aboutsummaryrefslogtreecommitdiff
path: root/gn_auth
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-06-17 10:57:17 -0500
committerFrederick Muriuki Muriithi2024-06-17 10:57:17 -0500
commit03bbb4df4e7a6a6b0bbccfabe8a28b380d12bd80 (patch)
tree41981115fa36a1bf36ba56d012e45da3c69216af /gn_auth
parent9f1b11d2756010647051bf213ceed3f374524bbb (diff)
downloadgn-auth-03bbb4df4e7a6a6b0bbccfabe8a28b380d12bd80.tar.gz
Use the form's json attribute to retrieve sent data
The system uses JSON as the default communication format, so we use the form's json attribute to get any data sent.
Diffstat (limited to 'gn_auth')
-rw-r--r--gn_auth/auth/authorisation/data/views.py8
-rw-r--r--gn_auth/auth/authorisation/resources/groups/views.py16
-rw-r--r--gn_auth/auth/authorisation/resources/views.py10
-rw-r--r--gn_auth/auth/authorisation/users/views.py8
4 files changed, 21 insertions, 21 deletions
diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py
index 83f4e4b..86dafe5 100644
--- a/gn_auth/auth/authorisation/data/views.py
+++ b/gn_auth/auth/authorisation/data/views.py
@@ -186,16 +186,16 @@ def __search_mrna__():
def __request_key__(key: str, default: Any = ""):
if bool(request.json):
return request.json.get(#type: ignore[union-attr]
- key, request.args.get(key, request.form.get(key, default)))
- return request.args.get(key, request.form.get(key, default))
+ key, request.args.get(key, request.json.get(key, default)))
+ return request.args.get(key, request.json.get(key, default))
def __request_key_list__(key: str, default: tuple[Any, ...] = tuple()):
if bool(request.json):
return (request.json.get(key,[])#type: ignore[union-attr]
- or request.args.getlist(key) or request.form.getlist(key)
+ or request.args.getlist(key) or request.json.getlist(key)
or list(default))
return (request.args.getlist(key)
- or request.form.getlist(key) or list(default))
+ or request.json.getlist(key) or list(default))
def __search_genotypes__():
query = __request_key__("query", "")
diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py
index ef6bb0d..beb2b42 100644
--- a/gn_auth/auth/authorisation/resources/groups/views.py
+++ b/gn_auth/auth/authorisation/resources/groups/views.py
@@ -50,7 +50,7 @@ def list_groups():
def create_group():
"""Create a new group."""
with require_oauth.acquire("profile group") as the_token:
- group_name=request.form.get("group_name", "").strip()
+ group_name=request.json.get("group_name", "").strip()
if not bool(group_name):
raise GroupCreationError("Could not create the group.")
@@ -58,7 +58,7 @@ def create_group():
with db.connection(db_uri) as conn:
user = the_token.user
new_group = _create_group(
- conn, group_name, user, request.form.get("group_description"))
+ conn, group_name, user, request.json.get("group_description"))
return jsonify({
**asdict(new_group), "group_leader": asdict(user)
})
@@ -107,7 +107,7 @@ def request_to_join(group_id: uuid.UUID) -> Response:
}
with require_oauth.acquire("profile group") as the_token:
- form = request.form
+ form = request.json
results = with_db_connection(partial(
__request__, user=the_token.user, group_id=group_id, message=form.get(
"message", "I hereby request that you add me to your group.")))
@@ -126,7 +126,7 @@ def list_join_requests() -> Response:
def accept_join_requests() -> Response:
"""Accept a join request."""
with require_oauth.acquire("profile group") as the_token:
- form = request.form
+ form = request.json
request_id = uuid.UUID(form.get("request_id"))
return jsonify(with_db_connection(partial(
accept_reject_join_request, request_id=request_id,
@@ -137,7 +137,7 @@ def accept_join_requests() -> Response:
def reject_join_requests() -> Response:
"""Reject a join request."""
with require_oauth.acquire("profile group") as the_token:
- form = request.form
+ form = request.json
request_id = uuid.UUID(form.get("request_id"))
return jsonify(with_db_connection(partial(
accept_reject_join_request, request_id=request_id,
@@ -268,7 +268,7 @@ def unlinked_data(resource_type: str) -> Response:
def link_data() -> Response:
"""Link selected data to specified group."""
