''' % (s.SOCIAL_AUTH_HBP_KEY, self.auth_url(), self.oidc_url) def revoke_token_params(self, token, uid): return {'token': token} def revoke_token_headers(self, token, uid): return {'Content-type': 'application/json'} def get_user_details(self, response): '''Return user details from HBP account''' email = next(obj['value'] for obj in response.get('emails') if obj['primary']) data = { 'username': response.get('username'), 'email': email or '', 'first_name': response.get('familyName'), 'last_name': response.get('givenName'), } # only set those if there is a positive match to allow resetting # existing values if data['username'] in s.SUPER_USER_NAMES: data['is_superuser'] = True if data['username'] in s.STAFF_USER_NAMES: data['is_staff'] = True return data def user_data(self, access_token, *args, **kwargs): '''Return user data from HBP API''' return self.get_json( self.USER_DATA_URL, headers={'Authorization': 'Bearer %s' % access_token})