def get_globus_client(self, username=None): """ Get Globus SDK RESTful clients Args: username (str): User's GlobusID username Returns: auth_client (Globus SDK Client): Globus Auth RESTful client nexus_client (Globus Nexus Client): Globus Auth-based RESTful Globus Nexus client """ if username is None: username = self.config["globus"]["root_user"]["username"] log.debug("Getting Globus SDK Auth and Nexus client for user %s", username) # Setting up Globus SDK client client_id = self.config["globus"]["app"]["client_id"] client_secret = self.config["globus"]["app"]["client_secret"] confidential_client = globus_sdk.ConfidentialAppAuthClient( client_id, client_secret) # Getting Authorizers auth_token, nexus_token = self.get_tokens(username) auth_authorizer = globus_sdk.RefreshTokenAuthorizer( auth_token, confidential_client) nexus_authorizer = globus_sdk.RefreshTokenAuthorizer( nexus_token, confidential_client) auth_client = globus_sdk.AuthClient(authorizer=auth_authorizer) nexus_client = NexusClient(authorizer=nexus_authorizer) return auth_client, nexus_client
def get_native_app_authorizer(client_id, service): tokens = None try: # if we already have tokens, load and use them tokens = load_tokens_from_file(TOKEN_FILE) except: pass if not tokens: tokens = do_native_app_authentication(client_id=client_id, redirect_uri=REDIRECT_URI, requested_scopes=SCOPES) try: save_tokens_to_file(TOKEN_FILE, tokens) except: pass tokens = tokens[service] auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id) return globus_sdk.RefreshTokenAuthorizer( tokens['refresh_token'], auth_client, access_token=tokens['access_token'], expires_at=tokens['expires_at_seconds'], on_refresh=update_tokens_file_on_refresh)
def _get_native_app_authorizer(client_id): tokens = None try: tokens = _load_tokens_from_file(TOKEN_FILE) except Exception: pass if not tokens: tokens = _do_native_app_authentication(client_id=client_id, redirect_uri=REDIRECT_URI, requested_scopes=SCOPES) try: _save_tokens_to_file(TOKEN_FILE, tokens) except Exception: pass transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id) return globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'], on_refresh=_update_tokens_file_on_refresh)
def get_search_client(): storage_adapter = token_storage_adapter() maybe_existing = storage_adapter.read_as_dict() refresh_token, access_token, access_token_expires = None, None, None if maybe_existing is not None and SEARCH_RESOURCE_SERVER in maybe_existing: searchdata = maybe_existing[SEARCH_RESOURCE_SERVER] access_token = searchdata["access_token"] refresh_token = searchdata["refresh_token"] access_token_expires = searchdata["expires_at_seconds"] authorizer = None if access_token_expires is not None: authorizer = globus_sdk.RefreshTokenAuthorizer( refresh_token, internal_auth_client(), access_token=access_token, expires_at=int(access_token_expires), on_refresh=storage_adapter.on_refresh, ) add_kwargs = {} if BASE_URL: add_kwargs["base_url"] = BASE_URL return SearchClient( authorizer=authorizer, app_name="search-client-cli v{}".format(version.__version__), **add_kwargs )
def globus_get_authorizer() -> globus_sdk.RefreshTokenAuthorizer: """Returns Globus authorization information (requires user interaction) Return: The authorizer instance """ auth_client = globus_sdk.NativeAppAuthClient(GLOBUS_CLIENT_ID) auth_client.oauth2_start_flow(refresh_tokens=True) authorize_url = auth_client.oauth2_get_authorize_url() print("Authorization URL: %s" % authorize_url) print("Go to the following URL to obtain the authorization code:", authorize_url) get_input = getattr(__builtins__, 'raw_input', input) auth_code = get_input('Enter the authorization code: ').strip() token_response = auth_client.oauth2_exchange_code_for_tokens(auth_code) transfer_info = token_response.by_resource_server[ 'transfer.api.globus.org'] return globus_sdk.RefreshTokenAuthorizer( transfer_info['refresh_token'], auth_client, access_token=transfer_info['access_token'], expires_at=transfer_info['expires_at_seconds'])
def get_transfer_client(client_id, transfer_rt, transfer_at, expires_at_s): client = globus_sdk.NativeAppAuthClient(client_id) client.oauth2_start_flow(refresh_tokens=True) authorizer = globus_sdk.RefreshTokenAuthorizer( transfer_rt, client, access_token=transfer_at, expires_at=int(expires_at_s)) tc = globus_sdk.TransferClient(authorizer=authorizer) return tc
