def test_auth_api_server_error_no_json():
client = AuthAPIClient(_REMOTE)
def callback(request, uri, response_headers):
return [
500, response_headers, "Guru Meditation deadcafebeef-feed12345678"
]
httpretty.register_uri(httpretty.HTTPretty.POST,
_ENDPOINT + "/get_refresh_token",
body=callback)
with pytest.raises(AuthAPIError) as e:
client.get_refresh_token("someuser", "somepassword")
assert "deadcafebeef-feed12345678" in str(e)
def test_auth_api_user_error():
client = AuthAPIClient(_REMOTE)
def callback(request, uri, response_headers):
assert json.loads(request.body) == {
"username": "******",
"password": "******"
}
return [
400, response_headers,
json.dumps({"error": "Invalid username or password"})
]
httpretty.register_uri(httpretty.HTTPretty.POST,
_ENDPOINT + "/refresh_token",
body=callback)
with pytest.raises(AuthAPIError) as e:
client.get_refresh_token("someuser", "somepassword")
assert isinstance(e.__cause__, HTTPError)
assert "403" in str(e.__cause__)
def login_c(username, password, remote, overwrite, skip_inject):
"""Log into a Splitgraph registry with username/password.
This will generate a new refresh token (to use the Splitgraph query API)
and API keys to let sgr access the registry (if they don't already exist
in the configuration file or if the actual username has changed).
Note that if you already have generated an API key pair but it's not
in the configuration file, this will generate a new pair instead of
restoring the existing one, as the API secret is only stored in the configuration file.
If you want to log in using an existing API key pair, use `sgr cloud login-api` instead.
"""
from splitgraph.config import CONFIG
from splitgraph.config.config import get_all_in_subsection
from splitgraph.cloud import AuthAPIClient, get_token_claim, DEFAULT_REMOTES
client = AuthAPIClient(remote)
if not password:
profile_url = _construct_user_profile_url(client.endpoint)
password = click.prompt(
text="Password (visit %s if you don't have it)" % profile_url,
confirmation_prompt=False,
hide_input=True,
)
access, refresh = client.get_refresh_token(username, password)
# Extract namespace from the access token since we might have logged in with an e-mail.
namespace = get_token_claim(access, "username")
click.echo("Logged into %s as %s" % (remote, namespace))
config_remote_params = get_all_in_subsection(CONFIG, "remotes", remote)
remote_params = copy(DEFAULT_REMOTES.get(
remote, {})) if not config_remote_params else {}
remote_params.update({
"SG_NAMESPACE": namespace,
"SG_CLOUD_REFRESH_TOKEN": refresh,
"SG_CLOUD_ACCESS_TOKEN": access,
})
config_patch = {
"SG_REPO_LOOKUP": _update_repo_lookup(CONFIG, remote),
"remotes": {
remote: remote_params
},
}
# Get new tokens in any case if we're logging in under a different username.
try:
username_changed = namespace != CONFIG["remotes"][remote][
"SG_NAMESPACE"]
except KeyError:
username_changed = False
if ("SG_ENGINE_USER" not in config_remote_params
or "SG_ENGINE_PWD" not in config_remote_params or overwrite
or username_changed):
key, secret = client.create_machine_credentials(access, password)
config_patch["remotes"][remote]["SG_ENGINE_USER"] = key
config_patch["remotes"][remote]["SG_ENGINE_PWD"] = secret
click.echo("Acquired new API keys")
config_path = patch_and_save_config(CONFIG, config_patch)
if not skip_inject:
inject_config_into_engines(CONFIG["SG_ENGINE_PREFIX"], config_path)