aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-05-09 13:19:50 +0300
committerFrederick Muriuki Muriithi2023-05-09 13:19:50 +0300
commit2babf1077277d6654203f642994866007aff3509 (patch)
treee45f5e9da5bf7e8413a834903b37b7a4cd58804c
parentb6a36068c3c1b94dcbe7906a90695b102c063796 (diff)
downloadgenenetwork2-2babf1077277d6654203f642994866007aff3509.tar.gz
Integrate OAuth2 auth with GN2 UIhook-up-auth-to-traits-page
Update the templates to make use of the OAuth2 authentication rather than the older authentication that used Redis.
-rw-r--r--wqflask/wqflask/__init__.py7
-rw-r--r--wqflask/wqflask/oauth2/checks.py3
-rw-r--r--wqflask/wqflask/oauth2/request_utils.py14
-rw-r--r--wqflask/wqflask/oauth2/toplevel.py6
-rw-r--r--wqflask/wqflask/oauth2/ui.py2
-rw-r--r--wqflask/wqflask/templates/base.html33
-rw-r--r--wqflask/wqflask/templates/oauth2/create-resource.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/create-role.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/data-list-genotype.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/data-list-mrna.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/data-list-phenotype.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/data-list.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/group.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/group_join_or_create.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/join-requests.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/list_roles.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/profile_nav.html4
-rw-r--r--wqflask/wqflask/templates/oauth2/request_error.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/resources.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/role.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/view-group-role.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/view-resource.html2
-rw-r--r--wqflask/wqflask/templates/oauth2/view-user.html2
23 files changed, 69 insertions, 32 deletions
diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py
index 66ed0e91..38a69d33 100644
--- a/wqflask/wqflask/__init__.py
+++ b/wqflask/wqflask/__init__.py
@@ -31,6 +31,8 @@ from wqflask.api.markdown import blogs_blueprint
from wqflask.api.markdown import news_blueprint
from wqflask.api.jobs import jobs as jobs_bp
from wqflask.oauth2.routes import oauth2
+from wqflask.oauth2.checks import user_logged_in
+from wqflask.oauth2.request_utils import user_details, authserver_authorise_uri
from wqflask.jupyter_notebooks import jupyter_notebooks
@@ -50,7 +52,10 @@ app.config["DB_PORT"] = DB_PORT
app.jinja_env.globals.update(
undefined=jinja2.StrictUndefined,
- numify=formatting.numify)
+ numify=formatting.numify,
+ logged_in=user_logged_in,
+ authserver_authorise_uri=authserver_authorise_uri,
+ user_details=user_details)
app.config["SESSION_REDIS"] = redis.from_url(app.config["REDIS_URL"])
diff --git a/wqflask/wqflask/oauth2/checks.py b/wqflask/wqflask/oauth2/checks.py
index e6859c4a..c60ab1de 100644
--- a/wqflask/wqflask/oauth2/checks.py
+++ b/wqflask/wqflask/oauth2/checks.py
@@ -29,6 +29,7 @@ def require_oauth2(func):
session.pop("user_details", None)
flash("You need to be logged in.", "alert-warning")
- return redirect(url_for("oauth2.user.login", next=request.endpoint))
+ # return redirect(url_for("oauth2.user.login", next=request.endpoint))
+ return redirect("/")
return __token_valid__
diff --git a/wqflask/wqflask/oauth2/request_utils.py b/wqflask/wqflask/oauth2/request_utils.py
index 0cd1697b..ac21e223 100644
--- a/wqflask/wqflask/oauth2/request_utils.py
+++ b/wqflask/wqflask/oauth2/request_utils.py
