def __init__(self, host, oauth_client=None, headers=None):
service = get_services()['document_service']
if host in service:
self.host = service[host]['url']
else:
self.host = host or service['prod']['url']
L.debug('Using document_service url: %s', self.host)
self._api = swagger.ApiClient('api_key', self.host)
#save the oauth_client in case we need to refresh the token (not implemented yet)
self.oauth_client = oauth_client
self.headers = headers or {}
sh.patch_swagger_callapi(self._api, self._get_headers)
if self.oauth_client:
self.headers['Authorization'] = self.oauth_client.get_auth_header()
self.headers['User-Agent'] = 'py_document_service_client'
#api accessors
self._project = ProjectApi.ProjectApi(self._api)
self._project.update = ProjectApi.ProjectApi.update_project
self._folder = FolderApi.FolderApi(self._api)
self._folder.update = FolderApi.FolderApi.update_folder
self._file = FileApi.FileApi(self._api)
self._file.update = FileApi.FileApi.update_file
self._entity = EntityApi.EntityApi(self._api)
def copy_datafiles_to_collab_storage(request, job, local_dir, relative_paths):
# upload local files to collab storage
from bbp_client.oidc.client import BBPOIDCClient
from bbp_client.document_service.client import Client as DocClient
import bbp_services.client as bsc
services = bsc.get_services()
access_token = get_access_token(request.user.social_auth.get())
oidc_client = BBPOIDCClient.bearer_auth(
services['oidc_service']['prod']['url'], access_token)
doc_client = DocClient(services['document_service']['prod']['url'],
oidc_client)
project = doc_client.get_project_by_collab_id(job.collab_id)
root = doc_client.get_path_by_id(project["_uuid"])
collab_folder = root + "/job_{}".format(job.pk)
folder_id = doc_client.mkdir(collab_folder)
collab_paths = []
for relative_path in relative_paths:
collab_path = os.path.join(collab_folder, relative_path)
if os.path.dirname(relative_path): # if there are subdirectories...
doc_client.makedirs(os.path.dirname(collab_path))
local_path = os.path.join(local_dir, relative_path)
id = doc_client.upload_file(local_path, collab_path)
collab_paths.append(collab_path)
content_type = mimetypes.guess_type(local_path)[0]
if content_type:
doc_client.set_standard_attr(collab_path,
{'_contentType': content_type})
return collab_paths
def __init__(self, oauth_url=None, oidcconfig=None):
'''this is generally not used, as the staticmethod's are better:
bearer_auth(oauth_url, token)
implicit_auth(user=None, password=None, oauth_url=None, use_cache=True)
secret_auth(oauth_url, oidcconfig=None)
file_auth(yaml_path, oauth_url=None)
'''
service = get_services()['oidc_service']
if oauth_url in service:
self.oauth_url = service[oauth_url]['url']
else:
self.oauth_url = oauth_url or service['prod']['url']
L.debug('Using url: %s', self.oauth_url)
self.oidcconfig = oidcconfig or DEFAULT_OIDC_CONFIG
super(BBPOIDCClient, self).__init__(
client_id=self.oidcconfig['client_id'],
client_secret=self.oidcconfig.get('client_secret', None),
user_agent=self.oidcconfig['user_agent'],
scope=self.oidcconfig['scope'],
auth_uri=self.oauth_url + 'authorize',
token_uri=self.oauth_url + 'token',
tokeninfo_uri=self.oauth_url + 'tokeninfo',
userinfo_uri=self.oauth_url + 'userinfo'
)
self.redirect_uri = urljoin(self.oauth_url, 'resources/oauth_code.html')
# bundle of X.509 certificates of public Certificate Authorities
cacerts_path = joinp(os.path.dirname(__file__), 'cacert/cacert.pem')
self.http = httplib2.Http(ca_certs=cacerts_path)
self.credentials = None
def __init__(self, host, oauth_client=None, headers=None):
service = get_services()['document_service']
if host in service:
self.host = service[host]['url']
else:
self.host = host or service['prod']['url']
L.debug('Using document_service url: %s', self.host)
self._api = swagger.ApiClient('api_key', self.host)
