move create client back

Author: AlbertSnows

bin/fence_create.py

@@ -3,7 +3,6 @@
 import argparse
 import os
 import sys
-import logging
 
 from cdislogging import get_logger
 

fence/scripting/fence_create.py

@@ -59,7 +59,7 @@
 from fence.utils import (
     get_valid_expiration,
     generate_client_credentials,
-    get_SQLAlchemyDriver, logger,
+    get_SQLAlchemyDriver, logger, create_client,
 )
 from sqlalchemy.orm.attributes import flag_modified
 from gen3authz.client.arborist.client import ArboristClient
@@ -1823,69 +1823,3 @@ def access_token_polling_job(
     with driver.session as db_session:
         loop = asyncio.get_event_loop()
         loop.run_until_complete(job.update_tokens(db_session))
-
-
-def create_client(
-    DB,
-    username=None,
-    urls=[],
-    name="",
-    description="",
-    auto_approve=False,
-    is_admin=False,
-    grant_types=None,
-    confidential=True,
-    arborist=None,
-    policies=None,
-    allowed_scopes=None,
-    expires_in=None,
-):
-    client_id, client_secret, hashed_secret = generate_client_credentials(confidential)
-    if arborist is not None:
-        arborist.create_client(client_id, policies)
-    driver = get_SQLAlchemyDriver(DB)
-    auth_method = "client_secret_basic" if confidential else "none"
-
-    allowed_scopes = allowed_scopes or config["CLIENT_ALLOWED_SCOPES"]
-    if not set(allowed_scopes).issubset(set(config["CLIENT_ALLOWED_SCOPES"])):
-        raise ValueError(
-            "Each allowed scope must be one of: {}".format(
-                config["CLIENT_ALLOWED_SCOPES"]
-            )
-        )
-
-    if "openid" not in allowed_scopes:
-        allowed_scopes.append("openid")
-        logger.warning('Adding required "openid" scope to list of allowed scopes.')
-
-    with driver.session as s:
-        user = None
-        if username:
-            user = query_for_user(session=s, username=username)
-            if not user:
-                user = User(username=username, is_admin=is_admin)
-                s.add(user)
-
-        if s.query(Client).filter(Client.name == name).first():
-            if arborist is not None:
-                arborist.delete_client(client_id)
-            raise Exception("client {} already exists".format(name))
-
-        client = Client(
-            client_id=client_id,
-            client_secret=hashed_secret,
-            user=user,
-            redirect_uris=urls,
-            allowed_scopes=" ".join(allowed_scopes),
-            description=description,
-            name=name,
-            auto_approve=auto_approve,
-            grant_types=grant_types,
-            is_confidential=confidential,
-            token_endpoint_auth_method=auth_method,
-            expires_in=expires_in,
-        )
-        s.add(client)
-        s.commit()
-
-    return client_id, client_secret

fence/utils.py

@@ -18,12 +18,15 @@
 
 from cdislogging import get_logger
 import flask
+from userdatamodel.user import User
 
 from fence.errors import UserError
 from fence.config import config
 from authlib.oauth2.rfc6749.util import scope_to_list
 from authlib.oauth2.rfc6749.errors import InvalidScopeError
 
+from fence.models import query_for_user, Client
+
 rng = SystemRandom()
 alphanumeric = string.ascii_uppercase + string.ascii_lowercase + string.digits
 logger = get_logger(__name__)
@@ -321,3 +324,69 @@ def validate_scopes(request_scopes, client):
             raise InvalidScopeError("Failed to Authorize due to unsupported scope")
 
     return True
+
+
+def create_client(
+    DB,
+    username=None,
+    urls=[],
+    name="",
+    description="",
+    auto_approve=False,
+    is_admin=False,
+    grant_types=None,
+    confidential=True,
+    arborist=None,
+    policies=None,
+    allowed_scopes=None,
+    expires_in=None,
+):
+    client_id, client_secret, hashed_secret = generate_client_credentials(confidential)
+    if arborist is not None:
+        arborist.create_client(client_id, policies)
+    driver = get_SQLAlchemyDriver(DB)
+    auth_method = "client_secret_basic" if confidential else "none"
+
+    allowed_scopes = allowed_scopes or config["CLIENT_ALLOWED_SCOPES"]
+    if not set(allowed_scopes).issubset(set(config["CLIENT_ALLOWED_SCOPES"])):
+        raise ValueError(
+            "Each allowed scope must be one of: {}".format(
+                config["CLIENT_ALLOWED_SCOPES"]
+            )
+        )
+
+    if "openid" not in allowed_scopes:
+        allowed_scopes.append("openid")
+        logger.warning('Adding required "openid" scope to list of allowed scopes.')
+
+    with driver.session as s:
+        user = None
+        if username:
+            user = query_for_user(session=s, username=username)
+            if not user:
+                user = User(username=username, is_admin=is_admin)
+                s.add(user)
+
+        if s.query(Client).filter(Client.name == name).first():
+            if arborist is not None:
+                arborist.delete_client(client_id)
+            raise Exception("client {} already exists".format(name))
+
+        client = Client(
+            client_id=client_id,
+            client_secret=hashed_secret,
+            user=user,
+            redirect_uris=urls,
+            allowed_scopes=" ".join(allowed_scopes),
+            description=description,
+            name=name,
+            auto_approve=auto_approve,
+            grant_types=grant_types,
+            is_confidential=confidential,
+            token_endpoint_auth_method=auth_method,
+            expires_in=expires_in,
+        )
+        s.add(client)
+        s.commit()
+
+    return client_id, client_secret