Merge branch 'testing' into build/python3-migration

author: BonfaceKilz 2020-09-17 16:07:01 +0300
committer: BonfaceKilz 2020-09-17 16:07:01 +0300
commit: 81f6c22573db69e8ab0d2b831fc659147a839bbd (patch)
tree: 59cea49c4e8ed05dab9a26b6835492b1ebe85d17 /wqflask/utility
parent: 90475fed0b2d1bd192a641bd417f6dfef79653d0 (diff)
parent: 8da6a70916d2cf18e476ab0adf47f802c481205d (diff)
download: genenetwork2-81f6c22573db69e8ab0d2b831fc659147a839bbd.tar.gz
3 files changed, 29 insertions, 21 deletions
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index c52ebafa..390ad75a 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -7,33 +7,31 @@ from utility import hmac
 from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id, add_resource
 Redis = get_redis_conn()
 
-from flask import Flask, g, redirect, url_for
 
-import logging
-logger = logging.getLogger(__name__ )
+logger = logging.getLogger(__name__)
+
 
 def check_resource_availability(dataset, trait_id=None):
 
-    #At least for now assume temporary entered traits are accessible
-    if isinstance(dataset, str):
-        return webqtlConfig.DEFAULT_PRIVILEGES
-    if dataset.type == "Temp":
+    # At least for now assume temporary entered traits are accessible
+    if type(dataset) == str or dataset.type == "Temp":
         return webqtlConfig.DEFAULT_PRIVILEGES
 
     resource_id = get_resource_id(dataset, trait_id)
 
-    if resource_id: #ZS: This should never be false, but it's technically possible if a non-Temp dataset somehow had a type other than Publish/ProbeSet/Geno
+    if resource_id:  # ZS: This should never be false, but it's technically possible if a non-Temp dataset somehow had a type other than Publish/ProbeSet/Geno
         resource_info = get_resource_info(resource_id)
-        if not resource_info: #ZS: If resource isn't already in redis, add it with default privileges
+        if not resource_info:  # ZS: If resource isn't already in redis, add it with default privileges
             resource_info = add_new_resource(dataset, trait_id)
 
-    #ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
+    # ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
     if g.user_session.user_id in Redis.smembers("super_users"):
-       return webqtlConfig.SUPER_PRIVILEGES
+        return webqtlConfig.SUPER_PRIVILEGES
 
     response = None
 
-    the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    the_url = "http://localhost:8080/available?resource={}&user={}".format(
+        resource_id, g.user_session.user_id)
     try:
         response = json.loads(requests.get(the_url).content)
     except:
@@ -41,11 +39,12 @@ def check_resource_availability(dataset, trait_id=None):
 
     return response
 
+
 def add_new_resource(dataset, trait_id=None):
     resource_ob = {
-        'owner_id'    : "none", # webqtlConfig.DEFAULT_OWNER_ID,
+        'owner_id': "none",  # webqtlConfig.DEFAULT_OWNER_ID,
         'default_mask': webqtlConfig.DEFAULT_PRIVILEGES,
-        'group_masks' : {}
+        'group_masks': {}
     }
 
     if dataset.type == "Publish":
@@ -55,7 +54,7 @@ def add_new_resource(dataset, trait_id=None):
         resource_ob['name'] = group_code + "_" + str(trait_id)
         resource_ob['data'] = {
             'dataset': dataset.id,
-            'trait'  : trait_id
+            'trait': trait_id
         }
         resource_ob['type'] = 'dataset-publish'
     elif dataset.type == "Geno":
@@ -75,15 +74,19 @@ def add_new_resource(dataset, trait_id=None):
 
     return resource_info
 
+
 def get_group_code(dataset):
-    results = g.db.execute("SELECT InbredSetCode from InbredSet where Name='{}'".format(dataset.group.name)).fetchone()
+    results = g.db.execute("SELECT InbredSetCode from InbredSet where Name='{}'".format(
+        dataset.group.name)).fetchone()
     if results[0]:
         return results[0]
     else:
         return ""
 
+
 def check_admin(resource_id=None):
-    the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    the_url = "http://localhost:8080/available?resource={}&user={}".format(
+        resource_id, g.user_session.user_id)
     try:
         response = json.loads(requests.get(the_url).content)['admin']
     except:
@@ -97,6 +100,7 @@ def check_admin(resource_id=None):
     else:
         return "not-admin"
 
+
 def check_owner(dataset=None, trait_id=None, resource_id=None):
     if resource_id:
         resource_info = get_resource_info(resource_id)
@@ -111,6 +115,7 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
 
     return False
 
+
 def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
     if not resource_id:
         if dataset.type == "Temp":
diff --git a/wqflask/utility/hmac.py b/wqflask/utility/hmac.py
index aa21c741..10387bb0 100644
--- a/wqflask/utility/hmac.py
+++ b/wqflask/utility/hmac.py
@@ -5,12 +5,12 @@ from flask import url_for
 
 from wqflask import app
 
+
 def hmac_creation(stringy):
     """Helper function to create the actual hmac"""
 
     secret = app.config['SECRET_HMAC_CODE']
-
-    hmaced = hmac.new(bytearray(secret, 'utf8'), bytearray(stringy, 'utf8'), hashlib.sha1)
+    hmaced = hmac.new(secret, stringy, hashlib.sha1)
     hm = hmaced.hexdigest()
     # ZS: Leaving the below comment here to ask Pjotr about
     # "Conventional wisdom is that you don't lose much in terms of security if you throw away up to half of the output."
@@ -18,10 +18,12 @@ def hmac_creation(stringy):
     hm = hm[:20]
     return hm
 
+
 def data_hmac(stringy):
-    """Takes arbitray data string and appends :hmac so we know data hasn't been tampered with"""
+    """Takes arbitrary data string and appends :hmac so we know data hasn't been tampered with"""
     return stringy + ":" + hmac_creation(stringy)
 
+
 def url_for_hmac(endpoint, **values):
     """Like url_for but adds an hmac at the end to insure the url hasn't been tampered with"""
 
@@ -34,5 +36,6 @@ def url_for_hmac(endpoint, **values):
         combiner = "?"
     return url + combiner + "hm=" + hm
 
+
 app.jinja_env.globals.update(url_for_hmac=url_for_hmac,
                              data_hmac=data_hmac)
diff --git a/wqflask/utility/redis_tools.py b/wqflask/utility/redis_tools.py
index 13ac5cfe..4aba2b70 100644
--- a/wqflask/utility/redis_tools.py
+++ b/wqflask/utility/redis_tools.py
@@ -286,7 +286,7 @@ def add_resource(resource_info, update=True):
     else:
         resource_id = hmac.hmac_creation('{}:{}'.format(str(resource_info['type']), str(resource_info['data']['dataset'])))
 
-    if not Redis.hexists("resources", resource_id):
+    if update or not Redis.hexists("resources", resource_id):
         Redis.hset("resources", resource_id, json.dumps(resource_info))
 
     return resource_info
author	BonfaceKilz	2020-09-17 16:07:01 +0300
committer	BonfaceKilz	2020-09-17 16:07:01 +0300
commit	81f6c22573db69e8ab0d2b831fc659147a839bbd (patch)
tree	59cea49c4e8ed05dab9a26b6835492b1ebe85d17 /wqflask/utility
parent	90475fed0b2d1bd192a641bd417f6dfef79653d0 (diff)
parent	8da6a70916d2cf18e476ab0adf47f802c481205d (diff)
download	genenetwork2-81f6c22573db69e8ab0d2b831fc659147a839bbd.tar.gz