@@ -1,12 +1,22 @@
"""General request utilities"""
from typing import Optional
+from urllib.parse import urljoin, urlparse
import simplejson
from flask import (
- flash, session, url_for, redirect, Response, render_template,
+ flash, request, session, url_for, redirect, Response, render_template,
current_app as app)
-from .client import oauth2_get
+from .client import SCOPE, oauth2_get
+
+def authserver_authorise_uri():
+ req_baseurl = urlparse(request.base_url)
+ host_uri = f"{req_baseurl.scheme}://{req_baseurl.netloc}/"
+ return urljoin(
+ app.config["GN_SERVER_URL"],
+ "oauth2/authorise?response_type=code"
+ f"&client_id={app.config['OAUTH2_CLIENT_ID']}"
+ f"&redirect_uri={urljoin(host_uri, 'oauth2/code')}")
def raise_unimplemented():
raise Exception("NOT IMPLEMENTED")
diff --git a/wqflask/wqflask/oauth2/toplevel.py b/wqflask/wqflask/oauth2/toplevel.py
index df2ff0aa..109ed06c 100644
--- a/wqflask/wqflask/oauth2/toplevel.py
+++ b/wqflask/wqflask/oauth2/toplevel.py
@@ -4,15 +4,12 @@ from flask import (
flash, request, session, Blueprint, url_for, redirect, render_template,
current_app as app)
-from .client import no_token_post
+from .client import SCOPE, no_token_post
from .request_utils import process_error
from .checks import require_oauth2, user_logged_in
toplevel = Blueprint("toplevel", __name__)
-
-
-
@toplevel.route("/register-client", methods=["GET", "POST"])
@require_oauth2
def register_client():
@@ -36,6 +33,7 @@ def authorisation_code():
request_data = {
"grant_type": "authorization_code",
"code": code,
+ "scope": SCOPE,
"redirect_uri": urljoin(
request.base_url,
url_for("oauth2.toplevel.authorisation_code")),
diff --git a/wqflask/wqflask/oauth2/ui.py b/wqflask/wqflask/oauth2/ui.py
index 4fdbe869..c5ea1468 100644
--- a/wqflask/wqflask/oauth2/ui.py
+++ b/wqflask/wqflask/oauth2/ui.py
@@ -6,7 +6,7 @@ from .request_utils import process_error
def render_ui(templatepath: str, **kwargs):
"""Handle repetitive UI rendering stuff."""
- logged_in = ("oauth2_token" in session and bool(session["oauth2_token"]))
+ logged_in = lambda: ("oauth2_token" in session and bool(session["oauth2_token"]))
roles = kwargs.get("roles", tuple()) # Get roles if already provided
if logged_in and not bool(roles): # If not, try fetching them
roles_results = oauth2_get("oauth2/user/roles").either(
diff --git a/wqflask/wqflask/templates/base.html b/wqflask/wqflask/templates/base.html
index 518510de..38819240 100644
--- a/wqflask/wqflask/templates/base.html
+++ b/wqflask/wqflask/templates/base.html
@@ -162,14 +162,37 @@
</ul>
</li>
{% endif %}
+ <!-- <li class=""> -->
+ <!-- {% if g.user_session.logged_in %} -->
+ <!-- <a id="login_out" title="Signed in as {{ g.user_session.user_name }}" href="/n/logout">Sign out</a> -->
+ <!-- {% else %} -->
+ <!-- <a id="login_in" href="/n/login">Sign in</a> -->
+ <!-- {% endif %} -->
+ <!-- </li> -->
<li class="">
- {% if g.user_session.logged_in %}
- <a id="login_out" title="Signed in as {{ g.user_session.user_name }}" href="/n/logout">Sign out</a>
- {% else %}
- <a id="login_in" href="/n/login">Sign in</a>
- {% endif %}
+ {%if logged_in()%}
+ {%if user_details is mapping%}
+ {%set user_dets = user_details%}
+ {%else%}
+ {%set user_dets = user_details()%}
+ {%endif%}
+ <a id="login_out"
+ title="Signed in as {{user_dets.name}}({{user_dets.email}})"
+ href="{{url_for('oauth2.user.logout')}}">Sign out</a>
+ {%else%}
+ <a id="login_in" href="{{authserver_authorise_uri()}}">Sign in</a>
+ {%endif%}
</li>
{% endif %}
+
+ {%if logged_in()%}
+ <li class="">
+ <a id="user:profile" title="User's profile page."
