def init_auth_helper(self):
if AuthHelper.isInitialized() == False:
auth_helper = AuthHelper.create(self.app_client_id,
self.app_client_secret)
else:
auth_helper = AuthHelper.instance()
return auth_helper
def get_provenance_data_object(self, token, groupUUID=None):
provenance_group = None
try:
if groupUUID != None:
provenance_group = self.get_group_by_identifier(groupUUID)
else:
#manually find the group id given the current user:
group_uuid = None
entity = Entity(self.provenance_config['APP_CLIENT_ID'],
self.provenance_config['APP_CLIENT_SECRET'],
self.provenance_config['UUID_WEBSERVICE_URL'])
group_list = entity.get_user_groups(token)
for grp in group_list:
if grp['generateuuid'] == True:
groupUUID = grp['uuid']
# if provenance_group is already set, this means the user belongs to more than one writable group
if provenance_group != None:
ValueError(
'Error: Current user is a member of multiple groups allowed to create new entities. The user must select which one to use'
)
provenance_group = self.get_group_by_identifier(
groupUUID)
#TODO: THIS IS HARDCODED!! WE NEED TO CHANGE THIS TO TRACK TEST GROUPS DIFFERENTLY
# for now if the group is the IEC Testing group, keep looking for a different group
# only use the IEC Testing group if no other writable group is found for the user
# NOTE: this code will simply return the first writable group it encounters
if groupUUID != '5bd084c8-edc2-11e8-802f-0e368f3075e8':
break
if groupUUID == None:
raise ValueError(
'Unauthorized: Current user is not a member of a group allowed to create new entities'
)
except ValueError as ve:
raise ve
ret_provenance_group = {
HubmapConst.PROVENANCE_GROUP_UUID_ATTRIBUTE:
groupUUID,
HubmapConst.PROVENANCE_GROUP_NAME_ATTRIBUTE:
provenance_group['displayname']
}
authcache = None
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
self.provenance_config['appclientid'],
self.provenance_config['appclientsecret'])
else:
authcache = AuthHelper.instance()
userinfo = authcache.getUserInfo(token, True)
ret_provenance_group[
HubmapConst.PROVENANCE_SUB_ATTRIBUTE] = userinfo['sub']
ret_provenance_group[
HubmapConst.PROVENANCE_USER_EMAIL_ATTRIBUTE] = userinfo['email']
ret_provenance_group[
HubmapConst.
PROVENANCE_USER_DISPLAYNAME_ATTRIBUTE] = userinfo['name']
return ret_provenance_group
def get_group_by_identifier(self, identifier):
if len(identifier) == 0:
raise ValueError("identifier cannot be blank")
authcache = None
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
self.md_config['APP_CLIENT_ID'], self.md_config['APP_CLIENT_SECRET'])
else:
authcache = AuthHelper.instance()
groupinfo = authcache.getHuBMAPGroupInfo()
# search through the keys for the identifier, return the value
for k in groupinfo.keys():
if str(k).lower() == str(identifier).lower():
group = groupinfo.get(k)
return group
else:
group = groupinfo.get(k)
if str(group['uuid']).lower() == str(identifier).lower():
return group
raise ValueError("cannot find a Hubmap group matching: [" + identifier + "]")
def init_app(self, flask_app):
client_id = get_config_param('APP_CLIENT_ID')
client_secret = get_config_param('APP_CLIENT_SECRET')
self.flask_app = flask_app
self.login_manager.init_app(self.flask_app)
self.globus_oauth = globus_sdk.ConfidentialAppAuthClient(
get_config_param('APP_CLIENT_ID'),
get_config_param('APP_CLIENT_SECRET'))
self.login_manager.user_loader(self.load_user)
self.flask_app.add_url_rule('/login', 'login', self.login)
if not AuthHelper.isInitialized():
self.authHelper = AuthHelper.create(clientId=client_id,
clientSecret=client_secret)
else:
self.authHelper = AuthHelper.instance()
