From e588cb079b3a1a7cf86540b6624b900a3c5df3d2 Mon Sep 17 00:00:00 2001
From: hadleyking <hadley_king@gwu.edu>
Date: Thu, 8 Jun 2023 08:42:29 -0400
Subject: [PATCH 1/4] Fix Bulk Publish function

Changes to be committed:
	modified:   api/scripts/method_specific/POST_api_objects_publish.py
	modified:   api/scripts/utilities/JsonUtils.py
---
 .../method_specific/POST_api_objects_publish.py | 17 ++++++++++++++---
 api/scripts/utilities/JsonUtils.py              |  4 ++--
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/api/scripts/method_specific/POST_api_objects_publish.py b/api/scripts/method_specific/POST_api_objects_publish.py
index ca783eb6..ed5e5a0b 100755
--- a/api/scripts/method_specific/POST_api_objects_publish.py
+++ b/api/scripts/method_specific/POST_api_objects_publish.py
@@ -29,7 +29,16 @@ def post_api_objects_publish(incoming):
     any_failed = False
     results = {}
     for publish_object in bulk_request:
-        results = parse_bco(publish_object["contents"], results)
+        try:
+            results = parse_bco(publish_object["contents"], results)
+        except KeyError as error:
+            returning.append(
+                db_utils().messages(parameters={"errors": str(error)})[
+                    "400_non_publishable_object"
+                ]
+            )
+            any_failed = True
+            continue
         object_key = publish_object["contents"]["object_id"]
         if results[object_key]["number_of_errors"] > 0:
             returning.append(
@@ -47,6 +56,7 @@ def post_api_objects_publish(incoming):
             if "publish_" + prefix in px_perms:
                 if "object_id" in publish_object:
                     accession = publish_object["object_id"].split("/")[-2]
+                    version = publish_object["object_id"].split("/")[-1]
                     object_num = int(
                         publish_object["object_id"].split("_")[1].split("/")[0]
                     )
@@ -57,9 +67,10 @@ def post_api_objects_publish(incoming):
                         + "/"
                         + publish_object["contents"]["provenance_domain"]["version"]
                     )
-                    if BCO.objects.filter(object_id__contains=accession).exists():
+                    if BCO.objects.filter(object_id__contains=accession+'/'+version).exists():
+                        # import pdb; pdb.set_trace()
                         returning.append(
-                            db_utils().messages(parameters={"object_id": accession})[
+                            db_utils().messages(parameters={"object_id": accession+'/'+version})[
                                 "409_object_conflict"
                             ]
                         )
diff --git a/api/scripts/utilities/JsonUtils.py b/api/scripts/utilities/JsonUtils.py
index 2d7587d7..b34bac54 100755
--- a/api/scripts/utilities/JsonUtils.py
+++ b/api/scripts/utilities/JsonUtils.py
@@ -78,12 +78,12 @@ def validate(schema, json_object, results):
     return results
 
 
-def parse_bco(bco, results):
+def parse_bco(bco: dict, results: dict):
     """BCO Parsing for Validation
 
     Parameters
     ----------
-    bco : JSON
+    bco : dict
         The BCO JSON to be processed for validation.
     results : dict
         A dictionary to be populated with the BCO validation results

From 70f95f3f018903446b212198e3a872ba13b5fa9e Mon Sep 17 00:00:00 2001
From: hadleyking <hadley_king@gwu.edu>
Date: Mon, 22 May 2023 12:09:11 -0400
Subject: [PATCH 2/4] Add reset_token API

Issue #158
---
 authentication/apis.py | 48 ++++++++++++++++++++++++++++++++++++++++--
 authentication/urls.py |  5 +++--
 2 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/authentication/apis.py b/authentication/apis.py
index a239cd7b..7ef6bf5b 100644
--- a/authentication/apis.py
+++ b/authentication/apis.py
@@ -5,9 +5,11 @@
 from drf_yasg import openapi
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import status, serializers
+from rest_framework.authtoken.models import Token
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
+from api.scripts.utilities.UserUtils import UserUtils
 from authentication.selectors import check_user_email, get_user_info
 from authentication.services import validate_token, create_bcodb, send_bcodb, validate_auth_service
 from authentication.models import Authentication
@@ -134,7 +136,7 @@ def post(self, request):
         """
         result = validate_auth_service(request.data)
         