#save the oauth_client in case we need to refresh the token (not implemented yet)
self.oauth_client = oauth_client
self.headers = headers or {}
sh.patch_swagger_callapi(self._api, self._get_headers)
if self.oauth_client:
self.headers['Authorization'] = self.oauth_client.get_auth_header()
self.headers['User-Agent'] = 'py_document_service_client'
#api accessors
self._project = ProjectApi.ProjectApi(self._api)
self._project.update = ProjectApi.ProjectApi.update_project
self._folder = FolderApi.FolderApi(self._api)
self._folder.update = FolderApi.FolderApi.update_folder
self._file = FileApi.FileApi(self._api)
self._file.update = FileApi.FileApi.update_file
self._entity = EntityApi.EntityApi(self._api)
def get_related_data(self, user):
# assume for now that data is in collab
from bbp_client.oidc.client import BBPOIDCClient
from bbp_client.document_service.client import Client as DocClient
import bbp_services.client as bsc
services = bsc.get_services()
access_token = get_access_token(user.social_auth.get())
oidc_client = BBPOIDCClient.bearer_auth(
services['oidc_service']['prod']['url'], access_token)
doc_client = DocClient(services['document_service']['prod']['url'],
oidc_client)
parse_result = urlparse(self.object.results_storage)
if parse_result.scheme == "collab":
collab_folder = parse_result.path
#return doc_client.listdir(collab_folder)
folder_uuid = doc_client.get_standard_attr(collab_folder)['_uuid']
data = {
"folder": {
"path": collab_folder,
}
}
if self.object.project:
data["folder"]["url"] = self.get_collab_storage_url(
) + "?state=uuid={}".format(folder_uuid)
return data
else:
print("Storage not yet supported")
return {}
def context_url(self, context):
'''return url to navitem by context'''
url = joinp(self._host, 'collab/context/%s/' % context)
resp = requests.get(url, headers=self._get_headers())
resp.raise_for_status()
return joinp(
get_services()['collaboratory'][self.environment]['url'],
'#/collab/%s/nav/%s' %
(resp.json()['collab']['id'], resp.json()['id']))
def new(cls, environment='prod', user=None, password=None, token=None):
'''create new collab service client'''
services = get_services()
oauth_url = services['oidc_service'][environment]['url']
service_url = services['stream_service'][environment]['url']
if token:
oauth_client = BBPOIDCClient.bearer_auth(oauth_url, token)
else:
oauth_client = BBPOIDCClient.implicit_auth(user, password, oauth_url)
return cls(service_url, oauth_client, environment)
def new(cls, environment='prod', user=None, password=None, token=None):
'''create new documentservice client'''
services = get_services()
oauth_url = services['oidc_service'][environment]['url']
ds_url = services['document_service'][environment]['url']
if token:
oauth_client = BBPOIDCClient.bearer_auth(oauth_url, token)
else:
oauth_client = BBPOIDCClient.implicit_auth(user, password, oauth_url)
return cls(ds_url, oauth_client)
def create_doc_client(access_token):
services = bsc.get_services()
# get clients from bbp python packages
oidc_client = BBPOIDCClient.bearer_auth(
services['oidc_service']['prod']['url'], access_token)
bearer_client = BBPOIDCClient.bearer_auth('prod', access_token)
doc_client = DocClient(services['document_service']['prod']['url'],
oidc_client)
return doc_client
def get_collab_name(self):
import bbp_services.client as bsc
services = bsc.get_services()
headers = {
'Authorization':
get_auth_header(self.request.user.social_auth.get())
}
url = services['collab_service']['prod']['url'] + "collab/{}/".format(
self.object.project)
response = requests.get(url, headers=headers)
collab_name = response.json()["title"]
return collab_name
def __init__(self, host, oidc, environment='prod'):
'''
Args:
host: host to connnect to, ie: http://localhost:8888
oauth_client: instance of the bbp_client.oidc.client
'''
services = get_services()
if services['collab_service'].get(host):
