From 03bbb4df4e7a6a6b0bbccfabe8a28b380d12bd80 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 17 Jun 2024 10:57:17 -0500 Subject: Use the form's json attribute to retrieve sent data The system uses JSON as the default communication format, so we use the form's json attribute to get any data sent. --- gn_auth/auth/authorisation/data/views.py | 8 ++++---- gn_auth/auth/authorisation/resources/groups/views.py | 16 ++++++++-------- gn_auth/auth/authorisation/resources/views.py | 10 +++++----- gn_auth/auth/authorisation/users/views.py | 8 ++++---- 4 files changed, 21 insertions(+), 21 deletions(-) (limited to 'gn_auth/auth/authorisation') diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py index 83f4e4b..86dafe5 100644 --- a/gn_auth/auth/authorisation/data/views.py +++ b/gn_auth/auth/authorisation/data/views.py @@ -186,16 +186,16 @@ def __search_mrna__(): def __request_key__(key: str, default: Any = ""): if bool(request.json): return request.json.get(#type: ignore[union-attr] - key, request.args.get(key, request.form.get(key, default))) - return request.args.get(key, request.form.get(key, default)) + key, request.args.get(key, request.json.get(key, default))) + return request.args.get(key, request.json.get(key, default)) def __request_key_list__(key: str, default: tuple[Any, ...] = tuple()): if bool(request.json): return (request.json.get(key,[])#type: ignore[union-attr] - or request.args.getlist(key) or request.form.getlist(key) + or request.args.getlist(key) or request.json.getlist(key) or list(default)) return (request.args.getlist(key) - or request.form.getlist(key) or list(default)) + or request.json.getlist(key) or list(default)) def __search_genotypes__(): query = __request_key__("query", "") diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py index ef6bb0d..beb2b42 100644 --- a/gn_auth/auth/authorisation/resources/groups/views.py +++ b/gn_auth/auth/authorisation/resources/groups/views.py @@ -50,7 +50,7 @@ def list_groups(): def create_group(): """Create a new group.""" with require_oauth.acquire("profile group") as the_token: - group_name=request.form.get("group_name", "").strip() + group_name=request.json.get("group_name", "").strip() if not bool(group_name): raise GroupCreationError("Could not create the group.") @@ -58,7 +58,7 @@ def create_group(): with db.connection(db_uri) as conn: user = the_token.user new_group = _create_group( - conn, group_name, user, request.form.get("group_description")) + conn, group_name, user, request.json.get("group_description")) return jsonify({ **asdict(new_group), "group_leader": asdict(user) }) @@ -107,7 +107,7 @@ def request_to_join(group_id: uuid.UUID) -> Response: } with require_oauth.acquire("profile group") as the_token: - form = request.form + form = request.json results = with_db_connection(partial( __request__, user=the_token.user, group_id=group_id, message=form.get( "message", "I hereby request that you add me to your group."))) @@ -126,7 +126,7 @@ def list_join_requests() -> Response: def accept_join_requests() -> Response: """Accept a join request.""" with require_oauth.acquire("profile group") as the_token: - form = request.form + form = request.json request_id = uuid.UUID(form.get("request_id")) return jsonify(with_db_connection(partial( accept_reject_join_request, request_id=request_id, @@ -137,7 +137,7 @@ def accept_join_requests() -> Response: def reject_join_requests() -> Response: """Reject a join request.""" with require_oauth.acquire("profile group") as the_token: - form = request.form + form = request.json request_id = uuid.UUID(form.get("request_id")) return jsonify(with_db_connection(partial( accept_reject_join_request, request_id=request_id, @@ -268,7 +268,7 @@ def unlinked_data(resource_type: str) -> Response: def link_data() -> Response: """Link selected data to specified group.""" with require_oauth.acquire("profile group resource") as _the_token: - form = request.form + form = request.json group_id = uuid.UUID(form["group_id"]) dataset_ids = form.getlist("dataset_ids") dataset_type = form.get("dataset_type") @@ -322,7 +322,7 @@ def