Skip to content

Commit

Permalink
auth: use invenio session cookie to retrieve user
Browse files Browse the repository at this point in the history 
Addresses #153

Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
  • Loading branch information
@leticiawanderley
Leticia Farias Wanderley authored and leticiawanderley committed Jul 27, 2019
1 parent 683c4f7 commit 48be29f
Show file tree
Hide file tree
Showing 8 changed files with 423 additions and 409 deletions.
76 changes: 38 additions & 38 deletions docs/openapi.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,10 @@
"operationId": "get_secrets",
"parameters": [
{
"description": "Required. Secrets owner access token.",
"description": "Secrets owner access token.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -150,10 +150,10 @@
"operationId": "delete_secrets",
"parameters": [
{
"description": "Required. API key of the admin.",
"description": "API key of the admin.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -233,10 +233,10 @@
"operationId": "add_secrets",
"parameters": [
{
"description": "Required. Secrets owner access token.",
"description": "Secrets owner access token.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -495,10 +495,10 @@
"operationId": "get_workflows",
"parameters": [
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -646,10 +646,10 @@
}
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -740,10 +740,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -842,10 +842,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -924,10 +924,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -988,10 +988,10 @@
"operationId": "get_workflow_disk_usage",
"parameters": [
{
"description": "Required. API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1099,10 +1099,10 @@
"operationId": "get_workflow_logs",
"parameters": [
{
"description": "Required. API access_token of workflow owner.",
"description": "API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1192,10 +1192,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1285,10 +1285,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1376,10 +1376,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1488,10 +1488,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1611,10 +1611,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1723,10 +1723,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1813,10 +1813,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1886,10 +1886,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1949,10 +1949,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down
2 changes: 1 addition & 1 deletion reana_server/rest/ping.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

from flask import Blueprint, jsonify

blueprint = Blueprint('ping', __name__)
blueprint = Blueprint('ping', __name__, url_prefix='/reana-api')


@blueprint.route('/ping', methods=['GET'])
Expand Down
33 changes: 22 additions & 11 deletions reana_server/rest/secrets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,15 @@

from bravado.exception import HTTPError
from flask import Blueprint, jsonify, request
from flask_login import current_user

from reana_commons.errors import (REANASecretAlreadyExists,
REANASecretDoesNotExist)
from reana_commons.k8s.secrets import REANAUserSecretsStore
from reana_server.utils import get_user_from_token
from reana_server.utils import get_user_from_token, \
_get_user_from_invenio_user

blueprint = Blueprint('secrets', __name__)
blueprint = Blueprint('secrets', __name__, url_prefix='/reana-api')


@blueprint.route('/secrets/', methods=['POST'])
Expand All @@ -38,8 +40,8 @@ def add_secrets(): # noqa
parameters:
- name: access_token
in: query
description: Required. Secrets owner access token.
required: true
description: Secrets owner access token.
required: false
type: string
- name: overwrite
in: query
Expand Down Expand Up @@ -112,7 +114,10 @@ def add_secrets(): # noqa
}
"""
try:
user = get_user_from_token(request.args.get("access_token"))
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
overwrite = json.loads(request.args.get('overwrite'))
secrets_store.add_secrets(request.json, overwrite=overwrite)
Expand Down Expand Up @@ -141,8 +146,8 @@ def get_secrets(): # noqa
parameters:
- name: access_token
in: query
description: Required. Secrets owner access token.
required: true
description: Secrets owner access token.
required: false
type: string
responses:
200:
Expand Down Expand Up @@ -194,7 +199,10 @@ def get_secrets(): # noqa
}
"""
try:
user = get_user_from_token(request.args.get("access_token"))
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
user_secrets = secrets_store.get_secrets()
return jsonify(user_secrets), 200
Expand All @@ -220,8 +228,8 @@ def delete_secrets(): # noqa
parameters:
- name: access_token
in: query
description: Required. API key of the admin.
required: true
description: API key of the admin.
required: false
type: string
- name: secrets
in: body
Expand Down Expand Up @@ -283,7 +291,10 @@ def delete_secrets(): # noqa
}
"""
try:
user = get_user_from_token(request.args.get("access_token"))
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
deleted_secrets_list = secrets_store.delete_secrets(request.json)
return jsonify(deleted_secrets_list), 200
Expand Down
2 changes: 1 addition & 1 deletion reana_server/rest/users.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

from reana_server.utils import _create_user, _get_users

blueprint = Blueprint('users', __name__)
blueprint = Blueprint('users', __name__, url_prefix='/reana-api')


@blueprint.route('/users', methods=['GET'])
Expand Down
Loading

0 comments on commit 48be29f

Please sign in to comment.