+ href="{{url_for('oauth2.user.user_profile')}}">
+ Profile
+ </a>
+ </li>
+ {%endif%}
<!--
<li style="margin-left: 20px;">
<a href="http://gn2-staging.genenetwork.org" style="font-weight: bold;" >Use Staging Branch</a>
diff --git a/wqflask/wqflask/templates/oauth2/create-resource.html b/wqflask/wqflask/templates/oauth2/create-resource.html
index 817f18fe..4cac7ce2 100644
--- a/wqflask/wqflask/templates/oauth2/create-resource.html
+++ b/wqflask/wqflask/templates/oauth2/create-resource.html
@@ -8,7 +8,7 @@
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("resources", logged_in, user_privileges)}}
+ {{profile_nav("resources", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/create-role.html b/wqflask/wqflask/templates/oauth2/create-role.html
index 27532f82..f2bff7b4 100644
--- a/wqflask/wqflask/templates/oauth2/create-role.html
+++ b/wqflask/wqflask/templates/oauth2/create-role.html
@@ -4,7 +4,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("roles", logged_in, user_privileges)}}
+ {{profile_nav("roles", user_privileges)}}
<h3>Create Role</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/data-list-genotype.html b/wqflask/wqflask/templates/oauth2/data-list-genotype.html
index c1d79e33..c780a583 100644
--- a/wqflask/wqflask/templates/oauth2/data-list-genotype.html
+++ b/wqflask/wqflask/templates/oauth2/data-list-genotype.html
@@ -14,7 +14,7 @@
{%block content%}
<div class="container" style="width: 98%;">
- {{profile_nav("data", logged_in, user_privileges)}}
+ {{profile_nav("data", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/data-list-mrna.html b/wqflask/wqflask/templates/oauth2/data-list-mrna.html
index 5c21957d..0e163235 100644
--- a/wqflask/wqflask/templates/oauth2/data-list-mrna.html
+++ b/wqflask/wqflask/templates/oauth2/data-list-mrna.html
@@ -14,7 +14,7 @@
{%block content%}
<div class="container" style="width: 98%;">
- {{profile_nav("data", logged_in, user_privileges)}}
+ {{profile_nav("data", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/data-list-phenotype.html b/wqflask/wqflask/templates/oauth2/data-list-phenotype.html
index a8f50a39..8c79c0d6 100644
--- a/wqflask/wqflask/templates/oauth2/data-list-phenotype.html
+++ b/wqflask/wqflask/templates/oauth2/data-list-phenotype.html
@@ -15,7 +15,7 @@
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("data", logged_in, user_privileges)}}
+ {{profile_nav("data", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/data-list.html b/wqflask/wqflask/templates/oauth2/data-list.html
index e48b57a3..8a8f6694 100644
--- a/wqflask/wqflask/templates/oauth2/data-list.html
+++ b/wqflask/wqflask/templates/oauth2/data-list.html
@@ -4,7 +4,7 @@
{%block title%}Link Data{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("data", logged_in, user_privileges)}}
+ {{profile_nav("data", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/group.html b/wqflask/wqflask/templates/oauth2/group.html
index 434d9d0c..f4c29d18 100644
--- a/wqflask/wqflask/templates/oauth2/group.html
+++ b/wqflask/wqflask/templates/oauth2/group.html
@@ -4,7 +4,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("group", logged_in, user_privileges)}}
+ {{profile_nav("group", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/group_join_or_create.html b/wqflask/wqflask/templates/oauth2/group_join_or_create.html
index 0209cd15..8255d2f8 100644
--- a/wqflask/wqflask/templates/oauth2/group_join_or_create.html
+++ b/wqflask/wqflask/templates/oauth2/group_join_or_create.html
@@ -7,7 +7,7 @@
{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("group", logged_in, user_privileges)}}
+ {{profile_nav("group", user_privileges)}}
<h3>Join or Create Group</h3>
diff --git a/wqflask/wqflask/templates/oauth2/join-requests.html b/wqflask/wqflask/templates/oauth2/join-requests.html
index 350b7fe0..833b4e93 100644
--- a/wqflask/wqflask/templates/oauth2/join-requests.html