-        if result is not 1:
+        if result != 1:
             return Response(status=status.HTTP_400_BAD_REQUEST, data=result)
         try: 
             auth_object = Authentication.objects.get(username=request.user.username)
@@ -208,7 +210,7 @@ def post(self, request):
         """"""
         result = validate_auth_service(request.data)
         
-        if result is not 1:
+        if result != 1:
             return Response(status=status.HTTP_400_BAD_REQUEST, data=result)
         try:
             auth_object = Authentication.objects.get(username=request.user.username)
@@ -225,3 +227,45 @@ def post(self, request):
         auth_object.auth_service.remove(request.data)
         auth_object.save()
         return Response(status=status.HTTP_200_OK, data={"message": "Authentication object removed."})
+
+class ResetTokenApi(APIView):
+    """Reset Token
+    -----------------------------
+    Resets the user's token and returns the new one.
+    """
+
+    permission_classes = [IsAuthenticated,]
+    
+    # schema = openapi.Schema()
+
+    auth = [
+        openapi.Parameter(
+            "Authorization",
+            openapi.IN_HEADER,
+            description="Authorization Token",
+            type=openapi.TYPE_STRING,
+        )
+    ]
+
+    @swagger_auto_schema(
+        manual_parameters=auth,
+        responses={
+            200: "Token reset is successful.",
+            400: "Bad request.",
+        },
+        tags=["Authentication"],
+    )
+    
+    def post(self, request):
+        try:
+            token = Token.objects.get(user=request.user)
+            token.delete()
+            Token.objects.create(user=request.user)            
+            return Response(
+                status=status.HTTP_200_OK,
+                data=UserUtils().get_user_info(username=request.user)
+            )
+
+        except Exception as error:
+            return Response(status=status.HTTP_400_BAD_REQUEST, data={"message": f"{error}"})
+        
\ No newline at end of file
diff --git a/authentication/urls.py b/authentication/urls.py
index 5edd4331..e5a62ff5 100644
--- a/authentication/urls.py
+++ b/authentication/urls.py
@@ -1,10 +1,11 @@
 # authentication/urls.py
 
 from django.urls import path
-from authentication.apis import RegisterBcodbAPI, AddAuthenticationApi, RemoveAuthenticationApi
+from authentication.apis import RegisterBcodbAPI, AddAuthenticationApi, RemoveAuthenticationApi, ResetTokenApi
 
 urlpatterns = [
     path("auth/register/", RegisterBcodbAPI.as_view()),
     path("auth/add/", AddAuthenticationApi.as_view()),
-    path("auth/remove/", RemoveAuthenticationApi.as_view())
+    path("auth/remove/", RemoveAuthenticationApi.as_view()),
+    path("auth/reset_token/", ResetTokenApi.as_view())
 ]
\ No newline at end of file

From dd2af7b9bcc123371b6fc1e4b0a3c007f1d36ec5 Mon Sep 17 00:00:00 2001
From: hadleyking <hadley_king@gwu.edu>
Date: Thu, 8 Jun 2023 15:30:52 -0400
Subject: [PATCH 3/4] Formatting for Add/Remove ORCID

