diff options
author | Frederick Muriuki Muriithi | 2023-05-09 13:19:50 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2023-05-09 13:19:50 +0300 |
commit | 2babf1077277d6654203f642994866007aff3509 (patch) | |
tree | e45f5e9da5bf7e8413a834903b37b7a4cd58804c | |
parent | b6a36068c3c1b94dcbe7906a90695b102c063796 (diff) | |
download | genenetwork2-2babf1077277d6654203f642994866007aff3509.tar.gz |
Integrate OAuth2 auth with GN2 UIhook-up-auth-to-traits-page
Update the templates to make use of the OAuth2 authentication rather
than the older authentication that used Redis.
23 files changed, 69 insertions, 32 deletions
diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py index 66ed0e91..38a69d33 100644 --- a/wqflask/wqflask/__init__.py +++ b/wqflask/wqflask/__init__.py @@ -31,6 +31,8 @@ from wqflask.api.markdown import blogs_blueprint from wqflask.api.markdown import news_blueprint from wqflask.api.jobs import jobs as jobs_bp from wqflask.oauth2.routes import oauth2 +from wqflask.oauth2.checks import user_logged_in +from wqflask.oauth2.request_utils import user_details, authserver_authorise_uri from wqflask.jupyter_notebooks import jupyter_notebooks @@ -50,7 +52,10 @@ app.config["DB_PORT"] = DB_PORT app.jinja_env.globals.update( undefined=jinja2.StrictUndefined, - numify=formatting.numify) + numify=formatting.numify, + logged_in=user_logged_in, + authserver_authorise_uri=authserver_authorise_uri, + user_details=user_details) app.config["SESSION_REDIS"] = redis.from_url(app.config["REDIS_URL"]) diff --git a/wqflask/wqflask/oauth2/checks.py b/wqflask/wqflask/oauth2/checks.py index e6859c4a..c60ab1de 100644 --- a/wqflask/wqflask/oauth2/checks.py +++ b/wqflask/wqflask/oauth2/checks.py @@ -29,6 +29,7 @@ def require_oauth2(func): session.pop("user_details", None) flash("You need to be logged in.", "alert-warning") - return redirect(url_for("oauth2.user.login", next=request.endpoint)) + # return redirect(url_for("oauth2.user.login", next=request.endpoint)) + return redirect("/") return __token_valid__ diff --git a/wqflask/wqflask/oauth2/request_utils.py b/wqflask/wqflask/oauth2/request_utils.py index 0cd1697b..ac21e223 100644 --- a/wqflask/wqflask/oauth2/request_utils.py +++ b/wqflask/wqflask/oauth2/request_utils.py @@ -1,12 +1,22 @@ """General request utilities""" from typing import Optional +from urllib.parse import urljoin, urlparse import simplejson from flask import ( - flash, session, url_for, redirect, Response, render_template, + flash, request, session, url_for, redirect, Response, render_template, current_app as app) -from .client import oauth2_get +from .client import SCOPE, oauth2_get + +def authserver_authorise_uri(): + req_baseurl = urlparse(request.base_url) + host_uri = f"{req_baseurl.scheme}://{req_baseurl.netloc}/" + return urljoin( + app.config["GN_SERVER_URL"], + "oauth2/authorise?response_type=code" + f"&client_id={app.config['OAUTH2_CLIENT_ID']}" + f"&redirect_uri={urljoin(host_uri, 'oauth2/code')}") def raise_unimplemented(): raise Exception("NOT IMPLEMENTED") diff --git a/wqflask/wqflask/oauth2/toplevel.py b/wqflask/wqflask/oauth2/toplevel.py index df2ff0aa..109ed06c 100644 --- a/wqflask/wqflask/oauth2/toplevel.py +++ b/wqflask/wqflask/oauth2/toplevel.py @@ -4,15 +4,12 @@ from flask import ( flash, request, session, Blueprint, url_for, redirect, render_template, current_app as app) -from .client import no_token_post +from .client import SCOPE, no_token_post from .request_utils import process_error from .checks import require_oauth2, user_logged_in toplevel = Blueprint("toplevel", __name__) - - - @toplevel.route("/register-client", methods=["GET", "POST"]) @require_oauth2 def register_client(): @@ -36,6 +33,7 @@ def authorisation_code(): request_data = { "grant_type": "authorization_code", "code": code, + "scope": SCOPE, "redirect_uri": urljoin( request.base_url, url_for("oauth2.toplevel.authorisation_code")), diff --git a/wqflask/wqflask/oauth2/ui.py b/wqflask/wqflask/oauth2/ui.py index 4fdbe869..c5ea1468 100644 --- a/wqflask/wqflask/oauth2/ui.py +++ b/wqflask/wqflask/oauth2/ui.py @@ -6,7 +6,7 @@ from .request_utils import process_error def render_ui(templatepath: str, **kwargs): """Handle repetitive UI rendering stuff.""" - logged_in = ("oauth2_token" in session and bool(session["oauth2_token"])) + logged_in = lambda: ("oauth2_token" in session and bool(session["oauth2_token"])) roles = kwargs.get("roles", tuple()) # Get roles if already provided if logged_in and not bool(roles): # If not, try fetching them roles_results = oauth2_get("oauth2/user/roles").either( diff --git a/wqflask/wqflask/templates/base.html b/wqflask/wqflask/templates/base.html index 518510de..38819240 100644 --- a/wqflask/wqflask/templates/base.html +++ b/wqflask/wqflask/templates/base.html @@ -162,14 +162,37 @@ </ul> </li> {% endif %} + <!