+++ b/wqflask/wqflask/templates/oauth2/join-requests.html
@@ -4,7 +4,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("group", logged_in, user_privileges)}}
+ {{profile_nav("group", user_privileges)}}
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/list_roles.html b/wqflask/wqflask/templates/oauth2/list_roles.html
index fe8d77cf..a4061fca 100644
--- a/wqflask/wqflask/templates/oauth2/list_roles.html
+++ b/wqflask/wqflask/templates/oauth2/list_roles.html
@@ -4,7 +4,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("roles", logged_in, user_privileges)}}
+ {{profile_nav("roles", user_privileges)}}
<h3>Roles</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/profile_nav.html b/wqflask/wqflask/templates/oauth2/profile_nav.html
index c8d018fd..0a61c40f 100644
--- a/wqflask/wqflask/templates/oauth2/profile_nav.html
+++ b/wqflask/wqflask/templates/oauth2/profile_nav.html
@@ -1,4 +1,4 @@
-{%macro profile_nav(calling_page, logged_in, user_privileges)%}
+{%macro profile_nav(calling_page, user_privileges)%}
<ul class="nav nav-pills">
@@ -40,7 +40,7 @@
{%endif%}
<li role="presentation">
- {%if logged_in:%}
+ {%if logged_in():%}
<a href="{{url_for('oauth2.user.logout')}}">Logout</a>
{%else%}
<a href="{{url_for('oauth2.user.login')}}">Login</a>
diff --git a/wqflask/wqflask/templates/oauth2/request_error.html b/wqflask/wqflask/templates/oauth2/request_error.html
index 1c087846..e6ed5fff 100644
--- a/wqflask/wqflask/templates/oauth2/request_error.html
+++ b/wqflask/wqflask/templates/oauth2/request_error.html
@@ -3,7 +3,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("error", logged_in, user_privileges)}}
+ {{profile_nav("error", user_privileges)}}
<h3>ERROR</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/resources.html b/wqflask/wqflask/templates/oauth2/resources.html
index f0348cdc..0a9ea8fd 100644
--- a/wqflask/wqflask/templates/oauth2/resources.html
+++ b/wqflask/wqflask/templates/oauth2/resources.html
@@ -3,7 +3,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("resources", logged_in, user_privileges)}}
+ {{profile_nav("resources", user_privileges)}}
<h3>Resources</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/role.html b/wqflask/wqflask/templates/oauth2/role.html
index acbfa944..a77d5f23 100644
--- a/wqflask/wqflask/templates/oauth2/role.html
+++ b/wqflask/wqflask/templates/oauth2/role.html
@@ -3,7 +3,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("roles", logged_in, user_privileges)}}
+ {{profile_nav("roles", user_privileges)}}
<h3>Role: {{role.role_name}}</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html
index efc8fd75..5da023bf 100644
--- a/wqflask/wqflask/templates/oauth2/view-group-role.html
+++ b/wqflask/wqflask/templates/oauth2/view-group-role.html
@@ -4,7 +4,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("roles", logged_in, user_privileges)}}
+ {{profile_nav("roles", user_privileges)}}
<h3>View Group Role</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html
index 873c3651..70580b71 100644
--- a/wqflask/wqflask/templates/oauth2/view-resource.html
+++ b/wqflask/wqflask/templates/oauth2/view-resource.html
@@ -4,7 +4,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("resources", logged_in, user_privileges)}}
+ {{profile_nav("resources", user_privileges)}}
<h3>Resources</h3>
{{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/view-user.html b/wqflask/wqflask/templates/oauth2/view-user.html
index 202e8730..34526b14 100644
--- a/wqflask/wqflask/templates/oauth2/view-user.html
+++ b/wqflask/wqflask/templates/oauth2/view-user.html
@@ -3,7 +3,7 @@
{%block title%}View User{%endblock%}
{%block content%}
<div class="container" style="min-width: 1250px;">
- {{profile_nav("dashboard", logged_in, user_privileges)}}
+ {{profile_nav("dashboard", user_privileges)}}
<h3>View User</h3>
{{flash_me()}}