auth fixes

service/api.py

@@ -6,10 +6,12 @@
 from tapisservice.tapisflask.utils import TapisApi, flask_errors_dict, handle_error
 # from service.auth import authn_and_authz
 
-# from service.controllers import AuthURLResource, TokensResource
-# from service.controllers import *
-from service.controllers_old import *
-from controllers.ops import OpsResource as _OpsResource
+## local
+from controllers.ops import *
+from controllers.auth import *
+from controllers.healthcheck import *
+from controllers.transfers import *
+
 # from service import app
 app = Flask(__name__)
 app.secret_key = os.urandom(16)
@@ -30,11 +32,11 @@ def __init__(self, url_map, *items):
 api.handle_user_exception = handle_error
 
 # Resources
-api.add_resource(AuthURLResource, '/v3/globus-proxy/auth/url/<client_id>')
+api.add_resource(AuthURLResource, '/v3/globus-proxy/auth/url/<client_id>/<endpoint_id>')
 api.add_resource(TokensResource, '/v3/globus-proxy/auth/tokens/<client_id>/<session_id>/<auth_code>')
 api.add_resource(CheckTokensResource, '/v3/globus-proxy/auth/check_tokens/<endpoint_id>')
 # api.add_resource(OpsResource, '/v3/globus-proxy/ops/<client_id>/<endpoint_id>/<regex("(.*)"):path>')
-api.add_resource(_OpsResource, '/v3/globus-proxy/ops/<client_id>/<endpoint_id>/<regex("(.*)"):path>')
+api.add_resource(OpsResource, '/v3/globus-proxy/ops/<client_id>/<endpoint_id>/<regex("(.*)"):path>')
 
 # transfer resourced are separated due to inconsistent url pattern
 api.add_resource(TransferResource, '/v3/globus-proxy/transfers/<client_id>')

service/resources/openapi_v3.yml

@@ -72,6 +72,12 @@ paths:
           description: Globus client associated with the request.
           schema:
             $ref: '#/components/schemas/ClientIdString'
+        - name: endpoint_id
+          in: path
+          required: true
+          description: Globus endpoint associated with the request.
+          schema:
+            $ref: '#/components/schemas/EndpointIdString'
       responses:
         '200':
           description: Success.
@@ -981,6 +987,10 @@ components:
       type: string
       example: "1784148a-8ae0-44b7-80b5-b5999e92de3a"
       minLength: 1
+    EndpointIdString:
+      type: string
+      example: "1784148a-8ae0-44b7-80b5-b5999e92de3a"
+      minLength: 1
     AuthCodeString:
       type: string
       example: "T0aymuUlUyLaOvvR58xxDCzycq5Cd3"

service/tests.py

@@ -66,12 +66,13 @@ def rm_test(base, path):
     pass
 
 def mv_test(base, src, dest):
+    logger.debug(f'trying mv with src {src}, and dest {dest}')
     url = f'{base.base_url}/ops/{base.cid}/{base.gcp_eid}/{src}'
     body = {"destination": f'\"{dest}\"'}
     query = {"access_token": base.at,
              "refresh_token": base.rt}
-    logger.debug(f'trying mv with src {src}, and dest {dest}')
-    response = requests.post(url, data=body, params=query)
+
+    response = requests.put(url, json=body, params=query)
     if response.status_code != 200:
         raise Exception(f'{response.status_code}:: {response.text}')
 
@@ -140,6 +141,6 @@ def rm_xfer_test(base):
         exit(1)
 
     if len(fails) > 0:
-        print(f'One or more tests failed::\n{fails}')
+        print(f'{len(fails)} tests failed::\n{fails}')
     else:
         print('All tests successful')

service/utils.py

@@ -1,6 +1,7 @@
 ## builtin
 from multiprocessing import AuthenticationError as PythonAuthenticationError
 from datetime import datetime, timedelta
+import json
 
 ## globus
 import globus_sdk
@@ -46,7 +47,8 @@ def autoactivate_endpoint(transfer_client, endpoint_id):
     try:
         logger.info(f'Trying to autoactivate endpoint {endpoint_id}')
         result = transfer_client.endpoint_autoactivate(endpoint_id)
-        logger.debug(f'have res:: {result}')
+        msg = result['message']
+        logger.debug(f'have res:: {msg}')
     except PythonAuthenticationError as e:
         logger.error(f'Endpoint activation failed due to invalid token. Endpoint {endpoint_id} must be manuallty activated')
         raise PythonAuthenticationError()
@@ -141,19 +143,23 @@ def format_path(path, default_dir=None):
 
 def handle_transfer_error(exception, endpoint_id=None, msg=None):
         '''Tanslates transfer api errors into the configured basetapiserrors in ./errors.py'''
+        # logger.debug(f'\nhandling transfer API error:: {exception.code}:: with message {exception.message}\n')
         error = InternalServerError(msg='Interal server error', code=500)
         if getattr(exception, "code", None) == None:
+            logger.debug(f'exception {exception} has no code, therefore returning InternalServerError')
             return error
         if exception.code == "AuthenticationFailed":
             error = AuthenticationError(msg='Could not authenticate transfer client', code=401)
         if exception.code == "ClientError.NotFound":
             error = PathNotFoundError(msg='Path does not exist on given endpoint', code=404)
         if exception.code == "ExternalError.DirListingFailed.GCDisconnected":
             error = GlobusError(msg=f'Error connecting to endpoint {endpoint_id}. Please activate endpoint manually', code=407)
+        if exception.code == 'ExternalError.DirListingFailed.LoginFailed':
+            error = GlobusError(msg='Your identity does not have permission to access the requested collection. Contact the collection administrator to request access.', code=403)
         if exception.code == 'ConsentRequired':
-            error = GlobusConsentRequired(msg=f'Endpoint {endpoint_id} requires additonal consent. Auth flow ust be manually re-run.')
+            error = GlobusConsentRequired(msg=f'Endpoint {endpoint_id} requires additonal consent. Auth flow ust be manually re-run.', code=407)
         if exception.code == 'ExternalError.MkdirFailed.Exists':
-            error = GlobusPathExists(msg=f'Directory with given path already exists.')
+            error = GlobusPathExists(msg=f'Directory with given path already exists.', code=409)
         return error
 
 def is_endpoint_activated(tc, ep):