-- <li class=""> --> + <!-- {% if g.user_session.logged_in %} --> + <!-- <a id="login_out" title="Signed in as {{ g.user_session.user_name }}" href="/n/logout">Sign out</a> --> + <!-- {% else %} --> + <!-- <a id="login_in" href="/n/login">Sign in</a> --> + <!-- {% endif %} --> + <!-- </li> --> <li class=""> - {% if g.user_session.logged_in %} - <a id="login_out" title="Signed in as {{ g.user_session.user_name }}" href="/n/logout">Sign out</a> - {% else %} - <a id="login_in" href="/n/login">Sign in</a> - {% endif %} + {%if logged_in()%} + {%if user_details is mapping%} + {%set user_dets = user_details%} + {%else%} + {%set user_dets = user_details()%} + {%endif%} + <a id="login_out" + title="Signed in as {{user_dets.name}}({{user_dets.email}})" + href="{{url_for('oauth2.user.logout')}}">Sign out</a> + {%else%} + <a id="login_in" href="{{authserver_authorise_uri()}}">Sign in</a> + {%endif%} </li> {% endif %} + + {%if logged_in()%} + <li class=""> + <a id="user:profile" title="User's profile page." + href="{{url_for('oauth2.user.user_profile')}}"> + Profile + </a> + </li> + {%endif%} <!-- <li style="margin-left: 20px;"> <a href="http://gn2-staging.genenetwork.org" style="font-weight: bold;" >Use Staging Branch</a> diff --git a/wqflask/wqflask/templates/oauth2/create-resource.html b/wqflask/wqflask/templates/oauth2/create-resource.html index 817f18fe..4cac7ce2 100644 --- a/wqflask/wqflask/templates/oauth2/create-resource.html +++ b/wqflask/wqflask/templates/oauth2/create-resource.html @@ -8,7 +8,7 @@ {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("resources", logged_in, user_privileges)}} + {{profile_nav("resources", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/create-role.html b/wqflask/wqflask/templates/oauth2/create-role.html index 27532f82..f2bff7b4 100644 --- a/wqflask/wqflask/templates/oauth2/create-role.html +++ b/wqflask/wqflask/templates/oauth2/create-role.html @@ -4,7 +4,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("roles", logged_in, user_privileges)}} + {{profile_nav("roles", user_privileges)}} <h3>Create Role</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/data-list-genotype.html b/wqflask/wqflask/templates/oauth2/data-list-genotype.html index c1d79e33..c780a583 100644 --- a/wqflask/wqflask/templates/oauth2/data-list-genotype.html +++ b/wqflask/wqflask/templates/oauth2/data-list-genotype.html @@ -14,7 +14,7 @@ {%block content%} <div class="container" style="width: 98%;"> - {{profile_nav("data", logged_in, user_privileges)}} + {{profile_nav("data", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/data-list-mrna.html b/wqflask/wqflask/templates/oauth2/data-list-mrna.html index 5c21957d..0e163235 100644 --- a/wqflask/wqflask/templates/oauth2/data-list-mrna.html +++ b/wqflask/wqflask/templates/oauth2/data-list-mrna.html @@ -14,7 +14,7 @@ {%block content%} <div class="container" style="width: 98%;"> - {{profile_nav("data", logged_in, user_privileges)}} + {{profile_nav("data", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/data-list-phenotype.html b/wqflask/wqflask/templates/oauth2/data-list-phenotype.html index a8f50a39..8c79c0d6 100644 --- a/wqflask/wqflask/templates/oauth2/data-list-phenotype.html +++ b/wqflask/wqflask/templates/oauth2/data-list-phenotype.html @@ -15,7 +15,7 @@ {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("data", logged_in, user_privileges)}} + {{profile_nav("data", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/data-list.html b/wqflask/wqflask/templates/oauth2/data-list.html index e48b57a3..8a8f6694 100644 --- a/wqflask/wqflask/templates/oauth2/data-list.html +++ b/wqflask/wqflask/templates/oauth2/data-list.html @@ -4,7 +4,7 @@ {%block title%}Link Data{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("data", logged_in, user_privileges)}} + {{profile_nav("data", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/group.html b/wqflask/wqflask/templates/oauth2/group.html index 434d9d0c..f4c29d18 100644 --- a/wqflask/wqflask/templates/oauth2/group.html +++ b/wqflask/wqflask/templates/oauth2/group.html @@ -4,7 +4,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("group", logged_in, user_privileges)}} + {{profile_nav("group", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/group_join_or_create.html