From 2babf1077277d6654203f642994866007aff3509 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 9 May 2023 13:19:50 +0300
Subject: Integrate OAuth2 auth with GN2 UI

Update the templates to make use of the OAuth2 authentication rather
than the older authentication that used Redis.
---
 wqflask/wqflask/__init__.py                        |  7 ++++-
 wqflask/wqflask/oauth2/checks.py                   |  3 +-
 wqflask/wqflask/oauth2/request_utils.py            | 14 +++++++--
 wqflask/wqflask/oauth2/toplevel.py                 |  6 ++--
 wqflask/wqflask/oauth2/ui.py                       |  2 +-
 wqflask/wqflask/templates/base.html                | 33 ++++++++++++++++++----
 .../wqflask/templates/oauth2/create-resource.html  |  2 +-
 wqflask/wqflask/templates/oauth2/create-role.html  |  2 +-
 .../templates/oauth2/data-list-genotype.html       |  2 +-
 .../wqflask/templates/oauth2/data-list-mrna.html   |  2 +-
 .../templates/oauth2/data-list-phenotype.html      |  2 +-
 wqflask/wqflask/templates/oauth2/data-list.html    |  2 +-
 wqflask/wqflask/templates/oauth2/group.html        |  2 +-
 .../templates/oauth2/group_join_or_create.html     |  2 +-
 .../wqflask/templates/oauth2/join-requests.html    |  2 +-
 wqflask/wqflask/templates/oauth2/list_roles.html   |  2 +-
 wqflask/wqflask/templates/oauth2/profile_nav.html  |  4 +--
 .../wqflask/templates/oauth2/request_error.html    |  2 +-
 wqflask/wqflask/templates/oauth2/resources.html    |  2 +-
 wqflask/wqflask/templates/oauth2/role.html         |  2 +-
 .../wqflask/templates/oauth2/view-group-role.html  |  2 +-
 .../wqflask/templates/oauth2/view-resource.html    |  2 +-
 wqflask/wqflask/templates/oauth2/view-user.html    |  2 +-
 23 files changed, 69 insertions(+), 32 deletions(-)

(limited to 'wqflask')

diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py
index 66ed0e91..38a69d33 100644
--- a/wqflask/wqflask/__init__.py
+++ b/wqflask/wqflask/__init__.py
@@ -31,6 +31,8 @@ from wqflask.api.markdown import blogs_blueprint
 from wqflask.api.markdown import news_blueprint
 from wqflask.api.jobs import jobs as jobs_bp
 from wqflask.oauth2.routes import oauth2
+from wqflask.oauth2.checks import user_logged_in
+from wqflask.oauth2.request_utils import user_details, authserver_authorise_uri
 
 from wqflask.jupyter_notebooks import jupyter_notebooks
 
@@ -50,7 +52,10 @@ app.config["DB_PORT"] = DB_PORT
 
 app.jinja_env.globals.update(
     undefined=jinja2.StrictUndefined,
-    numify=formatting.numify)
+    numify=formatting.numify,
+    logged_in=user_logged_in,
+    authserver_authorise_uri=authserver_authorise_uri,
+    user_details=user_details)
 
 app.config["SESSION_REDIS"] = redis.from_url(app.config["REDIS_URL"])
 
diff --git a/wqflask/wqflask/oauth2/checks.py b/wqflask/wqflask/oauth2/checks.py
index e6859c4a..c60ab1de 100644
--- a/wqflask/wqflask/oauth2/checks.py
+++ b/wqflask/wqflask/oauth2/checks.py
@@ -29,6 +29,7 @@ def require_oauth2(func):
             session.pop("user_details", None)
 
         flash("You need to be logged in.", "alert-warning")
-        return redirect(url_for("oauth2.user.login", next=request.endpoint))
+        # return redirect(url_for("oauth2.user.login", next=request.endpoint))
+        return redirect("/")
 
     return __token_valid__
diff --git a/wqflask/wqflask/oauth2/request_utils.py b/wqflask/wqflask/oauth2/request_utils.py
index 0cd1697b..ac21e223 100644
--- a/wqflask/wqflask/oauth2/request_utils.py
+++ b/wqflask/wqflask/oauth2/request_utils.py
@@ -1,12 +1,22 @@
 """General request utilities"""
 from typing import Optional
+from urllib.parse import urljoin, urlparse
 
 import simplejson
 from flask import (
-    flash, session, url_for, redirect, Response, render_template,
+    flash, request, session, url_for, redirect, Response, render_template,
     current_app as app)
 