self._host = services['collab_service'][environment]['url']
else:
self._host = host
self._oidc = oidc
self.environment = environment
def main(args=None):
'''Main function'''
args = args or sys.argv[1:]
args = get_parser().parse_args(args)
if hasattr(args, 'ex_yaml') and args.ex_yaml:
print EXAMPLE_YAML
return
L.debug('Environment: %s Username: %s', args.env, args.user)
logging.basicConfig(level=VERBOSITY_LEVELS[min(args.verbose,
len(VERBOSITY_LEVELS) - 1)],
format=DEFAULT_LOG_FORMAT)
if args.subcommand == 'path':
if os.path.isfile(args.src):
if args.type is not None or args.ignore_type:
all_info = [
collect_single_file(args.src, args.dst, args.type,
args.upload)
]
else:
raise SystemExit(
_get_missing_contenttype_msg(args.src, args.type))
else:
all_info = collect_from_local_fs(args.src, args.dst, args.upload)
else:
assert args.subcommand == 'yaml'
if not args.src:
raise SystemExit('Must supply at least one yaml file to import')
all_info = collect_from_registry(args.src)
oidc_client = BBPOIDCClient.implicit_auth(user=args.user,
password=args.password,
oauth_url=args.env)
ds_server = args.server or args.env
ds_client = DSClient(ds_server, oidc_client)
services = get_services()
hbp_portal_url = services['hbp_portal'][args.env]['url']
new_imports, _ = do_import(ds_client, all_info, args.fail_hard)
if not args.return_imports:
for i in new_imports:
print 'Link:', viewer_url(hbp_portal_url, i.dst)
print 'imported', len(new_imports), 'items'
else:
return new_imports
def __init__(self, host, oidc, collab_id, environment='prod'):
'''simple wrapper around the collab concept:
gives it auth, which server and what collab_id
Args:
host: host to connnect to, ie: http://localhost:8888
oauth_client: instance of the bbp_client.oidc.client
'''
services = get_services()
if services['collab_service'].get(host):
self._host = services['collab_service'][environment]['url']
else:
self._host = host
self._oidc = oidc
self.collab_id = int(collab_id)
self.environment = environment
def authenticate_oidc():
""" Authentication to OIDC Service
"""
# TODO: decorator authentication
global user
user = raw_input("Username of Gaspar's account ")
services = get_services()
env = get_environments()
oauth_url = services['oidc_service'][env[0]]['url']
# print oauth_url
# TODO: try ... catch exception
BBPOIDCClient.implicit_auth(user, oauth_url=oauth_url)
# root token can get expired, need to login again with Gaspar-pass
# create Client-instance
cl = Client.new()
return cl
def main(args=None):
'''Main function'''
args = args or sys.argv[1:]
args = get_parser().parse_args(args)
if hasattr(args, 'ex_yaml') and args.ex_yaml:
print EXAMPLE_YAML
return
L.debug('Environment: %s Username: %s', args.env, args.user)
logging.basicConfig(level=VERBOSITY_LEVELS[min(args.verbose, len(VERBOSITY_LEVELS) - 1)],
format=DEFAULT_LOG_FORMAT)
if args.subcommand == 'path':
if os.path.isfile(args.src):
if args.type is not None or args.ignore_type:
all_info = [collect_single_file(args.src, args.dst, args.type, args.upload)]
else:
raise SystemExit(_get_missing_contenttype_msg(args.src, args.type))
else:
all_info = collect_from_local_fs(args.src, args.dst, args.upload)
else:
assert args.subcommand == 'yaml'
if not args.src:
raise SystemExit('Must supply at least one yaml file to import')
all_info = collect_from_registry(args.src)
oidc_client = BBPOIDCClient.implicit_auth(user=args.user, password=args.password,
oauth_url=args.env)
ds_server = args.server or args.env
ds_client = DSClient(ds_server, oidc_client)
services = get_services()
hbp_portal_url = services['hbp_portal'][args.env]['url']
new_imports, _ = do_import(ds_client, all_info, args.fail_hard)
if not args.return_imports:
for i in new_imports:
print 'Link:', viewer_url(hbp_portal_url, i.dst)
print 'imported', len(new_imports), 'items'
else:
return new_imports
def upload_zip_file_to_storage(request):