def get_transfer_client(): tokens = None try: # if we already have tokens, load and use them tokens = load_tokens_from_file(p.opt["globusTokenFile"]) except: pass if not tokens: # if we need to get tokens, start the Native App authentication process tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES) try: save_tokens_to_file(p.opt["globusTokenFile"], tokens) except: pass transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID) authorizer = globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'], on_refresh=update_tokens_file_on_refresh) transfer = globus_sdk.TransferClient(authorizer=authorizer) myproxy_lifetime = 720 # in hours. What's the maximum? try: r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"], if_expires_in=3600) while (r["code"] == "AutoActivationFailed"): print( "Endpoint requires manual activation, please use your UCAS name/password for this activation. " "You can activate via the command line or via web browser:\n" "WEB BROWSER -- Open the following URL in a browser to activate the " "endpoint:") print( f"https://app.globus.org/file-manager?origin_id={p.opt['archiveEndPoint']}" ) print("CMD LINE -- run this from your shell: ") print( f"globus endpoint activate --myproxy --myproxy-lifetime {myproxy_lifetime} {p.opt['archiveEndPoint']}" ) input("Press ENTER after activating the endpoint:") r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"], if_expires_in=3600) except globus_sdk.exc.GlobusAPIError as ex: print("endpoint_autoactivation failed.") print(ex) if ex.http_status == 401: sys.exit('Refresh token has expired. ' 'Please delete refresh-tokens.json and try again.') else: raise ex return transfer
def login(base_url, default_index): tok_path = os.path.expanduser('~/.globus_datasearch_client_tokens.json') def _write_tokfile(tokens): # deny rwx to Group and World -- don't bother storing the returned old # mask value, since we'll never restore it anyway # do this on every call to ensure that we're always consistent about it os.umask(0o077) with open(tok_path, 'w') as f: f.write(json.dumps(tokens)) def _update_tokfile(token_response): tokens = token_response.by_resource_server['datasearch.api.globus.org'] _write_tokfile(tokens) if os.path.exists(tok_path): with open(tok_path) as f: tokens = json.load(f) else: tokens = _interactive_login() _write_tokfile(tokens) authorizer = globus_sdk.RefreshTokenAuthorizer( tokens['refresh_token'], _load_auth_client(), tokens['access_token'], tokens['expires_at_seconds'], on_refresh=_update_tokfile) return DataSearchClient(base_url, default_index=default_index, authorizer=authorizer)
def connect(self): lg = self.config['login'] self.refresh_token_file = refresh_token_file = lg['refresh token file'] have_refresh = os.path.exists(refresh_token_file) if have_refresh: with open(refresh_token_file) as f: token = f.readline().strip() self.authorizer = globus_sdk.RefreshTokenAuthorizer( refresh_token=token, auth_client=self.client) return #have a refresh token, all we need else: aurl = self.client.oauth2_get_authorize_url() browser = lg.getboolean('browser') if browser: webbrowser.open(aurl) time.sleep(0.5) else: print("open url {}".format(aurl)) print("login and paste result") auth_code = input("Paste globus response: ") tokens = self.client.oauth2_exchange_code_for_tokens(auth_code) transfer_data = tokens.by_resource_server['transfer.api.globus.org'] TRANSFER_TOKEN = transfer_data['access_token'] if not have_refresh: refresh = transfer_data['refresh_token'] with open(refresh_token_file, 'w') as f: print("{}".format(refresh), file=f) self.authorizer = globus_sdk.AccessTokenAuthorizer(TRANSFER_TOKEN)
def refresh_tokens(self, tokens): """ Explicitly refresh a token. Called automatically by load_tokens(). """ if not self._refreshable(tokens): raise TokensExpired('No Refresh Token, cannot refresh tokens: ', resource_servers=tokens.keys()) for rs, token_dict in tokens.items(): authorizer = globus_sdk.RefreshTokenAuthorizer( token_dict['refresh_token'], self.client, access_token=token_dict['access_token'], expires_at=token_dict['expires_at_seconds'], ) try: ensure_valid_token = ( getattr(authorizer, 'check_expiration_time', None) or getattr(authorizer, 'ensure_valid_token', None)) ensure_valid_token() token_dict['access_token'] = authorizer.access_token token_dict['expires_at_seconds'] = authorizer.expires_at except globus_sdk.AuthAPIError as aapie: if aapie.message == 'invalid_grant': raise TokensExpired('Refresh Token Expired: ', resource_servers=[rs]) return tokens
def setUp(self): """ Makes a refresh_token grant to get new tokens for teseting Sets up an AuthClient and a RefreshTokenAuthorizer with a mock on_refresh function for testing their interactions """ super(RefreshTokenAuthorizerIntegrationTests, self).setUp() client_id = get_client_data()["native_app_client1"]["id"] form_data = {'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT, 'grant_type': 'refresh_token', 'client_id': client_id} token_res = globus_sdk.AuthClient().oauth2_token(form_data) token_res = token_res.by_resource_server self.access_token = token_res[ 'transfer.api.globus.org']['access_token'] self.expires_at = token_res[ 'transfer.api.globus.org']['expires_at_seconds'] self.on_refresh = mock.Mock() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) self.authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, self.nac, access_token=self.access_token, expires_at=self.expires_at, on_refresh=self.on_refresh) self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def activate_token(token): logging.debug("activate_token: Starting") client = globus_sdk.NativeAppAuthClient(CLIENT_ID) authorizer = globus_sdk.RefreshTokenAuthorizer(token['transfer_rt'], client) logging.debug(authorizer) return authorizer
def get_native_app_authorizer(client_id): tokens = None client = NativeClient(client_id=client_id, app_name=APP_NAME) try: # if we already have tokens, load and use them tokens = client.load_tokens(requested_scopes=SCOPES) except: pass if not tokens: tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True) try: client.save_tokens(tokens) except: pass transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id) return globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'])
def get_search_client(): def search_refresh_callback(token_response): tkn = token_response.by_resource_server token = tkn["search.api.globus.org"]["access_token"] expires_at = tkn["search.api.globus.org"]["expires_at_seconds"] write_option(SEARCH_AT_OPTNAME, token) write_option(SEARCH_AT_EXPIRES_OPTNAME, expires_at) refresh_token = lookup_option(SEARCH_RT_OPTNAME) access_token = lookup_option(SEARCH_AT_OPTNAME) access_token_expires = lookup_option(SEARCH_AT_EXPIRES_OPTNAME) authorizer = None if access_token_expires is not None: authorizer = globus_sdk.RefreshTokenAuthorizer( refresh_token, internal_auth_client(), access_token, int(access_token_expires), on_refresh=search_refresh_callback, ) return globus_sdk.SearchClient( authorizer=authorizer, app_name="search-client-cli v{}".format(version.__version__), )
def status(source_name): # Make MDFCC try: logger.debug("Creating MDFCC for status") auth_client = globus_sdk.ConfidentialAppAuthClient( app.config['PORTAL_CLIENT_ID'], app.config['PORTAL_CLIENT_SECRET']) mdf_authorizer = globus_sdk.RefreshTokenAuthorizer( session["tokens"]["mdf_dataset_submission"]["refresh_token"], auth_client) mdfcc = mdf_connect_client.MDFConnectClient( service_instance=app.config["MDFCC_SERVICE"], authorizer=mdf_authorizer) except Exception as e: logger.error("Status MDFCC init: {}".format(repr(e))) json_res = {"success": False, "error": "Unable to initialize client."} else: try: logger.debug("Requesting status") json_res = mdfcc.check_status(source_name, raw=True) except Exception as e: logger.error("Status request: {}".format(repr(e))) json_res = {"success": False, "error": "Status request failed."} # return (jsonify(json_res), status_code) return render_template("status.jinja2", status_res=json_res)
def get_transfer_client(self): # Cache the client so we don't create a new one for every call, but don't hold on to it for too long. if self.transfer_client is not None: seconds = (self.transfer_client_date - datetime.now()).total_seconds() if seconds < 3200: return self.transfer_client self.client = globus_sdk.NativeAppAuthClient(self.GLOBUS_CLIENT_ID) self.client.oauth2_start_flow(refresh_tokens=True) # Refresh the token - so we don't get logged out. oauth_data = self.client.oauth2_refresh_token(self.GLOBUS_TRANSFER_RT) new_at = oauth_data.data['access_token'] transfer_authorizer = globus_sdk.RefreshTokenAuthorizer(self.GLOBUS_TRANSFER_RT, self.client, access_token=new_at, expires_at=self.EXPIRES_AT) transfer_client = globus_sdk.TransferClient(authorizer=transfer_authorizer) # Be sure to activate both endpoints r = transfer_client.endpoint_autoactivate(self.GLOBUS_DTN_ENDPOINT, if_expires_in=3600) r2 = transfer_client.endpoint_autoactivate(self.GLOBUS_IVY_ENDPOINT, if_expires_in=3600) if r['code'] == 'AutoActivationFailed' or r2['code'] == 'AutoActivationFailed': app.logger.error('Endpoint({}) Not Active! Error! Source message: {}'.format(self.GLOBUS_CLIENT_ID, r['message'])) elif r['code'] == 'AutoActivated.CachedCredential' or r2['code'] == 'AutoActivated.CachedCredential': app.logger.error('Endpoint({}) autoactivated using a cached credential.'.format(self.GLOBUS_CLIENT_ID)) elif r['code'] == 'AutoActivated.GlobusOnlineCredential' or r2['code'] == 'AutoActivated.GlobusOnlineCredential': app.logger.error(('Endpoint({}) autoactivated using a built-in Globus credential.').format(self.GLOBUS_CLIENT_ID)) elif r['code'] == 'AlreadyActivated' or r2['code'] == 'AlreadyActivated': app.logger.info('Endpoint({}) already active until at least {}'.format(self.GLOBUS_CLIENT_ID, 3600)) self.transfer_client = transfer_client self.transfer_client_date = datetime.now() return self.transfer_client
def get_authorizer(self): """Create an authorizer to use with Globus Service Clients.""" client, tokens = self.get_tokens() # most specifically, you want these tokens as strings refresh_token = tokens["refresh_token"] authorizer = globus_sdk.RefreshTokenAuthorizer(refresh_token, client) return authorizer
def globus_transfer_client(): transfer_rt = get_globus_transfer_rt() if not transfer_rt: create_globus_token() transfer_rt = get_globus_transfer_rt() client = create_globus_client() authorizer = globus_sdk.RefreshTokenAuthorizer(transfer_rt, client) tc = globus_sdk.TransferClient(authorizer=authorizer) return tc
def setUpClass(self): """ Sets up transfer client for creating Data objects """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.tc = globus_sdk.TransferClient(authorizer=authorizer)
def login_auto(globus_client_id, str_app='globus'): token = params.read(str_app) if not token: raise ValueError( "Token file doesn't exist, run ibllib.io.globus.setup first") client = globus.NativeAppAuthClient(globus_client_id) client.oauth2_start_flow(refresh_tokens=True) authorizer = globus.RefreshTokenAuthorizer(token.transfer_rt, client) return globus.TransferClient(authorizer=authorizer)
def __init__(self): self.transfer_rt = TRANSFER_RT self.transfer_at = TRANSFER_AT self.client = globus_sdk.NativeAppAuthClient(CLIENT_ID) self.authorizer = globus_sdk.RefreshTokenAuthorizer( self.transfer_rt, self.client, access_token=self.transfer_at) self.transfer_client = globus_sdk.TransferClient( authorizer=self.authorizer)
def setUpClass(self): """ Does an auth flow to create an authorized client for sdktester1a and sdktester2b Cleans out any old sharing files before running tests """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer1 = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.tc = globus_sdk.TransferClient(authorizer=authorizer1) authorizer2 = globus_sdk.RefreshTokenAuthorizer( SDKTESTER2B_NATIVE1_TRANSFER_RT, ac) self.tc2 = globus_sdk.TransferClient(authorizer=authorizer2) cleanSharing(self.tc)
def main(): """ main program """ my_end_points = ( 'ncsa#BlueWaters', 'ncsa#BlueWaters-Duo', 'ncsa#BlueWatersAWS', 'BW Google Drive Endpoint', 'ncsa#jyc', 'umn#pgc-terranova', 'illinois_duo', ) tokens = load_tokens_from_file(TOKEN_FILE) if not tokens: # if we need to get tokens, start the Native App authentication process tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES) save_tokens_to_file(TOKEN_FILE, tokens) transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID) authorizer = globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'], on_refresh=update_tokens_file_on_refresh) tclient = globus_sdk.TransferClient(authorizer=authorizer) # for the GO endpoints listed above ... total_servers_down = 0 for endpoint in my_end_points: # Find the endpoint with search so that a replaced endpoint # with a replacement id will still be checked. for myep in tclient.endpoint_search(filter_fulltext=endpoint): # Isolate the