From 4477ed9f00d065c6c0b48454c0f872c8fc0925f0 Mon Sep 17 00:00:00 2001 From: Christoph Zwerschke Date: Wed, 20 Mar 2024 15:54:58 +0000 Subject: [PATCH] Update service-commons and adapt auth --- .pyproject_generation/pyproject_custom.toml | 8 +-- README.md | 6 +- lock/requirements-dev.txt | 65 ++++++++++++++++---- lock/requirements.txt | 65 ++++++++++++++++---- openapi.yaml | 2 +- pyproject.toml | 8 +-- src/wps/adapters/inbound/fastapi_/auth.py | 23 +++---- src/wps/adapters/inbound/fastapi_/dummies.py | 12 +++- src/wps/adapters/inbound/fastapi_/routes.py | 13 ++-- tests/fixtures/__init__.py | 3 +- tests/test_api.py | 2 +- 11 files changed, 145 insertions(+), 62 deletions(-) diff --git a/.pyproject_generation/pyproject_custom.toml b/.pyproject_generation/pyproject_custom.toml index e3139f1..6cda32c 100644 --- a/.pyproject_generation/pyproject_custom.toml +++ b/.pyproject_generation/pyproject_custom.toml @@ -1,11 +1,11 @@ [project] name = "wps" -version = "1.0.1" +version = "2.0.0" description = "Work Package Service" dependencies = [ - "ghga-event-schemas~=3.0.0", - "ghga-service-commons[api,auth,crypt]>=2, <3", - "hexkit[akafka,mongodb]>=2.1.0", + "ghga-event-schemas~=3.1.0", + "ghga-service-commons[api,auth,crypt]>=3.1.1", + "hexkit[akafka,mongodb]>=2.1.1", "typer>=0.9.0", ] diff --git a/README.md b/README.md index 2fa5973..8fdd84c 100644 --- a/README.md +++ b/README.md @@ -52,13 +52,13 @@ We recommend using the provided Docker container. A pre-build version is available at [docker hub](https://hub.docker.com/repository/docker/ghga/work-package-service): ```bash -docker pull ghga/work-package-service:1.0.1 +docker pull ghga/work-package-service:2.0.0 ``` Or you can build the container yourself from the [`./Dockerfile`](./Dockerfile): ```bash # Execute in the repo's root dir: -docker build -t ghga/work-package-service:1.0.1 . +docker build -t ghga/work-package-service:2.0.0 . ``` For production-ready deployment, we recommend using Kubernetes, however, @@ -66,7 +66,7 @@ for simple use cases, you could execute the service using docker on a single server: ```bash # The entrypoint is preconfigured: -docker run -p 8080:8080 ghga/work-package-service:1.0.1 --help +docker run -p 8080:8080 ghga/work-package-service:2.0.0 --help ``` If you prefer not to use containers, you may install the service from source: diff --git a/lock/requirements-dev.txt b/lock/requirements-dev.txt index 6396bce..a044ca8 100644 --- a/lock/requirements-dev.txt +++ b/lock/requirements-dev.txt @@ -1,5 +1,5 @@ # This file was autogenerated by uv via the following command: -# uv pip compile --refresh --generate-hashes --output-file /workspace/lock/requirements-dev.txt /tmp/tmp_5rfofj6/pyproject.toml /workspace/lock/requirements-dev.in +# uv pip compile --refresh --generate-hashes --output-file /workspace/lock/requirements-dev.txt /tmp/tmpywrbbwee/pyproject.toml /workspace/lock/requirements-dev.in aiokafka==0.8.1 \ --hash=sha256:1e24839088fd6d3ff481cc09a48ea487b997328df11630bc0a1b88255edbcfe9 \ --hash=sha256:1f43d2afd7d3e4407ada8d754895fad7c344ca00648a8a38418d76564eaaf6cd \ @@ -48,6 +48,35 @@ attrs==23.2.0 \ # via # jsonschema # referencing +bcrypt==4.1.2 \ + --hash=sha256:02d9ef8915f72dd6daaef40e0baeef8a017ce624369f09754baf32bb32dba25f \ + --hash=sha256:1c28973decf4e0e69cee78c68e30a523be441972c826703bb93099868a8ff5b5 \ + --hash=sha256:2a298db2a8ab20056120b45e86c00a0a5eb50ec4075b6142db35f593b97cb3fb \ + --hash=sha256:33313a1200a3ae90b75587ceac502b048b840fc69e7f7a0905b5f87fac7a1258 \ + --hash=sha256:3566a88234e8de2ccae31968127b0ecccbb4cddb629da744165db72b58d88ca4 \ + --hash=sha256:387e7e1af9a4dd636b9505a465032f2f5cb8e61ba1120e79a0e1cd0b512f3dfc \ + --hash=sha256:44290ccc827d3a24604f2c8bcd00d0da349e336e6503656cb8192133e27335e2 \ + --hash=sha256:57fa9442758da926ed33a91644649d3e340a71e2d0a5a8de064fb621fd5a3326 \ + --hash=sha256:68e3c6642077b0c8092580c819c1684161262b2e30c4f45deb000c38947bf483 \ + --hash=sha256:69057b9fc5093ea1ab00dd24ede891f3e5e65bee040395fb1e66ee196f9c9b4a \ + --hash=sha256:6cad43d8c63f34b26aef462b6f5e44fdcf9860b723d2453b5d391258c4c8e966 \ + --hash=sha256:71b8be82bc46cedd61a9f4ccb6c1a493211d031415a34adde3669ee1b0afbb63 \ + --hash=sha256:732b3920a08eacf12f93e6b04ea276c489f1c8fb49344f564cca2adb663b3e4c \ + --hash=sha256:9800ae5bd5077b13725e2e3934aa3c9c37e49d3ea3d06318010aa40f54c63551 \ + --hash=sha256:a97e07e83e3262599434816f631cc4c7ca2aa8e9c072c1b1a7fec2ae809a1d2d \ + --hash=sha256:ac621c093edb28200728a9cca214d7e838529e557027ef0581685909acd28b5e \ + --hash=sha256:b8df79979c5bae07f1db22dcc49cc5bccf08a0380ca5c6f391cbb5790355c0b0 \ + --hash=sha256:b90e216dc36864ae7132cb151ffe95155a37a14e0de3a8f64b49655dd959ff9c \ + --hash=sha256:ba4e4cc26610581a6329b3937e02d319f5ad4b85b074846bf4fef8a8cf51e7bb \ + --hash=sha256:ba55e40de38a24e2d78d34c2d36d6e864f93e0d79d0b6ce915e4335aa81d01b1 \ + --hash=sha256:be3ab1071662f6065899fe08428e45c16aa36e28bc42921c4901a191fda6ee42 \ + --hash=sha256:d75fc8cd0ba23f97bae88a6ec04e9e5351ff3c6ad06f38fe32ba50cbd0d11946 \ + --hash=sha256:e51c42750b7585cee7892c2614be0d14107fad9581d1738d954a262556dd1aab \ + --hash=sha256:ea505c97a5c465ab8c3ba75c0805a102ce526695cd6818c6de3b1a38f6f60da1 \ + --hash=sha256:eb3bd3321517916696233b5e0c67fd7d6281f0ef48e66812db35fc963a422a1c \ + --hash=sha256:f70d9c61f9c4ca7d57f3bfe88a5ccf62546ffbadf3681bb1e268d9d2e41c91a7 \ + --hash=sha256:fbe188b878313d01b7718390f31528be4010fed1faa798c5a1d0469c9c48c369 + # via crypt4gh certifi==2024.2.2 \ --hash=sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f \ --hash=sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1 @@ -267,6 +296,10 @@ coverage==7.4.4 \ --hash=sha256:fdfafb32984684eb03c2d83e1e51f64f0906b11e64482df3c5db936ce3839d48 \ --hash=sha256:ff7687ca3d7028d8a5f0ebae95a6e4827c5616b31a4ee1192bdfde697db110d4 # via pytest-cov +crypt4gh==1.6 \ + --hash=sha256:134015d4d1ea469389f6ee2c7036dec58caf91b3fb87cc6e131876080942306a \ + --hash=sha256:c44d999e5da84ca0bff00d0381eacfa27855ccbbd2eb0c95ec7b80f31e82860d + # via ghga-service-commons cryptography==42.0.5 \ --hash=sha256:0270572b8bd2c833c3981724b8ee9747b3ec96f699a9665470018594301439ee \ --hash=sha256:111a0d8553afcf8eb02a4fea6ca4f59d48ddb34497aa8706a6cf536f1a5ec576 \ @@ -300,7 +333,9 @@ cryptography==42.0.5 \ --hash=sha256:e807b3188f9eb0eaa7bbb579b462c5ace579f1cedb28107ce8b48a9f7ad3679e \ --hash=sha256:f12764b8fffc7a123f641d7d049d382b73f96a34117e0b637b80643169cec8ac \ --hash=sha256:f8837fe1d6ac4a8052a9a8ddab256bc006242696f03368a4009be7ee3075cdb7 - # via jwcrypto + # via + # crypt4gh + # jwcrypto distlib==0.3.8 \ --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \ --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64 @@ -315,6 +350,9 @@ docker==7.0.0 \ --hash=sha256:12ba681f2777a0ad28ffbcc846a69c31b4dfd9752b47eb425a274ee269c5e14b \ --hash=sha256:323736fb92cd9418fc5e7133bc953e11a9da04f4483f828b527db553f1e7e5a3 # via testcontainers +docopt==0.6.2 \ + --hash=sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 + # via crypt4gh email-validator==2.1.1 \ --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \ --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05 @@ -325,20 +363,20 @@ exceptiongroup==1.2.0 \ # via # anyio # pytest -fastapi==0.109.2 \ - --hash=sha256:2c9bab24667293b501cad8dd388c05240c850b58ec5876ee3283c47d6e1e3a4d \ - --hash=sha256:f3817eac96fe4f65a2ebb4baa000f394e55f5fccdaf7f75250804bc58f354f73 +fastapi==0.110.0 \ + --hash=sha256:266775f0dcc95af9d3ef39bad55cff525329a931d5fd51930aadd4f428bf7ff3 \ + --hash=sha256:87a1f6fb632a218222c5984be540055346a8f5d8a68e8f6fb647b1dc9934de4b # via ghga-service-commons filelock==3.13.1 \ --hash=sha256:521f5f56c50f8426f5e03ad3b281b490a87ef15bc6c526f168290f0c7148d44e \ --hash=sha256:57dbda9b35157b05fb3e58ee91448612eb674172fab98ee235ccb0b5bee19a1c # via virtualenv -ghga-event-schemas==3.0.0 \ - --hash=sha256:67dce9db2d45be862f69a58a903fac43416997ad50fd4f1f1d25822533a187d1 \ - --hash=sha256:7a8952e37bd935809f324aa21653b008e01a5ea920d36217734ee35776d92602 -ghga-service-commons==2.0.1 \ - --hash=sha256:957c44d8ad006da525c506d815210a701af2dc4ebf0e6473800c00f926f77ce8 \ - --hash=sha256:9e7ea822ec692fdc6df93ea62ed65e8dd2bf48886bf1441c96697c0be2101c15 +ghga-event-schemas==3.1.0 \ + --hash=sha256:87706784895376314124d30a0ba77dd7cfebdbfbcbb98e88d2a836486f11c385 \ + --hash=sha256:fa0048eda36002e7a79bc9084d2acdcc9eb9d38bcf263d6f68ad6fc453cae130 +ghga-service-commons==3.1.1 \ + --hash=sha256:6f758721a2673ac9c594d9cd052e0204b79950bf9f3e828ca5d870a6637d81b6 \ + --hash=sha256:b4e696c350f14a983d9447c43b16a954f0d2bf0a057c3ecdf0a95e3f115c89b4 gprof2dot==2022.7.29 \ --hash=sha256:45b4d298bd36608fccf9511c3fd88a773f7a1abc04d6cd39445b11ba43133ec5 \ --hash=sha256:f165b3851d3c52ee4915eb1bd6cca571e5759823c2cd0f71a79bda93c2dc85d6 @@ -692,7 +730,9 @@ pynacl==1.5.0 \ --hash=sha256:a36d4a9dda1f19ce6e03c9a784a2921a4b726b02e1c736600ca9c22029474394 \ --hash=sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b \ --hash=sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543 - # via ghga-service-commons + # via + # crypt4gh + # ghga-service-commons pytest==8.1.1 \ --hash=sha256:2a8386cfc11fa9d2c50ee7b2a57e7d898ef90470a7a34c4b949ff59662bb78b7 \ --hash=sha256:ac978141a75948948817d360297b7aae0fcb9d6ff6bc9ec6d514b85d5a65c044 @@ -772,6 +812,7 @@ pyyaml==6.0.1 \ --hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \ --hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f # via + # crypt4gh # hexkit # jsonschema2md # pre-commit diff --git a/lock/requirements.txt b/lock/requirements.txt index 1f328d2..43a91f4 100644 --- a/lock/requirements.txt +++ b/lock/requirements.txt @@ -1,5 +1,5 @@ # This file