def profile():
"""User profile information. Assocated with a Globus Auth identity."""
if request.method == 'GET':
identity_id = session.get('primary_identity')
profile = ''
if profile:
name, email, institution = profile
session['name'] = name
session['email'] = email
session['institution'] = institution
else:
flash('Please complete any missing profile fields and press Save.')
if request.args.get('next'):
session['next'] = get_safe_redirect()
return render_template('profile.html')
elif request.method == 'POST':
name = session['name'] = request.form['name']
email = session['email'] = request.form['email']
institution = session['institution'] = request.form['institution']
flash('Thank you! Your profile has been successfully updated.')
if 'next' in session:
redirect_to = session['next']
session.pop('next')
else:
redirect_to = url_for('profile')
return redirect(redirect_to)
def profile():
"""User profile information. Assocated with a Globus Auth identity."""
if request.method == 'GET':
identity_id = session.get('primary_identity')
profile = database.load_profile(identity_id)
if profile:
name, email, institution, source_endpoint = profile
session['name'] = name
session['email'] = email
session['institution'] = institution
session['source_endpoint'] = source_endpoint
else:
flash('Please complete any missing profile fields and press Save.')
if request.args.get('next'):
session['next'] = get_safe_redirect()
return render_template('profile.jinja2')
elif request.method == 'POST':
print("inside profile post")
name = session['name'] = request.form['name']
email = session['email'] = request.form['email']
institution = session['institution'] = request.form['institution']
source_endpoint = session['source_endpoint'] = int(
request.form['endpoint'])
database.save_profile(identity_id=session['primary_identity'],
name=name,
email=email,
institution=institution,
source_endpoint=int(source_endpoint))
flash('Thank you! Your profile has been successfully updated.')
if 'next' in session:
redirect_to = session['next']
session.pop('next')
else:
redirect_to = url_for('profile')
return redirect(redirect_to)
def profile():
"""User profile information. Assocated with a Globus Auth identity."""
if request.method == 'GET':
identity_id = session.get('primary_identity')
try:
user = get_user_info(session)
unix_name = user['metadata']['unix_name']
profile = get_user_profile(unix_name)
except:
profile = None
if profile:
print("Found profile: {}".format(profile))
profile = profile['metadata']
unix_name = profile['unix_name']
group_name = session['url_host']['unix_name']
user_status = get_user_group_status(unix_name, group_name, session)
else:
flash(
'Please complete any missing profile fields and press Save.', 'warning')
return redirect(url_for('create_profile'))
if request.args.get('next'):
session['next'] = get_safe_redirect()
group_memberships = []
for group in profile['group_memberships']:
if ((session['url_host']['unix_name'] in group['name']) and (len(group['name'].split('.')) > 1)):
group_memberships.append(group)
domain_name = domain_name_edgecase()
with open(brand_dir + '/' + domain_name + "/form_descriptions/group_unix_name_description.md", "r") as file:
group_unix_name_description = file.read()
return render_template('profile.html', profile=profile,
user_status=user_status,
group_memberships=group_memberships,
group_unix_name_description=group_unix_name_description)
def authcallback():
"""Handles the interaction with Globus Auth."""
# If we're coming back from Globus Auth in an error state, the error
# will be in the "error" query string parameter.
if 'error' in request.args:
flash("You could not be logged into the portal: " +
request.args.get('error_description', request.args['error']), 'warning')
return redirect(url_for('home'))
# Set up our Globus Auth/OAuth2 state
redirect_uri = url_for('authcallback', _external=True)
client = load_portal_client()
client.oauth2_start_flow(redirect_uri, refresh_tokens=True)
# If there's no "code" query string parameter, we're in this route
# starting a Globus Auth login flow.
if 'code' not in request.args:
# print("SIGNUP: {} ".format(request.args))
next_url = get_safe_redirect()
additional_authorize_params = (
{'signup': 1} if request.args.get('signup') else {'next': next_url})
auth_uri = client.oauth2_get_authorize_url(
additional_params=additional_authorize_params)
print("ADDITIONAL AUTHORIZED PARAMS: {}".format(additional_authorize_params))
print("NEXT URL: {}".format(next_url))
return redirect(auth_uri)
else:
