Age | Commit message (Collapse) | Author |
|
When fetching the resource roles, fetch also any roles that are
assigned to the user for that resource.
|
|
Issue:
https://issues.genenetwork.org/issues/gn-auth/resources-duplicates-in-resources-list
The query was returning multiple instances of the same resource in
situations where a user had more than one role of a particular resource.
|
|
|
|
* Move code into a new phenotypes package and update references.
* Add new functions to fetch linked resources from GN3 data
identifiers — this is useful for auth
* Provide endpoint to fetch authorisation details for a specific
phenotype.
|
|
The new name serves better to reflect what the function does.
We then pass only the data that the function needs to perform its
operation rather than full objects with extra data — this has
implications for security.
|
|
|
|
|
|
|
|
Fix the bugs that were causing the creation of a genotype resource via
API to fail.
|
|
Create the resource, assign the resource-owner role and link the
resource's data in a single API call.
|
|
|
|
|
|
Provide an endpoint to create a new population
resource (inbredset-group) and assign the active user with the
appropriate privileges against the new resource.
|
|
Register the populations/inbredset blueprint with the "resources"
blueprint rather than at the higher level "auth" blueprint to retain
the hierarchy of the blueprints and make maintenance arguably easier.
|
|
In order to decouple the `create_resource` function from the related
functions that assign roles to users, this commit changes the code to
pass in a cursor rather than a connection.
The cursor will be the same cursor passed into the role assignment
functions ensuring that the resource creation and role assignment
happen in a single transaction.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If the username and password are provided, make use of them to send
emails out.
|
|
Separate the saving of the token from its sending.
|
|
- Delete any expired tokens
- Display the UI if token is valid, else redirect with error notification.
|
|
|
|
|
|
|
|
* Generate token to use for verifying the password-change request
* Send out email with token
|
|
Provide the user with the "Forgot Password" link, if the backend
supports it.
|
|
|
|
|
|
Providing both the "Enter Verification Token" and the "Send
Verification Email" elements of the same user interface seems to
confuse users.
This commit ensures that the system will provide one or the other, but
not both, depending on whether or not there is a pending verification
token present for the user.
|
|
|
|
|
|
|
|
|
|
|
|
We have a similar jwk module in gn2 that does similar functionality.
Moving the newest_jwk_with_rotation function to the module ensures
that there's some consistency between both modules so that when we
ever want to remove the duplication (e.g. by creating some python pip
package) it's easier.
|
|
|
|
We are running GeneNetwork in different environments. Each environment
could have it's own separate domain, and need a different sender email
to allow the underlying services to allow the emails through.
|
|
We changed the from address from genenetwork.org to uthsc.edu, which
seems to have fixed the issue with e-mails not being properly sent.
We also stopped activating tls
|
|
|
|
|
|
|
|
|
|
Log out any unhandled exceptions at the `ERROR` log level to ensure
that any and all unhandled errors show up in the logs under normal
running of the application.
|
|
|
|
Ensures running `init_dev_users` and `init_dev_clients` multiple times
succeeds and updates the local database entry. Also provide a custom
flag to set the gn2's client url and add jwt-bearer to list of accepted
grants.
|
|
The local sign in request used by gn2 uses json. However, the default
parsing assumes form data, see:
- https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_oauth2/authorization_server.py#L72
- https://github.com/lepture/authlib/blob/v1.2.0/authlib/integrations/flask_helpers.py#L5
We create a custom Authorization server that defaults to `use_json=True`
when creating the oauth request object
|