access_token = get_access_token(request.user.social_auth.get())
# retrieve data from request.session
headers = request.session['headers']
collab_id = request.session['collab_id']
st_rel_user_results_folder = request.session['st_rel_user_results_folder']
st_rel_user_uploaded_folder = request.session[
'st_rel_user_uploaded_folder']
crr_user_folder = request.session['time_info']
output_path = request.session['result_file_zip']
context = request.session['context']
services = bsc.get_services()
# get clients from bbp python packages
oidc_client = BBPOIDCClient.bearer_auth(\
services['oidc_service']['prod']['url'], access_token)
bearer_client = BBPOIDCClient.bearer_auth('prod', access_token)
doc_client = DocClient(\
services['document_service']['prod']['url'], oidc_client)
context = request.session['context']
#logout(request)
nextUrl = urllib.quote('%s?ctx=%s' % (request.path, context))
# extract project from collab_id
project = doc_client.get_project_by_collab_id(collab_id)
# extract collab storage root path
storage_root = doc_client.get_path_by_id(project["_uuid"])
crr_collab_storage_folder = os.path.join(storage_root, \
st_rel_user_results_folder)
if not doc_client.exists(crr_collab_storage_folder):
doc_client.makedirs(crr_collab_storage_folder)
# final zip collab storage path
zip_collab_storage_path = os.path.join(crr_collab_storage_folder, \
crr_user_folder + '_results.zip')
# bypassing uploading data to collab storage
if not doc_client.exists(zip_collab_storage_path):
doc_client.upload_file(output_path, zip_collab_storage_path)
# render to html page
return HttpResponse("")
def get_collab_storage_url(self):
import bbp_services.client as bsc
services = bsc.get_services()
headers = {
'Authorization':
get_auth_header(self.request.user.social_auth.get())
}
url = services['collab_service']['prod'][
'url'] + "collab/{}/nav/all/".format(self.object.project)
response = requests.get(url, headers=headers)
if response.ok:
nav_items = response.json()
for item in nav_items:
if item["app_id"] == "31": # Storage app
return "https://collab.humanbrainproject.eu/#/collab/{}/nav/{}".format(
self.object.project, item["id"])
else:
return ""
def __init__(self, host, oauth_client=None, headers=None):
'''
Args:
host: host to connnect to, ie: http://localhost:8888 (can be dev or prod as well)
oauth_client: instance of the bbp_client.oidc.client
headers: HTTP headers passed to server
'''
services = get_services()
if services['idm_service'].get(host):
self.base_url = services['idm_service'][host]['url']
else:
self.base_url = host
self.oauth_client = oauth_client
self.session = requests.Session()
self.session.headers.update(
{'Authorization': self.oauth_client.get_auth_header()})
if headers:
self.session.headers.update(headers)
def new(cls, environment='prod', user=None, password=None):
'''create a new cross-service client'''
services = get_services()
oauth_client = BBPOIDCClient().implicit_auth(
user=user, password=password, oauth_url=services['oidc_service'][environment]['url'])
return cls(
task_client=TaskClient(
host=services['task_service'][environment]['url'],
oauth_client=oauth_client),
prov_client=ProvClient(
host=services['prov_service'][environment]['url'],
oauth_client=oauth_client),
document_client=DocumentClient(
host=services['document_service'][environment]['url'],
oauth_client=oauth_client),
mimetype_client=MIMETypeClient(
host=services['mimetype_service'][environment]['url']))
def new(cls, environment='prod', user=None, password=None):
'''create a new cross-service client'''
services = get_services()
oauth_client = BBPOIDCClient().implicit_auth(
user=user,
password=password,
oauth_url=services['oidc_service'][environment]['url'])
return cls(task_client=TaskClient(
host=services['task_service'][environment]['url'],
oauth_client=oauth_client),
prov_client=ProvClient(
host=services['prov_service'][environment]['url'],