updated dev DB
Related to https://github.com/biocompute-objects/portal_userdb/issues/90
Changes to be committed:
	modified:   admin_only/db.sqlite3.dev
	modified:   authentication/apis.py
---
 admin_only/db.sqlite3.dev | Bin 389120 -> 421888 bytes
 authentication/apis.py    |  33 ++++++++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/admin_only/db.sqlite3.dev b/admin_only/db.sqlite3.dev
index f8543e9012fe723a938b3208831fedc162d76507..14fed3fd39f888709afc70c3ab30b7b24ca3ee15 100644
GIT binary patch
delta 3536
zcma)9e{3699lz&0`|QMi-*c<Y4Q=A9+e&fMBzJcFBMVD%Gf`VD#QDv-0hhCV$-KID
z*Emgws=A?7l|MFhm60qoDpea);-87hY?creL!t-<NTm!3CREB8XbizdCo!>s#JhKn
z8#{5DKkoZIzwi5ezn|~D_x---^LIVx@3y_T+dalG%tG}+M1S+jp`dk)=~3HXOI?8-
zPmv+d01*#$xQO)HV?|!*x7ojMKWC4X72$t;q2Fs|yuC^yqa}}L(u;XXk^-uhN~!tW
zaXqW1QvoRu?3Tjak}S%hM}nb8WT_`02cr?GuY*7j)Inu6olWP{T4pnp90^N7xxd}Y
z_zx)BQvPW@o9|91wR}34C1JP5hWn#^k@APT9^zTRFBN&Qox?BT<+3csF$V!AR#XJh
z+rEcY?6q9f+MAxD=@fs^vy5WJKyTl}(VaH73mGibllrL>>BU9DVzzj;_e;oKe7m=6
zpSOj4F*m-*z&~La+F%q~pbLHh@4yXw5tiYr_<FfRN?>I#=l4@bB%NwD)#R$b+#Q^^
z8`ZefUaF*o^3A~^#Jcf?B0ucq@OSV9lGQP+h;EMY`|Ewx|7sUF#@k(USbM2@F8^d~
z7_qbVn?-*7s^D04JmVO3NDhzvGy5OyH_7_D?S(cD1(Ex7T3=S{eb4UZPz1SCdPdLd
z4YnE6mV8>vE;QPvcX3EYZet78JDj2*frhFvRjX7d+c`9Vgle>!xoVv-t<`vq*747A
zD1-zfVxuWue&v`p%XZ?Q7y0iExxoPl{|EmI{|)~M{~rGum-Y&l`SP&n#7AsVjzNe6
zTZC$C3sdc~g{XGg`lxQT1*vYa1*mq|WUB2piE6&={?W$*JBv|~zjal>UHAa@;x@b!
zyD*OtS=leTBrA)MdzQ)>DyONOGNdp`<ph=ERL0Blo!=-2JMmi#d<MUQkKym|2Y4H9
z!k^&=yiPWz1%Ha~;Scb;_#J#3zg5{IqHp0NJco>oqNc_XQ@g^Zc7{yd+GpyPps5`J
zQ`==z^HOO?FS>WI6Lv80U-&ot4nBep;61nlx8axYQ+NzM4`GntAnb<@*abT(dnEK8
z4jbILD3uW^&5;m&@1rtEWq?YVN~v;W2>noCJE5(_kE5P_N8vSy!8LdkE<*&)feZ@}
zCzYtd0eA|$FavGny(fQch65T7({L^t&Pl_y(r_&_oP&n5({LoWxQbp!Ld80V-o(gT
zdNzl4m-0Ew^OX}hRGMRFnR_Mv7P=}}PFMoy6Z9r}5j~0aGxtcp87xS%Rt5zJHmjeQ
zmKBY?F4k8;-wZ)ShBmJ&17nszBWl`2HB?-|Y@P<pv^2narU*>#-=r7~2q~C``JqW8
zjM7k})gr7Vbic?7DUtTo{t1E`7-?3%>(aW9U4xFB&?dFLF0~ENU_3~$p`lGHe=Wfc
zsLIQ?QQ`$3Fslq{0W+@O^55VYTh4li`v><bm$N*_tU6z9J>PPbEO4T-I%j#p!9kw6
zQTlWaJy{xj#-dh!mSLkTcW#jP7=vdkGg*rlapbsoo?uqrIB7v2b-CIYH_9;1$6K>4
zmmP1|KP2U}WGnDd>-*eU_Ph8|*Q(_&mV;zUih!b=tBoBgD*}fKD+6ESJ-UKczLL(S
z^fR>tHZ-@|5v^*v9@JC)QuDcbY;r`I9ubd@ePQGY(bs&UT39>yYhHa~d~7R-Pwe!q
zfqedz=ySX$N$4MY5dEb^{S>)isCu6ij?O1!lT?9RLN=tD+BW@0r`sW4#Srew8NT32
z6Y~0l$m?fLrcddMs+L!y^YbZ9PFDGEMnAc2`udr|2EW@$;XWOb#rOj6dG;_`S)xhQ
z_n(GCSv7LcYA1AKAyRrIq!$87X-kM!pUjqXH@YX@&3u~S3iLi`?5TCseEzSe=XuZJ
z!|38fUQ1;3W@rlD(l}S8Kdn4AIwJZu%yrOvsd05H4mzVw!>*EVbUK~XOMlhS{?Pgn
zpI?kmnoiax`NX4B;@HgSsNa7`tmROeNL#*){FTc(`vR)$Utqs&H5x{a)c*0pN?@7y
zsAShoJZRUMWu_$)^QlxsZ(hZT`Za1k(dZ!sa?f9Lxt+a6N%;I1hEMYzMM0NZ>54Ru
z(cCgmY5GRQ>S8pVSsZqTOYhF3oh|n_dhxRTVO&G#<hq$RhD!SqmYD+i^tF~`oQ<bC
zg8@HXmP2AJJ~lNysT>`fUYnGoeJGpDtJ$SY#wW&(jKm%nJJ+=}x~TDK>VYn~`4QF+
z`~807F9Rcxr{cJ4`K0&KHTKdq?)o+B`1QM%Ir0cs##>!Fv8TwBBu}E^zGZnI{tqQB
BNGJdR

delta 596
zcmXw0QAkr!7(V|!yF1(Lo_{lJirOrqh{avA9*khKHy>i^gJlYBN@5CbmWl*2e3C(p
zDL1??X+xtIp^}RokfI)(1Qv)HWP~jeiXxSy9xSr6hkp3}hwuORz7PK4eA#f`J6i71
z2_aF5|C1a$aZ1&R-da6-Wekg(CGV|~tK^_2cZFliVD2+ku<D`1+A1w!l=FFmRaIJ^
z(Q$6f>w|FCs1BSyaD2a=`k`&0|7x_i<9bh5Utd=u9x;Xj7Xgjcfd5#9OWGmN5!}RD
zEW`8YLO(9yJA8_Rcp0<&Gtc2o>3f%3xlkA=@&$v{`Xn>St%XP}(1>%|U=0(p&7Q-W
zzSMSs`p{#rM`5X1;+E&xj+;h!&|u32O<J>p>#xt1`mmVbZ+wM2_zmCVD(3K$44o5t
z72M%Q%-v!Z2jGX))e-!Izwj+?<5%3kbzH%hxG40Kuu;&}iMlX6am&zplQn?unZ+z-
zFo~U5k8RkBO|pj*&H5<J0SYw+&pFJP*Ah@}HpP{+h$mn?MkC6U$(CWlYIOevF|`8i
z>BAaH5$xw{yh(e*ZZl#}sOz@xwg<L^a)YFbDqSI?(cLamF{RmQBZU4mcVp0EhPsug
z*zBf$MND)n8rYH{<}I9tgbeh7`7sW+9``D+eTY>MP0bL#rp@eoQM6mIbapr<S)LuS
uAGLo_GqO&PD!z2kG&tm|3Ls*jlipJc-Zd0l0`kgUU?fXNvbOtKwc#H&O}7&O

