def delete_tenant(id):
"""
Delete a tenant
"""
DataAccess().delete_beacon(id)
return jsonify({'result':'ok'})
def add_tenant():
"""
Add a new tenant to the system
"""
document = request.json
return jsonify({'id':DataAccess().add_beacon(document)})
def get_tenant(id): """ Get a tenant by id """ beacon = DataAccess().get_beacon(id) return jsonify(beacon);
def query1(chrom, position, allele, reference):
"""
Canonical Query 1
"""
# TODO: Validate parameters
beacons = DataAccess().get_beacons()
print(beacons, file=sys.stderr)
# TODO: These can run in parallel
# TODO: Validate the response from these calls
# TODO: Make this async message based
# TODO: The hub query API will be made meta-data defined
results = []
for beacon in beacons:
print(beacon['endpoint'] + request.path, file=sys.stderr)
resp = requests.get(beacon['endpoint'] + request.path).json()
results.append({
'beacon': beacon['name'],
'description': beacon['description'],
'result': resp
})
return jsonify(results)
def get_tenant_list(): """ Get a list of the tenants """ beacons = DataAccess().get_beacons() return jsonify(beacons);
def update_tenant(id):
"""
Update a tenant
"""
document = request.json
DataAccess().update_beacon(id, document)
return jsonify({'result':'ok'})
def login():
"""
handle oidc reponse
"""
client = Client(Settings.auth_client_id)
user_jwt = jwt.decode(request.form['id_token'], verify=False)
"""
The user JWT looks like the following sample:
{'exp': 1471450431,
'oid': '775ae09f-4b24-43ab-aedf-288a75855d08',
'sub': 'CStosuMbvdWGvY2LQ_TAsvk1t96YgWRdQ4LdT3fnCbs',
'c_hash': '9oSWc6X5ahpiS_RcOiQhAw',
'ver': '2.0',
'aud': 'f123a339-be25-420f-a843-ecad0938a050',
'nonce': 'aLXyOyz36OEQKr2n',
'name': 'Test User',
'preferred_username': '******',
'iat': 1471446531,
'nbf': 1471446531,
'tid': '358c5b34-4387-4b88-9dc6-7feaa77483de',
'iss': 'https://login.microsoftonline.com/358c5b34-4387-4b88-9dc6-7feaa77483de/v2.0'}
"""
#TODO !!!! Validate 'tid' claim and the tenant signature.
#TODO Store the oid for the user and the name, once the user authenticates we should use this to authorize users
print(request.form['id_token'])
print(user_jwt)
# TODO Update token validation to retrieve certificate
"""
auth_response = client.parse_response(AuthorizationResponse,
info = request.form,
sformat = "dict",
verify = False)
"""
response = make_response(redirect('/'))
preferred_username = user_jwt['preferred_username']
# verify the token is a valid user in the system
# we can improve on this by checking status as well
# maybe we will change this to check the tenant/role attributes instead
username = DataAccess().get_user(preferred_username)
# we keep a list of valide users in the database
# ideally we would just check roles from the provider
# but there are some challenges managing the group and role claims in the provider right now
# and we may want to consider a simple authorization service or working out the claims
if (username is None):
if (preferred_username != Settings.admin_user):
abort(401)
# TODO add the seed admin user to the authorization store
# TODO Add expiration to the jwt and support a refresh
encoded = jwt.encode({'userid': user_jwt['preferred_username']},
'secret',
algorithm='HS256')
# set the session token in a cookie
# TODO make this HttpOnly
response.set_cookie('session_id', encoded)
# validate in the auth handler
# jwt.decode(encoded, 'secret', algorithms=['HS256'])
return response