def get_writeable_flag(self, token, writeable_uuid_list, current_record):
authcache = None
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(self.confdata['APP_CLIENT_ID'],
self.confdata['APP_CLIENT_SECRET'])
else:
authcache = AuthHelper.instance()
userinfo = None
userinfo = authcache.getUserInfo(token, True)
role_list = AuthCache.getHMRoles()
data_curator_uuid = role_list['hubmap-data-curator']['uuid']
is_data_curator = False
for role_uuid in userinfo['hmroleids']:
if role_uuid == data_curator_uuid:
is_data_curator = True
break
# the data curator role overrules the group level write rules
if is_data_curator == True:
if current_record['metadata_properties']['status'] in [
HubmapConst.DATASET_STATUS_QA
]:
return True
else:
return False
# perform two checks:
# 1. make sure the user has write access to the record's group
# 2. make sure the record has a status that is writable
if current_record['metadata_properties'][
'provenance_group_uuid'] in writeable_uuid_list:
if current_record['metadata_properties']['status'] in [
HubmapConst.DATASET_STATUS_NEW,
HubmapConst.DATASET_STATUS_ERROR,
HubmapConst.DATASET_STATUS_REOPENED
]:
return True
return False
def __init__(self, clientId, clientSecret, dbHost, dbName, dbUsername,
dbPassword):
if clientId is None or clientSecret is None or isBlank(
clientId) or isBlank(clientSecret):
raise Exception(
"Globus client id and secret are required in AuthHelper")
if not AuthHelper.isInitialized():
self.authHelper = AuthHelper.create(clientId=clientId,
clientSecret=clientSecret)
else:
self.authHelper.instance()
#Open the config file
self.logger = logging.getLogger('uuid.service')
self.dbHost = dbHost
self.dbName = dbName
self.dbUsername = dbUsername
self.dbPassword = dbPassword
self.lock = threading.RLock()
self.hmdb = DBConn(self.dbHost, self.dbUsername, self.dbPassword,
self.dbName)
elif key.upper() in dct[section]:
rslt = dct[section][key.upper()]
else:
raise AirflowConfigException('No config entry for [{}] {}'.format(
section, key))
# airflow config reader leaves quotes, which we want to strip
for qc in ['"', "'"]:
if rslt.startswith(qc) and rslt.endswith(qc):
rslt = rslt.strip(qc)
return rslt
else:
raise AirflowConfigException('No config section [{}]'.format(section))
AUTH_HELPER = None
if not AuthHelper.isInitialized():
AUTH_HELPER = AuthHelper.create(clientId=config('connections',
'app_client_id'),
clientSecret=config(
'connections', 'app_client_secret'))
else:
AUTH_HELPER = authHelper.instance()
class HubmapApiInputException(Exception):
pass
class HubmapApiConfigException(Exception):
pass
LOG_FILE_NAME = "../log/ontology-api-" + time.strftime("%d-%m-%Y-%H-%M-%S") + ".log"
logger = None
# Specify the absolute path of the instance folder and use the config file relative to the instance path
app = Flask(__name__, instance_path=os.path.join(os.path.abspath(os.path.dirname(__file__)), 'instance'), instance_relative_config=True)
app.config.from_pyfile('app.cfg')
# Enable/disable CORS from configuration based on docker or non-docker deployment
if app.config['ENABLE_CORS']:
CORS(app)
token_list = {}
# Initialize the AuthHelper
# This is used by the @secured decorator
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
app.config['APP_CLIENT_ID'], app.config['APP_CLIENT_SECRET'])
else:
authcache = AuthHelper.instance()
@app.before_first_request
def init():
global logger
try:
logger = logging.getLogger('ontology.service')
logger.setLevel(logging.INFO)
logFH = logging.FileHandler(LOG_FILE_NAME)
logger.addHandler(logFH)
logger.info("started")
except Exception as e: