Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

23.07 #189

Merged
merged 4 commits into from
Jul 19, 2023
Merged

23.07 #189

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified admin_only/db.sqlite3.dev
Binary file not shown.
17 changes: 14 additions & 3 deletions api/scripts/method_specific/POST_api_objects_publish.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,16 @@ def post_api_objects_publish(incoming):
any_failed = False
results = {}
for publish_object in bulk_request:
results = parse_bco(publish_object["contents"], results)
try:
results = parse_bco(publish_object["contents"], results)
except KeyError as error:
returning.append(
db_utils().messages(parameters={"errors": str(error)})[
"400_non_publishable_object"
]
)
any_failed = True
continue
object_key = publish_object["contents"]["object_id"]
if results[object_key]["number_of_errors"] > 0:
returning.append(
Expand All @@ -47,6 +56,7 @@ def post_api_objects_publish(incoming):
if "publish_" + prefix in px_perms:
if "object_id" in publish_object:
accession = publish_object["object_id"].split("/")[-2]
version = publish_object["object_id"].split("/")[-1]
object_num = int(
publish_object["object_id"].split("_")[1].split("/")[0]
)
Expand All @@ -57,9 +67,10 @@ def post_api_objects_publish(incoming):
+ "/"
+ publish_object["contents"]["provenance_domain"]["version"]
)
if BCO.objects.filter(object_id__contains=accession).exists():
if BCO.objects.filter(object_id__contains=accession+'/'+version).exists():
# import pdb; pdb.set_trace()
returning.append(
db_utils().messages(parameters={"object_id": accession})[
db_utils().messages(parameters={"object_id": accession+'/'+version})[
"409_object_conflict"
]
)
Expand Down
4 changes: 2 additions & 2 deletions api/scripts/utilities/JsonUtils.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,12 +78,12 @@ def validate(schema, json_object, results):
return results


def parse_bco(bco, results):
def parse_bco(bco: dict, results: dict):
"""BCO Parsing for Validation

Parameters
----------
bco : JSON
bco : dict
The BCO JSON to be processed for validation.
results : dict
A dictionary to be populated with the BCO validation results
Expand Down
81 changes: 72 additions & 9 deletions authentication/apis.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@
from drf_yasg import openapi
from drf_yasg.utils import swagger_auto_schema
from rest_framework import status, serializers
from rest_framework.authtoken.models import Token
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
from api.scripts.utilities.UserUtils import UserUtils
from authentication.selectors import check_user_email, get_user_info
from authentication.services import validate_token, create_bcodb, send_bcodb, validate_auth_service
from authentication.models import Authentication
Expand Down Expand Up @@ -134,27 +136,39 @@ def post(self, request):
"""
result = validate_auth_service(request.data)

if result is not 1:
if result != 1:
return Response(status=status.HTTP_400_BAD_REQUEST, data=result)
try:
auth_object = Authentication.objects.get(username=request.user.username)

if request.data in auth_object.auth_service:
return Response(status=status.HTTP_409_CONFLICT, data={"message": "That object already exists for this account."})
return Response(
status=status.HTTP_409_CONFLICT,
data={"message": "That object already exists for this account."}
)
auth_object.auth_service.append(request.data)
auth_object.save()
return Response(status=status.HTTP_200_OK, data={"message": "Authentication added to existing object"})
return Response(
status=status.HTTP_200_OK,
data={"message": "Authentication added to existing object"}
)

except Authentication.DoesNotExist:
auth_object = Authentication.objects.create(
username=request.user,
auth_service=[request.data]
)
print('status=status.HTTP_201_CREATED')
return Response(status=status.HTTP_201_CREATED, data={"message": "Authentication object added to account"})
return Response(
status=status.HTTP_201_CREATED,
data={"message": "Authentication object added to account"}
)

except Exception as err:
return Response(status=status.HTTP_400_BAD_REQUEST, data={"message": err})
return Response(
status=status.HTTP_400_BAD_REQUEST,
data={"message": err}

Check warning

Code scanning / CodeQL

Information exposure through an exception

[Stack trace information](1) flows to this location and may be exposed to an external user.
)

class RemoveAuthenticationApi(APIView):
"""
Expand Down Expand Up @@ -204,12 +218,16 @@ class RemoveAuthenticationApi(APIView):
},
tags=["Authentication"],
)

def post(self, request):
""""""

result = validate_auth_service(request.data)

if result is not 1:
return Response(status=status.HTTP_400_BAD_REQUEST, data=result)
if result != 1:
return Response(
status=status.HTTP_400_BAD_REQUEST,
data=result
)
try:
auth_object = Authentication.objects.get(username=request.user.username)
except Authentication.DoesNotExist:
Expand All @@ -224,4 +242,49 @@ def post(self, request):
)
auth_object.auth_service.remove(request.data)
auth_object.save()
return Response(status=status.HTTP_200_OK, data={"message": "Authentication object removed."})
return Response(
status=status.HTTP_200_OK,
data={"message": "Authentication object removed."}
)

class ResetTokenApi(APIView):
"""Reset Token
-----------------------------
Resets the user's token and returns the new one.
"""

permission_classes = [IsAuthenticated,]

# schema = openapi.Schema()

auth = [
openapi.Parameter(
"Authorization",
openapi.IN_HEADER,
description="Authorization Token",
type=openapi.TYPE_STRING,
)
]

@swagger_auto_schema(
manual_parameters=auth,
responses={
200: "Token reset is successful.",
400: "Bad request.",
},
tags=["Authentication"],
)

def post(self, request):
try:
token = Token.objects.get(user=request.user)
token.delete()
Token.objects.create(user=request.user)
return Response(
status=status.HTTP_200_OK,
data=UserUtils().get_user_info(username=request.user)
)

except Exception as error:
return Response(status=status.HTTP_400_BAD_REQUEST, data={"message": f"{error}"})

Check warning

Code scanning / CodeQL

Information exposure through an exception

[Stack trace information](1) flows to this location and may be exposed to an external user.

8 changes: 5 additions & 3 deletions authentication/services.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,12 @@ def authenticate(self, request):
user = authenticate_orcid(unverified_payload, token)
if unverified_payload['iss'] == 'accounts.google.com':
user = authenticate_google(token)
if unverified_payload['iss'] in ['http://localhost:8080', 'https://test.portal.biochemistry.gwu.edu/', 'https://biocomputeobject.org/']:
if unverified_payload['iss'] in ['http://localhost:8080', 'https://test.portal.biochemistry.gwu.edu', 'https://biocomputeobject.org']:
user = authenticate_portal(unverified_payload, token)

return (user, token)
try:
return (user, token)
except UnboundLocalError as exp:
raise exceptions.AuthenticationFailed("Authentication failed. Token issuer not found. Please contact the site admin")

if type == 'Token' or type == 'TOKEN':
pass
Expand Down
5 changes: 3 additions & 2 deletions authentication/urls.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
# authentication/urls.py

from django.urls import path
from authentication.apis import RegisterBcodbAPI, AddAuthenticationApi, RemoveAuthenticationApi
from authentication.apis import RegisterBcodbAPI, AddAuthenticationApi, RemoveAuthenticationApi, ResetTokenApi

urlpatterns = [
path("auth/register/", RegisterBcodbAPI.as_view()),
path("auth/add/", AddAuthenticationApi.as_view()),
path("auth/remove/", RemoveAuthenticationApi.as_view())
path("auth/remove/", RemoveAuthenticationApi.as_view()),
path("auth/reset_token/", ResetTokenApi.as_view())
]