def session_consent(scopes, no_local_server):
"""
Update your current CLI auth session by authenticating with a specific scope or set
of scopes.
This command is necessary when the CLI needs access to resources which require the
user to explicitly consent to access.
"""
session_params = {"scope": " ".join(scopes)}
# use a link login if remote session or user requested
if no_local_server or is_remote_session():
do_link_auth_flow(session_params=session_params)
# otherwise default to a local server login flow
else:
click.echo(
"You are running 'globus session consent', "
"which should automatically open a browser window for you to "
"authenticate with specific identities.\n"
"If this fails or you experience difficulty, try "
"'globus session consent --no-local-server'"
"\n---"
)
do_local_server_auth_flow(session_params=session_params)
click.echo("\nYou have successfully updated your CLI session.\n")
def login_command(no_local_server, force):
"""
Get credentials for the Globus CLI
Necessary before any Globus CLI commands which require authentication will work
This command directs you to the page necessary to permit the Globus CLI to make API
calls for you, and gets the OAuth2 tokens needed to use those permissions.
The default login method opens your browser to the Globus CLI's authorization
page, where you can read and consent to the permissions required to use the
Globus CLI. The CLI then takes care of getting the credentials through a
local server.
If the CLI detects you are on a remote session, or the --no-local-server option is
used, the CLI will instead print a link for you to manually follow to the Globus
CLI's authorization page. After consenting you will then need to copy and paste the
given access code from the web to the CLI.
"""
# if not forcing, stop if user already logged in
if not force and check_logged_in():
click.echo(_LOGGED_IN_RESPONSE)
return
# use a link login if remote session or user requested
if no_local_server or is_remote_session():
do_link_auth_flow(force_new_client=True)
# otherwise default to a local server login flow
else:
click.echo(
"You are running 'globus login', which should automatically open "
"a browser window for you to login.\n"
"If this fails or you experience difficulty, try "
"'globus login --no-local-server'"
"\n---")
do_local_server_auth_flow(force_new_client=True)
# print epilog
click.echo(_LOGIN_EPILOG)
def login_command(no_local_server, force):
# if not forcing, stop if user already logged in
if not force and check_logged_in():
safeprint(_LOGGED_IN_RESPONSE)
return
# use a link login if remote session or user requested
if no_local_server or is_remote_session():
do_link_auth_flow(force_new_client=True)
# otherwise default to a local server login flow
else:
safeprint(
"You are running 'globus login', which should automatically open "
"a browser window for you to login.\n"
"If this fails or you experience difficulty, try "
"'globus login --no-local-server'"
"\n---")
do_local_server_auth_flow(force_new_client=True)
# print epilog
safeprint(_LOGIN_EPILOG)
def login_command(no_local_server, force):
# if not forcing, stop if user already logged in
if not force and check_logged_in():
safeprint(_LOGGED_IN_RESPONSE)
return
# use a link login if remote session or user requested
if no_local_server or is_remote_session():
do_link_auth_flow(force_new_client=True)
# otherwise default to a local server login flow
else:
safeprint(
"You are running 'globus login', which should automatically open "
"a browser window for you to login.\n"
"If this fails or you experience difficulty, try "
"'globus login --no-local-server'"
"\n---"
)
do_local_server_auth_flow(force_new_client=True)
# print epilog
safeprint(_LOGIN_EPILOG)
def session_update(identities, no_local_server, all):
if (not (identities or all)) or (identities and all):
raise click.UsageError("Either give one or more IDENTITIES or use --all")
auth_client = get_auth_client()
# if --all use every identity id in the user's identity set
if all:
res = auth_client.oauth2_userinfo()
try:
identity_ids = [user["sub"] for user in res["identity_set"]]
except KeyError:
click.echo(
"Your current login does not have the consents required "
"to view your full identity set. Please log in again "
"to agree to the required consents.",
err=True,
)
click.get_current_context().exit(1)
# otherwise try to resolve any non uuid values to identity ids
else:
identity_ids = []
identity_names = []
for val in identities:
try:
uuid.UUID(val)
identity_ids.append(val)
except ValueError:
identity_names.append(val)
if identity_names:
res = auth_client.get_identities(usernames=identity_names)["identities"]
for name in identity_names:
for identity in res:
if identity["username"] == name:
identity_ids.append(identity["id"])
break
else:
click.echo("No such identity {}".format(val), err=True)
click.get_current_context().exit(1)
# create session params once we have all identity ids
session_params = {
"session_required_identities": ",".join(identity_ids),
"session_message": "Authenticate to update your CLI session.",
}
# use a link login if remote session or user requested
if no_local_server or is_remote_session():
do_link_auth_flow(session_params=session_params)
# otherwise default to a local server login flow
else:
click.echo(
"You are running 'globus session update', "
"which should automatically open a browser window for you to "
"authenticate with specific identities.\n"
"If this fails or you experience difficulty, try "
"'globus session update --no-local-server'"
"\n---"
)
do_local_server_auth_flow(session_params=session_params)
click.echo(
"\nYou have successfully updated your CLI session.\n"
"Use 'globus session show' to see the updated session."
)