create_group_role(): oauth2_scope="profile group role") def __create__(conn: db.DbConnection) -> GroupRole: ## TODO: Check user cannot assign any privilege they don't have. - form = request.form + form = request.json role_name = form.get("role_name", "").strip() privileges_ids = form.getlist("privileges[]") if len(role_name) == 0: @@ -374,7 +374,7 @@ def __add_remove_priv_to_from_role__(conn: db.DbConnection, raise AuthorisationError( "You need to be a member of a group to edit roles.") try: - privilege_id = request.form.get("privilege_id", "") + privilege_id = request.json.get("privilege_id", "") assert bool(privilege_id), "Privilege to add must be provided." privileges = privileges_by_ids(conn, (privilege_id,)) if len(privileges) == 0: diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index a98f404..4583346 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -53,7 +53,7 @@ def list_resource_categories() -> Response: def create_resource() -> Response: """Create a new resource""" with require_oauth.acquire("profile group resource") as the_token: - form = request.form + form = request.json resource_name = form.get("resource_name") resource_category_id = UUID(form.get("resource_category")) db_uri = app.config["AUTH_DB"] @@ -126,7 +126,7 @@ def view_resource_data(resource_id: UUID) -> Response: def link_data(): """Link group data to a specific resource.""" try: - form = request.form + form = request.json assert "resource_id" in form, "Resource ID not provided." assert "data_link_id" in form, "Data Link ID not provided." assert "dataset_type" in form, "Dataset type not specified" @@ -150,7 +150,7 @@ def link_data(): def unlink_data(): """Unlink data bound to a specific resource.""" try: - form = request.form + form = request.json assert "resource_id" in form, "Resource ID not provided." assert "data_link_id" in form, "Data Link ID not provided." @@ -239,7 +239,7 @@ def assign_role_to_user(resource_id: UUID) -> Response: """Assign a role on the specified resource to a user.""" with require_oauth.acquire("profile group resource role") as the_token: try: - form = request.form + form = request.json group_role_id = form.get("group_role_id", "") user_email = form.get("user_email", "") assert bool(group_role_id), "The role must be provided." @@ -264,7 +264,7 @@ def unassign_role_to_user(resource_id: UUID) -> Response: """Unassign a role on the specified resource from a user.""" with require_oauth.acquire("profile group resource role") as the_token: try: - form = request.form + form = request.json group_role_id = form.get("group_role_id", "") user_id = form.get("user_id", "") assert bool(group_role_id), "The role must be provided." diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py index 1d3b128..cc70d76 100644 --- a/gn_auth/auth/authorisation/users/views.py +++ b/gn_auth/auth/authorisation/users/views.py @@ -166,7 +166,7 @@ def register_user() -> Response: __assert_not_logged_in__(conn) try: - form = request.form + form = request.json email = validate_email(form.get("email", "").strip(), check_deliverability=True) password = validate_password( @@ -204,7 +204,7 @@ def delete_verification_code(cursor, code: str): @users.route("/verify", methods=["GET", "POST"]) def verify_user(): """Verify users are not bots.""" - form = request.form + form = request.json loginuri = redirect(url_for( "oauth2.auth.authorise", response_type=(request.args.get("response_type") @@ -308,7 +308,7 @@ def list_all_users() -> Response: @users.route("/handle-unverified", methods=["POST"]) def handle_unverified(): """Handle case where user tries to login but is unverified""" - form = request.form + form = request.json # TODO: Maybe have a GN2_URI setting here? # or pass the client_id here? return render_template( @@ -321,7 +321,7 @@ def handle_unverified(): @users.route("/send-verification", methods=["POST"]) def send_verification_code(): """Send verification code email.""" - form = request.form + form = request.json with (db.connection(current_app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor): user = user_by_email(conn, form["user_email"]) -- cgit v1.2.3