From 63ac76e9a902c3c52385e26ae8d95d770ec46dfa Mon Sep 17 00:00:00 2001 From: kevinpricethesecond Date: Thu, 8 Feb 2024 16:42:35 -0600 Subject: [PATCH] auth fixes --- service/api.py | 14 ++++++++------ service/resources/openapi_v3.yml | 10 ++++++++++ service/tests.py | 7 ++++--- service/utils.py | 12 +++++++++--- 4 files changed, 31 insertions(+), 12 deletions(-) diff --git a/service/api.py b/service/api.py index ba18b0f..601c3a1 100644 --- a/service/api.py +++ b/service/api.py @@ -6,10 +6,12 @@ from tapisservice.tapisflask.utils import TapisApi, flask_errors_dict, handle_error # from service.auth import authn_and_authz -# from service.controllers import AuthURLResource, TokensResource -# from service.controllers import * -from service.controllers_old import * -from controllers.ops import OpsResource as _OpsResource +## local +from controllers.ops import * +from controllers.auth import * +from controllers.healthcheck import * +from controllers.transfers import * + # from service import app app = Flask(__name__) app.secret_key = os.urandom(16) @@ -30,11 +32,11 @@ def __init__(self, url_map, *items): api.handle_user_exception = handle_error # Resources -api.add_resource(AuthURLResource, '/v3/globus-proxy/auth/url/') +api.add_resource(AuthURLResource, '/v3/globus-proxy/auth/url//') api.add_resource(TokensResource, '/v3/globus-proxy/auth/tokens///') api.add_resource(CheckTokensResource, '/v3/globus-proxy/auth/check_tokens/') # api.add_resource(OpsResource, '/v3/globus-proxy/ops///') -api.add_resource(_OpsResource, '/v3/globus-proxy/ops///') +api.add_resource(OpsResource, '/v3/globus-proxy/ops///') # transfer resourced are separated due to inconsistent url pattern api.add_resource(TransferResource, '/v3/globus-proxy/transfers/') diff --git a/service/resources/openapi_v3.yml b/service/resources/openapi_v3.yml index ebb08ea..5c29d4b 100644 --- a/service/resources/openapi_v3.yml +++ b/service/resources/openapi_v3.yml @@ -72,6 +72,12 @@ paths: description: Globus client associated with the request. schema: $ref: '#/components/schemas/ClientIdString' + - name: endpoint_id + in: path + required: true + description: Globus endpoint associated with the request. + schema: + $ref: '#/components/schemas/EndpointIdString' responses: '200': description: Success. @@ -981,6 +987,10 @@ components: type: string example: "1784148a-8ae0-44b7-80b5-b5999e92de3a" minLength: 1 + EndpointIdString: + type: string + example: "1784148a-8ae0-44b7-80b5-b5999e92de3a" + minLength: 1 AuthCodeString: type: string example: "T0aymuUlUyLaOvvR58xxDCzycq5Cd3" diff --git a/service/tests.py b/service/tests.py index 1db7496..2e8062d 100644 --- a/service/tests.py +++ b/service/tests.py @@ -66,12 +66,13 @@ def rm_test(base, path): pass def mv_test(base, src, dest): + logger.debug(f'trying mv with src {src}, and dest {dest}') url = f'{base.base_url}/ops/{base.cid}/{base.gcp_eid}/{src}' body = {"destination": f'\"{dest}\"'} query = {"access_token": base.at, "refresh_token": base.rt} - logger.debug(f'trying mv with src {src}, and dest {dest}') - response = requests.post(url, data=body, params=query) + + response = requests.put(url, json=body, params=query) if response.status_code != 200: raise Exception(f'{response.status_code}:: {response.text}') @@ -140,6 +141,6 @@ def rm_xfer_test(base): exit(1) if len(fails) > 0: - print(f'One or more tests failed::\n{fails}') + print(f'{len(fails)} tests failed::\n{fails}') else: print('All tests successful') diff --git a/service/utils.py b/service/utils.py index a332d6e..407e96f 100644 --- a/service/utils.py +++ b/service/utils.py @@ -1,6 +1,7 @@ ## builtin from multiprocessing import AuthenticationError as PythonAuthenticationError from datetime import datetime, timedelta +import json ## globus import globus_sdk @@ -46,7 +47,8 @@ def autoactivate_endpoint(transfer_client, endpoint_id): try: logger.info(f'Trying to autoactivate endpoint {endpoint_id}') result = transfer_client.endpoint_autoactivate(endpoint_id) - logger.debug(f'have res:: {result}') + msg = result['message'] + logger.debug(f'have res:: {msg}') except PythonAuthenticationError as e: logger.error(f'Endpoint activation failed due to invalid token. Endpoint {endpoint_id} must be manuallty activated') raise PythonAuthenticationError() @@ -141,8 +143,10 @@ def format_path(path, default_dir=None): def handle_transfer_error(exception, endpoint_id=None, msg=None): '''Tanslates transfer api errors into the configured basetapiserrors in ./errors.py''' + # logger.debug(f'\nhandling transfer API error:: {exception.code}:: with message {exception.message}\n') error = InternalServerError(msg='Interal server error', code=500) if getattr(exception, "code", None) == None: + logger.debug(f'exception {exception} has no code, therefore returning InternalServerError') return error if exception.code == "AuthenticationFailed": error = AuthenticationError(msg='Could not authenticate transfer client', code=401) @@ -150,10 +154,12 @@ def handle_transfer_error(exception, endpoint_id=None, msg=None): error = PathNotFoundError(msg='Path does not exist on given endpoint', code=404) if exception.code == "ExternalError.DirListingFailed.GCDisconnected": error = GlobusError(msg=f'Error connecting to endpoint {endpoint_id}. Please activate endpoint manually', code=407) + if exception.code == 'ExternalError.DirListingFailed.LoginFailed': + error = GlobusError(msg='Your identity does not have permission to access the requested collection. Contact the collection administrator to request access.', code=403) if exception.code == 'ConsentRequired': - error = GlobusConsentRequired(msg=f'Endpoint {endpoint_id} requires additonal consent. Auth flow ust be manually re-run.') + error = GlobusConsentRequired(msg=f'Endpoint {endpoint_id} requires additonal consent. Auth flow ust be manually re-run.', code=407) if exception.code == 'ExternalError.MkdirFailed.Exists': - error = GlobusPathExists(msg=f'Directory with given path already exists.') + error = GlobusPathExists(msg=f'Directory with given path already exists.', code=409) return error def is_endpoint_activated(tc, ep):