diff --git a/authentication/apis.py b/authentication/apis.py
index 7ef6bf5b..b47c2cf2 100644
--- a/authentication/apis.py
+++ b/authentication/apis.py
@@ -142,10 +142,16 @@ def post(self, request):
             auth_object = Authentication.objects.get(username=request.user.username)
 
             if request.data in auth_object.auth_service:
-                return Response(status=status.HTTP_409_CONFLICT, data={"message": "That object already exists for this account."})
+                return Response(
+                    status=status.HTTP_409_CONFLICT,
+                    data={"message": "That object already exists for this account."}
+                )
             auth_object.auth_service.append(request.data)
             auth_object.save()
-            return Response(status=status.HTTP_200_OK, data={"message": "Authentication added to existing object"})
+            return Response(
+                status=status.HTTP_200_OK,
+                data={"message": "Authentication added to existing object"}
+            )
 
         except Authentication.DoesNotExist:
             auth_object = Authentication.objects.create(
@@ -153,10 +159,16 @@ def post(self, request):
                 auth_service=[request.data]
                 )
             print('status=status.HTTP_201_CREATED')
-            return Response(status=status.HTTP_201_CREATED, data={"message": "Authentication object added to account"})
+            return Response(
+                status=status.HTTP_201_CREATED,
+                data={"message": "Authentication object added to account"}
+            )
 
         except Exception as err:
-            return Response(status=status.HTTP_400_BAD_REQUEST, data={"message": err})
+            return Response(
+                status=status.HTTP_400_BAD_REQUEST,
+                data={"message": err}
+            )
 
 class RemoveAuthenticationApi(APIView):
     """
@@ -206,12 +218,16 @@ class RemoveAuthenticationApi(APIView):
         },
         tags=["Authentication"],
     )
+
     def post(self, request):
         """"""
+
         result = validate_auth_service(request.data)
-        
         if result != 1:
-            return Response(status=status.HTTP_400_BAD_REQUEST, data=result)
+            return Response(
+                status=status.HTTP_400_BAD_REQUEST,
+                data=result
+            )
         try:
             auth_object = Authentication.objects.get(username=request.user.username)
         except Authentication.DoesNotExist:
@@ -226,7 +242,10 @@ def post(self, request):
             )
         auth_object.auth_service.remove(request.data)
         auth_object.save()
-        return Response(status=status.HTTP_200_OK, data={"message": "Authentication object removed."})
+        return Response(
+            status=status.HTTP_200_OK,
+            data={"message": "Authentication object removed."}
+        )
 
 class ResetTokenApi(APIView):
     """Reset Token

From 1b2919ffd059ffed55198b93eac45ea0eb21b5c5 Mon Sep 17 00:00:00 2001
From: hadleyking <hadley_king@gwu.edu>
Date: Wed, 19 Jul 2023 10:22:01 -0400
Subject: [PATCH 4/4] Fix #134 Changes to be committed: 	modified:  
 authentication/services.py

---
 authentication/services.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/authentication/services.py b/authentication/services.py
index 65efd482..992a73c2 100644
--- a/authentication/services.py
+++ b/authentication/services.py
@@ -39,10 +39,12 @@ def authenticate(self, request):
                     user = authenticate_orcid(unverified_payload, token)
                 if unverified_payload['iss'] == 'accounts.google.com':
                     user = authenticate_google(token)
-                if unverified_payload['iss'] in ['http://localhost:8080', 'https://test.portal.biochemistry.gwu.edu/', 'https://biocomputeobject.org/']:
+                if unverified_payload['iss'] in ['http://localhost:8080', 'https://test.portal.biochemistry.gwu.edu', 'https://biocomputeobject.org']:
                     user = authenticate_portal(unverified_payload, token)
-                
-                return (user, token)
+                try:
+                    return (user, token)
+                except UnboundLocalError as exp:
+                    raise exceptions.AuthenticationFailed("Authentication failed. Token issuer not found. Please contact the site admin")
 
             if type == 'Token' or type == 'TOKEN':
                 pass