From 5d22707d252ad31cb4a9422b783ac1837aea2ce3 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Thu, 8 Dec 2022 16:22:16 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Is3318/refactoring=20webse?= =?UTF-8?q?ver.login=20plugin=20(2/3)=20(#3590)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/specs/webserver/openapi-auth.yaml | 2 +- api/specs/webserver/openapi.yaml | 2 +- api/specs/webserver/scripts/openapi_auth.py | 107 +- .../src/pytest_simcore/helpers/utils_login.py | 7 +- .../servicelib/aiohttp/requests_validation.py | 12 +- .../storage/src/simcore_service_storage/s3.py | 6 +- services/web/server/VERSION | 2 +- services/web/server/setup.cfg | 2 +- .../simcore_service_webserver/_constants.py | 1 + .../api/v0/openapi.yaml | 1088 ++++++++--------- .../src/simcore_service_webserver/email.py | 31 +- .../simcore_service_webserver/login/_2fa.py | 31 +- .../login/_constants.py | 34 + .../login/_models.py | 32 + .../login/_registration.py | 71 +- .../login/_security.py | 41 + .../simcore_service_webserver/login/_sql.py | 2 - .../login/api_keys_handlers.py | 7 + .../login/handlers.py | 252 ++-- .../login/handlers_change.py | 105 +- .../login/handlers_confirmation.py | 197 +-- .../login/handlers_registration.py | 193 +-- .../simcore_service_webserver/login/plugin.py | 5 +- .../simcore_service_webserver/login/routes.py | 2 +- .../login/settings.py | 34 +- .../login/storage.py | 37 +- .../simcore_service_webserver/login/utils.py | 23 +- .../login/utils_email.py | 26 +- .../src/simcore_service_webserver/rest.py | 8 +- .../src/simcore_service_webserver/session.py | 51 +- .../socketio/server.py | 3 +- .../studies_dispatcher/handlers_redirects.py | 31 +- .../templates/common/new_2fa_code.jinja2 | 21 + .../utils_aiohttp.py | 46 +- .../tests/unit/isolated/test_templates.py | 9 +- .../with_dbs/01/test_login_change_password.py | 107 -- .../tests/unit/with_dbs/03/login/conftest.py | 50 + .../with_dbs/03/{ => login}/test_login_2fa.py | 143 ++- .../login}/test_login_change_email.py | 80 +- .../03/login/test_login_change_password.py | 130 ++ .../{01 => 03/login}/test_login_login.py | 53 +- .../{01 => 03/login}/test_login_logout.py | 29 +- .../03/{ => login}/test_login_registration.py | 161 ++- .../{ => login}/test_login_reset_password.py | 138 +-- .../03/{ => login}/test_login_utils_emails.py | 77 +- .../server/tests/unit/with_dbs/conftest.py | 9 +- 46 files changed, 1937 insertions(+), 1561 deletions(-) create mode 100644 services/web/server/src/simcore_service_webserver/login/_constants.py create mode 100644 services/web/server/src/simcore_service_webserver/login/_models.py create mode 100644 services/web/server/src/simcore_service_webserver/login/_security.py create mode 100644 services/web/server/src/simcore_service_webserver/templates/common/new_2fa_code.jinja2 delete mode 100644 services/web/server/tests/unit/with_dbs/01/test_login_change_password.py create mode 100644 services/web/server/tests/unit/with_dbs/03/login/conftest.py rename services/web/server/tests/unit/with_dbs/03/{ => login}/test_login_2fa.py (65%) rename services/web/server/tests/unit/with_dbs/{01 => 03/login}/test_login_change_email.py (50%) create mode 100644 services/web/server/tests/unit/with_dbs/03/login/test_login_change_password.py rename services/web/server/tests/unit/with_dbs/{01 => 03/login}/test_login_login.py (77%) rename services/web/server/tests/unit/with_dbs/{01 => 03/login}/test_login_logout.py (53%) rename services/web/server/tests/unit/with_dbs/03/{ => login}/test_login_registration.py (72%) rename services/web/server/tests/unit/with_dbs/03/{ => login}/test_login_reset_password.py (59%) rename services/web/server/tests/unit/with_dbs/03/{ => login}/test_login_utils_emails.py (70%) diff --git a/api/specs/webserver/openapi-auth.yaml b/api/specs/webserver/openapi-auth.yaml index 0b0c808811a..a4496b14f50 100644 --- a/api/specs/webserver/openapi-auth.yaml +++ b/api/specs/webserver/openapi-auth.yaml @@ -95,7 +95,7 @@ paths: summary: user enters 2 Factor Authentication code when login in tags: - authentication - operationId: auth_validate_2fa_login + operationId: auth_login_2fa requestBody: content: application/json: diff --git a/api/specs/webserver/openapi.yaml b/api/specs/webserver/openapi.yaml index 1f672e860ed..20c8d62a3b0 100644 --- a/api/specs/webserver/openapi.yaml +++ b/api/specs/webserver/openapi.yaml @@ -1,7 +1,7 @@ openapi: 3.0.0 info: title: "osparc-simcore web API" - version: 0.12.0 + version: 0.12.2 description: "API designed for the front-end app" contact: name: IT'IS Foundation diff --git a/api/specs/webserver/scripts/openapi_auth.py b/api/specs/webserver/scripts/openapi_auth.py index 0bed81d5456..8b70661c1a8 100644 --- a/api/specs/webserver/scripts/openapi_auth.py +++ b/api/specs/webserver/scripts/openapi_auth.py @@ -13,8 +13,22 @@ from _common import Error, Log from fastapi import FastAPI, status from models_library.generics import Envelope -from pydantic import BaseModel, EmailStr, Field, SecretStr, confloat +from pydantic import BaseModel, Field, confloat from simcore_service_webserver.login.api_keys_handlers import ApiKeyCreate, ApiKeyGet +from simcore_service_webserver.login.handlers import Login2faBody, LoginBody, LogoutBody +from simcore_service_webserver.login.handlers_change import ( + ChangeEmailBody, + ChangePasswordBody, + ResetPasswordBody, +) +from simcore_service_webserver.login.handlers_confirmation import ( + PhoneConfirmationBody, + ResetPasswordConfirmation, +) +from simcore_service_webserver.login.handlers_registration import ( + RegisterBody, + RegisterPhoneBody, +) app = FastAPI(redoc_url=None) @@ -23,93 +37,43 @@ ] -class RegistrationCreate(BaseModel): - email: EmailStr - password: SecretStr - confirm: Optional[SecretStr] = Field(None, description="Password confirmation") - invitation: Optional[str] = Field(None, description="Invitation code") - - class Config: - schema_extra = { - "examples": [ - { - "email": "foo@mymail.com", - "password": "my secret", - "confirm": "my secret", - "invitation": "33c451d4-17b7-4e65-9880-694559b8ffc2", - } - ] - } - - @app.post( "/auth/register", response_model=Envelope[Log], tags=TAGS, operation_id="auth_register", ) -async def register(registration: RegistrationCreate): +async def register(registration: RegisterBody): """User registration""" -class Verify2FAPhone(BaseModel): - email: EmailStr - phone: str = Field( - ..., description="Phone number E.164, needed on the deployments with 2FA" - ) - - @app.post( "/auth/verify-phone-number", response_model=Envelope[Log], tags=TAGS, operation_id="auth_verify_2fa_phone", ) -async def register_phone(registration: Verify2FAPhone): +async def register_phone(registration: RegisterPhoneBody): """user tries to verify phone number for 2 Factor Authentication when registering""" -class Validate2FAPhone(BaseModel): - email: str - phone: str = Field( - ..., description="Phone number E.164, needed on the deployments with 2FA" - ) - code: str - - @app.post( "/auth/validate-code-register", response_model=Envelope[Log], tags=TAGS, operation_id="auth_validate_2fa_register", ) -async def phone_confirmation(confirmation: Validate2FAPhone): +async def phone_confirmation(confirmation: PhoneConfirmationBody): """user enters 2 Factor Authentication code when registering""" -class LoginForm(BaseModel): - email: Optional[str] = None - password: Optional[str] = None - - -class Login2FAForm(BaseModel): - email: str - code: str - - -class LogoutRequest(BaseModel): - client_session_id: Optional[str] = Field( - None, example="5ac57685-c40f-448f-8711-70be1936fd63" - ) - - @app.post( "/auth/login", response_model=Envelope[Log], tags=TAGS, operation_id="auth_login", ) -async def login(authentication: LoginForm): +async def login(authentication: LoginBody): """user logs in""" @@ -117,9 +81,9 @@ async def login(authentication: LoginForm): "/auth/validate-code-login", response_model=Envelope[Log], tags=TAGS, - operation_id="auth_validate_2fa_login", + operation_id="auth_login_2fa", ) -async def login_2fa(authentication: Login2FAForm): +async def login_2fa(authentication: Login2faBody): """user enters 2 Factor Authentication code when login in""" @@ -129,14 +93,10 @@ async def login_2fa(authentication: Login2FAForm): tags=TAGS, operation_id="auth_logout", ) -async def logout(data: LogoutRequest): +async def logout(data: LogoutBody): """user logout""" -class ResetPasswordRequest(BaseModel): - email: str - - @app.post( "/auth/reset-password", response_model=Envelope[Log], @@ -144,15 +104,10 @@ class ResetPasswordRequest(BaseModel): operation_id="auth_reset_password", responses={status.HTTP_503_SERVICE_UNAVAILABLE: {"model": Envelope[Error]}}, ) -async def reset_password(data: ResetPasswordRequest): +async def reset_password(data: ResetPasswordBody): """a non logged-in user requests a password reset""" -class ResetPasswordForm(BaseModel): - password: str - confirm: str - - @app.post( "/auth/reset-password/{code}", response_model=Envelope[Log], @@ -165,14 +120,10 @@ class ResetPasswordForm(BaseModel): } }, ) -async def reset_password_allowed(code: str, data: ResetPasswordForm): +async def reset_password_allowed(code: str, data: ResetPasswordConfirmation): """changes password using a token code without being logged in""" -class ChangeEmailForm(BaseModel): - email: str - - @app.post( "/auth/change-email", response_model=Envelope[Log], @@ -189,16 +140,10 @@ class ChangeEmailForm(BaseModel): }, }, ) -async def change_email(data: ChangeEmailForm): +async def change_email(data: ChangeEmailBody): """logged in user changes email""" -class ChangePasswordForm(BaseModel): - current: str - new: str - confirm: str - - class PasswordCheckSchema(BaseModel): strength: confloat(ge=0.0, le=1.0) = Field( # type: ignore ..., @@ -230,7 +175,7 @@ class PasswordCheckSchema(BaseModel): }, }, ) -async def change_password(data: ChangePasswordForm): +async def change_password(data: ChangePasswordBody): """logged in user changes password""" diff --git a/packages/pytest-simcore/src/pytest_simcore/helpers/utils_login.py b/packages/pytest-simcore/src/pytest_simcore/helpers/utils_login.py index becc73c7729..3b7b02b7da0 100644 --- a/packages/pytest-simcore/src/pytest_simcore/helpers/utils_login.py +++ b/packages/pytest-simcore/src/pytest_simcore/helpers/utils_login.py @@ -5,8 +5,8 @@ from aiohttp import web from aiohttp.test_utils import TestClient from simcore_service_webserver.db_models import UserRole, UserStatus +from simcore_service_webserver.login._constants import MSG_LOGGED_IN from simcore_service_webserver.login._registration import create_invitation_token -from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage from yarl import URL @@ -71,13 +71,12 @@ async def log_client_in( # creates user directly in db assert client.app db: AsyncpgStorage = get_plugin_storage(client.app) - cfg: LoginOptions = get_plugin_options(client.app) user = await create_fake_user(db, user_data) # login url = client.app.router["auth_login"].url_for() - r = await client.post( + reponse = await client.post( str(url), json={ "email": user["email"], @@ -86,7 +85,7 @@ async def log_client_in( ) if enable_check: - await assert_status(r, web.HTTPOk, cfg.MSG_LOGGED_IN) + await assert_status(reponse, web.HTTPOk, MSG_LOGGED_IN) return user diff --git a/packages/service-library/src/servicelib/aiohttp/requests_validation.py b/packages/service-library/src/servicelib/aiohttp/requests_validation.py index 396b6b32cd8..526a4b9c1fa 100644 --- a/packages/service-library/src/servicelib/aiohttp/requests_validation.py +++ b/packages/service-library/src/servicelib/aiohttp/requests_validation.py @@ -142,10 +142,14 @@ async def parse_request_body_as( resource_name=request.rel_url.path, use_error_v1=use_enveloped_error_v1, ): - try: - body = await request.json() - except json.decoder.JSONDecodeError as err: - raise web.HTTPBadRequest(reason=f"Invalid json in body: {err}") + if not request.can_read_body: + # requests w/o body e.g. when model-schema is fully optional + body = {} + else: + try: + body = await request.json() + except json.decoder.JSONDecodeError as err: + raise web.HTTPBadRequest(reason=f"Invalid json in body: {err}") if hasattr(model_schema, "parse_obj"): # NOTE: model_schema can be 'list[T]' or 'dict[T]' which raise TypeError diff --git a/services/storage/src/simcore_service_storage/s3.py b/services/storage/src/simcore_service_storage/s3.py index 990f7a65592..21d34c990c0 100644 --- a/services/storage/src/simcore_service_storage/s3.py +++ b/services/storage/src/simcore_service_storage/s3.py @@ -63,8 +63,10 @@ def setup_s3(app: web.Application): log.debug("Setting up %s ...", __name__) - app.cleanup_ctx.append(setup_s3_client) - app.cleanup_ctx.append(setup_s3_bucket) + if setup_s3_client not in app.cleanup_ctx: + app.cleanup_ctx.append(setup_s3_client) + if setup_s3_bucket not in app.cleanup_ctx: + app.cleanup_ctx.append(setup_s3_bucket) def get_s3_client(app: web.Application) -> StorageS3Client: diff --git a/services/web/server/VERSION b/services/web/server/VERSION index ac454c6a1fc..26acbf080be 100644 --- a/services/web/server/VERSION +++ b/services/web/server/VERSION @@ -1 +1 @@ -0.12.0 +0.12.2 diff --git a/services/web/server/setup.cfg b/services/web/server/setup.cfg index 88242a31019..c039db82ef2 100644 --- a/services/web/server/setup.cfg +++ b/services/web/server/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.12.0 +current_version = 0.12.2 commit = True message = services/webserver api version: {current_version} → {new_version} tag = False diff --git a/services/web/server/src/simcore_service_webserver/_constants.py b/services/web/server/src/simcore_service_webserver/_constants.py index e02b40fa999..8c8ceb5adca 100644 --- a/services/web/server/src/simcore_service_webserver/_constants.py +++ b/services/web/server/src/simcore_service_webserver/_constants.py @@ -6,6 +6,7 @@ from servicelib.aiohttp.application_keys import ( APP_CONFIG_KEY, APP_DB_ENGINE_KEY, + APP_FIRE_AND_FORGET_TASKS_KEY, APP_JSONSCHEMA_SPECS_KEY, APP_OPENAPI_SPECS_KEY, APP_SETTINGS_KEY, diff --git a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml index f7c700f8d4d..bd0067379fb 100644 --- a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml +++ b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml @@ -1,24 +1,24 @@ openapi: 3.0.0 info: title: osparc-simcore web API - version: 0.12.0 + version: 0.12.2 description: API designed for the front-end app contact: name: IT'IS Foundation email: support@simcore.io license: name: MIT - url: 'https://github.com/ITISFoundation/osparc-simcore/blob/master/LICENSE' + url: "https://github.com/ITISFoundation/osparc-simcore/blob/master/LICENSE" servers: - description: API server url: /v0 - description: Development server - url: 'http://{host}:{port}/{basePath}' + url: "http://{host}:{port}/{basePath}" variables: host: default: localhost port: - default: '8001' + default: "8001" basePath: enum: - v0 @@ -60,7 +60,7 @@ paths: summary: readiness probe for operationId: healthcheck_readiness_probe responses: - '200': + "200": description: Service information content: application/json: @@ -89,7 +89,7 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /health: get: tags: @@ -97,14 +97,14 @@ paths: summary: liveliness probe operationId: healthcheck_liveness_probe responses: - '200': + "200": description: Service information content: application/json: schema: - $ref: '#/paths/~1/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /status: get: tags: @@ -112,7 +112,7 @@ paths: summary: checks status of self and connected services operationId: get_app_status responses: - '200': + "200": description: returns app status check /status/diagnostics: get: @@ -120,9 +120,9 @@ paths: - maintenance operationId: get_app_diagnostics responses: - '200': + "200": description: returns app diagnostics report - '/status/{service_name}': + "/status/{service_name}": get: tags: - maintenance @@ -134,7 +134,7 @@ paths: schema: type: string responses: - '200': + "200": description: returns status of connected service /config: get: @@ -143,7 +143,7 @@ paths: tags: - configuration responses: - '200': + "200": description: configuration details content: application/json: @@ -166,7 +166,7 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/register: post: operationId: auth_register @@ -198,14 +198,14 @@ paths: invitation: 33c451d4-17b7-4e65-9880-694559b8ffc2 required: true responses: - '200': + "200": description: User has been succesfully registered. content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/verify-phone-number: post: summary: user tries to verify phone number for 2 Factor Authentication when registering @@ -225,19 +225,19 @@ paths: type: string phone: type: string - description: 'Phone number E.164, needed on the deployments with 2FA' + description: "Phone number E.164, needed on the deployments with 2FA" example: email: foo@mymail.com - phone: '+41123456789' + phone: "+41123456789" responses: - '202': - description: 'Accepted, SMS sent' + "202": + description: "Accepted, SMS sent" content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/validate-code-register: post: summary: user enters 2 Factor Authentication code when registering @@ -258,22 +258,22 @@ paths: type: string phone: type: string - description: 'Phone number E.164, needed on the deployments with 2FA' + description: "Phone number E.164, needed on the deployments with 2FA" code: type: string example: email: foo@mymail.com - phone: '+41123456789' - code: '1234' + phone: "+41123456789" + code: "1234" responses: - '200': + "200": description: Succesfully validated content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/login: post: summary: user logs in @@ -294,7 +294,7 @@ paths: email: foo@mymail.com password: my secret responses: - '200': + "200": description: Succesfully logged in content: application/json: @@ -316,7 +316,7 @@ paths: - INFO - ERROR message: - description: 'log message. If logger is USER, then it MUST be human readable' + description: "log message. If logger is USER, then it MUST be human readable" type: string logger: description: name of the logger receiving this message @@ -324,26 +324,26 @@ paths: required: - message example: - message: 'Hi there, Mr user' + message: "Hi there, Mr user" level: INFO logger: user-logger error: nullable: true default: null - '202': - description: 'Accepted, but 2 Factor Authentication required' + "202": + description: "Accepted, but 2 Factor Authentication required" content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/validate-code-login: post: summary: user enters 2 Factor Authentication code when login in tags: - authentication - operationId: auth_validate_2fa_login + operationId: auth_login_2fa requestBody: content: application/json: @@ -359,16 +359,16 @@ paths: type: string example: email: foo@mymail.com - code: '1234' + code: "1234" responses: - '200': + "200": description: Succesfully logged in content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/logout: post: tags: @@ -384,14 +384,14 @@ paths: type: string example: 5ac57685-c40f-448f-8711-70be1936fd63 responses: - '200': + "200": description: Succesfully logged out content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/reset-password: post: summary: a non logged-in user requests a password reset @@ -411,19 +411,19 @@ paths: example: email: foo@mymail.com responses: - '200': + "200": description: confirmation email sent to user content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' - '503': + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" + "503": description: failed to send confirmation email content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' - '/auth/reset-password/{code}': + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" + "/auth/reset-password/{code}": post: tags: - authentication @@ -452,20 +452,20 @@ paths: password: my secret confirm: my secret responses: - '200': + "200": description: password was successfully changed content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' - '401': + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" + "401": description: unauthorized reset due to invalid token code content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/change-email: post: summary: logged in user changes email @@ -485,26 +485,26 @@ paths: example: email: foo@mymail.com responses: - '200': + "200": description: confirmation sent to new email to complete operation content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' - '401': + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" + "401": description: unauthorized user. Login required content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' - '503': + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" + "503": description: unable to send confirmation email content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /auth/change-password: post: summary: logged in user changes password @@ -532,33 +532,33 @@ paths: new: my new secret confirm: my new secret responses: - '200': + "200": description: password was successfully changed content: application/json: schema: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema' - '401': + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema" + "401": description: unauthorized user. Login required content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' - '409': + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" + "409": description: mismatch between new and confirmation passwords content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' - '422': + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" + "422": description: current password is invalid content: application/json: schema: - $ref: '#/components/responses/DefaultErrorResponse/content/application~1json/schema' + $ref: "#/components/responses/DefaultErrorResponse/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/auth/confirmation/{code}': + $ref: "#/components/responses/DefaultErrorResponse" + "/auth/confirmation/{code}": get: summary: email link sent to user to confirm an action tags: @@ -580,7 +580,7 @@ paths: - authentication operationId: list_api_keys responses: - '200': + "200": description: returns the display names of API keys content: application/json: @@ -588,9 +588,9 @@ paths: type: array items: type: string - '401': + "401": description: requires login to list keys - '403': + "403": description: not enough permissions to list keys post: summary: creates API keys to access public API @@ -612,7 +612,7 @@ paths: type: number description: expiration delta in seconds responses: - '200': + "200": description: Authorization granted returning API key content: application/json: @@ -625,11 +625,11 @@ paths: type: string api_secret: type: string - '400': + "400": description: key name requested is invalid - '401': + "401": description: requires login to create a key - '403': + "403": description: not enough permissions to create a key delete: summary: deletes API key by name @@ -641,13 +641,13 @@ paths: content: application/json: schema: - $ref: '#/paths/~1auth~1api-keys/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1auth~1api-keys/post/requestBody/content/application~1json/schema" responses: - '204': + "204": description: api key successfully deleted - '401': + "401": description: requires login to delete a key - '403': + "403": description: not enough permissions to delete a key /me: get: @@ -655,7 +655,7 @@ paths: tags: - user responses: - '200': + "200": description: current user profile content: application/json: @@ -666,7 +666,7 @@ paths: properties: data: allOf: - - $ref: '#/paths/~1me/put/requestBody/content/application~1json/schema/allOf/0' + - $ref: "#/paths/~1me/put/requestBody/content/application~1json/schema/allOf/0" - type: object properties: id: @@ -677,18 +677,18 @@ paths: role: type: string groups: - $ref: '#/paths/~1groups/get/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1groups/get/responses/200/content/application~1json/schema/properties/data" gravatar_id: type: string expirationDate: type: string format: date - description: 'If user has a trial account, it sets the expiration date, otherwise None' + description: "If user has a trial account, it sets the expiration date, otherwise None" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" put: operationId: update_my_profile tags: @@ -708,10 +708,10 @@ paths: first_name: Pedro last_name: Crespo responses: - '204': + "204": description: updated profile default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /me/tokens: get: summary: List tokens @@ -719,7 +719,7 @@ paths: tags: - user responses: - '200': + "200": description: list of tokens content: application/json: @@ -731,12 +731,12 @@ paths: data: type: array items: - $ref: '#/paths/~1me~1tokens/post/requestBody/content/application~1json/schema/properties/data' + $ref: "#/paths/~1me~1tokens/post/requestBody/content/application~1json/schema/properties/data" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: summary: Create tokens operationId: create_tokens @@ -771,15 +771,15 @@ paths: nullable: true default: null responses: - '201': + "201": description: token created content: application/json: schema: - $ref: '#/paths/~1me~1tokens/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1me~1tokens/post/requestBody/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/me/tokens/{service}': + $ref: "#/components/responses/DefaultErrorResponse" + "/me/tokens/{service}": parameters: - name: service in: path @@ -792,19 +792,19 @@ paths: tags: - user responses: - '200': + "200": description: got detailed token content: application/json: schema: - $ref: '#/paths/~1me~1tokens/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1me~1tokens/post/requestBody/content/application~1json/schema" put: summary: Updates token operationId: update_token tags: - user responses: - '204': + "204": description: token has been successfully updated delete: summary: Delete token @@ -812,7 +812,7 @@ paths: tags: - user responses: - '204': + "204": description: token has been successfully deleted /groups: get: @@ -821,7 +821,7 @@ paths: tags: - group responses: - '200': + "200": description: list of the groups I belonged to content: application/json: @@ -834,18 +834,18 @@ paths: type: object properties: me: - $ref: '#/paths/~1groups/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1groups/post/requestBody/content/application~1json/schema" organizations: type: array items: - $ref: '#/paths/~1groups/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1groups/post/requestBody/content/application~1json/schema" all: - $ref: '#/paths/~1groups/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1groups/post/requestBody/content/application~1json/schema" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: summary: Create a new group operationId: create_group @@ -873,27 +873,27 @@ paths: type: string format: uri accessRights: - $ref: '#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/patch/requestBody/content/application~1json/schema/properties/accessRights' + $ref: "#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/patch/requestBody/content/application~1json/schema/properties/accessRights" required: - gid - label - description - accessRights example: - - gid: '27' + - gid: "27" label: A user description: A very special user - thumbnail: 'https://user-images.githubusercontent.com/32800795/61083844-ff48fb00-a42c-11e9-8e63-fa2d709c8baf.png' - - gid: '1' + thumbnail: "https://user-images.githubusercontent.com/32800795/61083844-ff48fb00-a42c-11e9-8e63-fa2d709c8baf.png" + - gid: "1" label: ITIS Foundation description: The Foundation for Research on Information Technologies in Society - thumbnail: 'https://user-images.githubusercontent.com/32800795/61083844-ff48fb00-a42c-11e9-8e63-fa2d709c8baf.png' - - gid: '0' + thumbnail: "https://user-images.githubusercontent.com/32800795/61083844-ff48fb00-a42c-11e9-8e63-fa2d709c8baf.png" + - gid: "0" label: All description: Open to all users - thumbnail: 