# If we do have a "code" param, we're coming back from Globus Auth
# and can start the process of exchanging an auth code for a token.
print("GOT OUT OF AUTH URI LOOP")
next_url = get_safe_redirect()
print("NEXT URL: {}".format(next_url))
code = request.args.get('code')
tokens = client.oauth2_exchange_code_for_tokens(code)
id_token = tokens.decode_id_token(client)
session.update(
tokens=tokens.by_resource_server,
is_authenticated=True,
name=id_token.get('name', ''),
email=id_token.get('email', ''),
institution=id_token.get('organization', ''),
primary_username=id_token.get('preferred_username'),
primary_identity=id_token.get('sub'),
)
access_token = session['tokens']['auth.globus.org']['access_token']
token_introspect = client.oauth2_token_introspect(
token=access_token, include='identity_set')
identity_set = token_introspect.data['identity_set']
profile = None
for identity in identity_set:
query = {'token': ciconnect_api_token,
'globus_id': identity}
try:
r = requests.get(
ciconnect_api_endpoint + '/v1alpha1/find_user', params=query)
# r = get_user_info(session)
if r.status_code == requests.codes.ok:
user_info = r.json()
# user_access_token = user_info['metadata']['access_token']
unix_name = user_info['metadata']['unix_name']
profile = requests.get(
ciconnect_api_endpoint + '/v1alpha1/users/' + unix_name, params=query)
profile = profile.json()
session['primary_identity'] = identity
except:
print("NO PROFILE FOUND WITH IDENTITY: {}".format(identity))
connect_keynames = {'atlas': {'name': 'atlas-connect',
'display_name': 'Atlas Connect',
'unix_name': 'root.atlas'},
'cms': {'name': 'cms-connect',
'display_name': 'CMS Connect',
'unix_name': 'root.cms'},
'duke': {'name': 'duke-connect',
'display_name': 'Duke Connect',
'unix_name': 'root.duke'},
'uchicago': {'name': 'uchicago-connect',
'display_name': 'UChicago Connect',
'unix_name': 'root.uchicago'},
'spt': {'name': 'spt-connect',
'display_name': 'SPT Connect',
'unix_name': 'root.spt'},
'psdconnect': {'name': 'psd-connect',
'display_name': 'PSD Connect',
'unix_name': 'root.uchicago'},
'snowmass21': {'name': 'snowmass21-connect',
'display_name': 'Snowmass21 Connect',
'unix_name': 'root.snowmass21'},
'localhost': {'name': 'snowmass21-connect',
'display_name': 'Snowmass21 Connect',
'unix_name': 'root.snowmass21'}}
url_host = request.host
try:
referrer = urlparse(request.referrer)
# print("REFERRER: {}".format(referrer))
queries = parse_qs(referrer.query)
# print("QUERIES: {}".format(queries))
redirect_uri = queries['redirect_uri'][0]
# print("REDIRECT URI: {}".format(redirect_uri))
next_url = queries['next'][0]
# print("AFTER QUERIES NEXT URL: {}".format(next_url))
except:
next_url = '/'
if 'ci-connect' in url_host:
session['url_host'] = {'name': 'ci-connect',
'display_name': 'CI Connect',
'unix_name': 'root'}
for key, value in list(connect_keynames.items()):
if key in url_host:
session['url_host'] = value
if profile:
profile = profile['metadata']
session['name'] = profile['name']
session['email'] = profile['email']
session['phone'] = profile['phone']
session['institution'] = profile['institution']
session['unix_name'] = profile['unix_name']
session['url_root'] = request.url_root
# session['url_host'] = (request.host).split(':')[0]
session['admin'] = admin_check(profile['unix_name'])
else:
session['url_root'] = request.url_root
return redirect(url_for('create_profile',
next=url_for('profile')))
# print("FINAL NEXT URL: {}".format(next_url))
if next_url == '/':
return redirect(url_for('profile'))
else:
return redirect(next_url)
def login():
"""Send the user to Globus Auth."""
next_url = get_safe_redirect()
return redirect(url_for('authcallback', next=next_url))