oauth_client=oauth_client),
document_client=DocumentClient(
host=services['document_service'][environment]['url'],
oauth_client=oauth_client),
mimetype_client=MIMETypeClient(
host=services['mimetype_service'][environment]['url']))
def __init__(self, oauth_url=None, oidcconfig=None):
'''this is generally not used, as the staticmethod's are better:
bearer_auth(oauth_url, token)
implicit_auth(user=None, password=None, oauth_url=None, use_cache=True)
secret_auth(oauth_url, oidcconfig=None)
file_auth(yaml_path, oauth_url=None)
'''
service = get_services()['oidc_service']
if oauth_url in service:
self.oauth_url = service[oauth_url]['url']
else:
self.oauth_url = oauth_url or service['prod']['url']
L.debug('Using url: %s', self.oauth_url)
self.oidcconfig = oidcconfig or DEFAULT_OIDC_CONFIG
super(BBPOIDCClient,
self).__init__(client_id=self.oidcconfig['client_id'],
client_secret=self.oidcconfig.get(
'client_secret', None),
user_agent=self.oidcconfig['user_agent'],
scope=self.oidcconfig['scope'],
auth_uri=self.oauth_url + 'authorize',
token_uri=self.oauth_url + 'token',
tokeninfo_uri=self.oauth_url + 'tokeninfo',
userinfo_uri=self.oauth_url + 'userinfo')
self.redirect_uri = urljoin(self.oauth_url,
'resources/oauth_code.html')
# bundle of X.509 certificates of public Certificate Authorities
cacerts_path = joinp(os.path.dirname(__file__), 'cacert/cacert.pem')
self.http = httplib2.Http(ca_certs=cacerts_path)
self.credentials = None
class HbpAuth(BaseOAuth2):
'''HBP OpenID Connect authentication backend'''
name = 'hbp'
oidc_service = get_services()['oidc_service'][s.ENV]
oidc_url = oidc_service['url']
oidc_api_url = oidc_service['api_url']
AUTHORIZATION_URL = oidc_url + 'authorize'
ACCESS_TOKEN_URL = oidc_url + 'token'
ACCESS_TOKEN_METHOD = 'POST'
REVOKE_TOKEN_URL = oidc_url + 'revoke'
REVOKE_TOKEN_METHOD = 'GET'
USER_DATA_URL = oidc_api_url + '/user/me'
REDIRECT_STATE = False
EXTRA_DATA = [
('refresh_token', 'refresh_token', True),
('expires_in', 'expires'),
('token_type', 'token_type', True),
]
def get_key_and_secret(self):
"""Return tuple with Consumer Key and Consumer Secret for current
service provider. Must return (key, secret), order *must* be respected.
"""
return s.SOCIAL_AUTH_HBP_KEY, s.SOCIAL_AUTH_HBP_SECRET
def uses_redirect(self):
'''Return True if this provider uses redirect url method,
otherwise return false. We return false so auth_html can
return our custom script to logout if necessary'''
return False
def auth_html(self):
'''Return login HTML content'''
return '''
<html><body><script>
var oReq = new XMLHttpRequest();
oReq.onload = function() {
if (this.status !== 200 && window.parent && window !== window.top) {
window.parent.postMessage({eventName: "oidc.logout",
data: { clientId: "%s"}},
"*");
} else {
window.location.href = "%s"
};
};
oReq.open("get", "%ssession", true);
oReq.withCredentials = true;
oReq.send();
</script></body></html>''' % (s.SOCIAL_AUTH_HBP_KEY,
self.auth_url(), self.oidc_url)
def revoke_token_params(self, token, uid):
return {'token': token}
def revoke_token_headers(self, token, uid):
return {'Content-type': 'application/json'}
def get_user_details(self, response):
'''Return user details from HBP account'''
email = next(obj['value'] for obj in response.get('emails')
if obj['primary'])
data = {
'username': response.get('username'),
'email': email or '',
'first_name': response.get('familyName'),
'last_name': response.get('givenName'),
}
# only set those if there is a positive match to allow resetting
# existing values
if data['username'] in s.SUPER_USER_NAMES:
data['is_superuser'] = True
if data['username'] in s.STAFF_USER_NAMES:
data['is_staff'] = True
return data
def user_data(self, access_token, *args, **kwargs):
'''Return user data from HBP API'''
return self.get_json(
self.USER_DATA_URL,
headers={'Authorization': 'Bearer %s' % access_token})