b/wqflask/wqflask/templates/oauth2/group_join_or_create.html index 0209cd15..8255d2f8 100644 --- a/wqflask/wqflask/templates/oauth2/group_join_or_create.html +++ b/wqflask/wqflask/templates/oauth2/group_join_or_create.html @@ -7,7 +7,7 @@ {%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("group", logged_in, user_privileges)}} + {{profile_nav("group", user_privileges)}} <h3>Join or Create Group</h3> diff --git a/wqflask/wqflask/templates/oauth2/join-requests.html b/wqflask/wqflask/templates/oauth2/join-requests.html index 350b7fe0..833b4e93 100644 --- a/wqflask/wqflask/templates/oauth2/join-requests.html +++ b/wqflask/wqflask/templates/oauth2/join-requests.html @@ -4,7 +4,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("group", logged_in, user_privileges)}} + {{profile_nav("group", user_privileges)}} {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/list_roles.html b/wqflask/wqflask/templates/oauth2/list_roles.html index fe8d77cf..a4061fca 100644 --- a/wqflask/wqflask/templates/oauth2/list_roles.html +++ b/wqflask/wqflask/templates/oauth2/list_roles.html @@ -4,7 +4,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("roles", logged_in, user_privileges)}} + {{profile_nav("roles", user_privileges)}} <h3>Roles</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/profile_nav.html b/wqflask/wqflask/templates/oauth2/profile_nav.html index c8d018fd..0a61c40f 100644 --- a/wqflask/wqflask/templates/oauth2/profile_nav.html +++ b/wqflask/wqflask/templates/oauth2/profile_nav.html @@ -1,4 +1,4 @@ -{%macro profile_nav(calling_page, logged_in, user_privileges)%} +{%macro profile_nav(calling_page, user_privileges)%} <ul class="nav nav-pills"> @@ -40,7 +40,7 @@ {%endif%} <li role="presentation"> - {%if logged_in:%} + {%if logged_in():%} <a href="{{url_for('oauth2.user.logout')}}">Logout</a> {%else%} <a href="{{url_for('oauth2.user.login')}}">Login</a> diff --git a/wqflask/wqflask/templates/oauth2/request_error.html b/wqflask/wqflask/templates/oauth2/request_error.html index 1c087846..e6ed5fff 100644 --- a/wqflask/wqflask/templates/oauth2/request_error.html +++ b/wqflask/wqflask/templates/oauth2/request_error.html @@ -3,7 +3,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("error", logged_in, user_privileges)}} + {{profile_nav("error", user_privileges)}} <h3>ERROR</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/resources.html b/wqflask/wqflask/templates/oauth2/resources.html index f0348cdc..0a9ea8fd 100644 --- a/wqflask/wqflask/templates/oauth2/resources.html +++ b/wqflask/wqflask/templates/oauth2/resources.html @@ -3,7 +3,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("resources", logged_in, user_privileges)}} + {{profile_nav("resources", user_privileges)}} <h3>Resources</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/role.html b/wqflask/wqflask/templates/oauth2/role.html index acbfa944..a77d5f23 100644 --- a/wqflask/wqflask/templates/oauth2/role.html +++ b/wqflask/wqflask/templates/oauth2/role.html @@ -3,7 +3,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("roles", logged_in, user_privileges)}} + {{profile_nav("roles", user_privileges)}} <h3>Role: {{role.role_name}}</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html index efc8fd75..5da023bf 100644 --- a/wqflask/wqflask/templates/oauth2/view-group-role.html +++ b/wqflask/wqflask/templates/oauth2/view-group-role.html @@ -4,7 +4,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("roles", logged_in, user_privileges)}} + {{profile_nav("roles", user_privileges)}} <h3>View Group Role</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html index 873c3651..70580b71 100644 --- a/wqflask/wqflask/templates/oauth2/view-resource.html +++ b/wqflask/wqflask/templates/oauth2/view-resource.html @@ -4,7 +4,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("resources", logged_in, user_privileges)}} + {{profile_nav("resources", user_privileges)}} <h3>Resources</h3> {{flash_me()}} diff --git a/wqflask/wqflask/templates/oauth2/view-user.html b/wqflask/wqflask/templates/oauth2/view-user.html index 202e8730..34526b14 100644 --- a/wqflask/wqflask/templates/oauth2/view-user.html +++ b/wqflask/wqflask/templates/oauth2/view-user.html @@ -3,7 +3,7 @@ {%block title%}View User{%endblock%} {%block content%} <div class="container" style="min-width: 1250px;"> - {{profile_nav("dashboard", logged_in, user_privileges)}} + {{profile_nav("dashboard", user_privileges)}} <h3>View User</h3> {{flash_me()}} |