'https://user-images.githubusercontent.com/32800795/61083844-ff48fb00-a42c-11e9-8e63-fa2d709c8baf.png' + thumbnail: "https://user-images.githubusercontent.com/32800795/61083844-ff48fb00-a42c-11e9-8e63-fa2d709c8baf.png" responses: - '201': + "201": description: group created content: application/json: @@ -903,13 +903,13 @@ paths: - data properties: data: - $ref: '#/paths/~1groups/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1groups/post/requestBody/content/application~1json/schema" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/groups/{gid}': + $ref: "#/components/responses/DefaultErrorResponse" + "/groups/{gid}": parameters: - name: gid in: path @@ -922,14 +922,14 @@ paths: summary: Gets one group details operationId: get_group responses: - '200': + "200": description: got group content: application/json: schema: - $ref: '#/paths/~1groups/post/responses/201/content/application~1json/schema' + $ref: "#/paths/~1groups/post/responses/201/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" patch: summary: Update one group operationId: update_group @@ -941,27 +941,27 @@ paths: content: application/json: schema: - $ref: '#/paths/~1groups/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1groups/post/requestBody/content/application~1json/schema" responses: - '200': + "200": description: the modified group content: application/json: schema: - $ref: '#/paths/~1groups/post/responses/201/content/application~1json/schema' + $ref: "#/paths/~1groups/post/responses/201/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - group summary: Deletes one group operationId: delete_group responses: - '204': + "204": description: group has been successfully deleted default: - $ref: '#/components/responses/DefaultErrorResponse' - '/groups/{gid}/users': + $ref: "#/components/responses/DefaultErrorResponse" + "/groups/{gid}/users": parameters: - name: gid in: path @@ -974,7 +974,7 @@ paths: summary: Gets list of users in group operationId: get_group_users responses: - '200': + "200": description: got list of users and their respective rights content: application/json: @@ -986,12 +986,12 @@ paths: data: type: array items: - $ref: '#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/get/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/get/responses/200/content/application~1json/schema/properties/data" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: tags: - group @@ -1020,11 +1020,11 @@ paths: format: email description: the user email responses: - '204': + "204": description: user successfully added default: - $ref: '#/components/responses/DefaultErrorResponse' - '/groups/{gid}/users/{uid}': + $ref: "#/components/responses/DefaultErrorResponse" + "/groups/{gid}/users/{uid}": parameters: - name: gid in: path @@ -1042,7 +1042,7 @@ paths: summary: Gets specific user in group operationId: get_group_user responses: - '200': + "200": description: got user content: application/json: @@ -1080,14 +1080,14 @@ paths: last_name: Smith login: mr.smith@matrix.com gravatar_id: a1af5c6ecc38e81f29695f01d6ceb540 - id: '1' - gid: '3' - - $ref: '#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/patch/requestBody/content/application~1json/schema/properties/accessRights' + id: "1" + gid: "3" + - $ref: "#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/patch/requestBody/content/application~1json/schema/properties/accessRights" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" patch: tags: - group @@ -1128,25 +1128,25 @@ paths: required: - accessRights responses: - '200': + "200": description: modified user content: application/json: schema: - $ref: '#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1groups~1%7Bgid%7D~1users~1%7Buid%7D/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - group summary: Delete specific user in group operationId: delete_group_user responses: - '204': + "204": description: successfully removed user default: - $ref: '#/components/responses/DefaultErrorResponse' - '/groups/{gid}/classifiers': + $ref: "#/components/responses/DefaultErrorResponse" + "/groups/{gid}/classifiers": get: parameters: - name: gid @@ -1168,11 +1168,11 @@ paths: summary: Gets classifiers bundle for this group operationId: get_group_classifiers responses: - '200': + "200": description: got a bundle with all information about classifiers default: - $ref: '#/components/responses/DefaultErrorResponse' - '/groups/sparc/classifiers/scicrunch-resources/{rrid}': + $ref: "#/components/responses/DefaultErrorResponse" + "/groups/sparc/classifiers/scicrunch-resources/{rrid}": parameters: - name: rrid in: path @@ -1182,32 +1182,32 @@ paths: get: tags: - group - summary: 'Returns information on a valid RRID (https://www.force11.org/group/resource-identification-initiative)' + summary: "Returns information on a valid RRID (https://www.force11.org/group/resource-identification-initiative)" operationId: get_scicrunch_resource responses: - '200': + "200": description: Got information of a valid RRID - '400': + "400": description: Invalid RRID - '503': + "503": description: scircrunch.org service is not reachable default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: tags: - group summary: Adds new RRID to classifiers operationId: add_scicrunch_resource responses: - '200': + "200": description: Got information of a valid RRID - '400': + "400": description: Invalid RRID - '503': + "503": description: scircrunch.org service is not reachable default: - $ref: '#/components/responses/DefaultErrorResponse' - '/groups/sparc/classifiers/scicrunch-resources:search': + $ref: "#/components/responses/DefaultErrorResponse" + "/groups/sparc/classifiers/scicrunch-resources:search": get: parameters: - name: guess_name @@ -1220,12 +1220,12 @@ paths: summary: Returns a list of related resource provided a search name operationId: search_scicrunch_resources responses: - '200': + "200": description: Got information of a valid RRID - '503': + "503": description: scircrunch.org service is not reachable default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /storage/locations: get: summary: Get available storage locations @@ -1233,7 +1233,7 @@ paths: - storage operationId: get_storage_locations responses: - '200': + "200": description: List of availabe storage locations content: application/json: @@ -1250,8 +1250,8 @@ paths: filename: simcore.s3 id: 0 default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}:sync': + $ref: "#/components/responses/DefaultErrorResponse" + "/storage/locations/{location_id}:sync": post: summary: Manually triggers the synchronisation of the file meta data table in the database tags: @@ -1276,8 +1276,8 @@ paths: type: boolean default: false responses: - '200': - description: 'An object containing added, changed and removed paths' + "200": + description: "An object containing added, changed and removed paths" content: application/json: schema: @@ -1303,8 +1303,8 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}/files/metadata': + $ref: "#/components/responses/DefaultErrorResponse" + "/storage/locations/{location_id}/files/metadata": get: summary: Get list of file meta data tags: @@ -1317,17 +1317,17 @@ paths: schema: type: string responses: - '200': + "200": description: list of file meta-datas content: application/json: schema: type: array items: - $ref: '#/paths/~1storage~1locations~1%7Blocation_id%7D~1files~1%7Bfile_id%7D~1metadata/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1storage~1locations~1%7Blocation_id%7D~1files~1%7Bfile_id%7D~1metadata/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}/files/{file_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/storage/locations/{location_id}/files/{file_id}": get: summary: Returns download link for requested file tags: @@ -1345,7 +1345,7 @@ paths: schema: type: string responses: - '200': + "200": description: Returns presigned link content: application/json: @@ -1380,7 +1380,7 @@ paths: format: int64 minimum: 0 responses: - '200': + "200": description: Return upload object content: application/json: @@ -1448,9 +1448,9 @@ paths: schema: type: string responses: - '204': - description: '' - '/storage/locations/{location_id}/files/{file_id}:complete': + "204": + description: "" + "/storage/locations/{location_id}/files/{file_id}:complete": post: summary: Asks the server to complete the upload operationId: complete_upload_file @@ -1487,7 +1487,7 @@ paths: e_tag: type: string responses: - '202': + "202": description: Completion of upload is accepted content: application/json: @@ -1521,8 +1521,8 @@ paths: path.future_id: $response.body.data.links.state query.user_id: $request.query.user_id default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}/files/{file_id}:abort': + $ref: "#/components/responses/DefaultErrorResponse" + "/storage/locations/{location_id}/files/{file_id}:abort": post: summary: Asks the server to abort the upload and revert to the last valid version if any operationId: abort_upload_file @@ -1538,12 +1538,12 @@ paths: schema: type: string responses: - '204': + "204": description: Abort OK default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}/files/{file_id}:complete/futures/{future_id}': - post: + $ref: "#/components/responses/DefaultErrorResponse" + ? "/storage/locations/{location_id}/files/{file_id}:complete/futures/{future_id}" + : post: summary: Check for upload completion operationId: is_completed_upload_file parameters: @@ -1563,7 +1563,7 @@ paths: schema: type: string responses: - '200': + "200": description: returns state of upload completion content: application/json: @@ -1590,8 +1590,8 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}/files/{file_id}/metadata': + $ref: "#/components/responses/DefaultErrorResponse" + "/storage/locations/{location_id}/files/{file_id}/metadata": get: summary: Get File Metadata tags: @@ -1609,7 +1609,7 @@ paths: schema: type: string responses: - '200': + "200": description: Returns file metadata content: application/json: @@ -1638,16 +1638,16 @@ paths: type: string example: file_uuid: simcore-testing/105/1000/3 - location_id: '0' + location_id: "0" project_name: futurology node_name: alpha file_name: example.txt - file_id: 'N:package:e263da07-2d89-45a6-8b0f-61061b913873' - created_at: '2019-06-19T12:29:03.308611Z' - last_modified: '2019-06-19T12:29:03.78852Z' + file_id: "N:package:e263da07-2d89-45a6-8b0f-61061b913873" + created_at: "2019-06-19T12:29:03.308611Z" + last_modified: "2019-06-19T12:29:03.78852Z" file_size: 73 entity_tag: a87ff679a2f3e71d9181a67b7542122c - '/storage/locations/{location_id}/datasets/{dataset_id}/metadata': + "/storage/locations/{location_id}/datasets/{dataset_id}/metadata": get: summary: Get Files Metadata tags: @@ -1665,15 +1665,15 @@ paths: schema: type: string responses: - '200': + "200": description: list of file meta-datas content: application/json: schema: - $ref: '#/paths/~1storage~1locations~1%7Blocation_id%7D~1files~1metadata/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1storage~1locations~1%7Blocation_id%7D~1files~1metadata/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/storage/locations/{location_id}/datasets': + $ref: "#/components/responses/DefaultErrorResponse" + "/storage/locations/{location_id}/datasets": get: summary: Get datasets metadata tags: @@ -1686,7 +1686,7 @@ paths: schema: type: string responses: - '200': + "200": description: list of dataset meta-datas content: application/json: @@ -1700,11 +1700,11 @@ paths: display_name: type: string example: - dataset_uuid: 'N:id-aaaa' + dataset_uuid: "N:id-aaaa" display_name: simcore-testing default: - $ref: '#/components/responses/DefaultErrorResponse' - '/computations/{project_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/computations/{project_id}": get: description: Returns the last computation data tags: @@ -1719,7 +1719,7 @@ paths: type: string example: 123e4567-e89b-12d3-a456-426655440000 responses: - '200': + "200": description: Succesffully retrieved computation content: application/json: @@ -1741,15 +1741,15 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/computations/{project_id}:start': + $ref: "#/components/responses/DefaultErrorResponse" + "/computations/{project_id}:start": post: description: Starts the pipeline(s) of a given (meta) project tags: - computations operationId: start_computation parameters: - - $ref: '#/paths/~1computations~1%7Bproject_id%7D/get/parameters/0' + - $ref: "#/paths/~1computations~1%7Bproject_id%7D/get/parameters/0" requestBody: required: false content: @@ -1763,7 +1763,7 @@ paths: description: if true will force re-running all dependent nodes cluster_id: type: integer - description: 'the computation shall use the cluster described by its id, 0 is the default cluster' + description: "the computation shall use the cluster described by its id, 0 is the default cluster" default: 0 minimum: 0 subgraph: @@ -1774,7 +1774,7 @@ paths: type: string format: uuid responses: - '201': + "201": description: Successfully started the pipeline content: application/json: @@ -1800,20 +1800,20 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/computations/{project_id}:stop': + $ref: "#/components/responses/DefaultErrorResponse" + "/computations/{project_id}:stop": post: description: Stops (all) pipeline(s) of a given (meta) project tags: - computations operationId: stop_computation parameters: - - $ref: '#/paths/~1computations~1%7Bproject_id%7D/get/parameters/0' + - $ref: "#/paths/~1computations~1%7Bproject_id%7D/get/parameters/0" responses: - '204': + "204": description: Succesffully stopped the pipeline default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /projects: get: tags: @@ -1854,7 +1854,7 @@ paths: required: false description: maximum number of items to return responses: - '200': + "200": description: list of projects content: application/json: @@ -1866,12 +1866,12 @@ paths: data: type: array items: - $ref: '#/paths/~1projects~1active/get/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1projects~1active/get/responses/200/content/application~1json/schema/properties/data" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: tags: - project @@ -1882,19 +1882,19 @@ paths: in: query schema: type: string - description: 'Option to create a project from existing template or study: from_study={study_uuid}' + description: "Option to create a project from existing template or study: from_study={study_uuid}" - name: as_template in: query schema: type: boolean default: false - description: 'Option to create a template from existing project: as_template=true' + description: "Option to create a template from existing project: as_template=true" - name: copy_data in: query schema: type: boolean default: true - description: 'Option to copy data when creating from an existing template or as a template, defaults to True' + description: "Option to copy data when creating from an existing template or as a template, defaults to True" - name: hidden in: query schema: @@ -1964,24 +1964,24 @@ paths: type: string description: project creation date pattern: '\d{4}-(12|11|10|0?[1-9])-(31|30|[0-2]?\d)T(2[0-3]|1\d|0?[0-9])(:(\d|[0-5]\d)){2}(\.\d{3})?Z' - example: '2018-07-01T11:13:43Z' + example: "2018-07-01T11:13:43Z" lastChangeDate: type: string description: last save date pattern: '\d{4}-(12|11|10|0?[1-9])-(31|30|[0-2]?\d)T(2[0-3]|1\d|0?[0-9])(:(\d|[0-5]\d)){2}(\.\d{3})?Z' - example: '2018-07-01T11:13:43Z' + example: "2018-07-01T11:13:43Z" thumbnail: type: string minLength: 0 maxLength: 2083 format: uri description: url of the latest screenshot of the project - example: 'https://placeimg.com/171/96/tech/grayscale/?0.jpg' + example: "https://placeimg.com/171/96/tech/grayscale/?0.jpg" workbench: type: object x-patternProperties: - '^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$': - type: object + ? "^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$" + : type: object additionalProperties: false required: - key @@ -2020,26 +2020,26 @@ paths: type: string description: url of the latest screenshot of the node example: - - 'https://placeimg.com/171/96/tech/grayscale/?0.jpg' + - "https://placeimg.com/171/96/tech/grayscale/?0.jpg" runHash: description: the hex digest of the resolved inputs +outputs hash at the time when the last outputs were generated type: - string - - 'null' + - "null" example: - a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2 inputs: type: object description: values of input properties patternProperties: - '^[-_a-zA-Z0-9]+$': + "^[-_a-zA-Z0-9]+$": oneOf: - type: - integer - boolean - string - number - - 'null' + - "null" - type: object additionalProperties: false required: @@ -2051,7 +2051,7 @@ paths: format: uuid output: type: string - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" - type: object additionalProperties: false required: @@ -2088,7 +2088,7 @@ paths: type: object description: values of input unit patternProperties: - '^[-_a-zA-Z0-9]+$': + "^[-_a-zA-Z0-9]+$": type: string example: - kilo-meter @@ -2099,7 +2099,7 @@ paths: description: map with key - access level pairs type: object patternProperties: - '^[-_a-zA-Z0-9]+$': + "^[-_a-zA-Z0-9]+$": type: string enum: - Invisible @@ -2121,14 +2121,14 @@ paths: default: {} type: object patternProperties: - '^[-_a-zA-Z0-9]+$': + "^[-_a-zA-Z0-9]+$": oneOf: - type: - integer - boolean - string - number - - 'null' + - "null" - type: object additionalProperties: false required: @@ -2175,7 +2175,7 @@ paths: - nodeUuid2 parent: type: - - 'null' + - "null" - string format: uuid description: Parent's (group-nodes') node ID s. @@ -2187,18 +2187,18 @@ paths: additionalProperties: false required: - x - - 'y' + - "y" properties: x: type: integer description: The x position example: - - '12' - 'y': + - "12" + "y": type: integer description: The y position example: - - '15' + - "15" deprecated: true state: title: NodeState @@ -2237,10 +2237,10 @@ paths: additionalProperties: false bootOptions: title: Boot Options - description: 'Some services provide alternative parameters to be injected at boot time. The user selection should be stored here, and it will overwrite the services''s defaults.' + description: "Some services provide alternative parameters to be injected at boot time. The user selection should be stored here, and it will overwrite the services's defaults." type: object patternProperties: - '[a-zA-Z][a-azA-Z0-9_]*': + "[a-zA-Z][a-azA-Z0-9_]*": type: string additionalProperties: true ui: @@ -2250,8 +2250,8 @@ paths: workbench: type: object x-patternProperties: - '^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$': - type: object + ? "^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$" + : type: object additionalProperties: false required: - position @@ -2261,18 +2261,18 @@ paths: additionalProperties: false required: - x - - 'y' + - "y" properties: x: type: integer description: The x position example: - - '12' - 'y': + - "12" + "y": type: integer description: The y position example: - - '15' + - "15" marker: type: object additionalProperties: false @@ -2283,14 +2283,14 @@ paths: type: string description: Marker's color example: - - '#FF0000' - - '#0000FF' + - "#FF0000" + - "#0000FF" additionalProperties: true slideshow: type: object x-patternProperties: - '^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$': - type: object + ? "^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$" + : type: object additionalProperties: false required: - position @@ -2304,11 +2304,11 @@ paths: instructions: type: - string - - 'null' + - "null" description: Instructions about what to do in this step example: - This is a **sleeper** - - 'Please, select the config file defined [in this link](asdf)' + - "Please, select the config file defined [in this link](asdf)" additionalProperties: true currentNodeId: type: string @@ -2316,8 +2316,8 @@ paths: annotations: type: object x-patternProperties: - '^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$': - type: object + ? "^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?4[0-9a-fA-F]{3}-?[89abAB][0-9a-fA-F]{3}-?[0-9a-fA-F]{12}$" + : type: object additionalProperties: false required: - type @@ -2334,8 +2334,8 @@ paths: type: string description: Annotation's color example: - - '#FF0000' - - '#0000FF' + - "#FF0000" + - "#0000FF" attributes: type: object description: svg attributes @@ -2349,7 +2349,7 @@ paths: description: Contains the reference to the project classifiers items: type: string - example: 'some:id:to:a:classifier' + example: "some:id:to:a:classifier" dev: type: object description: object used for development purposes only @@ -2376,7 +2376,7 @@ paths: type: boolean owner: title: Owner - description: 'If locked, the user that owns the lock' + description: "If locked, the user that owns the lock" allOf: - title: Owner type: object @@ -2450,7 +2450,7 @@ paths: title: Quality description: Object containing Quality Assessment related data responses: - '202': + "202": description: project created content: application/json: @@ -2486,7 +2486,7 @@ paths: parameters: task_id: $response.body#/data/task_id default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /projects/active: get: tags: @@ -2494,7 +2494,7 @@ paths: summary: Gets active project operationId: get_active_project responses: - '200': + "200": description: returns active project content: application/json: @@ -2505,17 +2505,17 @@ paths: properties: data: allOf: - - $ref: '#/paths/~1projects/post/requestBody/content/application~1json/schema' + - $ref: "#/paths/~1projects/post/requestBody/content/application~1json/schema" - type: object properties: state: - $ref: '#/paths/~1projects~1%7Bproject_id%7D~1state/get/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1projects~1%7Bproject_id%7D~1state/get/responses/200/content/application~1json/schema/properties/data" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}": parameters: - name: project_id in: path @@ -2528,14 +2528,14 @@ paths: summary: Gets given project operationId: get_project responses: - '200': + "200": description: got detailed project content: application/json: schema: - $ref: '#/paths/~1projects~1active/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1active/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" put: tags: - project @@ -2551,25 +2551,25 @@ paths: content: application/json: schema: - $ref: '#/paths/~1projects/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1projects/post/requestBody/content/application~1json/schema" responses: - '200': + "200": description: got detailed project content: application/json: schema: - $ref: '#/paths/~1projects~1active/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1active/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - project summary: Delete given project operationId: delete_project responses: - '204': + "204": description: project has been successfully deleted - '/projects/{project_id}:open': + "/projects/{project_id}:open": parameters: - name: project_id in: path @@ -2590,15 +2590,15 @@ paths: type: string example: 5ac57685-c40f-448f-8711-70be1936fd63 responses: - '200': + "200": description: project successfuly opened content: application/json: schema: - $ref: '#/paths/~1projects~1active/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1active/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/state': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/state": parameters: - name: project_id in: path @@ -2611,7 +2611,7 @@ paths: summary: returns the state of a project operationId: get_project_state responses: - '200': + "200": description: returns the project current state content: application/json: @@ -2648,8 +2648,8 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}:xport': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}:xport": parameters: - name: project_id in: path @@ -2662,7 +2662,7 @@ paths: summary: creates an archive of the project and downloads it operationId: export_project responses: - '200': + "200": description: creates an archive from a project file content: application/zip: @@ -2670,8 +2670,8 @@ paths: type: string format: binary default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}:duplicate': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}:duplicate": parameters: - name: project_id in: path @@ -2684,7 +2684,7 @@ paths: summary: duplicates an existing project operationId: duplicate_project responses: - '200': + "200": description: project was duplicated correctly content: application/json: @@ -2694,8 +2694,8 @@ paths: uuid: type: string default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects:import': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects:import": post: tags: - exporter @@ -2711,7 +2711,7 @@ paths: type: string format: binary responses: - '200': + "200": description: creates a new project from an archive content: application/json: @@ -2721,8 +2721,8 @@ paths: uuid: type: string default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}:close': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}:close": parameters: - name: project_id in: path @@ -2740,13 +2740,13 @@ paths: content: application/json: schema: - $ref: '#/paths/~1projects~1%7Bproject_id%7D%3Aopen/post/requestBody/content/application~1json/schema' + $ref: "#/paths/~1projects~1%7Bproject_id%7D%3Aopen/post/requestBody/content/application~1json/schema" responses: - '204': + "204": description: project succesfuly closed default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes": parameters: - name: project_id in: path @@ -2783,7 +2783,7 @@ paths: service_key: simcore/services/dynamic/3d-viewer service_version: 1.4.0 responses: - '201': + "201": description: created content: application/json: @@ -2805,8 +2805,8 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes/{node_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes/{node_id}": parameters: - name: project_id in: path @@ -2824,7 +2824,7 @@ paths: description: Gets node status operationId: get_node responses: - '200': + "200": description: OK service exists and runs. Returns node details. content: application/json: @@ -2886,7 +2886,7 @@ paths: description: different base path where current service is mounted otherwise defaults to root type: string example: /x/E1O2E-LAH - default: '' + default: "" service_state: description: | the service state * 'pending' - The service is waiting for resources to start * 'pulling' - The service is being pulled from the registry * 'starting' - The service is starting * 'running' - The service is running * 'complete' - The service completed * 'failed' - The service failed to start @@ -2905,23 +2905,23 @@ paths: user_id: description: the user that started the service type: string - example: '123' + example: "123" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - project description: Stops and removes a node from the project operationId: delete_node responses: - '204': + "204": description: node has been successfully deleted from project default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes/{node_id}:retrieve': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes/{node_id}:retrieve": parameters: - name: project_id in: path @@ -2951,7 +2951,7 @@ paths: items: type: string responses: - '200': + "200": description: Returns the amount of transferred bytes when pulling data via nodeports content: application/json: @@ -2966,8 +2966,8 @@ paths: type: integer description: amount of transferred bytes default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes/{node_id}:start': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes/{node_id}:start": parameters: - name: project_id in: path @@ -2985,11 +2985,11 @@ paths: description: Starts a project dynamic service operationId: start_node responses: - '204': + "204": description: started service (needs to be long running though) default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes/{node_id}:stop': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes/{node_id}:stop": parameters: - name: project_id in: path @@ -3007,11 +3007,11 @@ paths: description: Stops a project node operationId: stop_node responses: - '204': + "204": description: stopped service default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes/{node_id}:restart': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes/{node_id}:restart": parameters: - name: project_id in: path @@ -3029,11 +3029,11 @@ paths: description: Restarts containers started by the dynamic-sidecar operationId: restart_node responses: - '204': + "204": description: Restarts containers started by the dynamic-sidecar default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/nodes/{node_id}/resources': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/nodes/{node_id}/resources": parameters: - name: project_id in: path @@ -3051,7 +3051,7 @@ paths: description: Returns the node resources operationId: get_node_resources responses: - '200': + "200": description: Returns the node resources. content: application/json: @@ -3061,12 +3061,12 @@ paths: - data properties: data: - $ref: '#/paths/~1projects~1%7Bproject_id%7D~1nodes~1%7Bnode_id%7D~1resources/put/requestBody/content/application~1json/schema' + $ref: "#/paths/~1projects~1%7Bproject_id%7D~1nodes~1%7Bnode_id%7D~1resources/put/requestBody/content/application~1json/schema" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" put: tags: - project @@ -3095,15 +3095,15 @@ paths: - type: number - type: string responses: - '200': + "200": description: Returns the udpated node resources. content: application/json: schema: - $ref: '#/paths/~1projects~1%7Bproject_id%7D~1nodes~1%7Bnode_id%7D~1resources/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1%7Bproject_id%7D~1nodes~1%7Bnode_id%7D~1resources/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_id}/inputs': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_id}/inputs": get: tags: - project @@ -3119,12 +3119,12 @@ paths: name: project_id in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Envelope[dict[uuid.UUID, simcore_service_webserver.projects.projects_ports_handlers.ProjectInputGet]]' + title: "Envelope[dict[uuid.UUID, simcore_service_webserver.projects.projects_ports_handlers.ProjectInputGet]]" type: object properties: data: @@ -3188,13 +3188,13 @@ paths: description: Value assigned to this i/o port required: true responses: - '200': + "200": description: Successful Response content: application/json: schema: - $ref: '#/paths/~1projects~1%7Bproject_id%7D~1inputs/get/responses/200/content/application~1json/schema' - '/projects/{project_id}/outputs': + $ref: "#/paths/~1projects~1%7Bproject_id%7D~1inputs/get/responses/200/content/application~1json/schema" + "/projects/{project_id}/outputs": get: tags: - project @@ -3210,12 +3210,12 @@ paths: name: project_id in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Envelope[dict[uuid.UUID, simcore_service_webserver.projects.projects_ports_handlers.ProjectOutputGet]]' + title: "Envelope[dict[uuid.UUID, simcore_service_webserver.projects.projects_ports_handlers.ProjectOutputGet]]" type: object properties: data: @@ -3242,7 +3242,7 @@ paths: type: string error: title: Error - '/projects/{project_id}/metadata/ports': + "/projects/{project_id}/metadata/ports": get: tags: - project @@ -3258,12 +3258,12 @@ paths: name: project_id in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Envelope[list[simcore_service_webserver.projects.projects_ports_handlers.ProjectMetadataPortGet]]' + title: "Envelope[list[simcore_service_webserver.projects.projects_ports_handlers.ProjectMetadataPortGet]]" type: object properties: data: @@ -3290,24 +3290,24 @@ paths: content_schema: title: Content Schema type: object - description: 'jsonschema for the port''s value. SEE https://json-schema.org/understanding-json-schema/' + description: "jsonschema for the port's value. SEE https://json-schema.org/understanding-json-schema/" error: title: Error - '/nodes/{nodeInstanceUUID}/outputUi/{outputKey}': + "/nodes/{nodeInstanceUUID}/outputUi/{outputKey}": get: tags: - node description: get a json description of the ui for presenting the output within the mainUi and a list of open api json schema objects describing the possible json payloads and responses for the api calls available at this endpoint operationId: get_node_output_ui parameters: - - $ref: '#/paths/~1nodes~1%7BnodeInstanceUUID%7D~1iframe/get/parameters/0' + - $ref: "#/paths/~1nodes~1%7BnodeInstanceUUID%7D~1iframe/get/parameters/0" - in: path name: outputKey required: true schema: type: string responses: - '200': + "200": description: Service Information content: application/json: @@ -3352,15 +3352,15 @@ paths: description: Error code type: integer example: 404 - '/nodes/{nodeInstanceUUID}/outputUi/{outputKey}/{apiCall}': + "/nodes/{nodeInstanceUUID}/outputUi/{outputKey}/{apiCall}": post: tags: - node summary: send data back to the output api ... protocol depends on the definition operationId: send_to_node_output_api parameters: - - $ref: '#/paths/~1nodes~1%7BnodeInstanceUUID%7D~1iframe/get/parameters/0' - - $ref: '#/paths/~1nodes~1%7BnodeInstanceUUID%7D~1outputUi~1%7BoutputKey%7D/get/parameters/1' + - $ref: "#/paths/~1nodes~1%7BnodeInstanceUUID%7D~1iframe/get/parameters/0" + - $ref: "#/paths/~1nodes~1%7BnodeInstanceUUID%7D~1outputUi~1%7BoutputKey%7D/get/parameters/1" - in: path name: apiCall required: true @@ -3424,7 +3424,7 @@ paths: label: type: string thumbnail: - description: 'data url - https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs' + description: "data url - https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs" type: string - type: object - type: array @@ -3438,7 +3438,7 @@ paths: folder: type: boolean - type: object - '/nodes/{nodeInstanceUUID}/iframe': + "/nodes/{nodeInstanceUUID}/iframe": get: tags: - node @@ -3453,7 +3453,7 @@ paths: responses: default: description: any response appropriate in the iframe context - '/projects/{study_uuid}/tags/{tag_id}': + "/projects/{study_uuid}/tags/{tag_id}": parameters: - name: tag_id in: path @@ -3471,29 +3471,29 @@ paths: summary: Links an existing label with an existing study operationId: add_tag responses: - '200': + "200": description: The tag has been successfully linked to the study content: application/json: schema: - $ref: '#/paths/~1projects~1active/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1active/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - project summary: Removes an existing link between a label and a study operationId: remove_tag responses: - '200': + "200": description: The tag has been successfully removed from the study content: application/json: schema: - $ref: '#/paths/~1projects~1active/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1active/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/projects/{project_uuid}/checkpoint/{ref_id}/iterations': + $ref: "#/components/responses/DefaultErrorResponse" + "/projects/{project_uuid}/checkpoint/{ref_id}/iterations": get: tags: - meta-projects @@ -3541,12 +3541,12 @@ paths: name: limit in: query responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Page[IterationItem]' + title: "Page[IterationItem]" required: - _meta - _links @@ -3634,7 +3634,7 @@ paths: name: title: Name type: string - description: 'Iteration''s resource name [AIP-122](https://google.aip.dev/122)' + description: "Iteration's resource name [AIP-122](https://google.aip.dev/122)" parent: title: Parent allOf: @@ -3669,9 +3669,9 @@ paths: minLength: 1 type: string format: uri - '404': + "404": description: This project has no iterations.Only meta-project have iterations and they must be explicitly created. - '422': + "422": description: Validation Error content: application/json: @@ -3701,7 +3701,7 @@ paths: type: title: Error Type type: string - '/projects/{project_uuid}/checkpoint/{ref_id}/iterations/{iter_id}': + "/projects/{project_uuid}/checkpoint/{ref_id}/iterations/{iter_id}": get: tags: - meta-projects @@ -3732,9 +3732,9 @@ paths: type: integer in: path responses: - '200': + "200": description: Successful Response - '/projects/{project_uuid}/checkpoint/{ref_id}/iterations/-/results': + "/projects/{project_uuid}/checkpoint/{ref_id}/iterations/-/results": get: tags: - meta-projects @@ -3782,12 +3782,12 @@ paths: name: limit in: query responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Page[IterationResultItem]' + title: "Page[IterationResultItem]" required: - _meta - _links @@ -3795,23 +3795,23 @@ paths: type: object properties: _meta: - $ref: '#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/200/content/application~1json/schema/properties/_meta' + $ref: "#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/200/content/application~1json/schema/properties/_meta" _links: - $ref: '#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/200/content/application~1json/schema/properties/_links' + $ref: "#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/200/content/application~1json/schema/properties/_links" data: title: Data type: array items: - $ref: '#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/200/content/application~1json/schema/properties/data/items' - '404': + $ref: "#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/200/content/application~1json/schema/properties/data/items" + "404": description: This project has no iterations.Only meta-project have iterations and they must be explicitly created. - '422': + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/422/content/application~1json/schema' - '/projects/{project_uuid}/checkpoint/{ref_id}/iterations/{iter_id}/results': + $ref: "#/paths/~1projects~1%7Bproject_uuid%7D~1checkpoint~1%7Bref_id%7D~1iterations/get/responses/422/content/application~1json/schema" + "/projects/{project_uuid}/checkpoint/{ref_id}/iterations/{iter_id}/results": get: tags: - meta-projects @@ -3842,7 +3842,7 @@ paths: name: iter_id in: path responses: - '200': + "200": description: Successful Response /repos/projects: get: @@ -3874,12 +3874,12 @@ paths: name: limit in: query responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Page[Repo]' + title: "Page[Repo]" required: - _meta - _links @@ -3971,7 +3971,7 @@ paths: minLength: 1 type: string format: uri - '422': + "422": description: Validation Error content: application/json: @@ -4001,7 +4001,7 @@ paths: type: title: Error Type type: string - '/repos/projects/{project_uuid}/checkpoints': + "/repos/projects/{project_uuid}/checkpoints": get: tags: - repository @@ -4040,12 +4040,12 @@ paths: name: limit in: query responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Page[Checkpoint]' + title: "Page[Checkpoint]" required: - _meta - _links @@ -4053,20 +4053,20 @@ paths: type: object properties: _meta: - $ref: '#/paths/~1repos~1projects/get/responses/200/content/application~1json/schema/properties/_meta' + $ref: "#/paths/~1repos~1projects/get/responses/200/content/application~1json/schema/properties/_meta" _links: - $ref: '#/paths/~1repos~1projects/get/responses/200/content/application~1json/schema/properties/_links' + $ref: "#/paths/~1repos~1projects/get/responses/200/content/application~1json/schema/properties/_links" data: title: Data type: array items: - $ref: '#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema/properties/data' - '422': + $ref: "#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema/properties/data" + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" post: tags: - repository @@ -4099,12 +4099,12 @@ paths: type: string required: true responses: - '201': + "201": description: Successful Response content: application/json: schema: - title: 'Envelope[Checkpoint]' + title: "Envelope[Checkpoint]" type: object properties: data: @@ -4159,13 +4159,13 @@ paths: message: title: Message type: string - '422': + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' - '/repos/projects/{project_uuid}/checkpoints/HEAD': + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" + "/repos/projects/{project_uuid}/checkpoints/HEAD": get: tags: - repository @@ -4183,19 +4183,19 @@ paths: name: project_uuid in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - $ref: '#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema' - '422': + $ref: "#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema" + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' - '/repos/projects/{project_uuid}/checkpoints/{ref_id}': + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" + "/repos/projects/{project_uuid}/checkpoints/{ref_id}": get: tags: - repository @@ -4203,7 +4203,7 @@ paths: description: Set ref_id=HEAD to return current commit operationId: simcore_service_webserver.version_control_handlers._get_checkpoint_handler parameters: - - description: 'A repository ref (commit, tag or branch)' + - description: "A repository ref (commit, tag or branch)" required: true schema: title: Ref Id @@ -4211,7 +4211,7 @@ paths: - type: string format: uuid - type: string - description: 'A repository ref (commit, tag or branch)' + description: "A repository ref (commit, tag or branch)" name: ref_id in: path - description: Project unique identifier @@ -4224,25 +4224,25 @@ paths: name: project_uuid in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - $ref: '#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema' - '422': + $ref: "#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema" + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" patch: tags: - repository summary: Update Checkpoint Annotations operationId: simcore_service_webserver.version_control_handlers._update_checkpoint_annotations_handler parameters: - - description: 'A repository ref (commit, tag or branch)' + - description: "A repository ref (commit, tag or branch)" required: true schema: title: Ref Id @@ -4250,7 +4250,7 @@ paths: - type: string format: uuid - type: string - description: 'A repository ref (commit, tag or branch)' + description: "A repository ref (commit, tag or branch)" name: ref_id in: path - description: Project unique identifier @@ -4277,19 +4277,19 @@ paths: type: string required: true responses: - '200': + "200": description: Successful Response content: application/json: schema: - $ref: '#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema' - '422': + $ref: "#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema" + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' - '/repos/projects/{project_uuid}/checkpoints/{ref_id}:checkout': + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" + "/repos/projects/{project_uuid}/checkpoints/{ref_id}:checkout": post: tags: - repository @@ -4299,7 +4299,7 @@ paths: the check out operationId: simcore_service_webserver.version_control_handlers._checkout_handler parameters: - - description: 'A repository ref (commit, tag or branch)' + - description: "A repository ref (commit, tag or branch)" required: true schema: title: Ref Id @@ -4307,7 +4307,7 @@ paths: - type: string format: uuid - type: string - description: 'A repository ref (commit, tag or branch)' + description: "A repository ref (commit, tag or branch)" name: ref_id in: path - description: Project unique identifier @@ -4320,19 +4320,19 @@ paths: name: project_uuid in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - $ref: '#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema' - '422': + $ref: "#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema" + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' - '/repos/projects/{project_uuid}/checkpoints/{ref_id}/workbench/view': + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" + "/repos/projects/{project_uuid}/checkpoints/{ref_id}/workbench/view": get: tags: - repository @@ -4340,7 +4340,7 @@ paths: description: Returns a view of the workbench for a given project's version operationId: simcore_service_webserver.version_control_handlers._view_project_workbench_handler parameters: - - description: 'A repository ref (commit, tag or branch)' + - description: "A repository ref (commit, tag or branch)" required: true schema: title: Ref Id @@ -4348,7 +4348,7 @@ paths: - type: string format: uuid - type: string - description: 'A repository ref (commit, tag or branch)' + description: "A repository ref (commit, tag or branch)" name: ref_id in: path - description: Project unique identifier @@ -4361,12 +4361,12 @@ paths: name: project_uuid in: path responses: - '200': + "200": description: Successful Response content: application/json: schema: - title: 'Envelope[WorkbenchView]' + title: "Envelope[WorkbenchView]" type: object properties: data: @@ -4409,21 +4409,21 @@ paths: default: {} description: A view (i.e. read-only and visual) of the project's workbench error: - $ref: '#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema/properties/error' - '422': + $ref: "#/paths/~1repos~1projects~1%7Bproject_uuid%7D~1checkpoints/post/responses/201/content/application~1json/schema/properties/error" + "422": description: Validation Error content: application/json: schema: - $ref: '#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1repos~1projects/get/responses/422/content/application~1json/schema" /activity/status: get: operationId: get_status tags: - activity responses: - '200': - description: 'Object containing queuing, CPU and Memory usage/limits information of services' + "200": + description: "Object containing queuing, CPU and Memory usage/limits information of services" content: application/json: schema: @@ -4456,7 +4456,7 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /tags: get: tags: @@ -4464,7 +4464,7 @@ paths: summary: List all tags for the current user operationId: list_tags responses: - '200': + "200": description: List of tags content: application/json: @@ -4481,19 +4481,19 @@ paths: tags: type: array items: - $ref: '#/paths/~1tags/post/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1tags/post/responses/200/content/application~1json/schema/properties/data" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: tags: - tag summary: Creates a new tag operationId: create_tag responses: - '200': + "200": description: The created tag content: application/json: @@ -4517,7 +4517,7 @@ paths: type: string color: type: string - pattern: '^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$' + pattern: "^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$" accessRights: type: object properties: @@ -4531,8 +4531,8 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/tags/{tag_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/tags/{tag_id}": parameters: - name: tag_id in: path @@ -4545,21 +4545,21 @@ paths: summary: Updates a tag operationId: update_tag responses: - '200': + "200": description: The updated tag content: application/json: schema: - $ref: '#/paths/~1tags/post/responses/200/content/application~1json/schema' + $ref: "#/paths/~1tags/post/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - tag summary: Deletes an existing tag operationId: delete_tag responses: - '204': + "204": description: The tag has been successfully deleted /publications/service-submission: post: @@ -4582,22 +4582,22 @@ paths: type: string format: binary responses: - '204': + "204": description: Submission has been registered default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /catalog/dags: get: tags: - catalog operationId: list_catalog_dags responses: - '200': + "200": description: List of catalog dags - '422': + "422": description: Validation Error default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: tags: - catalog @@ -4610,13 +4610,13 @@ paths: type: object additionalProperties: true responses: - '201': + "201": description: The dag was successfully created - '422': + "422": description: Validation Error default: - $ref: '#/components/responses/DefaultErrorResponse' - '/catalog/dags/{dag_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/catalog/dags/{dag_id}": parameters: - in: path name: dag_id @@ -4636,21 +4636,21 @@ paths: type: object additionalProperties: true responses: - '200': + "200": description: The dag was replaced in catalog - '422': + "422": description: Validation Error default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - catalog summary: Deletes an existing dag operationId: delete_catalog_dag responses: - '204': + "204": description: Successfully deleted - '422': + "422": description: Validation Error /catalog/services: get: @@ -4659,11 +4659,11 @@ paths: summary: List Services operationId: list_services_handler responses: - '200': + "200": description: Returns list of services from the catalog default: - $ref: '#/components/responses/DefaultErrorResponse' - '/catalog/services/{service_key}/{service_version}': + $ref: "#/components/responses/DefaultErrorResponse" + "/catalog/services/{service_key}/{service_version}": parameters: - in: path name: service_key @@ -4685,10 +4685,10 @@ paths: summary: Get Service operationId: get_service_handler responses: - '200': + "200": description: Returns service default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" patch: tags: - catalog @@ -4701,11 +4701,11 @@ paths: type: object additionalProperties: true responses: - '200': + "200": description: Returns modified service default: - $ref: '#/components/responses/DefaultErrorResponse' - '/catalog/services/{service_key}/{service_version}/inputs': + $ref: "#/components/responses/DefaultErrorResponse" + "/catalog/services/{service_key}/{service_version}/inputs": get: tags: - catalog @@ -4726,7 +4726,7 @@ paths: title: Service Version type: string responses: - '200': + "200": content: application/json: schema: @@ -4769,7 +4769,7 @@ paths: type: object keyId: description: Unique name identifier for this input - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" title: Keyid type: string label: @@ -4783,15 +4783,15 @@ paths: title: Type type: string unit: - description: 'Units, when it refers to a physical quantity' + description: "Units, when it refers to a physical quantity" title: Unit type: string unitLong: - description: 'Long name of the unit, if available' + description: "Long name of the unit, if available" title: Unitlong type: string unitShort: - description: 'Short name for the unit, if available' + description: "Short name for the unit, if available" title: Unitshort type: string widget: @@ -4864,7 +4864,7 @@ paths: title: ServiceInputApiOut type: object description: Successful Response - '422': + "422": content: application/json: schema: @@ -4895,7 +4895,7 @@ paths: type: object description: Validation Error summary: List Service Inputs - '/catalog/services/{service_key}/{service_version}/inputs/{input_key}': + "/catalog/services/{service_key}/{service_version}/inputs/{input_key}": get: tags: - catalog @@ -4919,28 +4919,28 @@ paths: name: input_key required: true schema: - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" title: Input Key type: string responses: - '200': + "200": content: application/json: schema: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/200/content/application~1json/schema" description: Successful Response - '422': + "422": content: application/json: schema: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema" description: Validation Error summary: Get Service Input - '/catalog/services/{service_key}/{service_version}/inputs:match': + "/catalog/services/{service_key}/{service_version}/inputs:match": get: tags: - catalog - description: 'Filters inputs of this service that match a given service output. Returns compatible input ports of the service, provided an output port of a connected node.' + description: "Filters inputs of this service that match a given service output. Returns compatible input ports of the service, provided an output port of a connected node." operationId: get_compatible_inputs_given_source_output_handler parameters: - in: path @@ -4975,28 +4975,28 @@ paths: name: fromOutput required: true schema: - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" title: Fromoutput type: string responses: - '200': + "200": content: application/json: schema: items: - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" type: string title: Response Get Compatible Inputs Given Source Output Catalog Services Service Key Service Version Inputs Match Get type: array description: Successful Response - '422': + "422": content: application/json: schema: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema" description: Validation Error summary: Get Compatible Inputs Given Source Output - '/catalog/services/{service_key}/{service_version}/outputs': + "/catalog/services/{service_key}/{service_version}/outputs": get: tags: - catalog @@ -5017,23 +5017,23 @@ paths: title: Service Version type: string responses: - '200': + "200": content: application/json: schema: items: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1outputs~1%7Boutput_key%7D/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1outputs~1%7Boutput_key%7D/get/responses/200/content/application~1json/schema" title: Response List Service Outputs Catalog Services Service Key Service Version Outputs Get type: array description: Successful Response - '422': + "422": content: application/json: schema: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema" description: Validation Error summary: List Service Outputs - '/catalog/services/{service_key}/{service_version}/outputs/{output_key}': + "/catalog/services/{service_key}/{service_version}/outputs/{output_key}": get: tags: - catalog @@ -5057,11 +5057,11 @@ paths: name: output_key required: true schema: - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" title: Output Key type: string responses: - '200': + "200": content: application/json: schema: @@ -5104,7 +5104,7 @@ paths: type: object keyId: description: Unique name identifier for this input - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" title: Keyid type: string label: @@ -5118,20 +5118,20 @@ paths: title: Type type: string unit: - description: 'Units, when it refers to a physical quantity' + description: "Units, when it refers to a physical quantity" title: Unit type: string unitLong: - description: 'Long name of the unit, if available' + description: "Long name of the unit, if available" title: Unitlong type: string unitShort: - description: 'Short name for the unit, if available' + description: "Short name for the unit, if available" title: Unitshort type: string widget: allOf: - - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/200/content/application~1json/schema/properties/widget/allOf/0' + - $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/200/content/application~1json/schema/properties/widget/allOf/0" deprecated: true description: custom widget to use instead of the default one determined from the data-type title: Widget @@ -5144,14 +5144,14 @@ paths: title: ServiceOutputApiOut type: object description: Successful Response - '422': + "422": content: application/json: schema: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema" description: Validation Error summary: Get Service Output - '/catalog/services/{service_key}/{service_version}/outputs:match': + "/catalog/services/{service_key}/{service_version}/outputs:match": get: tags: - catalog @@ -5190,28 +5190,28 @@ paths: name: toInput required: true schema: - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" title: Toinput type: string responses: - '200': + "200": content: application/json: schema: items: - pattern: '^[-_a-zA-Z0-9]+$' + pattern: "^[-_a-zA-Z0-9]+$" type: string title: Response Get Compatible Outputs Given Target Input Catalog Services Service Key Service Version Outputs Match Get type: array description: Successful Response - '422': + "422": content: application/json: schema: - $ref: '#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema' + $ref: "#/paths/~1catalog~1services~1%7Bservice_key%7D~1%7Bservice_version%7D~1inputs/get/responses/422/content/application~1json/schema" description: Validation Error summary: Get Compatible Outputs Given Target Input - '/catalog/services/{service_key}/{service_version}/resources': + "/catalog/services/{service_key}/{service_version}/resources": get: tags: - catalog @@ -5233,15 +5233,15 @@ paths: title: Service Version type: string responses: - '200': + "200": description: Successful Response content: application/json: schema: - $ref: '#/paths/~1projects~1%7Bproject_id%7D~1nodes~1%7Bnode_id%7D~1resources/get/responses/200/content/application~1json/schema' + $ref: "#/paths/~1projects~1%7Bproject_id%7D~1nodes~1%7Bnode_id%7D~1resources/get/responses/200/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' - '/clusters:ping': + $ref: "#/components/responses/DefaultErrorResponse" + "/clusters:ping": post: summary: test connectivity with cluster operationId: ping_cluster_handler @@ -5262,18 +5262,18 @@ paths: authentication: description: Dask gateway authentication anyOf: - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/0' - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/1' - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/2' + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/0" + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/1" + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/2" required: - endpoint - authentication additionalProperties: false responses: - '204': + "204": description: connectivity is OK default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /clusters: get: summary: List my clusters @@ -5281,7 +5281,7 @@ paths: tags: - cluster responses: - '200': + "200": description: list of the clusters I have access to content: application/json: @@ -5293,12 +5293,12 @@ paths: data: type: array items: - $ref: '#/paths/~1clusters/post/responses/201/content/application~1json/schema/properties/data' + $ref: "#/paths/~1clusters/post/responses/201/content/application~1json/schema/properties/data" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" post: summary: Create a new cluster operationId: create_cluster_handler @@ -5376,7 +5376,7 @@ paths: - authentication additionalProperties: false responses: - '201': + "201": description: cluster created content: application/json: @@ -5418,15 +5418,15 @@ paths: authentication: description: Dask gateway authentication anyOf: - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/0' - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/1' - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/2' + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/0" + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/1" + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/2" accessRights: type: object description: object containing the GroupID as key and read/write/execution permissions as value x-patternProperties: ^\S+$: - $ref: '#/paths/~1clusters~1%7Bcluster_id%7D/patch/requestBody/content/application~1json/schema/properties/accessRights/x-patternProperties/%5E%5CS%2B%24' + $ref: "#/paths/~1clusters~1%7Bcluster_id%7D/patch/requestBody/content/application~1json/schema/properties/accessRights/x-patternProperties/%5E%5CS%2B%24" required: - id - name @@ -5438,14 +5438,14 @@ paths: - id: 1 name: AWS cluster type: AWS - endpoint: 'https://registry.osparc-development.fake.dev' + endpoint: "https://registry.osparc-development.fake.dev" authentication: type: simple username: someuser password: somepassword owner: 2 accessRights: - '2': + "2": read: true write: true delete: true @@ -5453,8 +5453,8 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' - '/clusters/{cluster_id}': + $ref: "#/components/responses/DefaultErrorResponse" + "/clusters/{cluster_id}": parameters: - name: cluster_id in: path @@ -5467,14 +5467,14 @@ paths: summary: Gets one cluster operationId: get_cluster_handler responses: - '200': + "200": description: got cluster content: application/json: schema: - $ref: '#/paths/~1clusters/post/responses/201/content/application~1json/schema' + $ref: "#/paths/~1clusters/post/responses/201/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" patch: summary: Update one cluster operationId: update_cluster_handler @@ -5513,9 +5513,9 @@ paths: authentication: description: Dask gateway authentication anyOf: - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/0' - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/1' - - $ref: '#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/2' + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/0" + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/1" + - $ref: "#/paths/~1clusters/post/requestBody/content/application~1json/schema/properties/authentication/anyOf/2" accessRights: type: object description: object containing the GroupID as key and read/write/execution permissions as value @@ -5539,25 +5539,25 @@ paths: - delete additionalProperties: false responses: - '200': + "200": description: the modified cluster content: application/json: schema: - $ref: '#/paths/~1clusters/post/responses/201/content/application~1json/schema' + $ref: "#/paths/~1clusters/post/responses/201/content/application~1json/schema" default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: tags: - cluster summary: Deletes one cluster operationId: delete_cluster_handler responses: - '204': + "204": description: cluster has been successfully deleted default: - $ref: '#/components/responses/DefaultErrorResponse' - '/clusters/{cluster_id}:ping': + $ref: "#/components/responses/DefaultErrorResponse" + "/clusters/{cluster_id}:ping": parameters: - name: cluster_id in: path @@ -5570,11 +5570,11 @@ paths: tags: - cluster responses: - '204': + "204": description: connectivity is OK default: - $ref: '#/components/responses/DefaultErrorResponse' - '/clusters/{cluster_id}/details': + $ref: "#/components/responses/DefaultErrorResponse" + "/clusters/{cluster_id}/details": parameters: - name: cluster_id in: path @@ -5587,7 +5587,7 @@ paths: summary: Gets one cluster details operationId: get_cluster_details_handler responses: - '200': + "200": description: got cluster content: application/json: @@ -5618,22 +5618,22 @@ paths: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /tasks: get: operationId: list_tasks tags: - tasks responses: - '200': + "200": description: Returns the list of active tasks (running and/or done) content: application/json: schema: type: array items: - $ref: '#/paths/~1projects/post/responses/202/content/application~1json/schema' - '/tasks/{task_id}': + $ref: "#/paths/~1projects/post/responses/202/content/application~1json/schema" + "/tasks/{task_id}": parameters: - name: task_id in: path @@ -5645,7 +5645,7 @@ paths: tags: - tasks responses: - '200': + "200": description: Returns the task status content: application/json: @@ -5670,23 +5670,23 @@ paths: started: type: string pattern: '\d{4}-(12|11|10|0?[1-9])-(31|30|[0-2]?\d)T(2[0-3]|1\d|0?[0-9])(:(\d|[0-5]\d)){2}(\.\d{3})?Z' - example: '2018-07-01T11:13:43Z' + example: "2018-07-01T11:13:43Z" error: nullable: true default: null default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" delete: operationId: cancel_and_delete_task description: Aborts and remove the task tags: - tasks responses: - '204': + "204": description: Task was successfully aborted default: - $ref: '#/components/responses/DefaultErrorResponse' - '/tasks/{task_id}/result': + $ref: "#/components/responses/DefaultErrorResponse" + "/tasks/{task_id}/result": parameters: - name: task_id in: path @@ -5701,7 +5701,7 @@ paths: 2XX: description: Retrieve the task result and returns directly its HTTP code default: - $ref: '#/components/responses/DefaultErrorResponse' + $ref: "#/components/responses/DefaultErrorResponse" /viewers: get: operationId: list_viewers @@ -5714,14 +5714,14 @@ paths: description: Filters list to viewers supporting that filetype type: string responses: - '200': + "200": content: application/json: schema: properties: data: items: - $ref: '#/paths/~1viewers~1default/get/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1viewers~1default/get/responses/200/content/application~1json/schema/properties/data" type: array required: - data @@ -5744,7 +5744,7 @@ paths: description: Filters list to viewers supporting that filetype type: string responses: - '200': + "200": content: application/json: schema: @@ -5756,7 +5756,7 @@ paths: type: string description: Identifier for the file type view_url: - description: 'Base url to execute viewer. Needs appending file_size,[file_name] and download_link as query parameters' + description: "Base url to execute viewer. Needs appending file_size,[file_name] and download_link as query parameters" format: uri maxLength: 2083 minLength: 1 @@ -5803,7 +5803,7 @@ components: description: log messages type: array items: - $ref: '#/paths/~1auth~1login/post/responses/200/content/application~1json/schema/properties/data' + $ref: "#/paths/~1auth~1login/post/responses/200/content/application~1json/schema/properties/data" errors: description: errors metadata type: array diff --git a/services/web/server/src/simcore_service_webserver/email.py b/services/web/server/src/simcore_service_webserver/email.py index 50bc6bde6f7..e636fac8e7d 100644 --- a/services/web/server/src/simcore_service_webserver/email.py +++ b/services/web/server/src/simcore_service_webserver/email.py @@ -1,30 +1,15 @@ """ Subsystem that renders and sends emails """ -# TODO: move login/utils.py email functionality here! -# from email.mime.text import MIMEText -# import aiosmtplib -# import jinja2 TODO: check - - -from __future__ import annotations - import logging -from typing import TYPE_CHECKING import aiohttp_jinja2 import jinja_app_loader from aiohttp import web from servicelib.aiohttp.application_setup import ModuleCategory, app_module_setup -from ._constants import APP_SETTINGS_KEY from ._resources import resources -if TYPE_CHECKING: - # SEE https://stackoverflow.com/questions/39740632/python-type-hinting-without-cyclic-imports - # SEE https://peps.python.org/pep-0563/ - from .application_settings import ApplicationSettings - log = logging.getLogger(__name__) @@ -32,21 +17,13 @@ __name__, ModuleCategory.ADDON, settings_name="WEBSERVER_EMAIL", logger=log ) def setup_email(app: web.Application): - settings: ApplicationSettings | None = app.get(APP_SETTINGS_KEY) templates_dir = resources.get_path("templates") if not templates_dir.exists(): - log.error("Cannot find email templates in '%s'", templates_dir) - return False + raise FileNotFoundError( + f"Cannot find email templates directory '{templates_dir}'" + ) # SEE https://github.com/aio-libs/aiohttp-jinja2 - env = aiohttp_jinja2.setup( - app, - loader=jinja_app_loader.Loader(), # jinja2.FileSystemLoader(templates_dir) - auto_reload=settings - and settings.SC_BOOT_MODE - and settings.SC_BOOT_MODE.is_devel_mode(), - ) + env = aiohttp_jinja2.setup(app, loader=jinja_app_loader.Loader()) assert env # nosec - - return env is not None diff --git a/services/web/server/src/simcore_service_webserver/login/_2fa.py b/services/web/server/src/simcore_service_webserver/login/_2fa.py index e8a38b7ebb5..22e68d3704d 100644 --- a/services/web/server/src/simcore_service_webserver/login/_2fa.py +++ b/services/web/server/src/simcore_service_webserver/login/_2fa.py @@ -19,6 +19,7 @@ from twilio.rest import Client from ..redis import get_redis_validation_code_client +from .utils_email import get_template_path, render_and_send_mail log = logging.getLogger(__name__) @@ -39,7 +40,7 @@ def _generage_2fa_code() -> str: @log_decorator(log, level=logging.DEBUG) -async def set_2fa_code( +async def create_2fa_code( app: web.Application, user_email: str, *, @@ -110,6 +111,34 @@ def _sender(): await asyncio.get_event_loop().run_in_executor(None, _sender) +# +# EMAIL +# + + +@log_decorator(log, level=logging.DEBUG) +async def send_email_code( + request: web.Request, + user_email: str, + support_email: str, + code: str, + user_name: str = "user", +): + email_template_path = await get_template_path(request, "new_2fa_code.jinja2") + await render_and_send_mail( + request, + from_=support_email, + to=user_email, + template=email_template_path, + context={ + "host": request.host, + "code": code, + "name": user_name.capitalize(), + "support_email": support_email, + }, + ) + + # # HELPERS # diff --git a/services/web/server/src/simcore_service_webserver/login/_constants.py b/services/web/server/src/simcore_service_webserver/login/_constants.py new file mode 100644 index 00000000000..3b15ae848d1 --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/login/_constants.py @@ -0,0 +1,34 @@ +from typing import Final + +MSG_2FA_CODE_SENT: Final[str] = "Code sent by SMS to {phone_number}" +MSG_ACTIVATED: Final[str] = "Your account is activated" +MSG_ACTIVATION_REQUIRED: Final[ + str +] = "You have to activate your account via email, before you can login" +MSG_AUTH_FAILED: Final[str] = "Authorization failed" +MSG_CANT_SEND_MAIL: Final[str] = "Can't send email, try a little later" +MSG_CHANGE_EMAIL_REQUESTED: Final[ + str +] = "Please, click on the verification link we sent to your new email address" +MSG_EMAIL_CHANGED: Final[str] = "Your email is changed" +MSG_EMAIL_EXISTS: Final[str] = "This email is already registered" +MSG_EMAIL_SENT: Final[ + str +] = "An email has been sent to {email} with further instructions" +MSG_LOGGED_IN: Final[str] = "You are logged in" +MSG_LOGGED_OUT: Final[str] = "You are logged out" +MSG_OFTEN_RESET_PASSWORD: Final[str] = ( + "You can not request of restoring your password so often. Please, use" + " the link we sent you recently" +) +MSG_PASSWORD_CHANGED: Final[str] = "Your password is changed" +MSG_PASSWORD_MISMATCH: Final[str] = "Password and confirmation do not match" +MSG_UNKNOWN_EMAIL: Final[str] = "This email is not registered" +MSG_USER_BANNED: Final[ + str +] = "This user does not have anymore access. Please contact support for further details: {support_email}" +MSG_USER_EXPIRED: Final[ + str +] = "This account has expired and does not have anymore access. Please contact support for further details: {support_email}" +MSG_WRONG_2FA_CODE: Final[str] = "Invalid code (wrong or expired)" +MSG_WRONG_PASSWORD: Final[str] = "Wrong password" diff --git a/services/web/server/src/simcore_service_webserver/login/_models.py b/services/web/server/src/simcore_service_webserver/login/_models.py new file mode 100644 index 00000000000..2ac7b94f11a --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/login/_models.py @@ -0,0 +1,32 @@ +from typing import Any, Callable + +from pydantic import BaseModel, Extra, SecretStr + +from ._constants import MSG_PASSWORD_MISMATCH + + +class InputSchema(BaseModel): + class Config: + allow_population_by_field_name = False + extra = Extra.forbid + allow_mutations = False + + +def create_password_match_validator( + reference_field: str, +) -> Callable[[SecretStr, dict[str, Any]], SecretStr]: + def _check(v: SecretStr, values: dict[str, Any]): + if ( + v is not None + and reference_field in values + and v.get_secret_value() != values[reference_field].get_secret_value() + ): + raise ValueError(MSG_PASSWORD_MISMATCH) + return v + + return _check + + +check_confirm_password_match = create_password_match_validator( + reference_field="password" +) diff --git a/services/web/server/src/simcore_service_webserver/login/_registration.py b/services/web/server/src/simcore_service_webserver/login/_registration.py index 0b2c13017fc..3f7d540df5f 100644 --- a/services/web/server/src/simcore_service_webserver/login/_registration.py +++ b/services/web/server/src/simcore_service_webserver/login/_registration.py @@ -17,22 +17,22 @@ Json, PositiveInt, ValidationError, - parse_obj_as, parse_raw_as, validator, ) from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON from yarl import URL -from ..db_models import UserStatus from ._confirmation import ( ConfirmationAction, get_expiration_date, is_confirmation_expired, validate_confirmation_code, ) +from ._constants import MSG_EMAIL_EXISTS from .settings import LoginOptions from .storage import AsyncpgStorage, ConfirmationTokenDict +from .utils import CONFIRMATION_PENDING log = logging.getLogger(__name__) @@ -74,62 +74,49 @@ def ensure_enum(cls, v): } -async def check_registration( +async def check_other_registrations( email: str, - password: str, - confirm: Optional[str], db: AsyncpgStorage, cfg: LoginOptions, ) -> None: - # email : required & formats - # password: required & secure[min length, ...] - - if email is None or password is None: - raise web.HTTPBadRequest( - reason="Both email and password are required", - content_type=MIMETYPE_APPLICATION_JSON, - ) - - if confirm and password != confirm: - raise web.HTTPConflict( - reason=cfg.MSG_PASSWORD_MISMATCH, content_type=MIMETYPE_APPLICATION_JSON - ) - - try: - parse_obj_as(EmailStr, email) - except ValidationError as err: - raise web.HTTPUnprocessableEntity( - reason="Invalid email", content_type=MIMETYPE_APPLICATION_JSON - ) from err - - # NOTE: Extra requirements on passwords - # SEE https://github.com/ITISFoundation/osparc-simcore/issues/2480 if user := await db.get_user({"email": email}): - # Resets pending confirmation if re-registers? - if user["status"] == UserStatus.CONFIRMATION_PENDING.value: - _confirmation: ConfirmationTokenDict = await db.get_confirmation( - {"user": user, "action": ConfirmationAction.REGISTRATION.value} + # An account already registered with this email + # + # RULE 'drop_previous_registration': any unconfirmed account w/o confirmation or + # w/ an expired confirmation will get deleted and its account (i.e. email) + # can be overtaken by this new registration + # + if user["status"] == CONFIRMATION_PENDING: + _confirmation = await db.get_confirmation( + filter_dict={ + "user": user, + "action": ConfirmationAction.REGISTRATION.value, + } ) + drop_previous_registration = not _confirmation or is_confirmation_expired( + cfg, _confirmation + ) + if drop_previous_registration: + if not _confirmation: + await db.delete_user(user=user) + else: + await db.delete_confirmation_and_user( + user=user, confirmation=_confirmation + ) - if is_confirmation_expired(cfg, _confirmation): - await db.delete_confirmation(_confirmation) - await db.delete_user(user) log.warning( - "Time to confirm a registration is overdue. Used expired token [%s]." - "Deleted token from confirmations table and %s from users table.", - _confirmation, + "Re-registration of %s with expired %s" + "Deleting user and proceeding to a new registration", f"{user=}", + f"{_confirmation=}", ) return - # If the email is already taken, return a 409 - HTTPConflict raise web.HTTPConflict( - reason=cfg.MSG_EMAIL_EXISTS, content_type=MIMETYPE_APPLICATION_JSON + reason=MSG_EMAIL_EXISTS, content_type=MIMETYPE_APPLICATION_JSON ) - log.debug("Registration data validated") - async def create_invitation_token( db: AsyncpgStorage, diff --git a/services/web/server/src/simcore_service_webserver/login/_security.py b/services/web/server/src/simcore_service_webserver/login/_security.py new file mode 100644 index 00000000000..7d1b6f1a40c --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/login/_security.py @@ -0,0 +1,41 @@ +""" Utils that extends on security_api plugin + +""" +import logging +from typing import Any + +from aiohttp import web +from servicelib.logging_utils import log_context + +from ..security_api import remember +from ._constants import MSG_LOGGED_IN +from .utils import flash_response + +log = logging.getLogger(__name__) + + +async def login_granted_response( + request: web.Request, *, user: dict[str, Any] +) -> web.Response: + """ + Grants authorization for user creating a responses with an auth cookie + + NOTE: All handlers with @login_required needs this cookie! + + Uses security API + """ + email = user["email"] + with log_context( + log, + logging.INFO, + "login of user_id=%s with %s", + f"{user.get('id')}", + f"{email=}", + ): + response = flash_response(MSG_LOGGED_IN, "INFO") + await remember( + request=request, + response=response, + identity=email, + ) + return response diff --git a/services/web/server/src/simcore_service_webserver/login/_sql.py b/services/web/server/src/simcore_service_webserver/login/_sql.py index fe5b23e7570..20a5779acc8 100644 --- a/services/web/server/src/simcore_service_webserver/login/_sql.py +++ b/services/web/server/src/simcore_service_webserver/login/_sql.py @@ -1,7 +1,5 @@ from logging import getLogger -# TODO: Possible SQL injection vector through string-based query construction. - log = getLogger(__name__) LOG_TPL = "%s <--%s" diff --git a/services/web/server/src/simcore_service_webserver/login/api_keys_handlers.py b/services/web/server/src/simcore_service_webserver/login/api_keys_handlers.py index 86f8d1b26eb..4394f803b79 100644 --- a/services/web/server/src/simcore_service_webserver/login/api_keys_handlers.py +++ b/services/web/server/src/simcore_service_webserver/login/api_keys_handlers.py @@ -7,6 +7,7 @@ import simcore_postgres_database.webserver_models as orm import sqlalchemy as sa from aiohttp import web +from aiohttp.web import RouteTableDef from aiopg.sa.result import ResultProxy from models_library.basic_types import IdInt from pydantic import BaseModel, Field @@ -137,7 +138,11 @@ async def delete_api_key(self, name: str): # +routes = RouteTableDef() + + @login_required +@routes.get("/v0/auth/api-keys", name="list_api_keys") async def list_api_keys(request: web.Request): """ GET /auth/api-keys @@ -150,6 +155,7 @@ async def list_api_keys(request: web.Request): @login_required +@routes.post("/v0/auth/api-keys", name="create_api_key") async def create_api_key(request: web.Request): """ POST /auth/api-keys @@ -175,6 +181,7 @@ async def create_api_key(request: web.Request): @login_required +@routes.delete("/v0/auth/api-keys", name="delete_api_key") async def delete_api_key(request: web.Request): """ DELETE /auth/api-keys diff --git a/services/web/server/src/simcore_service_webserver/login/handlers.py b/services/web/server/src/simcore_service_webserver/login/handlers.py index e9800f7af2b..4f1e284eb2f 100644 --- a/services/web/server/src/simcore_service_webserver/login/handlers.py +++ b/services/web/server/src/simcore_service_webserver/login/handlers.py @@ -1,29 +1,35 @@ import logging -from typing import Any +from typing import Final, Optional from aiohttp import web -from servicelib.aiohttp.rest_utils import extract_and_validate +from aiohttp.web import RouteTableDef +from pydantic import EmailStr, Field, SecretStr +from servicelib.aiohttp.requests_validation import parse_request_body_as from servicelib.error_codes import create_error_code from servicelib.logging_utils import log_context from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON from simcore_postgres_database.models.users import UserRole from ..products import Product, get_current_product -from ..security_api import check_password, forget, remember +from ..security_api import check_password, forget from ._2fa import ( + create_2fa_code, delete_2fa_code, get_2fa_code, mask_phone_number, send_sms_code, - set_2fa_code, ) -from .decorators import RQT_USERID_KEY, login_required -from .settings import ( - LoginOptions, - LoginSettings, - get_plugin_options, - get_plugin_settings, +from ._constants import ( + MSG_2FA_CODE_SENT, + MSG_LOGGED_OUT, + MSG_UNKNOWN_EMAIL, + MSG_WRONG_2FA_CODE, + MSG_WRONG_PASSWORD, ) +from ._models import InputSchema +from ._security import login_granted_response +from .decorators import RQT_USERID_KEY, login_required +from .settings import LoginSettings, get_plugin_settings from .storage import AsyncpgStorage, get_plugin_storage from .utils import ( ACTIVE, @@ -36,155 +42,167 @@ log = logging.getLogger(__name__) -# These string is used by the frontend to determine what page to display to the user for next step -LOGIN_CODE_PHONE_NUMBER_REQUIRED = "PHONE_NUMBER_REQUIRED" -LOGIN_CODE_SMS_CODE_REQUIRED = "SMS_CODE_REQUIRED" +routes = RouteTableDef() +# Login Accepted Response Codes: +# - These string codes are used to identify next step in the login (e.g. login_2fa or register_phone?) +# - The frontend uses them alwo to determine what page/form has to display to the user for next step +_PHONE_NUMBER_REQUIRED = "PHONE_NUMBER_REQUIRED" +_SMS_CODE_REQUIRED = "SMS_CODE_REQUIRED" -async def _authorize_login( - request: web.Request, user: dict[str, Any], cfg: LoginOptions -): - email = user["email"] - with log_context( - log, - logging.INFO, - "login of user_id=%s with %s", - f"{user.get('id')}", - f"{email=}", - ): - rsp = flash_response(cfg.MSG_LOGGED_IN, "INFO") - await remember( - request=request, - response=rsp, - identity=email, - ) - return rsp +class LoginBody(InputSchema): + email: EmailStr + password: SecretStr -async def login(request: web.Request): - _, _, body = await extract_and_validate(request) +@routes.post("/v0/auth/login", name="auth_login") +async def login(request: web.Request): settings: LoginSettings = get_plugin_settings(request.app) db: AsyncpgStorage = get_plugin_storage(request.app) - cfg: LoginOptions = get_plugin_options(request.app) product: Product = get_current_product(request) - email = body.email - password = body.password - - user = await db.get_user({"email": email}) + login_ = await parse_request_body_as(LoginBody, request) + user = await db.get_user({"email": login_.email}) if not user: raise web.HTTPUnauthorized( - reason=cfg.MSG_UNKNOWN_EMAIL, content_type=MIMETYPE_APPLICATION_JSON + reason=MSG_UNKNOWN_EMAIL, content_type=MIMETYPE_APPLICATION_JSON ) - validate_user_status(user, cfg, product.support_email) + validate_user_status(user=user, support_email=product.support_email) - if not check_password(password, user["password_hash"]): + if not check_password(login_.password.get_secret_value(), user["password_hash"]): raise web.HTTPUnauthorized( - reason=cfg.MSG_WRONG_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON + reason=MSG_WRONG_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON ) assert user["status"] == ACTIVE, "db corrupted. Invalid status" # nosec - assert user["email"] == email, "db corrupted. Invalid email" # nosec - - if settings.LOGIN_2FA_REQUIRED and UserRole(user["role"]) <= UserRole.USER: - if not user["phone"]: - rsp = envelope_response( - { - "code": LOGIN_CODE_PHONE_NUMBER_REQUIRED, - "reason": "To login, please register first a phone number", - }, - status=web.HTTPAccepted.status_code, - ) - return rsp - - assert user["phone"] # nosec - assert settings.LOGIN_2FA_REQUIRED and settings.LOGIN_TWILIO # nosec - assert settings.LOGIN_2FA_REQUIRED and product.twilio_messaging_sid # nosec - - try: - code = await set_2fa_code(request.app, user["email"]) - await send_sms_code( - phone_number=user["phone"], - code=code, - twilo_auth=settings.LOGIN_TWILIO, - twilio_messaging_sid=product.twilio_messaging_sid, - twilio_alpha_numeric_sender=product.twilio_alpha_numeric_sender_id, - user_name=user["name"], - ) - - rsp = envelope_response( - { - "code": LOGIN_CODE_SMS_CODE_REQUIRED, - "reason": cfg.MSG_2FA_CODE_SENT.format( - phone_number=mask_phone_number(user["phone"]) - ), - "next_url": f"{request.app.router['auth_validate_2fa_login'].url_for()}", - }, - status=web.HTTPAccepted.status_code, - ) - return rsp - - except Exception as e: - error_code = create_error_code(e) - log.exception( - "2FA login unexpectedly failed [%s]", - f"{error_code}", - extra={"error_code": error_code}, - ) - raise web.HTTPServiceUnavailable( - reason=f"Currently we cannot validate 2FA code, please try again later ({error_code})", - content_type=MIMETYPE_APPLICATION_JSON, - ) from e - - rsp = await _authorize_login(request, user, cfg) - return rsp + assert user["email"] == login_.email, "db corrupted. Invalid email" # nosec + + # Some roles have login privileges + has_privileges: Final[bool] = UserRole.USER < UserRole(user["role"]) + if has_privileges or not settings.LOGIN_2FA_REQUIRED: + response = await login_granted_response(request, user=user) + return response + + # no phone + if not user["phone"]: + response = envelope_response( + { + "code": _PHONE_NUMBER_REQUIRED, + "reason": "To login, please register first a phone number", + "next_url": f"{request.app.router['auth_verify_2fa_phone'].url_for()}", + }, + status=web.HTTPAccepted.status_code, + ) + return response + + # create 2FA + assert user["phone"] # nosec + assert settings.LOGIN_2FA_REQUIRED and settings.LOGIN_TWILIO # nosec + assert settings.LOGIN_2FA_REQUIRED and product.twilio_messaging_sid # nosec + + try: + code = await create_2fa_code(request.app, user["email"]) + await send_sms_code( + phone_number=user["phone"], + code=code, + twilo_auth=settings.LOGIN_TWILIO, + twilio_messaging_sid=product.twilio_messaging_sid, + twilio_alpha_numeric_sender=product.twilio_alpha_numeric_sender_id, + user_name=user["name"], + ) + + response = envelope_response( + { + "code": _SMS_CODE_REQUIRED, + "reason": MSG_2FA_CODE_SENT.format( + phone_number=mask_phone_number(user["phone"]) + ), + "next_url": f"{request.app.router['auth_login_2fa'].url_for()}", + }, + status=web.HTTPAccepted.status_code, + ) + return response + + except Exception as e: + error_code = create_error_code(e) + log.exception( + "Unexpectedly failed while setting up 2FA code and sending SMS[%s]", + f"{error_code}", + extra={"error_code": error_code}, + ) + raise web.HTTPServiceUnavailable( + reason=f"Currently we cannot use 2FA, please try again later ({error_code})", + content_type=MIMETYPE_APPLICATION_JSON, + ) from e +class Login2faBody(InputSchema): + email: EmailStr + code: SecretStr + + +@routes.post("/v0/auth/validate-code-login", name="auth_login_2fa") async def login_2fa(request: web.Request): """2FA login (from-end requests after login -> LOGIN_CODE_SMS_CODE_REQUIRED )""" - _, _, body = await extract_and_validate(request) + settings: LoginSettings = get_plugin_settings(request.app) db: AsyncpgStorage = get_plugin_storage(request.app) - cfg: LoginOptions = get_plugin_options(request.app) - email = body.email - code = body.code + if not settings.LOGIN_2FA_REQUIRED: + raise web.HTTPServiceUnavailable( + reason="2FA login is not available", + content_type=MIMETYPE_APPLICATION_JSON, + ) + + login_2fa_ = await parse_request_body_as(Login2faBody, request) # NOTE that the 2fa code is not generated until the email/password of # the standard login (handler above) is not completed - if code != await get_2fa_code(request.app, email): + if login_2fa_.code.get_secret_value() != await get_2fa_code( + request.app, login_2fa_.email + ): raise web.HTTPUnauthorized( - reason=cfg.MSG_WRONG_2FA_CODE, content_type=MIMETYPE_APPLICATION_JSON + reason=MSG_WRONG_2FA_CODE, content_type=MIMETYPE_APPLICATION_JSON ) - user = await db.get_user({"email": email}) + user = await db.get_user({"email": login_2fa_.email}) - # dispose since used - await delete_2fa_code(request.app, email) + # NOTE: a priviledge user should not have called this entrypoint + assert UserRole(user["role"]) <= UserRole.USER # nosec - rsp = await _authorize_login(request, user, cfg) - return rsp + # dispose since code was used + await delete_2fa_code(request.app, login_2fa_.email) + + response = await login_granted_response(request, user=user) + return response +class LogoutBody(InputSchema): + client_session_id: Optional[str] = Field( + None, example="5ac57685-c40f-448f-8711-70be1936fd63" + ) + + +@routes.post("/v0/auth/logout", name="auth_logout") @login_required async def logout(request: web.Request) -> web.Response: - cfg: LoginOptions = get_plugin_options(request.app) - - response = flash_response(cfg.MSG_LOGGED_OUT, "INFO") user_id = request.get(RQT_USERID_KEY, -1) - client_session_id = None - if request.can_read_body: - body = await request.json() - client_session_id = body.get("client_session_id", None) + + logout_ = await parse_request_body_as(LogoutBody, request) # Keep log message: https://github.com/ITISFoundation/osparc-simcore/issues/3200 with log_context( - log, logging.INFO, "logout of %s for %s", f"{user_id=}", f"{client_session_id=}" + log, + logging.INFO, + "logout of %s for %s", + f"{user_id=}", + f"{logout_.client_session_id=}", ): - await notify_user_logout(request.app, user_id, client_session_id) + response = flash_response(MSG_LOGGED_OUT, "INFO") + await notify_user_logout(request.app, user_id, logout_.client_session_id) await forget(request, response) - return response + return response diff --git a/services/web/server/src/simcore_service_webserver/login/handlers_change.py b/services/web/server/src/simcore_service_webserver/login/handlers_change.py index e07bfa9d63c..9e2b7bd72a7 100644 --- a/services/web/server/src/simcore_service_webserver/login/handlers_change.py +++ b/services/web/server/src/simcore_service_webserver/login/handlers_change.py @@ -1,7 +1,9 @@ import logging from aiohttp import web -from servicelib.aiohttp.rest_utils import extract_and_validate +from aiohttp.web import RouteTableDef +from pydantic import EmailStr, SecretStr, validator +from servicelib.aiohttp.requests_validation import parse_request_body_as from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON from ..products import Product, get_current_product @@ -9,6 +11,16 @@ from ..utils import HOUR from ..utils_rate_limiting import global_rate_limit_route from ._confirmation import is_confirmation_allowed, make_confirmation_link +from ._constants import ( + MSG_CANT_SEND_MAIL, + MSG_CHANGE_EMAIL_REQUESTED, + MSG_EMAIL_SENT, + MSG_OFTEN_RESET_PASSWORD, + MSG_PASSWORD_CHANGED, + MSG_UNKNOWN_EMAIL, + MSG_WRONG_PASSWORD, +) +from ._models import InputSchema, create_password_match_validator from .decorators import RQT_USERID_KEY, login_required from .settings import LoginOptions, get_plugin_options from .storage import AsyncpgStorage, get_plugin_storage @@ -24,7 +36,15 @@ log = logging.getLogger(__name__) +routes = RouteTableDef() + + +class ResetPasswordBody(InputSchema): + email: str + + @global_rate_limit_route(number_of_requests=10, interval_seconds=HOUR) +@routes.post("/v0/auth/reset-password", name="auth_reset_password") async def reset_password(request: web.Request): """ 1. confirm user exists @@ -38,29 +58,28 @@ async def reset_password(request: web.Request): - Support contact information - Who requested the reset? """ - _, _, body = await extract_and_validate(request) db: AsyncpgStorage = get_plugin_storage(request.app) cfg: LoginOptions = get_plugin_options(request.app) product: Product = get_current_product(request) - email = body.email + request_body = await parse_request_body_as(ResetPasswordBody, request) - user = await db.get_user({"email": email}) + user = await db.get_user({"email": request_body.email}) try: if not user: raise web.HTTPUnprocessableEntity( - reason=cfg.MSG_UNKNOWN_EMAIL, content_type=MIMETYPE_APPLICATION_JSON + reason=MSG_UNKNOWN_EMAIL, content_type=MIMETYPE_APPLICATION_JSON ) # 422 - validate_user_status(user, cfg, product.support_email) + validate_user_status(user=user, support_email=product.support_email) assert user["status"] == ACTIVE # nosec - assert user["email"] == email # nosec + assert user["email"] == request_body.email # nosec if not await is_confirmation_allowed(cfg, db, user, action=RESET_PASSWORD): raise web.HTTPUnauthorized( - reason=cfg.MSG_OFTEN_RESET_PASSWORD, + reason=MSG_OFTEN_RESET_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON, ) # 401 @@ -69,7 +88,7 @@ async def reset_password(request: web.Request): await render_and_send_mail( request, from_=product.support_email, - to=email, + to=request_body.email, template=await get_template_path( request, "reset_password_email_failed.jinja2" ), @@ -80,9 +99,7 @@ async def reset_password(request: web.Request): ) except Exception as err_mail: # pylint: disable=broad-except log.exception("Cannot send email") - raise web.HTTPServiceUnavailable( - reason=cfg.MSG_CANT_SEND_MAIL - ) from err_mail + raise web.HTTPServiceUnavailable(reason=MSG_CANT_SEND_MAIL) from err_mail else: confirmation = await db.create_confirmation(user["id"], action=RESET_PASSWORD) link = make_confirmation_link(request, confirmation) @@ -91,7 +108,7 @@ async def reset_password(request: web.Request): await render_and_send_mail( request, from_=product.support_email, - to=email, + to=request_body.email, template=await get_template_path( request, "reset_password_email.jinja2" ), @@ -103,29 +120,31 @@ async def reset_password(request: web.Request): except Exception as err: # pylint: disable=broad-except log.exception("Can not send email") await db.delete_confirmation(confirmation) - raise web.HTTPServiceUnavailable(reason=cfg.MSG_CANT_SEND_MAIL) from err + raise web.HTTPServiceUnavailable(reason=MSG_CANT_SEND_MAIL) from err - response = flash_response(cfg.MSG_EMAIL_SENT.format(email=email), "INFO") + response = flash_response(MSG_EMAIL_SENT.format(email=request_body.email), "INFO") return response +class ChangeEmailBody(InputSchema): + email: EmailStr + + +@routes.post("/v0/auth/change-email", name="auth_change_email") @login_required async def change_email(request: web.Request): - _, _, body = await extract_and_validate(request) - db: AsyncpgStorage = get_plugin_storage(request.app) - cfg: LoginOptions = get_plugin_options(request.app) product: Product = get_current_product(request) - email = body.email + request_body = await parse_request_body_as(ChangeEmailBody, request) user = await db.get_user({"id": request[RQT_USERID_KEY]}) assert user # nosec - if user["email"] == email: + if user["email"] == request_body.email: return flash_response("Email changed") - other = await db.get_user({"email": email}) + other = await db.get_user({"email": request_body.email}) if other: raise web.HTTPUnprocessableEntity(reason="This email cannot be used") @@ -135,13 +154,15 @@ async def change_email(request: web.Request): await db.delete_confirmation(confirmation) # create new confirmation to ensure email is actually valid - confirmation = await db.create_confirmation(user["id"], CHANGE_EMAIL, email) + confirmation = await db.create_confirmation( + user["id"], CHANGE_EMAIL, request_body.email + ) link = make_confirmation_link(request, confirmation) try: await render_and_send_mail( request, from_=product.support_email, - to=email, + to=request_body.email, template=await get_template_path(request, "change_email_email.jinja2"), context={ "host": request.host, @@ -151,38 +172,40 @@ async def change_email(request: web.Request): except Exception as err: # pylint: disable=broad-except log.error("Can not send email") await db.delete_confirmation(confirmation) - raise web.HTTPServiceUnavailable(reason=cfg.MSG_CANT_SEND_MAIL) from err + raise web.HTTPServiceUnavailable(reason=MSG_CANT_SEND_MAIL) from err - response = flash_response(cfg.MSG_CHANGE_EMAIL_REQUESTED) + response = flash_response(MSG_CHANGE_EMAIL_REQUESTED) return response +class ChangePasswordBody(InputSchema): + current: SecretStr + new: SecretStr + confirm: SecretStr + + _password_confirm_match = validator("confirm", allow_reuse=True)( + create_password_match_validator(reference_field="new") + ) + + +@routes.post("/v0/auth/change-password", name="auth_change_password") @login_required async def change_password(request: web.Request): db: AsyncpgStorage = get_plugin_storage(request.app) - cfg: LoginOptions = get_plugin_options(request.app) + passwords = await parse_request_body_as(ChangePasswordBody, request) user = await db.get_user({"id": request[RQT_USERID_KEY]}) assert user # nosec - _, _, body = await extract_and_validate(request) - - cur_password = body.current - new_password = body.new - confirm = body.confirm - - if not check_password(cur_password, user["password_hash"]): + if not check_password(passwords.current.get_secret_value(), user["password_hash"]): raise web.HTTPUnprocessableEntity( - reason=cfg.MSG_WRONG_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON + reason=MSG_WRONG_PASSWORD, content_type=MIMETYPE_APPLICATION_JSON ) # 422 - if new_password != confirm: - raise web.HTTPConflict( - reason=cfg.MSG_PASSWORD_MISMATCH, content_type=MIMETYPE_APPLICATION_JSON - ) # 409 - - await db.update_user(user, {"password_hash": encrypt_password(new_password)}) + await db.update_user( + user, {"password_hash": encrypt_password(passwords.new.get_secret_value())} + ) - response = flash_response(cfg.MSG_PASSWORD_CHANGED) + response = flash_response(MSG_PASSWORD_CHANGED) return response diff --git a/services/web/server/src/simcore_service_webserver/login/handlers_confirmation.py b/services/web/server/src/simcore_service_webserver/login/handlers_confirmation.py index f0392cfb28c..a2b0f486d19 100644 --- a/services/web/server/src/simcore_service_webserver/login/handlers_confirmation.py +++ b/services/web/server/src/simcore_service_webserver/login/handlers_confirmation.py @@ -2,18 +2,26 @@ from typing import Optional from aiohttp import web -from pydantic import EmailStr, parse_obj_as -from servicelib.aiohttp.rest_utils import extract_and_validate -from servicelib.logging_utils import log_context +from aiohttp.web import RouteTableDef +from pydantic import BaseModel, EmailStr, Field, SecretStr, parse_obj_as, validator +from servicelib.aiohttp.requests_validation import ( + parse_request_body_as, + parse_request_path_parameters_as, +) +from servicelib.error_codes import create_error_code from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON from simcore_postgres_database.errors import UniqueViolation from yarl import URL -from ..security_api import encrypt_password, remember +from ..security_api import encrypt_password from ..utils import MINUTE +from ..utils_aiohttp import create_redirect_response from ..utils_rate_limiting import global_rate_limit_route from ._2fa import delete_2fa_code, get_2fa_code from ._confirmation import validate_confirmation_code +from ._constants import MSG_PASSWORD_CHANGED +from ._models import InputSchema, check_confirm_password_match +from ._security import login_granted_response from .settings import ( LoginOptions, LoginSettings, @@ -26,6 +34,14 @@ log = logging.getLogger(__name__) +routes = RouteTableDef() + + +class _PathParam(BaseModel): + code: SecretStr + + +@routes.get("/auth/confirmation/{code}", name="auth_confirmation") async def email_confirmation(request: web.Request): """Handles email confirmation by checking a code passed as query parameter @@ -42,68 +58,87 @@ async def email_confirmation(request: web.Request): - show the reset-password page - use the token to submit a POST /v0/auth/confirmation/{code} and finalize reset action """ - params, _, _ = await extract_and_validate(request) - db: AsyncpgStorage = get_plugin_storage(request.app) cfg: LoginOptions = get_plugin_options(request.app) - code = params["code"] + path_params = parse_request_path_parameters_as(_PathParam, request) confirmation: Optional[ConfirmationTokenDict] = await validate_confirmation_code( - code, db, cfg + path_params.code.get_secret_value(), db=db, cfg=cfg ) - redirect_url = URL(cfg.LOGIN_REDIRECT) + redirect_to_login_url = URL(cfg.LOGIN_REDIRECT) if confirmation and (action := confirmation["action"]): - if action == REGISTRATION: - user = await db.get_user({"id": confirmation["user_id"]}) - await db.update_user(user, {"status": ACTIVE}) - await db.delete_confirmation(confirmation) - redirect_url = redirect_url.with_fragment("?registered=true") - log.debug( - "%s registered -> %s", - f"{user=}", - f"{redirect_url=}", - ) + try: + user_id = confirmation["user_id"] + if action == REGISTRATION: + # activate user and consume confirmation token + await db.delete_confirmation_and_update_user( + user_id=user_id, + updates={"status": ACTIVE}, + confirmation=confirmation, + ) + + redirect_to_login_url = redirect_to_login_url.with_fragment( + "?registered=true" + ) + + elif action == CHANGE_EMAIL: + # update and consume confirmation token + await db.delete_confirmation_and_update_user( + user_id=user_id, + updates={"email": parse_obj_as(EmailStr, confirmation["data"])}, + confirmation=confirmation, + ) + + elif action == RESET_PASSWORD: + # + # NOTE: By using fragments (instead of queries or path parameters), + # the browser does NOT reloads page + # + redirect_to_login_url = redirect_to_login_url.with_fragment( + f"reset-password?code={path_params.code}" + ) - elif action == CHANGE_EMAIL: - # - # TODO: compose error and send to front-end using fragments in the redirection - # But first we need to implement this refactoring https://github.com/ITISFoundation/osparc-simcore/issues/1975 - # - user_update = {"email": parse_obj_as(EmailStr, confirmation["data"])} - user = await db.get_user({"id": confirmation["user_id"]}) - await db.update_user(user, user_update) - await db.delete_confirmation(confirmation) log.debug( - "%s updated %s", - f"{user=}", - f"{user_update}", + "Confirms %s of %s with %s -> %s", + action, + f"{user_id=}", + f"{confirmation=}", + f"{redirect_to_login_url=}", ) - elif action == RESET_PASSWORD: - # NOTE: By using fragments (instead of queries or path parameters), the browser does NOT reloads page - redirect_url = redirect_url.with_fragment("reset-password?code=%s" % code) - log.debug( - "Reset password requested %s. %s", - f"{confirmation=}", - f"{redirect_url=}", + except Exception as err: # pylint: disable=broad-except + error_code = create_error_code(err) + log.exception( + "Failed during email_confirmation [%s]", + f"{error_code}", + extra={"error_code": error_code}, ) + raise create_redirect_response( + request.app, + page="error", + message=f"Sorry, we cannot confirm your {action}." + "Please try again in a few moments ({error_code})", + status_code=web.HTTPServiceUnavailable.status_code, + ) from err + + raise web.HTTPFound(location=redirect_to_login_url) + - raise web.HTTPFound(location=redirect_url) +class PhoneConfirmationBody(InputSchema): + email: EmailStr + phone: str = Field( + ..., description="Phone number E.164, needed on the deployments with 2FA" + ) + code: SecretStr @global_rate_limit_route(number_of_requests=5, interval_seconds=MINUTE) +@routes.post("/auth/validate-code-register", name="auth_validate_2fa_register") async def phone_confirmation(request: web.Request): - _, _, body = await extract_and_validate(request) - settings: LoginSettings = get_plugin_settings(request.app) db: AsyncpgStorage = get_plugin_storage(request.app) - cfg: LoginOptions = get_plugin_options(request.app) - - email = body.email - phone = body.phone - code = body.code if not settings.LOGIN_2FA_REQUIRED: raise web.HTTPServiceUnavailable( @@ -111,13 +146,18 @@ async def phone_confirmation(request: web.Request): content_type=MIMETYPE_APPLICATION_JSON, ) - if (expected := await get_2fa_code(request.app, email)) and code == expected: - await delete_2fa_code(request.app, email) + request_body = await parse_request_body_as(PhoneConfirmationBody, request) - # db + if ( + expected := await get_2fa_code(request.app, request_body.email) + ) and request_body.code.get_secret_value() == expected: + # consumes code + await delete_2fa_code(request.app, request_body.email) + + # updates confirmed phone number try: - user = await db.get_user({"email": email}) - await db.update_user(user, {"phone": phone}) + user = await db.get_user({"email": request_body.email}) + await db.update_user(user, {"phone": request_body.phone}) except UniqueViolation as err: raise web.HTTPUnauthorized( @@ -125,51 +165,52 @@ async def phone_confirmation(request: web.Request): content_type=MIMETYPE_APPLICATION_JSON, ) from err - # login - with log_context( - log, - logging.INFO, - "login after phone_confirmation of user_id=%s with %s", - f"{user.get('id')}", - f"{email=}", - ): - identity = user["email"] - response = flash_response(cfg.MSG_LOGGED_IN, "INFO") - await remember(request, response, identity) - return response - - # unauthorized + response = await login_granted_response(request, user=user) + return response + + # fails because of invalid or no code raise web.HTTPUnauthorized( reason="Invalid 2FA code", content_type=MIMETYPE_APPLICATION_JSON ) +class ResetPasswordConfirmation(InputSchema): + password: SecretStr + confirm: SecretStr + + _password_confirm_match = validator("confirm", allow_reuse=True)( + check_confirm_password_match + ) + + +@routes.post("/auth/reset-password/{code}", name="auth_reset_password_allowed") async def reset_password_allowed(request: web.Request): """Changes password using a token code without being logged in""" - params, _, body = await extract_and_validate(request) - db: AsyncpgStorage = get_plugin_storage(request.app) cfg: LoginOptions = get_plugin_options(request.app) - code = params["code"] - password = body.password - confirm = body.confirm + path_params = parse_request_path_parameters_as(_PathParam, request) + request_body = await parse_request_body_as(ResetPasswordConfirmation, request) - if password != confirm: - raise web.HTTPConflict( - reason=cfg.MSG_PASSWORD_MISMATCH, content_type=MIMETYPE_APPLICATION_JSON - ) # 409 - - confirmation = await validate_confirmation_code(code, db, cfg) + confirmation = await validate_confirmation_code( + path_params.code.get_secret_value(), db, cfg + ) if confirmation: user = await db.get_user({"id": confirmation["user_id"]}) assert user # nosec - await db.update_user(user, {"password_hash": encrypt_password(password)}) + await db.update_user( + user, + { + "password_hash": encrypt_password( + request_body.password.get_secret_value() + ) + }, + ) await db.delete_confirmation(confirmation) - response = flash_response(cfg.MSG_PASSWORD_CHANGED) + response = flash_response(MSG_PASSWORD_CHANGED) return response raise web.HTTPUnauthorized( diff --git a/services/web/server/src/simcore_service_webserver/login/handlers_registration.py b/services/web/server/src/simcore_service_webserver/login/handlers_registration.py index c1c60c0d5f1..a6d1a1118fd 100644 --- a/services/web/server/src/simcore_service_webserver/login/handlers_registration.py +++ b/services/web/server/src/simcore_service_webserver/login/handlers_registration.py @@ -1,19 +1,25 @@ import logging from datetime import datetime, timedelta +from typing import Optional from aiohttp import web -from servicelib.aiohttp.rest_utils import extract_and_validate +from aiohttp.web import RouteTableDef +from pydantic import EmailStr, Field, SecretStr, validator +from servicelib.aiohttp.requests_validation import parse_request_body_as from servicelib.error_codes import create_error_code from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON from ..groups_api import auto_add_user_to_groups from ..products import Product, get_current_product -from ..security_api import encrypt_password, remember +from ..security_api import encrypt_password from ..utils import MINUTE from ..utils_rate_limiting import global_rate_limit_route -from ._2fa import mask_phone_number, send_sms_code, set_2fa_code +from ._2fa import create_2fa_code, mask_phone_number, send_sms_code from ._confirmation import make_confirmation_link -from ._registration import check_and_consume_invitation, check_registration +from ._constants import MSG_2FA_CODE_SENT, MSG_CANT_SEND_MAIL +from ._models import InputSchema, check_confirm_password_match +from ._registration import check_and_consume_invitation, check_other_registrations +from ._security import login_granted_response from .settings import ( LoginOptions, LoginSettings, @@ -39,6 +45,33 @@ def _get_user_name(email: str) -> str: return username +routes = RouteTableDef() + + +class RegisterBody(InputSchema): + email: EmailStr + password: SecretStr + confirm: Optional[SecretStr] = Field(None, description="Password confirmation") + invitation: Optional[str] = Field(None, description="Invitation code") + + _password_confirm_match = validator("confirm", allow_reuse=True)( + check_confirm_password_match + ) + + class Config: + schema_extra = { + "examples": [ + { + "email": "foo@mymail.com", + "password": "my secret", # NOSONAR + "confirm": "my secret", # optional + "invitation": "33c451d4-17b7-4e65-9880-694559b8ffc2", # optional only active + } + ] + } + + +@routes.post("/v0/auth/register", name="auth_register") async def register(request: web.Request): """ Starts user's registration by providing an email, password and @@ -46,39 +79,36 @@ async def register(request: web.Request): An email with a link to 'email_confirmation' is sent to complete registration """ - _, _, body = await extract_and_validate(request) - settings: LoginSettings = get_plugin_settings(request.app) + product: Product = get_current_product(request) db: AsyncpgStorage = get_plugin_storage(request.app) cfg: LoginOptions = get_plugin_options(request.app) - product: Product = get_current_product(request) - email = body.email - username = _get_user_name(email) - password = body.password - confirm = body.confirm if hasattr(body, "confirm") else None + registration = await parse_request_body_as(RegisterBody, request) + + await check_other_registrations(email=registration.email, db=db, cfg=cfg) - expires_at = None + expires_at = None # = does not expire if settings.LOGIN_REGISTRATION_INVITATION_REQUIRED: - try: - invitation_code = body.invitation - except AttributeError as e: + # Only requests with INVITATION can register user + # to either a permanent or to a trial account + invitation_code = registration.invitation + if invitation_code is None: raise web.HTTPBadRequest( reason="invitation field is required", content_type=MIMETYPE_APPLICATION_JSON, - ) from e + ) invitation = await check_and_consume_invitation(invitation_code, db=db, cfg=cfg) if invitation.trial_account_days: expires_at = datetime.utcnow() + timedelta(invitation.trial_account_days) - await check_registration(email, password, confirm, db, cfg) - + username = _get_user_name(registration.email) user: dict = await db.create_user( { "name": username, - "email": email, - "password_hash": encrypt_password(password), + "email": registration.email, + "password_hash": encrypt_password(registration.password.get_secret_value()), "status": ( CONFIRMATION_PENDING if settings.LOGIN_REGISTRATION_CONFIRMATION_REQUIRED @@ -90,63 +120,82 @@ async def register(request: web.Request): } ) + # NOTE: PC->SAN: should this go here or when user is actually logged in? await auto_add_user_to_groups(request.app, user["id"]) - if not settings.LOGIN_REGISTRATION_CONFIRMATION_REQUIRED: + if settings.LOGIN_REGISTRATION_CONFIRMATION_REQUIRED: + # Confirmation required: send confirmation email + _confirmation: ConfirmationTokenDict = await db.create_confirmation( + user["id"], REGISTRATION + ) + + try: + email_confirmation_url = make_confirmation_link(request, _confirmation) + email_template_path = await get_template_path( + request, "registration_email.jinja2" + ) + await render_and_send_mail( + request, + from_=product.support_email, + to=registration.email, + template=email_template_path, + context={ + "host": request.host, + "link": email_confirmation_url, # SEE email_confirmation handler (action=REGISTRATION) + "name": username, + "support_email": product.support_email, + }, + ) + except Exception as err: # pylint: disable=broad-except + error_code = create_error_code(err) + log.exception( + "Failed while sending confirmation email to %s, %s [%s]", + f"{user=}", + f"{_confirmation=}", + f"{error_code}", + extra={"error_code": error_code}, + ) + + await db.delete_confirmation_and_user(user, _confirmation) + + raise web.HTTPServiceUnavailable( + reason=f"{MSG_CANT_SEND_MAIL} [{error_code}]" + ) from err + + else: + response = flash_response( + "You are registered successfully! To activate your account, please, " + f"click on the verification link in the email we sent you to {registration.email}.", + "INFO", + ) + return response + else: + # No confirmation required: authorize login + assert not settings.LOGIN_REGISTRATION_CONFIRMATION_REQUIRED # nosec assert not settings.LOGIN_2FA_REQUIRED # nosec - # user is logged in - identity = body.email - response = flash_response(cfg.MSG_LOGGED_IN, "INFO") - await remember(request, response, identity) + response = await login_granted_response(request=request, user=user) return response - confirmation_: ConfirmationTokenDict = await db.create_confirmation( - user["id"], REGISTRATION - ) - link = make_confirmation_link(request, confirmation_) - try: - await render_and_send_mail( - request, - from_=product.support_email, - to=email, - template=await get_template_path(request, "registration_email.jinja2"), - context={ - "host": request.host, - "link": link, - "name": username, - "support_email": product.support_email, - }, - ) - except Exception as err: # pylint: disable=broad-except - log.exception("Can not send