-from .client import oauth2_get
+from .client import SCOPE, oauth2_get
+
+def authserver_authorise_uri():
+    req_baseurl = urlparse(request.base_url)
+    host_uri = f"{req_baseurl.scheme}://{req_baseurl.netloc}/"
+    return urljoin(
+        app.config["GN_SERVER_URL"],
+        "oauth2/authorise?response_type=code"
+        f"&client_id={app.config['OAUTH2_CLIENT_ID']}"
+        f"&redirect_uri={urljoin(host_uri, 'oauth2/code')}")
 
 def raise_unimplemented():
     raise Exception("NOT IMPLEMENTED")
diff --git a/wqflask/wqflask/oauth2/toplevel.py b/wqflask/wqflask/oauth2/toplevel.py
index df2ff0aa..109ed06c 100644
--- a/wqflask/wqflask/oauth2/toplevel.py
+++ b/wqflask/wqflask/oauth2/toplevel.py
@@ -4,15 +4,12 @@ from flask import (
     flash, request, session, Blueprint, url_for, redirect, render_template,
     current_app as app)
 
-from .client import no_token_post
+from .client import SCOPE, no_token_post
 from .request_utils import process_error
 from .checks import require_oauth2, user_logged_in
 
 toplevel = Blueprint("toplevel", __name__)
 
-
-
-
 @toplevel.route("/register-client", methods=["GET", "POST"])
 @require_oauth2
 def register_client():
@@ -36,6 +33,7 @@ def authorisation_code():
         request_data = {
             "grant_type": "authorization_code",
             "code": code,
+            "scope": SCOPE,
             "redirect_uri": urljoin(
                 request.base_url,
                 url_for("oauth2.toplevel.authorisation_code")),
diff --git a/wqflask/wqflask/oauth2/ui.py b/wqflask/wqflask/oauth2/ui.py
index 4fdbe869..c5ea1468 100644
--- a/wqflask/wqflask/oauth2/ui.py
+++ b/wqflask/wqflask/oauth2/ui.py
@@ -6,7 +6,7 @@ from .request_utils import process_error
 
 def render_ui(templatepath: str, **kwargs):
     """Handle repetitive UI rendering stuff."""
-    logged_in = ("oauth2_token" in session and bool(session["oauth2_token"]))
+    logged_in = lambda: ("oauth2_token" in session and bool(session["oauth2_token"]))
     roles = kwargs.get("roles", tuple()) # Get roles if already provided
     if logged_in and not bool(roles): # If not, try fetching them
         roles_results = oauth2_get("oauth2/user/roles").either(
diff --git a/wqflask/wqflask/templates/base.html b/wqflask/wqflask/templates/base.html
index 518510de..38819240 100644
--- a/wqflask/wqflask/templates/base.html
+++ b/wqflask/wqflask/templates/base.html
@@ -162,14 +162,37 @@
                         </ul>
                     </li>
                     {% endif %}
+                    <!-- <li class=""> -->
+                    <!--     {% if g.user_session.logged_in %} -->
+                    <!--     <a id="login_out" title="Signed in as {{ g.user_session.user_name }}" href="/n/logout">Sign out</a> -->
+                    <!--     {% else %} -->
+                    <!--     <a id="login_in" href="/n/login">Sign in</a> -->
+                    <!--     {% endif %} -->
+                    <!-- </li> -->
                     <li class="">
-                        {% if g.user_session.logged_in %}
-                        <a id="login_out" title="Signed in as {{ g.user_session.user_name }}" href="/n/logout">Sign out</a>
-                        {% else %}
-                        <a id="login_in" href="/n/login">Sign in</a>
-                        {% endif %}
+                      {%if logged_in()%}
+		      {%if user_details is mapping%}
+		      {%set user_dets = user_details%}
+		      {%else%}
+		      {%set user_dets = user_details()%}
+		      {%endif%}
+                      <a id="login_out"
+			   title="Signed in as {{user_dets.name}}({{user_dets.email}})"
+			   href="{{url_for('oauth2.user.logout')}}">Sign out</a>
+                        {%else%}
+                        <a id="login_in" href="{{authserver_authorise_uri()}}">Sign in</a>
+                        {%endif%}
                     </li>
                     {% endif %}
+
+		    {%if logged_in()%}
+		    <li class="">
+		      <a id="user:profile" title="User's profile page."
+			 href="{{url_for('oauth2.user.user_profile')}}">
+			Profile
+		      </a>
+		    </li>
+		    {%endif%}
                     <!--
                         <li style="margin-left: 20px;">
                             <a href="http://gn2-staging.genenetwork.org" style="font-weight: bold;" >Use Staging Branch</a>
diff --git a/wqflask/wqflask/templates/oauth2/create-resource.html b/wqflask/wqflask/templates/oauth2/create-resource.html
index 817f18fe..4cac7ce2 100644
--- a/wqflask/wqflask/templates/oauth2/create-resource.html
+++ b/wqflask/wqflask/templates/oauth2/create-resource.html
@@ -8,7 +8,7 @@
 