with require_oauth.acquire("profile group resource") as _the_token:
- form = request.form
+ form = request.json
group_id = uuid.UUID(form["group_id"])
dataset_ids = form.getlist("dataset_ids")
dataset_type = form.get("dataset_type")
@@ -322,7 +322,7 @@ def create_group_role():
oauth2_scope="profile group role")
def __create__(conn: db.DbConnection) -> GroupRole:
## TODO: Check user cannot assign any privilege they don't have.
- form = request.form
+ form = request.json
role_name = form.get("role_name", "").strip()
privileges_ids = form.getlist("privileges[]")
if len(role_name) == 0:
@@ -374,7 +374,7 @@ def __add_remove_priv_to_from_role__(conn: db.DbConnection,
raise AuthorisationError(
"You need to be a member of a group to edit roles.")
try:
- privilege_id = request.form.get("privilege_id", "")
+ privilege_id = request.json.get("privilege_id", "")
assert bool(privilege_id), "Privilege to add must be provided."
privileges = privileges_by_ids(conn, (privilege_id,))
if len(privileges) == 0:
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index a98f404..4583346 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -53,7 +53,7 @@ def list_resource_categories() -> Response:
def create_resource() -> Response:
"""Create a new resource"""
with require_oauth.acquire("profile group resource") as the_token:
- form = request.form
+ form = request.json
resource_name = form.get("resource_name")
resource_category_id = UUID(form.get("resource_category"))
db_uri = app.config["AUTH_DB"]
@@ -126,7 +126,7 @@ def view_resource_data(resource_id: UUID) -> Response:
def link_data():
"""Link group data to a specific resource."""
try:
- form = request.form
+ form = request.json
assert "resource_id" in form, "Resource ID not provided."
assert "data_link_id" in form, "Data Link ID not provided."
assert "dataset_type" in form, "Dataset type not specified"
@@ -150,7 +150,7 @@ def link_data():
def unlink_data():
"""Unlink data bound to a specific resource."""
try:
- form = request.form
+ form = request.json
assert "resource_id" in form, "Resource ID not provided."
assert "data_link_id" in form, "Data Link ID not provided."
@@ -239,7 +239,7 @@ def assign_role_to_user(resource_id: UUID) -> Response:
"""Assign a role on the specified resource to a user."""
with require_oauth.acquire("profile group resource role") as the_token:
try:
- form = request.form
+ form = request.json
group_role_id = form.get("group_role_id", "")
user_email = form.get("user_email", "")
assert bool(group_role_id), "The role must be provided."
@@ -264,7 +264,7 @@ def unassign_role_to_user(resource_id: UUID) -> Response:
"""Unassign a role on the specified resource from a user."""
with require_oauth.acquire("profile group resource role") as the_token:
try:
- form = request.form
+ form = request.json
group_role_id = form.get("group_role_id", "")
user_id = form.get("user_id", "")
assert bool(group_role_id), "The role must be provided."
diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py
index 1d3b128..cc70d76 100644
--- a/gn_auth/auth/authorisation/users/views.py
+++ b/gn_auth/auth/authorisation/users/views.py
@@ -166,7 +166,7 @@ def register_user() -> Response:
__assert_not_logged_in__(conn)
try:
- form = request.form
+ form = request.json
email = validate_email(form.get("email", "").strip(),
check_deliverability=True)
password = validate_password(
@@ -204,7 +204,7 @@ def delete_verification_code(cursor, code: str):
@users.route("/verify", methods=["GET", "POST"])
def verify_user():
"""Verify users are not bots."""
- form = request.form
+ form = request.json
loginuri = redirect(url_for(
"oauth2.auth.authorise",
response_type=(request.args.get("response_type")
@@ -308,7 +308,7 @@ def list_all_users() -> Response:
@users.route("/handle-unverified", methods=["POST"])
def handle_unverified():
"""Handle case where user tries to login but is unverified"""
- form = request.form
+ form = request.json
# TODO: Maybe have a GN2_URI setting here?
# or pass the client_id here?
return render_template(
@@ -321,7 +321,7 @@ def handle_unverified():
@users.route("/send-verification", methods=["POST"])
def send_verification_code():
"""Send verification code email."""
- form = request.form
+ form = request.json
with (db.connection(current_app.config["AUTH_DB"]) as conn,
db.cursor(conn) as cursor):
user = user_by_email(conn, form["user_email"])