email") - await db.delete_confirmation(confirmation_) - await db.delete_user(user) - raise web.HTTPServiceUnavailable(reason=cfg.MSG_CANT_SEND_MAIL) from err - - response = flash_response( - "You are registered successfully! To activate your account, please, " - "click on the verification link in the email we sent you.", - "INFO", + +class RegisterPhoneBody(InputSchema): + email: EmailStr + phone: str = Field( + ..., description="Phone number E.164, needed on the deployments with 2FA" ) - return response @global_rate_limit_route(number_of_requests=5, interval_seconds=MINUTE) +@routes.post("/auth/verify-phone-number", name="auth_verify_2fa_phone") async def register_phone(request: web.Request): """ Submits phone registration - sends a code - registration is completed requesting to 'phone_confirmation' route with the code received """ - _, _, body = await extract_and_validate(request) - settings: LoginSettings = get_plugin_settings(request.app) + product: Product = get_current_product(request) db: AsyncpgStorage = get_plugin_storage(request.app) - cfg: LoginOptions = get_plugin_options(request.app) - - email = body.email - phone = body.phone if not settings.LOGIN_2FA_REQUIRED: raise web.HTTPServiceUnavailable( @@ -154,8 +203,9 @@ async def register_phone(request: web.Request): content_type=MIMETYPE_APPLICATION_JSON, ) + registration = await parse_request_body_as(RegisterPhoneBody, request) + try: - product: Product = get_current_product(request) assert settings.LOGIN_2FA_REQUIRED and settings.LOGIN_TWILIO # nosec if not product.twilio_messaging_sid: raise ValueError( @@ -163,25 +213,27 @@ async def register_phone(request: web.Request): "Update product's twilio_messaging_sid in database." ) - if await db.get_user({"phone": phone}): + if await db.get_user({"phone": registration.phone}): raise web.HTTPUnauthorized( reason="Cannot register this phone number because it is already assigned to an active user", content_type=MIMETYPE_APPLICATION_JSON, ) - code = await set_2fa_code(request.app, email) + code = await create_2fa_code(request.app, registration.email) await send_sms_code( - phone_number=phone, + phone_number=registration.phone, code=code, twilo_auth=settings.LOGIN_TWILIO, twilio_messaging_sid=product.twilio_messaging_sid, twilio_alpha_numeric_sender=product.twilio_alpha_numeric_sender_id, - user_name=_get_user_name(email), + user_name=_get_user_name(registration.email), ) response = flash_response( - cfg.MSG_2FA_CODE_SENT.format(phone_number=mask_phone_number(phone)), + MSG_2FA_CODE_SENT.format( + phone_number=mask_phone_number(registration.phone) + ), status=web.HTTPAccepted.status_code, ) return response @@ -189,15 +241,16 @@ async def register_phone(request: web.Request): except web.HTTPException: raise - except Exception as e: # Unexpected errors -> 503 - error_code = create_error_code(e) + except Exception as err: # pylint: disable=broad-except + # Unhandled errors -> 503 + error_code = create_error_code(err) log.exception( - "Phone registration unexpectedly failed [%s]", + "Phone registration failed [%s]", f"{error_code}", extra={"error_code": error_code}, ) raise web.HTTPServiceUnavailable( - reason=f"Currently our system cannot register phone numbers ({error_code})", + reason=f"Currently we cannot register phone numbers ({error_code})", content_type=MIMETYPE_APPLICATION_JSON, - ) from e + ) from err diff --git a/services/web/server/src/simcore_service_webserver/login/plugin.py b/services/web/server/src/simcore_service_webserver/login/plugin.py index 18410add29a..2c996db0629 100644 --- a/services/web/server/src/simcore_service_webserver/login/plugin.py +++ b/services/web/server/src/simcore_service_webserver/login/plugin.py @@ -26,7 +26,7 @@ async def _setup_login_storage_ctx(app: web.Application): - # TODO: ensure pool only init once! + assert APP_LOGIN_STORAGE_KEY not in app # nosec settings: PostgresSettings = get_db_plugin_settings(app) pool: asyncpg.pool.Pool = await asyncpg.create_pool( @@ -49,7 +49,7 @@ async def _setup_login_storage_ctx(app: web.Application): def setup_login_storage(app: web.Application): - if app.get(APP_LOGIN_STORAGE_KEY) is None: + if _setup_login_storage_ctx not in app.cleanup_ctx: app.cleanup_ctx.append(_setup_login_storage_ctx) @@ -67,7 +67,6 @@ def _setup_login_options(app: web.Application): "simcore_service_webserver.login", ModuleCategory.ADDON, settings_name="WEBSERVER_LOGIN", - depends=[f"simcore_service_webserver.{mod}" for mod in ("rest", "db")], logger=log, ) def setup_login(app: web.Application): diff --git a/services/web/server/src/simcore_service_webserver/login/routes.py b/services/web/server/src/simcore_service_webserver/login/routes.py index 6478ff79914..f82c4ef4a8e 100644 --- a/services/web/server/src/simcore_service_webserver/login/routes.py +++ b/services/web/server/src/simcore_service_webserver/login/routes.py @@ -36,7 +36,7 @@ def include_path(tuple_object): "auth_verify_2fa_phone": register_handlers.register_phone, "auth_validate_2fa_register": confirmation_handlers.phone_confirmation, "auth_login": login_handlers.login, - "auth_validate_2fa_login": login_handlers.login_2fa, + "auth_login_2fa": login_handlers.login_2fa, "auth_logout": login_handlers.logout, "auth_reset_password": change_handlers.reset_password, "auth_reset_password_allowed": confirmation_handlers.reset_password_allowed, diff --git a/services/web/server/src/simcore_service_webserver/login/settings.py b/services/web/server/src/simcore_service_webserver/login/settings.py index e39ba3d8db7..085e86eb839 100644 --- a/services/web/server/src/simcore_service_webserver/login/settings.py +++ b/services/web/server/src/simcore_service_webserver/login/settings.py @@ -65,7 +65,10 @@ def login_2fa_needs_sms_service(cls, v, values): class LoginOptions(BaseModel): - """These options are NOT directly exposed to the env vars due to security reasons.""" + """These options are NOT directly exposed to the env vars due to security reasons. + + NOTE: This is legacy from first version and should not be extended anymore + """ PASSWORD_LEN: tuple[PositiveInt, PositiveInt] = (6, 30) LOGIN_REDIRECT: str = "/" @@ -90,35 +93,6 @@ def get_confirmation_lifetime( value = getattr(self, f"{action.upper()}_CONFIRMATION_LIFETIME") return timedelta(days=value) - MSG_LOGGED_IN: str = "You are logged in" - MSG_LOGGED_OUT: str = "You are logged out" - MSG_2FA_CODE_SENT: str = "Code sent by SMS to {phone_number}" - MSG_WRONG_2FA_CODE: str = "Invalid code (wrong or expired)" - MSG_ACTIVATED: str = "Your account is activated" - MSG_UNKNOWN_EMAIL: str = "This email is not registered" - MSG_WRONG_PASSWORD: str = "Wrong password" - MSG_PASSWORD_MISMATCH: str = "Password and confirmation do not match" - MSG_USER_BANNED: str = "This user does not have anymore access. Please contact support for further details: {support_email}" - MSG_USER_EXPIRED: str = "This account has expired and does not have anymore access. Please contact support for further details: {support_email}" - MSG_ACTIVATION_REQUIRED: str = ( - "You have to activate your account via email, before you can login" - ) - MSG_EMAIL_EXISTS: str = "This email is already registered" - MSG_OFTEN_RESET_PASSWORD: str = ( - "You can not request of restoring your password so often. Please, use" - " the link we sent you recently" - ) - - MSG_CANT_SEND_MAIL: str = "Can't send email, try a little later" - MSG_PASSWORDS_NOT_MATCH: str = "Passwords must match" - MSG_PASSWORD_CHANGED: str = "Your password is changed" - MSG_CHANGE_EMAIL_REQUESTED: str = ( - "Please, click on the verification link we sent to your new email address" - ) - MSG_EMAIL_CHANGED: str = "Your email is changed" - MSG_AUTH_FAILED: str = "Authorization failed" - MSG_EMAIL_SENT: str = "An email has been sent to {email} with further instructions" - def get_plugin_settings(app: web.Application) -> LoginSettings: settings = app[APP_SETTINGS_KEY].WEBSERVER_LOGIN diff --git a/services/web/server/src/simcore_service_webserver/login/storage.py b/services/web/server/src/simcore_service_webserver/login/storage.py index 5b17e0fea98..09d15f21192 100644 --- a/services/web/server/src/simcore_service_webserver/login/storage.py +++ b/services/web/server/src/simcore_service_webserver/login/storage.py @@ -41,8 +41,11 @@ def __init__( self.user_tbl = user_table_name self.confirm_tbl = confirmation_table_name + # + # CRUD user + # + async def get_user(self, with_data) -> asyncpg.Record: - # FIXME: these can throw!!!! async with self.pool.acquire() as conn: data = await _sql.find_one(conn, self.user_tbl, with_data) return data @@ -63,6 +66,9 @@ async def delete_user(self, user): async with self.pool.acquire() as conn: await _sql.delete(conn, self.user_tbl, {"id": user["id"]}) + # + # CRUD confirmation + # async def create_confirmation( self, user_id, action: ActionLiteralStr, data=None ) -> ConfirmationTokenDict: @@ -89,14 +95,37 @@ async def get_confirmation(self, filter_dict) -> Optional[ConfirmationTokenDict] filter_dict["user_id"] = filter_dict.pop("user")["id"] async with self.pool.acquire() as conn: confirmation = await _sql.find_one(conn, self.confirm_tbl, filter_dict) - return ( - ConfirmationTokenDict(**confirmation) if confirmation else confirmation - ) + return ConfirmationTokenDict(**confirmation) if confirmation else None async def delete_confirmation(self, confirmation: ConfirmationTokenDict): async with self.pool.acquire() as conn: await _sql.delete(conn, self.confirm_tbl, {"code": confirmation["code"]}) + # + # Transactions that guarantee atomicity. This avoids + # inconsistent states of confirmation and users rows + # + + async def delete_confirmation_and_user( + self, user, confirmation: ConfirmationTokenDict + ): + async with self.pool.acquire() as conn: + async with conn.transaction(): + await _sql.delete( + conn, self.confirm_tbl, {"code": confirmation["code"]} + ) + await _sql.delete(conn, self.user_tbl, {"id": user["id"]}) + + async def delete_confirmation_and_update_user( + self, user_id, updates, confirmation: ConfirmationTokenDict + ): + async with self.pool.acquire() as conn: + async with conn.transaction(): + await _sql.delete( + conn, self.confirm_tbl, {"code": confirmation["code"]} + ) + await _sql.update(conn, self.user_tbl, {"id": user_id}, updates) + def get_plugin_storage(app: web.Application) -> AsyncpgStorage: storage = app.get(APP_LOGIN_STORAGE_KEY) diff --git a/services/web/server/src/simcore_service_webserver/login/utils.py b/services/web/server/src/simcore_service_webserver/login/utils.py index 2c7593c1855..18d859a81a6 100644 --- a/services/web/server/src/simcore_service_webserver/login/utils.py +++ b/services/web/server/src/simcore_service_webserver/login/utils.py @@ -14,14 +14,13 @@ from simcore_postgres_database.models.users import UserRole from ..db_models import ConfirmationAction, UserRole, UserStatus -from .settings import LoginOptions +from ._constants import MSG_ACTIVATION_REQUIRED, MSG_USER_BANNED, MSG_USER_EXPIRED log = logging.getLogger(__name__) def _to_names(enum_cls, names): """ensures names are in enum be retrieving each of them""" - # FIXME: with asyncpg need to user NAMES return [getattr(enum_cls, att).name for att in names.split()] @@ -41,24 +40,24 @@ def _to_names(enum_cls, names): ) -def validate_user_status(user: dict, cfg: LoginOptions, support_email: str): +def validate_user_status(*, user: dict, support_email: str): user_status: str = user["status"] if user_status == BANNED or user["role"] == ANONYMOUS: raise web.HTTPUnauthorized( - reason=cfg.MSG_USER_BANNED.format(support_email=support_email), + reason=MSG_USER_BANNED.format(support_email=support_email), content_type=MIMETYPE_APPLICATION_JSON, ) # 401 if user_status == EXPIRED: raise web.HTTPUnauthorized( - reason=cfg.MSG_USER_EXPIRED.format(support_email=support_email), + reason=MSG_USER_EXPIRED.format(support_email=support_email), content_type=MIMETYPE_APPLICATION_JSON, ) # 401 if user_status == CONFIRMATION_PENDING: raise web.HTTPUnauthorized( - reason=cfg.MSG_ACTIVATION_REQUIRED, + reason=MSG_ACTIVATION_REQUIRED, content_type=MIMETYPE_APPLICATION_JSON, ) # 401 @@ -78,9 +77,7 @@ async def notify_user_logout( def encrypt_password(password: str) -> str: - # TODO: add settings sha256_crypt.using(**settings).hash(secret) - # see https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html - # + # SEE https://github.com/ITISFoundation/osparc-simcore/issues/3375 return passlib.hash.sha256_crypt.using(rounds=1000).hash(password) @@ -105,17 +102,17 @@ def get_client_ip(request: web.Request) -> str: def flash_response( message: str, level: str = "INFO", *, status: int = web.HTTPOk.status_code ) -> web.Response: - rsp = envelope_response( + response = envelope_response( attr.asdict(LogMessageType(message, level)), status=status, ) - return rsp + return response def envelope_response( data: Any, *, status: int = web.HTTPOk.status_code ) -> web.Response: - rsp = web.json_response( + response = web.json_response( { "data": data, "error": None, @@ -123,4 +120,4 @@ def envelope_response( dumps=json_dumps, status=status, ) - return rsp + return response diff --git a/services/web/server/src/simcore_service_webserver/login/utils_email.py b/services/web/server/src/simcore_service_webserver/login/utils_email.py index 5d11edd410a..1174e58b2de 100644 --- a/services/web/server/src/simcore_service_webserver/login/utils_email.py +++ b/services/web/server/src/simcore_service_webserver/login/utils_email.py @@ -21,8 +21,7 @@ log = logging.getLogger(__name__) -async def _send_mail(app: web.Application, msg: Union[MIMEText, MIMEMultipart]): - cfg: LoginOptions = get_plugin_options(app) +async def _send_mail(*, message: Union[MIMEText, MIMEMultipart], cfg: LoginOptions): log.debug("Email configuration %s", cfg) smtp_args = dict( hostname=cfg.SMTP_HOST, @@ -49,7 +48,7 @@ async def _send_mail(app: web.Application, msg: Union[MIMEText, MIMEMultipart]): if cfg.SMTP_USERNAME and cfg.SMTP_PASSWORD: log.info("Attempting a login into the email server ...") await smtp.login(cfg.SMTP_USERNAME, cfg.SMTP_PASSWORD.get_secret_value()) - await smtp.send_message(msg) + await smtp.send_message(message) await smtp.quit() else: async with aiosmtplib.SMTP(**smtp_args) as smtp: @@ -58,18 +57,23 @@ async def _send_mail(app: web.Application, msg: Union[MIMEText, MIMEMultipart]): await smtp.login( cfg.SMTP_USERNAME, cfg.SMTP_PASSWORD.get_secret_value() ) - await smtp.send_message(msg) + await smtp.send_message(message) async def _compose_mail( - app: web.Application, *, sender: str, recipient: str, subject: str, body: str + *, + cfg: LoginOptions, + sender: str, + recipient: str, + subject: str, + body: str, ) -> None: msg = MIMEText(body, "html") msg["Subject"] = subject msg["From"] = sender msg["To"] = recipient - await _send_mail(app, msg) + await _send_mail(cfg=cfg, message=msg) class AttachmentTuple(NamedTuple): @@ -78,8 +82,8 @@ class AttachmentTuple(NamedTuple): async def _compose_multipart_mail( - app: web.Application, *, + cfg: LoginOptions, sender: str, recipient: str, subject: str, @@ -110,7 +114,7 @@ async def _compose_multipart_mail( encoders.encode_base64(part) msg.attach(part) - await _send_mail(app, msg) + await _send_mail(cfg=cfg, message=msg) def themed(dirname, template) -> Path: @@ -123,6 +127,7 @@ async def get_template_path(request: web.Request, filename: str) -> Path: async def render_and_send_mail( request: web.Request, + *, from_: str, to: str, template: Path, @@ -136,9 +141,10 @@ async def render_and_send_mail( # subject, body = page.split("\n", 1) + cfg: LoginOptions = get_plugin_options(request.app) if attachments: await _compose_multipart_mail( - request.app, + cfg=cfg, sender=from_, recipient=to, subject=subject.strip(), @@ -147,7 +153,7 @@ async def render_and_send_mail( ) else: await _compose_mail( - request.app, + cfg=cfg, sender=from_, recipient=to, subject=subject.strip(), diff --git a/services/web/server/src/simcore_service_webserver/rest.py b/services/web/server/src/simcore_service_webserver/rest.py index 4a350fdc2a8..02a631d4fb6 100644 --- a/services/web/server/src/simcore_service_webserver/rest.py +++ b/services/web/server/src/simcore_service_webserver/rest.py @@ -6,7 +6,6 @@ """ import logging -from typing import Tuple from aiohttp import web from aiohttp_swagger import setup_swagger @@ -23,6 +22,7 @@ from .rest_healthcheck import HealthCheck from .rest_settings import RestSettings, get_plugin_settings from .rest_utils import get_openapi_specs_path, load_openapi_specs +from .security import setup_security log = logging.getLogger(__name__) @@ -30,12 +30,14 @@ @app_module_setup( __name__, ModuleCategory.ADDON, - depends=["simcore_service_webserver.security"], settings_name="WEBSERVER_REST", logger=log, ) def setup_rest(app: web.Application): settings: RestSettings = get_plugin_settings(app) + + setup_security(app) + is_diagnostics_enabled: bool = ( app[APP_SETTINGS_KEY].WEBSERVER_DIAGNOSTICS is not None ) @@ -91,4 +93,4 @@ def setup_rest(app: web.Application): ) -__all__: Tuple[str, ...] = ("setup_rest",) +__all__: tuple[str, ...] = ("setup_rest",) diff --git a/services/web/server/src/simcore_service_webserver/session.py b/services/web/server/src/simcore_service_webserver/session.py index 53907ae7c33..f6308d1ee48 100644 --- a/services/web/server/src/simcore_service_webserver/session.py +++ b/services/web/server/src/simcore_service_webserver/session.py @@ -1,20 +1,5 @@ -""" user's session submodule +""" user's session plugin - - stores user-specific data into a session object - - session object has a dict-like interface - - installs middleware in ``aiohttp.web.Application`` that attaches to - a session object to ``request``. Usage: - ``` - async def my_handler(request) - session = await get_session(request) - ``` - - data sessions stored in encripted cookies. - - client tx/rx session's data everytime (middleware?) - - This way, we can scale in theory server-side w/o issues - - TODO: test and demo statement above - - based in aiotthp_session library : http://aiohttp-session.readthedocs.io/en/latest/ - - TODO: check storing JSON-ed data into redis-service, keeping into cookie only redis key (random UUID). Pros/cons analysis. """ import base64 import logging @@ -30,33 +15,51 @@ async def my_handler(request) logger = logging.getLogger(__name__) -def generate_key(): +def generate_fernet_secret_key() -> bytes: # secret_key must be 32 url-safe base64-encoded bytes fernet_key = fernet.Fernet.generate_key() secret_key = base64.urlsafe_b64decode(fernet_key) return secret_key +# alias +get_session = aiohttp_session.get_session + + @app_module_setup( __name__, ModuleCategory.ADDON, settings_name="WEBSERVER_SESSION", logger=logger ) def setup_session(app: web.Application): """ Inits and registers a session middleware in aiohttp.web.Application + + - stores user-specific data into a session object + - session object has a dict-like interface + - installs middleware in ``aiohttp.web.Application`` that attaches to + a session object to ``request``. Usage: + ``` + async def my_handler(request) + session = await get_session(request) + ``` + - data sessions stored in encripted cookies. + - client tx/rx session's data everytime (middleware?) + - This way, we can scale in theory server-side w/o issues + - based in aiotthp_session library : http://aiohttp-session.readthedocs.io/en/latest/ + """ settings: SessionSettings = get_plugin_settings(app) # EncryptedCookieStorage urlsafe_b64decode inside if passes bytes - storage = EncryptedCookieStorage( + encrypted_cookie_sessions = EncryptedCookieStorage( secret_key=settings.SESSION_SECRET_KEY.get_secret_value(), cookie_name="osparc.WEBAPI_SESSION", ) - aiohttp_session.setup(app, storage) + aiohttp_session.setup(app=app, storage=encrypted_cookie_sessions) -# alias -get_session = aiohttp_session.get_session - - -__all__ = ("setup_session", "get_session") +__all__: tuple[str, ...] = ( + "generate_fernet_secret_key", + "get_session", + "setup_session", +) diff --git a/services/web/server/src/simcore_service_webserver/socketio/server.py b/services/web/server/src/simcore_service_webserver/socketio/server.py index 6ec40a6e365..4ef5c88e0b5 100644 --- a/services/web/server/src/simcore_service_webserver/socketio/server.py +++ b/services/web/server/src/simcore_service_webserver/socketio/server.py @@ -49,6 +49,7 @@ def setup_socketio_server(app: web.Application): sio.attach(app) app[APP_CLIENT_SOCKET_SERVER_KEY] = sio - app.cleanup_ctx.append(_socketio_server_cleanup_ctx) + if _socketio_server_cleanup_ctx not in app.cleanup_ctx: + app.cleanup_ctx.append(_socketio_server_cleanup_ctx) return get_socket_server(app) diff --git a/services/web/server/src/simcore_service_webserver/studies_dispatcher/handlers_redirects.py b/services/web/server/src/simcore_service_webserver/studies_dispatcher/handlers_redirects.py index e29e554ddc0..cc40cc5fb28 100644 --- a/services/web/server/src/simcore_service_webserver/studies_dispatcher/handlers_redirects.py +++ b/services/web/server/src/simcore_service_webserver/studies_dispatcher/handlers_redirects.py @@ -11,10 +11,9 @@ from models_library.services import KEY_RE, VERSION_RE from pydantic import BaseModel, HttpUrl, ValidationError, constr, validator from pydantic.types import PositiveInt -from yarl import URL -from .._constants import INDEX_RESOURCE_NAME from ..products import get_product_name +from ..utils_aiohttp import create_redirect_response from ._core import StudyDispatcherError, ViewerInfo, validate_requested_viewer from ._projects import acquire_project_with_viewer from ._users import UserInfo, acquire_user, ensure_authentication @@ -22,34 +21,6 @@ log = logging.getLogger(__name__) -def create_redirect_response( - app: web.Application, page: str, **parameters -) -> web.HTTPFound: - """ - Returns a redirect response to the front-end with information on page and parameters embedded in the fragment. - - For instance, - https://osparc.io/#/error?message=Sorry%2C%20I%20could%20not%20find%20this%20&status_code=404 - results from - - page=error - and parameters - - message="Sorry, I could not find this" - - status_code=404 - - Front-end can then render this data either in an error or a view page - """ - # TODO: Uniform encoding in front-end fragments https://github.com/ITISFoundation/osparc-simcore/issues/1975 - log.debug("page: '%s' parameters: '%s'", page, parameters) - - page = page.strip(" /") - assert page in ("view", "error") # nosec - fragment_path = str(URL.build(path=f"/{page}").with_query(parameters)) - redirect_url = ( - app.router[INDEX_RESOURCE_NAME].url_for().with_fragment(fragment_path) - ) - return web.HTTPFound(location=redirect_url) - - # HANDLERS -------------------------------- class ViewerQueryParams(BaseModel): file_type: str diff --git a/services/web/server/src/simcore_service_webserver/templates/common/new_2fa_code.jinja2 b/services/web/server/src/simcore_service_webserver/templates/common/new_2fa_code.jinja2 new file mode 100644 index 00000000000..b83e2d7dd70 --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/templates/common/new_2fa_code.jinja2 @@ -0,0 +1,21 @@ +{{ code }} is your security code for {{ host }} + +

Your security code for {{ host }}

+ +

+ Hi {{ name }}

+ Sign in to {{ host }} with this one-time security code: +

+ +

+ {{ code }} +

+ +

+ If you did not sign in, please contact {{ support_email }}. +

diff --git a/services/web/server/src/simcore_service_webserver/utils_aiohttp.py b/services/web/server/src/simcore_service_webserver/utils_aiohttp.py index f7e56666565..3df6ec364be 100644 --- a/services/web/server/src/simcore_service_webserver/utils_aiohttp.py +++ b/services/web/server/src/simcore_service_webserver/utils_aiohttp.py @@ -1,15 +1,20 @@ import io -from typing import Any, Callable, Dict, Type +import logging +from typing import Any, Callable, Literal from aiohttp import web from aiohttp.web_exceptions import HTTPError, HTTPException from aiohttp.web_routedef import RouteDef, RouteTableDef from models_library.generics import Envelope from servicelib.json_serialization import json_dumps +from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON from yarl import URL +from ._constants import INDEX_RESOURCE_NAME from .rest_constants import RESPONSE_MODEL_POLICY +log = logging.getLogger(__name__) + def rename_routes_as_handler_function(routes: RouteTableDef, *, prefix: str): route: RouteDef @@ -28,7 +33,7 @@ def get_routes_view(routes: RouteTableDef) -> str: def create_url_for_function(request: web.Request) -> Callable: app = request.app - def url_for(route_name: str, **params: Dict[str, Any]) -> str: + def url_for(route_name: str, **params: dict[str, Any]) -> str: """Reverse URL constructing using named resources""" try: rel_url: URL = app.router[route_name].url_for( @@ -55,11 +60,9 @@ def url_for(route_name: str, **params: Dict[str, Any]) -> str: def envelope_json_response( - obj: Any, status_cls: Type[HTTPException] = web.HTTPOk + obj: Any, status_cls: type[HTTPException] = web.HTTPOk ) -> web.Response: - # TODO: replace all envelope functionality form packages/service-library/src/servicelib/aiohttp/rest_responses.py - # TODO: Remove middleware to envelope handler responses at packages/service-library/src/servicelib/aiohttp/rest_middlewares.py: envelope_middleware_factory and use instead this - # TODO: review error_middleware_factory + # NOTE: see https://github.com/ITISFoundation/osparc-simcore/issues/3646 if issubclass(status_cls, HTTPError): enveloped = Envelope[Any](error=obj) else: @@ -67,6 +70,35 @@ def envelope_json_response( return web.Response( text=json_dumps(enveloped.dict(**RESPONSE_MODEL_POLICY)), - content_type="application/json", + content_type=MIMETYPE_APPLICATION_JSON, status=status_cls.status_code, ) + + +def create_redirect_response( + app: web.Application, page: Literal["view", "error"], **parameters +) -> web.HTTPFound: + """ + Returns a redirect response to the front-end with information on page + and parameters embedded in the fragment. + + For instance, + https://osparc.io/#/error?message=Sorry%2C%20I%20could%20not%20find%20this%20&status_code=404 + results from + - page=error + and parameters + - message="Sorry, I could not find this" + - status_code=404 + + Front-end can then render this data either in an error or a view page + """ + log.debug("page: '%s' parameters: '%s'", page, parameters) + assert page in ("view", "error") # nosec + + # NOTE: uniform encoding in front-end using url fragments + # SEE https://github.com/ITISFoundation/osparc-simcore/issues/1975 + fragment_path = f"{URL.build(path=f'/{page}').with_query(parameters)}" + redirect_url = ( + app.router[INDEX_RESOURCE_NAME].url_for().with_fragment(fragment_path) + ) + return web.HTTPFound(location=redirect_url) diff --git a/services/web/server/tests/unit/isolated/test_templates.py b/services/web/server/tests/unit/isolated/test_templates.py index bacf8762018..3bfe9d3d297 100644 --- a/services/web/server/tests/unit/isolated/test_templates.py +++ b/services/web/server/tests/unit/isolated/test_templates.py @@ -30,11 +30,14 @@ def app() -> web.Application: ) def test_all_email_templates_include_subject(template_path: Path, app: web.Application): assert template_path.exists() - subject, body = template_path.read_text().split("\n", 1) - assert ( - re.match(r"[a-zA-Z0-9\-_\s]+", subject) or "{{subject}}" in subject + subject, content = template_path.read_text().split("\n", 1) + + assert re.match( + r"[\{\}a-zA-Z0-9\-_\s]+", subject ), f"Template {template_path} must start with a subject line, got {subject}" + assert content + @pytest.mark.skip(reason="DEV") def test_render_string_from_tmp_file( diff --git a/services/web/server/tests/unit/with_dbs/01/test_login_change_password.py b/services/web/server/tests/unit/with_dbs/01/test_login_change_password.py deleted file mode 100644 index 0e06f4c8810..00000000000 --- a/services/web/server/tests/unit/with_dbs/01/test_login_change_password.py +++ /dev/null @@ -1,107 +0,0 @@ -# pylint: disable=redefined-outer-name -# pylint: disable=unused-argument -# pylint: disable=unused-variable - - -import