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("resources", logged_in, user_privileges)}}
+  {{profile_nav("resources", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/create-role.html b/wqflask/wqflask/templates/oauth2/create-role.html
index 27532f82..f2bff7b4 100644
--- a/wqflask/wqflask/templates/oauth2/create-role.html
+++ b/wqflask/wqflask/templates/oauth2/create-role.html
@@ -4,7 +4,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("roles", logged_in, user_privileges)}}
+  {{profile_nav("roles", user_privileges)}}
   <h3>Create Role</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/data-list-genotype.html b/wqflask/wqflask/templates/oauth2/data-list-genotype.html
index c1d79e33..c780a583 100644
--- a/wqflask/wqflask/templates/oauth2/data-list-genotype.html
+++ b/wqflask/wqflask/templates/oauth2/data-list-genotype.html
@@ -14,7 +14,7 @@
 
 {%block content%}
 <div class="container" style="width: 98%;">
-  {{profile_nav("data", logged_in, user_privileges)}}
+  {{profile_nav("data", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/data-list-mrna.html b/wqflask/wqflask/templates/oauth2/data-list-mrna.html
index 5c21957d..0e163235 100644
--- a/wqflask/wqflask/templates/oauth2/data-list-mrna.html
+++ b/wqflask/wqflask/templates/oauth2/data-list-mrna.html
@@ -14,7 +14,7 @@
 
 {%block content%}
 <div class="container" style="width: 98%;">
-  {{profile_nav("data", logged_in, user_privileges)}}
+  {{profile_nav("data", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/data-list-phenotype.html b/wqflask/wqflask/templates/oauth2/data-list-phenotype.html
index a8f50a39..8c79c0d6 100644
--- a/wqflask/wqflask/templates/oauth2/data-list-phenotype.html
+++ b/wqflask/wqflask/templates/oauth2/data-list-phenotype.html
@@ -15,7 +15,7 @@
 {%block content%}
 
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("data", logged_in, user_privileges)}}
+  {{profile_nav("data", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/data-list.html b/wqflask/wqflask/templates/oauth2/data-list.html
index e48b57a3..8a8f6694 100644
--- a/wqflask/wqflask/templates/oauth2/data-list.html
+++ b/wqflask/wqflask/templates/oauth2/data-list.html
@@ -4,7 +4,7 @@
 {%block title%}Link Data{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("data", logged_in, user_privileges)}}
+  {{profile_nav("data", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/group.html b/wqflask/wqflask/templates/oauth2/group.html
index 434d9d0c..f4c29d18 100644
--- a/wqflask/wqflask/templates/oauth2/group.html
+++ b/wqflask/wqflask/templates/oauth2/group.html
@@ -4,7 +4,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("group", logged_in, user_privileges)}}
+  {{profile_nav("group", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/group_join_or_create.html b/wqflask/wqflask/templates/oauth2/group_join_or_create.html
index 0209cd15..8255d2f8 100644
--- a/wqflask/wqflask/templates/oauth2/group_join_or_create.html
+++ b/wqflask/wqflask/templates/oauth2/group_join_or_create.html
@@ -7,7 +7,7 @@
 {%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("group", logged_in, user_privileges)}}
+  {{profile_nav("group", user_privileges)}}
 