search results to an exact match by forcing # /^endpoint$/ as the regex search we are matching. epsearchstring = "^" + endpoint + "$" if re.search(epsearchstring, myep['display_name'], flags=0): print("-->", myep['display_name'], myep['id']) total_servers_down += my_endpoint_manager_server_check( tclient, myep['id']) # Something is broken in the endpoint_search for illinois#iccp so this one is handled # separately. The id below is updated manually from the GO web page of endpoints. illinois_iccp_id = "9cd89c31-6d04-11e5-ba46-22000b92c6ec" print("--> illinois#iccp", illinois_iccp_id) total_servers_down += my_endpoint_manager_server_check( tclient, illinois_iccp_id) if total_servers_down > 0: # for the Jenkins test harness sys.exit(-1)
def get_deriva_token(): # TODO: When decision is made about user auth vs. conf client auth, implement. # Currently using personal refresh token for scope. # Refresh token will expire in six months(?) # Date last generated: 9-26-2019 return globus_sdk.RefreshTokenAuthorizer( refresh_token=CONFIG["TEMP_REFRESH_TOKEN"], auth_client=globus_sdk.NativeAppAuthClient( CONFIG["GLOBUS_NATIVE_APP"])).access_token
def __init__(self): """ The ACLManager is used to add and remove acl endpoints for KBase Users on our Globus Share """ logging.basicConfig(stream=sys.stdout, level=logging.DEBUG) config = configparser.ConfigParser() config.read("/etc/globus.cfg") cf = config['globus'] self.endpoint_id = cf['endpoint_id'] client = globus_sdk.NativeAppAuthClient(cf['client_id']) try: transfer_authorizer = globus_sdk.RefreshTokenAuthorizer(cf['transfer_token'], client) self.globus_transfer_client = globus_sdk.TransferClient(authorizer=transfer_authorizer) auth_authorizer = globus_sdk.RefreshTokenAuthorizer(cf['auth_token'], client) self.globus_auth_client = globus_sdk.AuthClient(authorizer=auth_authorizer) except globus_sdk.GlobusAPIError as error: logging.error(str(error.code) + error.raw_text) raise HTTPInternalServerError(text=str("Invalid Token Specified in globus.cfg file"))
def login_auto(globus_client_id, str_app='globus/default'): token = params.read(str_app) required_fields = {'refresh_token', 'access_token', 'expires_at_seconds'} if not (token and required_fields.issubset(token.as_dict())): raise ValueError( "Token file doesn't exist, run ibllib.io.globus.setup first") client = globus.NativeAppAuthClient(globus_client_id) client.oauth2_start_flow(refresh_tokens=True) authorizer = globus.RefreshTokenAuthorizer(token.refresh_token, client) return globus.TransferClient(authorizer=authorizer)
def setUpClass(self): """ Creates a BaseClient object for testing """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.bc = BaseClient("transfer", base_path="/v0.10/", authorizer=authorizer)
def init_transfer_client(self): '''return a transfer client for the user''' if self._tokens_need_update(): self._update_tokens() # Createe Refresh Token Authorizer authorizer = globus_sdk.RefreshTokenAuthorizer( self.transfer['refresh_token'], self._client, access_token=self.transfer['access_token'], expires_at=self.transfer['expires_at_seconds']) self.transfer_client = globus_sdk.TransferClient(authorizer=authorizer)
def acquire_clients(request): # connect to the service client = globus_sdk.NativeAppAuthClient(request["client_id"]) if request["transfer_rt"] is None: authorizer = globus_sdk.AccessTokenAuthorizer(request["transfer_at"]) else: authorizer = globus_sdk.RefreshTokenAuthorizer( request["transfer_rt"], client, access_token=request["transfer_at"], expires_at=int(request["transfer_at_exp"]), ) transfer_client = globus_sdk.TransferClient(authorizer=authorizer) return client, transfer_client
def get_refresh_token_authorizer(self): """ Attempts to get an authorizer object that uses refresh tokens (for automatic authentication). It requires a refresh token to work. :returns: Globus SDK authorizer object """ # Get client from globus sdk to act on client = globus_sdk.NativeAppAuthClient(self.CLIENT_ID) client.oauth2_start_flow(refresh_tokens=True) # Get authorizer that handles the refreshing of token try: return globus_sdk.RefreshTokenAuthorizer(self.TRANSFER_RT, client) except globus_sdk.exc.AuthAPIError as e: sys.exit("Transfer refresh token file {} is outdated, " "please remove and try running again".format( self.transfer_rt_filename))