pytest -from aiohttp import web -from aiohttp.test_utils import TestClient -from pytest_simcore.helpers.utils_assert import assert_status -from pytest_simcore.helpers.utils_login import LoggedUser -from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options - -NEW_PASSWORD = "NewPassword1*&^" - - -@pytest.fixture -def cfg(client: TestClient) -> LoginOptions: - cfg = get_plugin_options(client.app) - assert cfg - return cfg - - -async def test_unauthorized_to_change_password(client: TestClient): - url = client.app.router["auth_change_password"].url_for() - rsp = await client.post( - f"{url}", - json={ - "current": " fake", - "new": NEW_PASSWORD, - "confirm": NEW_PASSWORD, - }, - ) - assert rsp.status == 401 - await assert_status(rsp, web.HTTPUnauthorized) - - -async def test_wrong_current_password(client: TestClient, cfg: LoginOptions): - url = client.app.router["auth_change_password"].url_for() - - async with LoggedUser(client): - rsp = await client.post( - f"{url}", - json={ - "current": "wrongpassword", - "new": NEW_PASSWORD, - "confirm": NEW_PASSWORD, - }, - ) - assert rsp.url.path == url.path - assert rsp.status == 422 - assert cfg.MSG_WRONG_PASSWORD in await rsp.text() - await assert_status(rsp, web.HTTPUnprocessableEntity, cfg.MSG_WRONG_PASSWORD) - - -async def test_wrong_confirm_pass(client: TestClient, cfg: LoginOptions): - url = client.app.router["auth_change_password"].url_for() - - async with LoggedUser(client) as user: - rsp = await client.post( - f"{url}", - json={ - "current": user["raw_password"], - "new": NEW_PASSWORD, - "confirm": NEW_PASSWORD.upper(), - }, - ) - assert rsp.url.path == url.path - assert rsp.status == 409 - await assert_status(rsp, web.HTTPConflict, cfg.MSG_PASSWORD_MISMATCH) - - -async def test_success(client: TestClient, cfg: LoginOptions): - url_change_password = client.app.router["auth_change_password"].url_for() - url_login = client.app.router["auth_login"].url_for() - url_logout = client.app.router["auth_logout"].url_for() - - async with LoggedUser(client) as user: - # change password - rsp = await client.post( - f"{url_change_password}", - json={ - "current": user["raw_password"], - "new": NEW_PASSWORD, - "confirm": NEW_PASSWORD, - }, - ) - assert rsp.url.path == url_change_password.path - assert rsp.status == 200 - assert cfg.MSG_PASSWORD_CHANGED in await rsp.text() - await assert_status(rsp, web.HTTPOk, cfg.MSG_PASSWORD_CHANGED) - - # logout - rsp = await client.post(f"{url_logout}") - assert rsp.status == 200 - assert rsp.url.path == url_logout.path - - # login with new password - rsp = await client.post( - f"{url_login}", - json={ - "email": user["email"], - "password": NEW_PASSWORD, - }, - ) - assert rsp.status == 200 - assert rsp.url.path == url_login.path - await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_IN) diff --git a/services/web/server/tests/unit/with_dbs/03/login/conftest.py b/services/web/server/tests/unit/with_dbs/03/login/conftest.py new file mode 100644 index 00000000000..9cb55f94865 --- /dev/null +++ b/services/web/server/tests/unit/with_dbs/03/login/conftest.py @@ -0,0 +1,50 @@ +# pylint: disable=redefined-outer-name +# pylint: disable=unused-argument +# pylint: disable=unused-variable + + +import pytest +from aiohttp.test_utils import TestClient +from faker import Faker +from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options +from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage + + +@pytest.fixture +def fake_user_email(faker: Faker) -> str: + return faker.email() + + +@pytest.fixture +def fake_user_name(fake_user_email: str) -> str: + return fake_user_email.split("@")[0] + + +@pytest.fixture +def fake_user_phone_number(faker: Faker) -> str: + return faker.phone_number() + + +@pytest.fixture +def fake_user_password(faker: Faker) -> str: + return faker.password( + length=12, special_chars=True, digits=True, upper_case=True, lower_case=True + ) + + +@pytest.fixture +def db(client: TestClient) -> AsyncpgStorage: + """login database repository instance""" + assert client.app + db: AsyncpgStorage = get_plugin_storage(client.app) + assert db + return db + + +@pytest.fixture +def login_options(client: TestClient) -> LoginOptions: + """app's login options""" + assert client.app + cfg: LoginOptions = get_plugin_options(client.app) + assert cfg + return cfg diff --git a/services/web/server/tests/unit/with_dbs/03/test_login_2fa.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_2fa.py similarity index 65% rename from services/web/server/tests/unit/with_dbs/03/test_login_2fa.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_2fa.py index 17bd286a349..0cf064959bd 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_login_2fa.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_2fa.py @@ -8,24 +8,24 @@ import pytest import sqlalchemy as sa from aiohttp import web -from aiohttp.test_utils import TestClient -from pytest import MonkeyPatch +from aiohttp.test_utils import TestClient, make_mocked_request +from faker import Faker +from pytest import CaptureFixture, MonkeyPatch from pytest_simcore.helpers import utils_login from pytest_simcore.helpers.utils_assert import assert_status from pytest_simcore.helpers.utils_dict import ConfigDict from pytest_simcore.helpers.utils_envs import setenvs_from_dict -from pytest_simcore.helpers.utils_login import parse_link +from pytest_simcore.helpers.utils_login import parse_link, parse_test_marks from simcore_postgres_database.models.products import products from simcore_service_webserver.db_models import UserStatus from simcore_service_webserver.login._2fa import ( + _generage_2fa_code, + create_2fa_code, delete_2fa_code, get_2fa_code, - set_2fa_code, + send_email_code, ) -from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options -from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage - -EMAIL, PASSWORD, PHONE = "tester@test.com", "password", "+12345678912" +from simcore_service_webserver.login.storage import AsyncpgStorage @pytest.fixture @@ -71,22 +71,6 @@ def postgres_db(postgres_db: sa.engine.Engine): return postgres_db -@pytest.fixture -def cfg(client: TestClient) -> LoginOptions: - assert client.app - cfg = get_plugin_options(client.app) - assert cfg - return cfg - - -@pytest.fixture -def db(client: TestClient) -> AsyncpgStorage: - assert client.app - db: AsyncpgStorage = get_plugin_storage(client.app) - assert db - return db - - @pytest.fixture def mocked_twilio_service(mocker) -> dict[str, Mock]: return { @@ -112,13 +96,13 @@ async def test_2fa_code_operations( # set/get/delete email = "foo@bar.com" - code = await set_2fa_code(client.app, email) + code = await create_2fa_code(client.app, email) assert await get_2fa_code(client.app, email) == code await delete_2fa_code(client.app, email) # expired email = "expired@bar.com" - code = await set_2fa_code(client.app, email, expiration_time=1) + code = await create_2fa_code(client.app, email, expiration_time=1) await asyncio.sleep(1.5) assert await get_2fa_code(client.app, email) is None @@ -127,7 +111,10 @@ async def test_2fa_code_operations( async def test_workflow_register_and_login_with_2fa( client: TestClient, db: AsyncpgStorage, - capsys, + capsys: CaptureFixture, + fake_user_email: str, + fake_user_password: str, + fake_user_phone_number: str, mocked_twilio_service: dict[str, Mock], ): assert client.app @@ -136,15 +123,15 @@ async def test_workflow_register_and_login_with_2fa( # 1. submit url = client.app.router["auth_register"].url_for() - rsp = await client.post( + response = await client.post( f"{url}", json={ - "email": EMAIL, - "password": PASSWORD, - "confirm": PASSWORD, + "email": fake_user_email, + "password": fake_user_password, + "confirm": fake_user_password, }, ) - await assert_status(rsp, web.HTTPOk) + await assert_status(response, web.HTTPOk) # check email was sent def _get_confirmation_link_from_email(): @@ -156,11 +143,11 @@ def _get_confirmation_link_from_email(): url = _get_confirmation_link_from_email() # 2. confirmation - rsp = await client.get(url) - assert rsp.status == web.HTTPOk.status_code + response = await client.get(url) + assert response.status == web.HTTPOk.status_code # check email+password registered - user = await db.get_user({"email": EMAIL}) + user = await db.get_user({"email": fake_user_email}) assert user["status"] == UserStatus.ACTIVE.name assert user["phone"] is None @@ -168,84 +155,85 @@ def _get_confirmation_link_from_email(): # 1. submit url = client.app.router["auth_verify_2fa_phone"].url_for() - rsp = await client.post( + response = await client.post( f"{url}", json={ - "email": EMAIL, - "phone": PHONE, + "email": fake_user_email, + "phone": fake_user_phone_number, }, ) - await assert_status(rsp, web.HTTPAccepted) + await assert_status(response, web.HTTPAccepted) # check code generated and SMS sent assert mocked_twilio_service["send_sms_code_for_registration"].called kwargs = mocked_twilio_service["send_sms_code_for_registration"].call_args.kwargs phone, received_code = kwargs["phone_number"], kwargs["code"] - assert phone == PHONE + assert phone == fake_user_phone_number # check phone still NOT in db (TODO: should be in database and unconfirmed) - user = await db.get_user({"email": EMAIL}) + user = await db.get_user({"email": fake_user_email}) assert user["status"] == UserStatus.ACTIVE.name assert user["phone"] is None # 2. confirmation url = client.app.router["auth_validate_2fa_register"].url_for() - rsp = await client.post( + response = await client.post( f"{url}", json={ - "email": EMAIL, - "phone": PHONE, + "email": fake_user_email, + "phone": fake_user_phone_number, "code": received_code, }, ) - await assert_status(rsp, web.HTTPOk) + await assert_status(response, web.HTTPOk) # check user has phone confirmed - user = await db.get_user({"email": EMAIL}) + user = await db.get_user({"email": fake_user_email}) assert user["status"] == UserStatus.ACTIVE.name - assert user["phone"] == PHONE + assert user["phone"] == fake_user_phone_number # login --------------------------------------------------------- # 1. check email/password then send SMS url = client.app.router["auth_login"].url_for() - rsp = await client.post( + response = await client.post( f"{url}", json={ - "email": EMAIL, - "password": PASSWORD, - "confirm": PASSWORD, + "email": fake_user_email, + "password": fake_user_password, }, ) - data, _ = await assert_status(rsp, web.HTTPAccepted) + data, _ = await assert_status(response, web.HTTPAccepted) assert data["code"] == "SMS_CODE_REQUIRED" # assert SMS was sent kwargs = mocked_twilio_service["send_sms_code_for_login"].call_args.kwargs phone, received_code = kwargs["phone_number"], kwargs["code"] - assert phone == PHONE + assert phone == fake_user_phone_number # 2. check SMS code - url = client.app.router["auth_validate_2fa_login"].url_for() - rsp = await client.post( + url = client.app.router["auth_login_2fa"].url_for() + response = await client.post( f"{url}", json={ - "email": EMAIL, + "email": fake_user_email, "code": received_code, }, ) - await assert_status(rsp, web.HTTPOk) + await assert_status(response, web.HTTPOk) # assert users is successfully registered - user = await db.get_user({"email": EMAIL}) - assert user["email"] == EMAIL - assert user["phone"] == PHONE + user = await db.get_user({"email": fake_user_email}) + assert user["email"] == fake_user_email + assert user["phone"] == fake_user_phone_number assert user["status"] == UserStatus.ACTIVE.value async def test_register_phone_fails_with_used_number( client: TestClient, db: AsyncpgStorage, + fake_user_email: str, + fake_user_phone_number: str, ): """ Tests https://github.com/ITISFoundation/osparc-simcore/issues/3304 @@ -253,17 +241,42 @@ async def test_register_phone_fails_with_used_number( assert client.app # some user ALREADY registered with the same phone - await utils_login.create_fake_user(db, data={"phone": PHONE}) + await utils_login.create_fake_user(db, data={"phone": fake_user_phone_number}) # new registration with same phone # 1. submit url = client.app.router["auth_verify_2fa_phone"].url_for() - rsp = await client.post( + response = await client.post( f"{url}", json={ - "email": EMAIL, - "phone": PHONE, + "email": fake_user_email, + "phone": fake_user_phone_number, }, ) - _, error = await assert_status(rsp, web.HTTPUnauthorized) + _, error = await assert_status(response, web.HTTPUnauthorized) assert "phone" in error["message"] + + +async def test_send_email_code( + client: TestClient, faker: Faker, capsys: CaptureFixture +): + request = make_mocked_request("GET", "/dummy", app=client.app) + + user_email = faker.email() + support_email = faker.email() + code = _generage_2fa_code() + user_name = faker.user_name() + + await send_email_code( + request, + user_email=user_email, + support_email=support_email, + code=code, + user_name=user_name, + ) + + out, _ = capsys.readouterr() + parsed_context = parse_test_marks(out) + assert parsed_context["code"] == f"{code}" + assert parsed_context["name"] == user_name.capitalize() + assert parsed_context["support_email"] == support_email diff --git a/services/web/server/tests/unit/with_dbs/01/test_login_change_email.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_change_email.py similarity index 50% rename from services/web/server/tests/unit/with_dbs/01/test_login_change_email.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_change_email.py index 3015a9ab0bf..25aee079a5e 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_login_change_email.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_change_email.py @@ -5,96 +5,106 @@ import pytest from aiohttp import web from aiohttp.test_utils import TestClient +from pytest import CaptureFixture from pytest_simcore.helpers.utils_assert import assert_status from pytest_simcore.helpers.utils_login import LoggedUser, NewUser, parse_link from simcore_service_webserver._constants import INDEX_RESOURCE_NAME -from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options +from simcore_service_webserver.login._constants import ( + MSG_CHANGE_EMAIL_REQUESTED, + MSG_LOGGED_IN, + MSG_LOGGED_OUT, +) +from simcore_service_webserver.login.settings import LoginOptions from yarl import URL -NEW_EMAIL = "new@mail.com" - @pytest.fixture -def cfg(client: TestClient) -> LoginOptions: - cfg = get_plugin_options(client.app) - assert cfg - return cfg +def new_email(fake_user_email: str) -> str: + return fake_user_email -async def test_unauthorized_to_change_email(client: TestClient): +async def test_unauthorized_to_change_email(client: TestClient, new_email: str): + assert client.app url = client.app.router["auth_change_email"].url_for() - rsp = await client.post( - url, + response = await client.post( + f"{url}", json={ - "email": NEW_EMAIL, + "email": new_email, }, ) - assert rsp.status == 401 - await assert_status(rsp, web.HTTPUnauthorized) + assert response.status == 401 + await assert_status(response, web.HTTPUnauthorized) async def test_change_to_existing_email(client: TestClient): + assert client.app url = client.app.router["auth_change_email"].url_for() async with LoggedUser(client) as user: async with NewUser(app=client.app) as other: - rsp = await client.post( - url, + response = await client.post( + f"{url}", json={ "email": other["email"], }, ) await assert_status( - rsp, web.HTTPUnprocessableEntity, "This email cannot be used" + response, web.HTTPUnprocessableEntity, "This email cannot be used" ) -async def test_change_and_confirm(client: TestClient, cfg: LoginOptions, capsys): +async def test_change_and_confirm( + client: TestClient, + login_options: LoginOptions, + capsys: CaptureFixture, + new_email: str, +): + assert client.app url = client.app.router["auth_change_email"].url_for() index_url = client.app.router[INDEX_RESOURCE_NAME].url_for() login_url = client.app.router["auth_login"].url_for() logout_url = client.app.router["auth_logout"].url_for() - assert index_url.path == URL(cfg.LOGIN_REDIRECT).path + assert index_url.path == URL(login_options.LOGIN_REDIRECT).path async with LoggedUser(client) as user: # request change email - rsp = await client.post( - url, + response = await client.post( + f"{url}", json={ - "email": NEW_EMAIL, + "email": new_email, }, ) - assert rsp.url.path == url.path - await assert_status(rsp, web.HTTPOk, cfg.MSG_CHANGE_EMAIL_REQUESTED) + assert response.url.path == url.path + await assert_status(response, web.HTTPOk, MSG_CHANGE_EMAIL_REQUESTED) # email sent out, err = capsys.readouterr() link = parse_link(out) # try new email but logout first - rsp = await client.post(logout_url) - assert rsp.url.path == logout_url.path - await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_OUT) + response = await client.post(f"{logout_url}") + assert response.url.path == logout_url.path + await assert_status(response, web.HTTPOk, MSG_LOGGED_OUT) # click email's link - rsp = await client.get(link) - txt = await rsp.text() + response = await client.get(link) + txt = await response.text() - assert rsp.url.path == index_url.path + assert response.url.path == index_url.path assert ( "This is a result of disable_static_webserver fixture for product OSPARC" in txt ) - rsp = await client.post( - login_url, + response = await client.post( + f"{login_url}", json={ - "email": NEW_EMAIL, + "email": new_email, "password": user["raw_password"], }, ) - payload = await rsp.json() - assert rsp.url.path == login_url.path - await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_IN) + payload = await response.json() + assert response.url.path == login_url.path + await assert_status(response, web.HTTPOk, MSG_LOGGED_IN) diff --git a/services/web/server/tests/unit/with_dbs/03/login/test_login_change_password.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_change_password.py new file mode 100644 index 00000000000..6b29f87c56d --- /dev/null +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_change_password.py @@ -0,0 +1,130 @@ +# pylint: disable=redefined-outer-name +# pylint: disable=unused-argument +# pylint: disable=unused-variable + + +import pytest +from aiohttp import web +from aiohttp.test_utils import TestClient +from pytest_simcore.helpers.utils_assert import assert_status +from pytest_simcore.helpers.utils_login import LoggedUser +from servicelib.aiohttp.rest_responses import unwrap_envelope +from simcore_service_webserver.login._constants import ( + MSG_LOGGED_IN, + MSG_PASSWORD_CHANGED, + MSG_PASSWORD_MISMATCH, + MSG_WRONG_PASSWORD, +) +from simcore_service_webserver.login.settings import LoginOptions + + +@pytest.fixture +def new_password(fake_user_password: str) -> str: + return fake_user_password + + +async def test_unauthorized_to_change_password(client: TestClient, new_password: str): + assert client.app + url = client.app.router["auth_change_password"].url_for() + response = await client.post( + f"{url}", + json={ + "current": " fake", + "new": new_password, + "confirm": new_password, + }, + ) + assert response.status == 401 + await assert_status(response, web.HTTPUnauthorized) + + +async def test_wrong_current_password( + client: TestClient, login_options: LoginOptions, new_password: str +): + assert client.app + url = client.app.router["auth_change_password"].url_for() + + async with LoggedUser(client): + response = await client.post( + f"{url}", + json={ + "current": "wrongpassword", + "new": new_password, + "confirm": new_password, + }, + ) + assert response.url.path == url.path + assert response.status == 422 + assert MSG_WRONG_PASSWORD in await response.text() + await assert_status(response, web.HTTPUnprocessableEntity, MSG_WRONG_PASSWORD) + + +async def test_wrong_confirm_pass(client: TestClient, new_password: str): + assert client.app + url = client.app.router["auth_change_password"].url_for() + + async with LoggedUser(client) as user: + response = await client.post( + f"{url}", + json={ + "current": user["raw_password"], + "new": new_password, + "confirm": new_password.upper(), + }, + ) + assert response.url.path == url.path + assert response.status == web.HTTPUnprocessableEntity.status_code + + data, error = unwrap_envelope(await response.json()) + + assert data is None + assert error == { + "status": 422, + "errors": [ + { + "code": "value_error", + "message": MSG_PASSWORD_MISMATCH, + "resource": "/v0/auth/change-password", + "field": "confirm", + } + ], + } + + +async def test_success(client: TestClient, new_password: str): + assert client.app + url_change_password = client.app.router["auth_change_password"].url_for() + url_login = client.app.router["auth_login"].url_for() + url_logout = client.app.router["auth_logout"].url_for() + + async with LoggedUser(client) as user: + # change password + response = await client.post( + f"{url_change_password}", + json={ + "current": user["raw_password"], + "new": new_password, + "confirm": new_password, + }, + ) + assert response.url.path == url_change_password.path + assert response.status == 200 + assert MSG_PASSWORD_CHANGED in await response.text() + await assert_status(response, web.HTTPOk, MSG_PASSWORD_CHANGED) + + # logout + response = await client.post(f"{url_logout}") + assert response.status == 200 + assert response.url.path == url_logout.path + + # login with new password + response = await client.post( + f"{url_login}", + json={ + "email": user["email"], + "password": new_password, + }, + ) + assert response.status == 200 + assert response.url.path == url_login.path + await assert_status(response, web.HTTPOk, MSG_LOGGED_IN) diff --git a/services/web/server/tests/unit/with_dbs/01/test_login_login.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_login.py similarity index 77% rename from services/web/server/tests/unit/with_dbs/01/test_login_login.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_login.py index 07ca69c1e5a..6c10f74d012 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_login_login.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_login.py @@ -14,18 +14,16 @@ from servicelib.aiohttp.rest_responses import unwrap_envelope from simcore_service_webserver._constants import APP_SETTINGS_KEY from simcore_service_webserver.db_models import UserStatus -from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options +from simcore_service_webserver.login._constants import ( + MSG_ACTIVATION_REQUIRED, + MSG_LOGGED_IN, + MSG_UNKNOWN_EMAIL, + MSG_USER_BANNED, + MSG_USER_EXPIRED, + MSG_WRONG_PASSWORD, +) from simcore_service_webserver.session_settings import get_plugin_settings -EMAIL, PASSWORD = "tester@test.com", "password" - - -@pytest.fixture -def login_options(client: TestClient) -> LoginOptions: - assert client.app - options: LoginOptions = get_plugin_options(client.app) - return options - def test_login_plugin_setup_succeeded(client: TestClient): assert client.app @@ -36,9 +34,7 @@ def test_login_plugin_setup_succeeded(client: TestClient): assert settings -async def test_login_with_unknown_email( - client: TestClient, login_options: LoginOptions -): +async def test_login_with_unknown_email(client: TestClient): assert client.app url = client.app.router["auth_login"].url_for() r = await client.post( @@ -48,19 +44,17 @@ async def test_login_with_unknown_email( assert r.status == web.HTTPUnauthorized.status_code, str(payload) assert r.url.path == url.path - assert login_options.MSG_UNKNOWN_EMAIL in await r.text() + assert MSG_UNKNOWN_EMAIL in await r.text() -async def test_login_with_wrong_password( - client: TestClient, login_options: LoginOptions -): +async def test_login_with_wrong_password(client: TestClient): assert client.app url = client.app.router["auth_login"].url_for() r = await client.post(f"{url}") payload = await r.json() - assert login_options.MSG_WRONG_PASSWORD not in await r.text(), str(payload) + assert MSG_WRONG_PASSWORD not in await r.text(), str(payload) async with NewUser(app=client.app) as user: r = await client.post( @@ -73,15 +67,16 @@ async def test_login_with_wrong_password( payload = await r.json() assert r.status == web.HTTPUnauthorized.status_code, str(payload) assert r.url.path == url.path - assert login_options.MSG_WRONG_PASSWORD in await r.text() + assert MSG_WRONG_PASSWORD in await r.text() -@pytest.mark.parametrize("user_status", (UserStatus.BANNED, UserStatus.EXPIRED)) +@pytest.mark.parametrize( + "user_status,expected_msg", + ((UserStatus.BANNED, MSG_USER_BANNED), (UserStatus.EXPIRED, MSG_USER_EXPIRED)), +) async def test_login_blocked_user( - client: TestClient, login_options: LoginOptions, user_status: UserStatus + client: TestClient, user_status: UserStatus, expected_msg: str ): - expected_msg: str = getattr(login_options, f"MSG_USER_{user_status.name.upper()}") - assert client.app url = client.app.router["auth_login"].url_for() r = await client.post(f"{url}") @@ -99,11 +94,11 @@ async def test_login_blocked_user( assert expected_msg[:-20] in payload["error"]["errors"][0]["message"] -async def test_login_inactive_user(client: TestClient, login_options: LoginOptions): +async def test_login_inactive_user(client: TestClient): assert client.app url = client.app.router["auth_login"].url_for() r = await client.post(f"{url}") - assert login_options.MSG_ACTIVATION_REQUIRED not in await r.text() + assert MSG_ACTIVATION_REQUIRED not in await r.text() async with NewUser( {"status": UserStatus.CONFIRMATION_PENDING.name}, app=client.app @@ -113,10 +108,10 @@ async def test_login_inactive_user(client: TestClient, login_options: LoginOptio ) assert r.status == web.HTTPUnauthorized.status_code assert r.url.path == url.path - assert login_options.MSG_ACTIVATION_REQUIRED in await r.text() + assert MSG_ACTIVATION_REQUIRED in await r.text() -async def test_login_successfully(client: TestClient, login_options: LoginOptions): +async def test_login_successfully(client: TestClient): assert client.app url = client.app.router["auth_login"].url_for() @@ -129,14 +124,14 @@ async def test_login_successfully(client: TestClient, login_options: LoginOption assert not error assert data - assert login_options.MSG_LOGGED_IN in data["message"] + assert MSG_LOGGED_IN in data["message"] @pytest.mark.parametrize( "cookie_enabled,expected", [(True, web.HTTPOk), (False, web.HTTPUnauthorized)] ) async def test_proxy_login( - client: TestClient, cookie_enabled: bool, expected: web.HTTPException + client: TestClient, cookie_enabled: bool, expected: type[web.HTTPException] ): assert client.app restricted_url = client.app.router["get_my_profile"].url_for() diff --git a/services/web/server/tests/unit/with_dbs/01/test_login_logout.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_logout.py similarity index 53% rename from services/web/server/tests/unit/with_dbs/01/test_login_logout.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_logout.py index 5ce0681045a..21b6406641c 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_login_logout.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_logout.py @@ -2,22 +2,15 @@ # pylint: disable=unused-argument # pylint: disable=unused-variable -import pytest from aiohttp import web from aiohttp.test_utils import TestClient from pytest_simcore.helpers.utils_assert import assert_status from pytest_simcore.helpers.utils_login import LoggedUser -from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage - - -@pytest.fixture -def db(client: TestClient) -> AsyncpgStorage: - db: AsyncpgStorage = get_plugin_storage(client.app) - assert db - return db +from simcore_service_webserver.login.storage import AsyncpgStorage async def test_logout(client: TestClient, db: AsyncpgStorage): + assert client.app logout_url = client.app.router["auth_logout"].url_for() protected_url = client.app.router["auth_change_email"].url_for() @@ -25,18 +18,18 @@ async def test_logout(client: TestClient, db: AsyncpgStorage): async with LoggedUser(client) as user: # try to access protected page - r = await client.post(protected_url, json={"email": user["email"]}) - assert r.url.path == protected_url.path - await assert_status(r, web.HTTPOk) + response = await client.post(f"{protected_url}", json={"email": user["email"]}) + assert response.url.path == protected_url.path + await assert_status(response, web.HTTPOk) # logout - r = await client.post(logout_url) - assert r.url.path == logout_url.path - await assert_status(r, web.HTTPOk) + response = await client.post(f"{logout_url}") + assert response.url.path == logout_url.path + await assert_status(response, web.HTTPOk) # and try again - r = await client.post(protected_url) - assert r.url.path == protected_url.path - await assert_status(r, web.HTTPUnauthorized) + response = await client.post(f"{protected_url}") + assert response.url.path == protected_url.path + await assert_status(response, web.HTTPUnauthorized) await db.delete_user(user) diff --git a/services/web/server/tests/unit/with_dbs/03/test_login_registration.