   <h3>Join or Create Group</h3>
 
diff --git a/wqflask/wqflask/templates/oauth2/join-requests.html b/wqflask/wqflask/templates/oauth2/join-requests.html
index 350b7fe0..833b4e93 100644
--- a/wqflask/wqflask/templates/oauth2/join-requests.html
+++ b/wqflask/wqflask/templates/oauth2/join-requests.html
@@ -4,7 +4,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("group", logged_in, user_privileges)}}
+  {{profile_nav("group", user_privileges)}}
 
   {{flash_me()}}
 
diff --git a/wqflask/wqflask/templates/oauth2/list_roles.html b/wqflask/wqflask/templates/oauth2/list_roles.html
index fe8d77cf..a4061fca 100644
--- a/wqflask/wqflask/templates/oauth2/list_roles.html
+++ b/wqflask/wqflask/templates/oauth2/list_roles.html
@@ -4,7 +4,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("roles", logged_in, user_privileges)}}
+  {{profile_nav("roles", user_privileges)}}
   <h3>Roles</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/profile_nav.html b/wqflask/wqflask/templates/oauth2/profile_nav.html
index c8d018fd..0a61c40f 100644
--- a/wqflask/wqflask/templates/oauth2/profile_nav.html
+++ b/wqflask/wqflask/templates/oauth2/profile_nav.html
@@ -1,4 +1,4 @@
-{%macro profile_nav(calling_page, logged_in, user_privileges)%}
+{%macro profile_nav(calling_page, user_privileges)%}
 
 <ul class="nav nav-pills">
 
@@ -40,7 +40,7 @@
   {%endif%}
 
   <li role="presentation">
-    {%if logged_in:%}
+    {%if logged_in():%}
     <a href="{{url_for('oauth2.user.logout')}}">Logout</a>
     {%else%}
     <a href="{{url_for('oauth2.user.login')}}">Login</a>
diff --git a/wqflask/wqflask/templates/oauth2/request_error.html b/wqflask/wqflask/templates/oauth2/request_error.html
index 1c087846..e6ed5fff 100644
--- a/wqflask/wqflask/templates/oauth2/request_error.html
+++ b/wqflask/wqflask/templates/oauth2/request_error.html
@@ -3,7 +3,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("error", logged_in, user_privileges)}}
+  {{profile_nav("error", user_privileges)}}
   <h3>ERROR</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/resources.html b/wqflask/wqflask/templates/oauth2/resources.html
index f0348cdc..0a9ea8fd 100644
--- a/wqflask/wqflask/templates/oauth2/resources.html
+++ b/wqflask/wqflask/templates/oauth2/resources.html
@@ -3,7 +3,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("resources", logged_in, user_privileges)}}
+  {{profile_nav("resources", user_privileges)}}
   <h3>Resources</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/role.html b/wqflask/wqflask/templates/oauth2/role.html
index acbfa944..a77d5f23 100644
--- a/wqflask/wqflask/templates/oauth2/role.html
+++ b/wqflask/wqflask/templates/oauth2/role.html
@@ -3,7 +3,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("roles", logged_in, user_privileges)}}
+  {{profile_nav("roles", user_privileges)}}
   <h3>Role: {{role.role_name}}</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html
index efc8fd75..5da023bf 100644
--- a/wqflask/wqflask/templates/oauth2/view-group-role.html
+++ b/wqflask/wqflask/templates/oauth2/view-group-role.html
@@ -4,7 +4,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("roles", logged_in, user_privileges)}}
+  {{profile_nav("roles", user_privileges)}}
   <h3>View Group Role</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html
index 873c3651..70580b71 100644
--- a/wqflask/wqflask/templates/oauth2/view-resource.html
+++ b/wqflask/wqflask/templates/oauth2/view-resource.html
@@ -4,7 +4,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("resources", logged_in, user_privileges)}}
+  {{profile_nav("resources", user_privileges)}}
   <h3>Resources</h3>
 
   {{flash_me()}}
diff --git a/wqflask/wqflask/templates/oauth2/view-user.html b/wqflask/wqflask/templates/oauth2/view-user.html
index 202e8730..34526b14 100644
--- a/wqflask/wqflask/templates/oauth2/view-user.html
+++ b/wqflask/wqflask/templates/oauth2/view-user.html
@@ -3,7 +3,7 @@
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("dashboard", logged_in, user_privileges)}}
+  {{profile_nav("dashboard", user_privileges)}}
   <h3>View User</h3>
 
   {{flash_me()}}
-- 
cgit v1.2.3