Skip to content

Commit

Permalink
auth: use invenio session cookie to retrieve user
Browse files Browse the repository at this point in the history 
Addresses #153

Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
  • Loading branch information
@leticiawanderley
Leticia Farias Wanderley authored and leticiawanderley committed Aug 5, 2019
1 parent 683c4f7 commit b2022f4
Show file tree
Hide file tree
Showing 8 changed files with 401 additions and 391 deletions.
76 changes: 38 additions & 38 deletions docs/openapi.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,10 @@
"operationId": "get_secrets",
"parameters": [
{
"description": "Required. Secrets owner access token.",
"description": "Secrets owner access token.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -150,10 +150,10 @@
"operationId": "delete_secrets",
"parameters": [
{
"description": "Required. API key of the admin.",
"description": "API key of the admin.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -233,10 +233,10 @@
"operationId": "add_secrets",
"parameters": [
{
"description": "Required. Secrets owner access token.",
"description": "Secrets owner access token.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -495,10 +495,10 @@
"operationId": "get_workflows",
"parameters": [
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -646,10 +646,10 @@
}
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -740,10 +740,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -842,10 +842,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -924,10 +924,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -988,10 +988,10 @@
"operationId": "get_workflow_disk_usage",
"parameters": [
{
"description": "Required. API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1099,10 +1099,10 @@
"operationId": "get_workflow_logs",
"parameters": [
{
"description": "Required. API access_token of workflow owner.",
"description": "API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1192,10 +1192,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1285,10 +1285,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1376,10 +1376,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1488,10 +1488,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1611,10 +1611,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
},
{
Expand Down Expand Up @@ -1723,10 +1723,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1813,10 +1813,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1886,10 +1886,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down Expand Up @@ -1949,10 +1949,10 @@
"type": "string"
},
{
"description": "Required. The API access_token of workflow owner.",
"description": "The API access_token of workflow owner.",
"in": "query",
"name": "access_token",
"required": true,
"required": false,
"type": "string"
}
],
Expand Down
2 changes: 2 additions & 0 deletions reana_server/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ def _(x):

# Accounts
# ========
#: Redis URLL
ACCOUNTS_SESSION_REDIS_URL = 'redis://cache:6379/1'
#: Email address used as sender of account registration emails.
SECURITY_EMAIL_SENDER = SUPPORT_EMAIL
#: Email subject for account registration emails.
Expand Down
31 changes: 21 additions & 10 deletions reana_server/rest/secrets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,13 @@

from bravado.exception import HTTPError
from flask import Blueprint, jsonify, request
from flask_login import current_user

from reana_commons.errors import (REANASecretAlreadyExists,
REANASecretDoesNotExist)
from reana_commons.k8s.secrets import REANAUserSecretsStore
from reana_server.utils import get_user_from_token
from reana_server.utils import get_user_from_token, \
_get_user_from_invenio_user

blueprint = Blueprint('secrets', __name__)

Expand All @@ -38,8 +40,8 @@ def add_secrets(): # noqa
parameters:
- name: access_token
in: query
description: Required. Secrets owner access token.
required: true
description: Secrets owner access token.
required: false
type: string
- name: overwrite
in: query
Expand Down Expand Up @@ -112,7 +114,10 @@ def add_secrets(): # noqa
}
"""
try:
user = get_user_from_token(request.args.get("access_token"))
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
overwrite = json.loads(request.args.get('overwrite'))
secrets_store.add_secrets(request.json, overwrite=overwrite)
Expand Down Expand Up @@ -141,8 +146,8 @@ def get_secrets(): # noqa
parameters:
- name: access_token
in: query
description: Required. Secrets owner access token.
required: true
description: Secrets owner access token.
required: false
type: string
responses:
200:
Expand Down Expand Up @@ -194,7 +199,10 @@ def get_secrets(): # noqa
}
"""
try:
user = get_user_from_token(request.args.get("access_token"))
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
user_secrets = secrets_store.get_secrets()
return jsonify(user_secrets), 200
Expand All @@ -220,8 +228,8 @@ def delete_secrets(): # noqa
parameters:
- name: access_token
in: query
description: Required. API key of the admin.
required: true
description: API key of the admin.
required: false
type: string
- name: secrets
in: body
Expand Down Expand Up @@ -283,7 +291,10 @@ def delete_secrets(): # noqa
}
"""
try:
user = get_user_from_token(request.args.get("access_token"))
if current_user.is_authenticated:
user = _get_user_from_invenio_user(current_user.email)
else:
user = get_user_from_token(request.args.get('access_token'))
secrets_store = REANAUserSecretsStore(str(user.id_))
deleted_secrets_list = secrets_store.delete_secrets(request.json)
return jsonify(deleted_secrets_list), 200
Expand Down
Loading

0 comments on commit b2022f4

Please sign in to comment.