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_registration.py similarity index 72% rename from services/web/server/tests/unit/with_dbs/03/test_login_registration.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_registration.py index a0fbcbd5ef8..d8070c81325 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_login_registration.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_registration.py @@ -10,26 +10,26 @@ from aiohttp import web from aiohttp.test_utils import TestClient, TestServer from faker import Faker +from pytest import CaptureFixture from pytest_mock import MockerFixture from pytest_simcore.helpers.utils_assert import assert_error, assert_status from pytest_simcore.helpers.utils_login import NewInvitation, NewUser, parse_link from servicelib.aiohttp.rest_responses import unwrap_envelope from simcore_service_webserver.db_models import ConfirmationAction, UserStatus from simcore_service_webserver.login._confirmation import _url_for_confirmation +from simcore_service_webserver.login._constants import ( + MSG_EMAIL_EXISTS, + MSG_LOGGED_IN, + MSG_PASSWORD_MISMATCH, +) from simcore_service_webserver.login._registration import ( InvitationData, get_confirmation_info, ) -from simcore_service_webserver.login.settings import ( - LoginOptions, - LoginSettings, - get_plugin_options, -) -from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage +from simcore_service_webserver.login.settings import LoginOptions, LoginSettings +from simcore_service_webserver.login.storage import AsyncpgStorage from simcore_service_webserver.users_models import ProfileGet -EMAIL, PASSWORD = "tester@test.com", "password" - @pytest.fixture def client( @@ -38,39 +38,62 @@ def client( web_server: TestServer, mock_orphaned_services, ) -> TestClient: - cli = event_loop.run_until_complete(aiohttp_client(web_server)) - return cli + client_ = event_loop.run_until_complete(aiohttp_client(web_server)) + return client_ -@pytest.fixture -def cfg(client: TestClient) -> LoginOptions: +async def test_regiter_entrypoint( + client: TestClient, fake_user_email: str, fake_user_password: str +): assert client.app - cfg = get_plugin_options(client.app) - assert cfg - return cfg - + url = client.app.router["auth_register"].url_for() + response = await client.post( + f"{url}", + json={ + "email": fake_user_email, + "password": fake_user_password, + "confirm": fake_user_password, + }, + ) -@pytest.fixture -def db(client: TestClient) -> AsyncpgStorage: - assert client.app - db: AsyncpgStorage = get_plugin_storage(client.app) - assert db - return db + data, _ = await assert_status(response, web.HTTPOk) + assert fake_user_email in data["message"] -async def test_regitration_availibility(client: TestClient): +async def test_register_body_validation(client: TestClient, fake_user_password: str): assert client.app url = client.app.router["auth_register"].url_for() - r = await client.post( + response = await client.post( f"{url}", json={ - "email": EMAIL, - "password": PASSWORD, - "confirm": PASSWORD, + "email": "not-an-email", + "password": fake_user_password, + "confirm": fake_user_password.upper(), }, ) - await assert_status(r, web.HTTPOk) + assert response.status == web.HTTPUnprocessableEntity.status_code + body = await response.json() + data, error = unwrap_envelope(body) + + assert data is None + assert error == { + "status": 422, + "errors": [ + { + "code": "value_error.email", + "message": "value is not a valid email address", + "resource": "/v0/auth/register", + "field": "email", + }, + { + "code": "value_error", + "message": MSG_PASSWORD_MISMATCH, + "resource": "/v0/auth/register", + "field": "confirm", + }, + ], + } async def test_regitration_is_not_get(client: TestClient): @@ -80,7 +103,9 @@ async def test_regitration_is_not_get(client: TestClient): await assert_error(r, web.HTTPMethodNotAllowed) -async def test_registration_with_existing_email(client: TestClient, cfg: LoginOptions): +async def test_registration_with_existing_email( + client: TestClient, login_options: LoginOptions +): assert client.app url = client.app.router["auth_register"].url_for() async with NewUser(app=client.app) as user: @@ -92,13 +117,13 @@ async def test_registration_with_existing_email(client: TestClient, cfg: LoginOp "confirm": user["raw_password"], }, ) - await assert_error(r, web.HTTPConflict, cfg.MSG_EMAIL_EXISTS) + await assert_error(r, web.HTTPConflict, MSG_EMAIL_EXISTS) @pytest.mark.skip("TODO: Feature still not implemented") async def test_registration_with_expired_confirmation( client: TestClient, - cfg: LoginOptions, + login_options: LoginOptions, db: AsyncpgStorage, mocker: MockerFixture, ): @@ -129,12 +154,12 @@ async def test_registration_with_expired_confirmation( ) await db.delete_confirmation(confirmation) - await assert_error(r, web.HTTPConflict, cfg.MSG_EMAIL_EXISTS) + await assert_error(r, web.HTTPConflict, MSG_EMAIL_EXISTS) async def test_registration_with_invalid_confirmation_code( client: TestClient, - cfg: LoginOptions, + login_options: LoginOptions, db: AsyncpgStorage, mocker: MockerFixture, ): @@ -158,15 +183,17 @@ async def test_registration_with_invalid_confirmation_code( # Invalid code redirect to root without any error to the login page # assert r.ok - assert f"{r.url.relative()}" == cfg.LOGIN_REDIRECT + assert f"{r.url.relative()}" == login_options.LOGIN_REDIRECT assert r.history[0].status == web.HTTPFound.status_code async def test_registration_without_confirmation( client: TestClient, - cfg: LoginOptions, + login_options: LoginOptions, db: AsyncpgStorage, mocker: MockerFixture, + fake_user_email: str, + fake_user_password: str, ): assert client.app mocker.patch( @@ -181,24 +208,31 @@ async def test_registration_without_confirmation( url = client.app.router["auth_register"].url_for() r = await client.post( - f"{url}", json={"email": EMAIL, "password": PASSWORD, "confirm": PASSWORD} + f"{url}", + json={ + "email": fake_user_email, + "password": fake_user_password, + "confirm": fake_user_password, + }, ) data, error = unwrap_envelope(await r.json()) assert r.status == 200, (data, error) - assert cfg.MSG_LOGGED_IN in data["message"] + assert MSG_LOGGED_IN in data["message"] - user = await db.get_user({"email": EMAIL}) + user = await db.get_user({"email": fake_user_email}) assert user await db.delete_user(user) async def test_registration_with_confirmation( client: TestClient, - cfg: LoginOptions, + login_options: LoginOptions, db: AsyncpgStorage, - capsys, - mocker, + capsys: CaptureFixture, + mocker: MockerFixture, + fake_user_email: str, + fake_user_password: str, ): assert client.app mocker.patch( @@ -213,12 +247,17 @@ async def test_registration_with_confirmation( url = client.app.router["auth_register"].url_for() r = await client.post( - f"{url}", json={"email": EMAIL, "password": PASSWORD, "confirm": PASSWORD} + f"{url}", + json={ + "email": fake_user_email, + "password": fake_user_password, + "confirm": fake_user_password, + }, ) data, error = unwrap_envelope(await r.json()) assert r.status == 200, (data, error) - user = await db.get_user({"email": EMAIL}) + user = await db.get_user({"email": fake_user_email}) assert user["status"] == UserStatus.CONFIRMATION_PENDING.name assert "verification link" in data["message"] @@ -237,7 +276,7 @@ async def test_registration_with_confirmation( assert resp.status == 200 # user is active - user = await db.get_user({"email": EMAIL}) + user = await db.get_user({"email": fake_user_email}) assert user["status"] == UserStatus.ACTIVE.name # cleanup @@ -255,12 +294,14 @@ async def test_registration_with_confirmation( ) async def test_registration_with_invitation( client: TestClient, - cfg: LoginOptions, + login_options: LoginOptions, db: AsyncpgStorage, is_invitation_required: bool, has_valid_invitation: bool, expected_response: type[web.HTTPError], mocker: MockerFixture, + fake_user_email: str, + fake_user_password: str, ): assert client.app mocker.patch( @@ -283,16 +324,16 @@ async def test_registration_with_invitation( confirmation = f.confirmation assert confirmation - print(get_confirmation_info(cfg, confirmation)) + print(get_confirmation_info(login_options, confirmation)) url = client.app.router["auth_register"].url_for() r = await client.post( f"{url}", json={ - "email": EMAIL, - "password": PASSWORD, - "confirm": PASSWORD, + "email": fake_user_email, + "password": fake_user_password, + "confirm": fake_user_password, "invitation": confirmation["code"] if has_valid_invitation else "WRONG_CODE", @@ -303,7 +344,11 @@ async def test_registration_with_invitation( # check optional fields in body if not has_valid_invitation and not is_invitation_required: r = await client.post( - f"{url}", json={"email": "new-user" + EMAIL, "password": PASSWORD} + f"{url}", + json={ + "email": "new-user" + fake_user_email, + "password": fake_user_password, + }, ) await assert_status(r, expected_response) @@ -313,9 +358,11 @@ async def test_registration_with_invitation( async def test_registraton_with_invitation_for_trial_account( client: TestClient, - cfg: LoginOptions, + login_options: LoginOptions, faker: Faker, mocker: MockerFixture, + fake_user_email: str, + fake_user_password: str, ): assert client.app mocker.patch( @@ -350,7 +397,7 @@ async def test_registraton_with_invitation_for_trial_account( assert invitation.confirmation # checks that invitation is correct - info = get_confirmation_info(cfg, invitation.confirmation) + info = get_confirmation_info(login_options, invitation.confirmation) print(info) assert info["data"] assert isinstance(info["data"], InvitationData) @@ -360,9 +407,9 @@ async def test_registraton_with_invitation_for_trial_account( r = await client.post( f"{url}", json={ - "email": EMAIL, - "password": PASSWORD, - "confirm": PASSWORD, + "email": fake_user_email, + "password": fake_user_password, + "confirm": fake_user_password, "invitation": invitation.confirmation["code"], }, ) @@ -373,8 +420,8 @@ async def test_registraton_with_invitation_for_trial_account( r = await client.post( f"{url}", json={ - "email": EMAIL, - "password": PASSWORD, + "email": fake_user_email, + "password": fake_user_password, }, ) await assert_status(r, web.HTTPOk) diff --git a/services/web/server/tests/unit/with_dbs/03/test_login_reset_password.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_reset_password.py similarity index 59% rename from services/web/server/tests/unit/with_dbs/03/test_login_reset_password.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_reset_password.py index 8a09c20463d..4e1d823ae1e 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_login_reset_password.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_reset_password.py @@ -7,16 +7,25 @@ import pytest from aiohttp import web from aiohttp.test_utils import TestClient, TestServer +from pytest import CaptureFixture from pytest_simcore.helpers.utils_assert import assert_status from pytest_simcore.helpers.utils_login import NewUser, parse_link, parse_test_marks from simcore_service_webserver.db_models import ConfirmationAction, UserStatus -from simcore_service_webserver.login.settings import LoginOptions, get_plugin_options -from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage +from simcore_service_webserver.login._constants import ( + MSG_ACTIVATION_REQUIRED, + MSG_EMAIL_SENT, + MSG_LOGGED_IN, + MSG_OFTEN_RESET_PASSWORD, + MSG_PASSWORD_CHANGED, + MSG_UNKNOWN_EMAIL, + MSG_USER_BANNED, + MSG_USER_EXPIRED, +) +from simcore_service_webserver.login.settings import LoginOptions +from simcore_service_webserver.login.storage import AsyncpgStorage from simcore_service_webserver.login.utils import get_random_string from yarl import URL -EMAIL, PASSWORD = "tester@test.com", "password" - # # NOTE: theses tests are hitting a 'global_rate_limit_route' decorated entrypoint: 'auth_reset_password' # and might fail with 'HTTPTooManyRequests' error. @@ -38,93 +47,85 @@ def client( return cli -@pytest.fixture -def cfg(client: TestClient) -> LoginOptions: - assert client.app - cfg = get_plugin_options(client.app) - assert cfg - return cfg - - -@pytest.fixture -def db(client: TestClient) -> AsyncpgStorage: - assert client.app - db: AsyncpgStorage = get_plugin_storage(client.app) - assert db - return db - - async def test_unknown_email( client: TestClient, - cfg: LoginOptions, - capsys, + capsys: CaptureFixture, + fake_user_email: str, ): assert client.app reset_url = client.app.router["auth_reset_password"].url_for() - rp = await client.post( + response = await client.post( f"{reset_url}", json={ - "email": EMAIL, + "email": fake_user_email, }, ) - payload = await rp.text() + payload = await response.text() - assert rp.url.path == reset_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(email=EMAIL)) + assert response.url.path == reset_url.path + await assert_status( + response, web.HTTPOk, MSG_EMAIL_SENT.format(email=fake_user_email) + ) - out, err = capsys.readouterr() - assert parse_test_marks(out)["reason"] == cfg.MSG_UNKNOWN_EMAIL + out, _ = capsys.readouterr() + assert parse_test_marks(out)["reason"] == MSG_UNKNOWN_EMAIL -@pytest.mark.parametrize("user_status", (UserStatus.BANNED, UserStatus.EXPIRED)) +@pytest.mark.parametrize( + "user_status,expected_msg", + ((UserStatus.BANNED, MSG_USER_BANNED), (UserStatus.EXPIRED, MSG_USER_EXPIRED)), +) async def test_blocked_user( - client: TestClient, cfg: LoginOptions, capsys, user_status: UserStatus + client: TestClient, + capsys: CaptureFixture, + user_status: UserStatus, + expected_msg: str, ): assert client.app reset_url = client.app.router["auth_reset_password"].url_for() - expected_msg: str = getattr(cfg, f"MSG_USER_{user_status.name.upper()}") - async with NewUser({"status": user_status.name}, app=client.app) as user: - rp = await client.post( + response = await client.post( f"{reset_url}", json={ "email": user["email"], }, ) - assert rp.url.path == reset_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(**user)) + assert response.url.path == reset_url.path + await assert_status(response, web.HTTPOk, MSG_EMAIL_SENT.format(**user)) out, _ = capsys.readouterr() # expected_msg contains {support_email} at the end of the string assert expected_msg[:-20] in parse_test_marks(out)["reason"] -async def test_inactive_user(client: TestClient, cfg: LoginOptions, capsys): +async def test_inactive_user(client: TestClient, capsys: CaptureFixture): assert client.app reset_url = client.app.router["auth_reset_password"].url_for() async with NewUser( {"status": UserStatus.CONFIRMATION_PENDING.name}, app=client.app ) as user: - rp = await client.post( + response = await client.post( f"{reset_url}", json={ "email": user["email"], }, ) - assert rp.url.path == reset_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(**user)) + assert response.url.path == reset_url.path + await assert_status(response, web.HTTPOk, MSG_EMAIL_SENT.format(**user)) - out, err = capsys.readouterr() - assert parse_test_marks(out)["reason"] == cfg.MSG_ACTIVATION_REQUIRED + out, _ = capsys.readouterr() + assert parse_test_marks(out)["reason"] == MSG_ACTIVATION_REQUIRED async def test_too_often( - client: TestClient, cfg: LoginOptions, db: AsyncpgStorage, capsys + client: TestClient, + db: AsyncpgStorage, + capsys: CaptureFixture, ): assert client.app reset_url = client.app.router["auth_reset_password"].url_for() @@ -133,7 +134,7 @@ async def test_too_often( confirmation = await db.create_confirmation( user["id"], ConfirmationAction.RESET_PASSWORD.name ) - rp = await client.post( + response = await client.post( f"{reset_url}", json={ "email": user["email"], @@ -141,37 +142,39 @@ async def test_too_often( ) await db.delete_confirmation(confirmation) - assert rp.url.path == reset_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(**user)) + assert response.url.path == reset_url.path + await assert_status(response, web.HTTPOk, MSG_EMAIL_SENT.format(**user)) - out, err = capsys.readouterr() - assert parse_test_marks(out)["reason"] == cfg.MSG_OFTEN_RESET_PASSWORD + out, _ = capsys.readouterr() + assert parse_test_marks(out)["reason"] == MSG_OFTEN_RESET_PASSWORD -async def test_reset_and_confirm(client: TestClient, cfg: LoginOptions, capsys): +async def test_reset_and_confirm( + client: TestClient, login_options: LoginOptions, capsys: CaptureFixture +): assert client.app async with NewUser(app=client.app) as user: reset_url = client.app.router["auth_reset_password"].url_for() - rp = await client.post( + response = await client.post( f"{reset_url}", json={ "email": user["email"], }, ) - assert rp.url.path == reset_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(**user)) + assert response.url.path == reset_url.path + await assert_status(response, web.HTTPOk, MSG_EMAIL_SENT.format(**user)) out, err = capsys.readouterr() confirmation_url = parse_link(out) code = URL(confirmation_url).parts[-1] # emulates user click on email url - rp = await client.get(confirmation_url) - assert rp.status == 200 + response = await client.get(confirmation_url) + assert response.status == 200 assert ( - rp.url.path_qs - == URL(cfg.LOGIN_REDIRECT) + response.url.path_qs + == URL(login_options.LOGIN_REDIRECT) .with_fragment("reset-password?code=%s" % code) .path_qs ) @@ -181,32 +184,31 @@ async def test_reset_and_confirm(client: TestClient, cfg: LoginOptions, capsys): code=code ) new_password = get_random_string(5, 10) - rp = await client.post( + response = await client.post( f"{reset_allowed_url}", json={ "password": new_password, "confirm": new_password, }, ) - payload = await rp.json() - assert rp.status == 200, payload - assert rp.url.path == reset_allowed_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_PASSWORD_CHANGED) - # TODO: multiple flash messages + payload = await response.json() + assert response.status == 200, payload + assert response.url.path == reset_allowed_url.path + await assert_status(response, web.HTTPOk, MSG_PASSWORD_CHANGED) # Try new password logout_url = client.app.router["auth_logout"].url_for() - rp = await client.post(f"{logout_url}") - assert rp.url.path == logout_url.path - await assert_status(rp, web.HTTPUnauthorized, "Unauthorized") + response = await client.post(f"{logout_url}") + assert response.url.path == logout_url.path + await assert_status(response, web.HTTPUnauthorized, "Unauthorized") login_url = client.app.router["auth_login"].url_for() - rp = await client.post( + response = await client.post( f"{login_url}", json={ "email": user["email"], "password": new_password, }, ) - assert rp.url.path == login_url.path - await assert_status(rp, web.HTTPOk, cfg.MSG_LOGGED_IN) + assert response.url.path == login_url.path + await assert_status(response, web.HTTPOk, MSG_LOGGED_IN) diff --git a/services/web/server/tests/unit/with_dbs/03/test_login_utils_emails.py b/services/web/server/tests/unit/with_dbs/03/login/test_login_utils_emails.py similarity index 70% rename from services/web/server/tests/unit/with_dbs/03/test_login_utils_emails.py rename to services/web/server/tests/unit/with_dbs/03/login/test_login_utils_emails.py index 3b2964f2096..f172267368b 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_login_utils_emails.py +++ b/services/web/server/tests/unit/with_dbs/03/login/test_login_utils_emails.py @@ -14,8 +14,11 @@ from faker import Faker from json2html import json2html from pytest_mock import MockerFixture +from pytest_simcore.helpers.typing_env import EnvVarsDict from simcore_service_webserver._constants import RQ_PRODUCT_KEY +from simcore_service_webserver.application_settings import setup_settings from simcore_service_webserver.email import setup_email +from simcore_service_webserver.login.plugin import setup_login from simcore_service_webserver.login.utils_email import ( AttachmentTuple, get_template_path, @@ -27,9 +30,9 @@ @pytest.fixture def mocked_send_email(mocker: MockerFixture) -> MagicMock: - async def print_mail(app, msg): + async def print_mail(cfg, message): print("EMAIL----------") - print(msg) + print(message) print("---------------") return mocker.patch( @@ -40,76 +43,82 @@ async def print_mail(app, msg): @pytest.fixture -def app() -> web.Application: +def app(app_environment: EnvVarsDict) -> web.Application: app_ = web.Application() - assert setup_email(app_) + + assert setup_settings(app_) + assert setup_login(app_) # builds LoginOptions needed for _compose_email + assert not setup_email( + app_ + ) # NOTE: it is already init by setup_login, therefore 'setup_email' returns False return app_ -def _create_mocked_request(app_: web.Application, product_name: str): - request = make_mocked_request("GET", "/fake", app=app_) +@pytest.fixture +def http_request(app: web.Application, product_name: str) -> web.Request: + request = make_mocked_request("GET", "/fake", app=app) request[RQ_PRODUCT_KEY] = product_name return request @pytest.mark.parametrize("product_name", FRONTEND_APPS_AVAILABLE) async def test_render_and_send_mail_for_registration( - app: web.Application, faker: Faker, mocked_send_email: MagicMock, product_name: str, + http_request: web.Request, ): - request = _create_mocked_request(app, product_name) email = faker.email() # destination email link = faker.url() # some url link await render_and_send_mail( - request, + http_request, from_=f"no-reply@{product_name}.test", to=email, - template=await get_template_path(request, "registration_email.jinja2"), + template=await get_template_path(http_request, "registration_email.jinja2"), context={ - "host": request.host, + "host": http_request.host, "link": link, "name": email.split("@")[0], }, ) assert mocked_send_email.called - mimetext = mocked_send_email.call_args[0][1] + mimetext = mocked_send_email.call_args[1]["message"] assert mimetext["Subject"] assert mimetext["To"] == email @pytest.mark.parametrize("product_name", FRONTEND_APPS_AVAILABLE) async def test_render_and_send_mail_for_password( - app: web.Application, faker: Faker, mocked_send_email: MagicMock, product_name: str, + http_request: web.Request, ): - request = _create_mocked_request(app, product_name) email = faker.email() # destination email link = faker.url() # some url link await render_and_send_mail( - request, + http_request, from_=f"no-reply@{product_name}.test", to=email, - template=await get_template_path(request, "reset_password_email_failed.jinja2"), + template=await get_template_path( + http_request, "reset_password_email_failed.jinja2" + ), context={ - "host": request.host, + "host": http_request.host, "reason": faker.text(), }, ) await render_and_send_mail( - request, + http_request, from_=f"no-reply@{product_name}.test", to=email, - template=await get_template_path(request, "reset_password_email.jinja2"), + template=await get_template_path(http_request, "reset_password_email.jinja2"), context={ - "host": request.host, + "host": http_request.host, "link": link, }, ) @@ -117,22 +126,21 @@ async def test_render_and_send_mail_for_password( @pytest.mark.parametrize("product_name", FRONTEND_APPS_AVAILABLE) async def test_render_and_send_mail_to_change_email( - app: web.Application, faker: Faker, mocked_send_email: MagicMock, product_name: str, + http_request: web.Request, ): - request = _create_mocked_request(app, product_name) email = faker.email() # destination email link = faker.url() # some url link await render_and_send_mail( - request, + http_request, from_=f"no-reply@{product_name}.test", to=email, - template=await get_template_path(request, "change_email_email.jinja2"), + template=await get_template_path(http_request, "change_email_email.jinja2"), context={ - "host": request.host, + "host": http_request.host, "link": link, }, ) @@ -140,20 +148,19 @@ async def test_render_and_send_mail_to_change_email( @pytest.mark.parametrize("product_name", FRONTEND_APPS_AVAILABLE) async def test_render_and_send_mail_for_submission( - app: web.Application, faker: Faker, mocked_send_email: MagicMock, product_name: str, + http_request: web.Request, ): - request = _create_mocked_request(app, product_name) email = faker.email() # destination email data = {"name": faker.first_name(), "surname": faker.last_name()} # some form await render_and_send_mail( - request, + http_request, from_=f"no-reply@{product_name}.test", to=email, - template=await get_template_path(request, "service_submission.jinja2"), + template=await get_template_path(http_request, "service_submission.jinja2"), context={ "user": email, "data": json2html.convert( @@ -174,22 +181,26 @@ async def test_render_and_send_mail_for_submission( def test_render_string_from_tmp_file( tmp_path: Path, faker: Faker, app: web.Application ): - request = make_mocked_request("GET", "/fake", app=app) + http_request = make_mocked_request("GET", "/fake", app=app) template_path = themed("templates/osparc.io", "registration_email.jinja2") copy_path = tmp_path / template_path.name shutil.copy2(template_path, copy_path) - context = {"host": request.host, "link": faker.url(), "name": faker.first_name()} + context = { + "host": http_request.host, + "link": faker.url(), + "name": faker.first_name(), + } expected_page = render_string( template_name=f"{template_path}", - request=request, + request=http_request, context=context, ) got_page = render_string( template_name=f"{copy_path}", - request=request, + request=http_request, context=context, ) diff --git a/services/web/server/tests/unit/with_dbs/conftest.py b/services/web/server/tests/unit/with_dbs/conftest.py index abb223dfb1f..03a7c697aa1 100644 --- a/services/web/server/tests/unit/with_dbs/conftest.py +++ b/services/web/server/tests/unit/with_dbs/conftest.py @@ -9,6 +9,7 @@ # pylint: disable=unused-argument # pylint: disable=unused-variable + import asyncio import sys import textwrap @@ -30,6 +31,7 @@ from pydantic import ByteSize, parse_obj_as from pytest import MonkeyPatch from pytest_mock.plugin import MockerFixture +from pytest_simcore.helpers.typing_env import EnvVarsDict from pytest_simcore.helpers.utils_dict import ConfigDict from pytest_simcore.helpers.utils_login import NewUser from pytest_simcore.helpers.utils_webserver_unit_with_db import MockedStorageSubsystem @@ -48,6 +50,7 @@ delete_user_group, list_user_groups, ) +from simcore_service_webserver.login.settings import LoginOptions CURRENT_DIR = Path(sys.argv[0] if __name__ == "__main__" else __file__).resolve().parent @@ -104,7 +107,7 @@ def app_cfg(default_app_cfg: ConfigDict, unused_tcp_port_factory) -> ConfigDict: def app_environment( app_cfg: ConfigDict, monkeypatch_setenv_from_app_config: Callable[[ConfigDict], dict[str, str]], -) -> dict[str, str]: +) -> EnvVarsDict: """overridable fixture that defines the ENV for the webserver application based on legacy application config files. @@ -123,7 +126,7 @@ def app_environment(app_environment: dict[str, str], monkeypatch: MonkeyPatch) - def web_server( event_loop: asyncio.AbstractEventLoop, app_cfg: ConfigDict, - app_environment: dict[str, str], + app_environment: EnvVarsDict, postgres_db: sa.engine.Engine, # tools aiohttp_server: Callable, @@ -542,7 +545,7 @@ async def all_group(client, logged_user) -> dict[str, str]: def _patch_compose_mail(monkeypatch): async def print_mail_to_stdout( - app: web.Application, *, sender: str, recipient: str, subject: str, body: str + cfg: LoginOptions, *, sender: str, recipient: str, subject: str, body: str ): print( f"=== EMAIL FROM: {sender}\n=== EMAIL TO: {recipient}\n=== SUBJECT: {subject}\n=== BODY:\n{body}"