was autogenerated by uv via the following command: -# uv pip compile --refresh --generate-hashes --output-file /workspace/lock/requirements.txt /tmp/tmp_5rfofj6/pyproject.toml -c /workspace/lock/requirements-dev.txt +# uv pip compile --refresh --generate-hashes --output-file /workspace/lock/requirements.txt /tmp/tmpywrbbwee/pyproject.toml -c /workspace/lock/requirements-dev.txt aiokafka==0.8.1 \ --hash=sha256:1e24839088fd6d3ff481cc09a48ea487b997328df11630bc0a1b88255edbcfe9 \ --hash=sha256:1f43d2afd7d3e4407ada8d754895fad7c344ca00648a8a38418d76564eaaf6cd \ @@ -47,6 +47,35 @@ attrs==23.2.0 \ # via # jsonschema # referencing +bcrypt==4.1.2 \ + --hash=sha256:02d9ef8915f72dd6daaef40e0baeef8a017ce624369f09754baf32bb32dba25f \ + --hash=sha256:1c28973decf4e0e69cee78c68e30a523be441972c826703bb93099868a8ff5b5 \ + --hash=sha256:2a298db2a8ab20056120b45e86c00a0a5eb50ec4075b6142db35f593b97cb3fb \ + --hash=sha256:33313a1200a3ae90b75587ceac502b048b840fc69e7f7a0905b5f87fac7a1258 \ + --hash=sha256:3566a88234e8de2ccae31968127b0ecccbb4cddb629da744165db72b58d88ca4 \ + --hash=sha256:387e7e1af9a4dd636b9505a465032f2f5cb8e61ba1120e79a0e1cd0b512f3dfc \ + --hash=sha256:44290ccc827d3a24604f2c8bcd00d0da349e336e6503656cb8192133e27335e2 \ + --hash=sha256:57fa9442758da926ed33a91644649d3e340a71e2d0a5a8de064fb621fd5a3326 \ + --hash=sha256:68e3c6642077b0c8092580c819c1684161262b2e30c4f45deb000c38947bf483 \ + --hash=sha256:69057b9fc5093ea1ab00dd24ede891f3e5e65bee040395fb1e66ee196f9c9b4a \ + --hash=sha256:6cad43d8c63f34b26aef462b6f5e44fdcf9860b723d2453b5d391258c4c8e966 \ + --hash=sha256:71b8be82bc46cedd61a9f4ccb6c1a493211d031415a34adde3669ee1b0afbb63 \ + --hash=sha256:732b3920a08eacf12f93e6b04ea276c489f1c8fb49344f564cca2adb663b3e4c \ + --hash=sha256:9800ae5bd5077b13725e2e3934aa3c9c37e49d3ea3d06318010aa40f54c63551 \ + --hash=sha256:a97e07e83e3262599434816f631cc4c7ca2aa8e9c072c1b1a7fec2ae809a1d2d \ + --hash=sha256:ac621c093edb28200728a9cca214d7e838529e557027ef0581685909acd28b5e \ + --hash=sha256:b8df79979c5bae07f1db22dcc49cc5bccf08a0380ca5c6f391cbb5790355c0b0 \ + --hash=sha256:b90e216dc36864ae7132cb151ffe95155a37a14e0de3a8f64b49655dd959ff9c \ + --hash=sha256:ba4e4cc26610581a6329b3937e02d319f5ad4b85b074846bf4fef8a8cf51e7bb \ + --hash=sha256:ba55e40de38a24e2d78d34c2d36d6e864f93e0d79d0b6ce915e4335aa81d01b1 \ + --hash=sha256:be3ab1071662f6065899fe08428e45c16aa36e28bc42921c4901a191fda6ee42 \ + --hash=sha256:d75fc8cd0ba23f97bae88a6ec04e9e5351ff3c6ad06f38fe32ba50cbd0d11946 \ + --hash=sha256:e51c42750b7585cee7892c2614be0d14107fad9581d1738d954a262556dd1aab \ + --hash=sha256:ea505c97a5c465ab8c3ba75c0805a102ce526695cd6818c6de3b1a38f6f60da1 \ + --hash=sha256:eb3bd3321517916696233b5e0c67fd7d6281f0ef48e66812db35fc963a422a1c \ + --hash=sha256:f70d9c61f9c4ca7d57f3bfe88a5ccf62546ffbadf3681bb1e268d9d2e41c91a7 \ + --hash=sha256:fbe188b878313d01b7718390f31528be4010fed1faa798c5a1d0469c9c48c369 + # via crypt4gh cffi==1.16.0 \ --hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \ --hash=sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a \ @@ -109,6 +138,10 @@ click==8.1.7 \ # via # typer # uvicorn +crypt4gh==1.6 \ + --hash=sha256:134015d4d1ea469389f6ee2c7036dec58caf91b3fb87cc6e131876080942306a \ + --hash=sha256:c44d999e5da84ca0bff00d0381eacfa27855ccbbd2eb0c95ec7b80f31e82860d + # via ghga-service-commons cryptography==42.0.5 \ --hash=sha256:0270572b8bd2c833c3981724b8ee9747b3ec96f699a9665470018594301439ee \ --hash=sha256:111a0d8553afcf8eb02a4fea6ca4f59d48ddb34497aa8706a6cf536f1a5ec576 \ @@ -142,13 +175,18 @@ cryptography==42.0.5 \ --hash=sha256:e807b3188f9eb0eaa7bbb579b462c5ace579f1cedb28107ce8b48a9f7ad3679e \ --hash=sha256:f12764b8fffc7a123f641d7d049d382b73f96a34117e0b637b80643169cec8ac \ --hash=sha256:f8837fe1d6ac4a8052a9a8ddab256bc006242696f03368a4009be7ee3075cdb7 - # via jwcrypto + # via + # crypt4gh + # jwcrypto dnspython==2.6.1 \ --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \ --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc # via # email-validator # pymongo +docopt==0.6.2 \ + --hash=sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 + # via crypt4gh email-validator==2.1.1 \ --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \ --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05 @@ -157,16 +195,16 @@ exceptiongroup==1.2.0 \ --hash=sha256:4bfd3996ac73b41e9b9628b04e079f193850720ea5945fc96a08633c66912f14 \ --hash=sha256:91f5c769735f051a4290d52edd0858999b57e5876e9f85937691bd4c9fa3ed68 # via anyio -fastapi==0.109.2 \ - --hash=sha256:2c9bab24667293b501cad8dd388c05240c850b58ec5876ee3283c47d6e1e3a4d \ - --hash=sha256:f3817eac96fe4f65a2ebb4baa000f394e55f5fccdaf7f75250804bc58f354f73 +fastapi==0.110.0 \ + --hash=sha256:266775f0dcc95af9d3ef39bad55cff525329a931d5fd51930aadd4f428bf7ff3 \ + --hash=sha256:87a1f6fb632a218222c5984be540055346a8f5d8a68e8f6fb647b1dc9934de4b # via ghga-service-commons -ghga-event-schemas==3.0.0 \ - --hash=sha256:67dce9db2d45be862f69a58a903fac43416997ad50fd4f1f1d25822533a187d1 \ - --hash=sha256:7a8952e37bd935809f324aa21653b008e01a5ea920d36217734ee35776d92602 -ghga-service-commons==2.0.1 \ - --hash=sha256:957c44d8ad006da525c506d815210a701af2dc4ebf0e6473800c00f926f77ce8 \ - --hash=sha256:9e7ea822ec692fdc6df93ea62ed65e8dd2bf48886bf1441c96697c0be2101c15 +ghga-event-schemas==3.1.0 \ + --hash=sha256:87706784895376314124d30a0ba77dd7cfebdbfbcbb98e88d2a836486f11c385 \ + --hash=sha256:fa0048eda36002e7a79bc9084d2acdcc9eb9d38bcf263d6f68ad6fc453cae130 +ghga-service-commons==3.1.1 \ + --hash=sha256:6f758721a2673ac9c594d9cd052e0204b79950bf9f3e828ca5d870a6637d81b6 \ + --hash=sha256:b4e696c350f14a983d9447c43b16a954f0d2bf0a057c3ecdf0a95e3f115c89b4 h11==0.14.0 \ --hash=sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d \ --hash=sha256:e3fe4ac4b851c468cc8363d500db52c2ead036020723024a109d37346efaa761 @@ -438,7 +476,9 @@ pynacl==1.5.0 \ --hash=sha256:a36d4a9dda1f19ce6e03c9a784a2921a4b726b02e1c736600ca9c22029474394 \ --hash=sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b \ --hash=sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543 - # via ghga-service-commons + # via + # crypt4gh + # ghga-service-commons python-dotenv==1.0.1 \ --hash=sha256:e324ee90a023d808f1959c46bcbc04446a10ced277783dc6ee09987c37ec10ca \ --hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a @@ -498,6 +538,7 @@ pyyaml==6.0.1 \ --hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \ --hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f # via + # crypt4gh # hexkit # uvicorn referencing==0.34.0 \ diff --git a/openapi.yaml b/openapi.yaml index 7e2a77d..da25a57 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -142,7 +142,7 @@ components: info: description: A service managing work packages for the GHGA CLI title: Work Package Service - version: 1.0.1 + version: 2.0.0 openapi: 3.1.0 paths: /health: diff --git a/pyproject.toml b/pyproject.toml index abe6399..4cb3901 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -22,12 +22,12 @@ classifiers = [ "Intended Audience :: Developers", ] name = "wps" -version = "1.0.1" +version = "2.0.0" description = "Work Package Service" dependencies = [ - "ghga-event-schemas~=3.0.0", - "ghga-service-commons[api,auth,crypt]>=2, <3", - "hexkit[akafka,mongodb]>=2.1.0", + "ghga-event-schemas~=3.1.0", + "ghga-service-commons[api,auth,crypt]>=3.1.1", + "hexkit[akafka,mongodb]>=2.1.1", "typer>=0.9.0", ] diff --git a/src/wps/adapters/inbound/fastapi_/auth.py b/src/wps/adapters/inbound/fastapi_/auth.py index dac2fd8..a1c5fa6 100644 --- a/src/wps/adapters/inbound/fastapi_/auth.py +++ b/src/wps/adapters/inbound/fastapi_/auth.py @@ -20,25 +20,22 @@ from fastapi import Depends, Security from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer -from ghga_service_commons.auth.context import AuthContextProtocol -from ghga_service_commons.auth.ghga import AuthContext, is_active +from ghga_service_commons.auth.ghga import AuthContext from ghga_service_commons.auth.policies import require_auth_context_using_credentials -from wps.adapters.inbound.fastapi_.dummies import auth_provider +from wps.adapters.inbound.fastapi_ import dummies -__all__ = ["RequiresAuthContext", "RequiresWorkPackageAccessToken"] +__all__ = ["UserAuthContext", "WorkPackageAccessToken"] -async def require_active_context( +async def require_auth_context( credentials: Annotated[ HTTPAuthorizationCredentials, Depends(HTTPBearer(auto_error=True)) ], - auth_provider: Annotated[AuthContextProtocol[AuthContext], Depends(auth_provider)], + auth_provider: dummies.AuthProviderDummy, ) -> AuthContext: - """Require an active GHGA auth context using FastAPI.""" - return await require_auth_context_using_credentials( - credentials, auth_provider, is_active - ) + """Require a GHGA auth context using FastAPI.""" + return await require_auth_context_using_credentials(credentials, auth_provider) async def require_access_token( @@ -50,8 +47,8 @@ async def require_access_token( return credentials.credentials -# policy that requires (and returns) an active auth context -RequiresAuthContext = Annotated[AuthContext, Security(require_active_context)] +# policy that requires (and returns) a user auth context +UserAuthContext = Annotated[AuthContext, Security(require_auth_context)] # policy that requires (and returns) a work package access token -RequiresWorkPackageAccessToken = Annotated[str, Security(require_access_token)] +WorkPackageAccessToken = Annotated[str, Security(require_access_token)] diff --git a/src/wps/adapters/inbound/fastapi_/dummies.py b/src/wps/adapters/inbound/fastapi_/dummies.py index 975babf..79a5e8c 100644 --- a/src/wps/adapters/inbound/fastapi_/dummies.py +++ b/src/wps/adapters/inbound/fastapi_/dummies.py @@ -24,14 +24,22 @@ from fastapi import Depends from ghga_service_commons.api.di import DependencyDummy +from ghga_service_commons.auth.context import AuthContextProtocol +from ghga_service_commons.auth.ghga import AuthContext from wps.ports.inbound.repository import WorkPackageRepositoryPort -__all__ = ["auth_provider", "work_package_repo_port", "WorkPackageRepositoryDummy"] +__all__ = [ + "auth_provider", + "work_package_repo_port", + "AuthProviderDummy", + "WorkPackageRepositoryDummy", +] auth_provider = DependencyDummy("auth_provider") - work_package_repo_port = DependencyDummy("work_package_repo_port") + +AuthProviderDummy = Annotated[AuthContextProtocol[AuthContext], Depends(auth_provider)] WorkPackageRepositoryDummy = Annotated[ WorkPackageRepositoryPort, Depends(work_package_repo_port) ] diff --git a/src/wps/adapters/inbound/fastapi_/routes.py b/src/wps/adapters/inbound/fastapi_/routes.py index fe9d8cd..bda4c59 100644 --- a/src/wps/adapters/inbound/fastapi_/routes.py +++ b/src/wps/adapters/inbound/fastapi_/routes.py @@ -20,10 +20,7 @@ from fastapi import APIRouter, HTTPException, status -from wps.adapters.inbound.fastapi_.auth import ( - RequiresAuthContext, - RequiresWorkPackageAccessToken, -) +from wps.adapters.inbound.fastapi_.auth import UserAuthContext, WorkPackageAccessToken from wps.adapters.inbound.fastapi_.dummies import WorkPackageRepositoryDummy from wps.core.models import ( Dataset, @@ -69,7 +66,7 @@ async def health(): async def create_work_package( creation_data: WorkPackageCreationData, repository: WorkPackageRepositoryDummy, - auth_context: RequiresAuthContext, + auth_context: UserAuthContext, ) -> WorkPackageCreationResponse: """Create a work package using an internal auth token with a user context.""" try: @@ -99,7 +96,7 @@ async def create_work_package( async def get_work_package( work_package_id: str, repository: WorkPackageRepositoryDummy, - work_package_access_token: RequiresWorkPackageAccessToken, + work_package_access_token: WorkPackageAccessToken, ) -> WorkPackageDetails: """Get work package details using a work package access token.""" try: @@ -139,7 +136,7 @@ async def create_work_order_token( work_package_id: str, file_id: str, repository: WorkPackageRepositoryDummy, - work_package_access_token: RequiresWorkPackageAccessToken, + work_package_access_token: WorkPackageAccessToken, ) -> str: """Get an encrypted work order token using a work package access token.""" try: @@ -175,7 +172,7 @@ async def create_work_order_token( async def get_datasets( user_id: str, repository: WorkPackageRepositoryDummy, - auth_context: RequiresAuthContext, + auth_context: UserAuthContext, ) -> list[Dataset]: """Get datasets using an internal auth token with a user context.""" try: diff --git a/tests/fixtures/__init__.py b/tests/fixtures/__init__.py index 69d53b8..fc170cf 100644 --- a/tests/fixtures/__init__.py +++ b/tests/fixtures/__init__.py @@ -62,7 +62,6 @@ "email": "john@home.org", "title": "Dr.", "id": "john-doe@ghga.de", - "status": "active", } @@ -82,7 +81,7 @@ def fixture_auth_headers() -> dict[str, str]: def fixture_bad_auth_headers() -> dict[str, str]: """Get a invalid auth headers for testing""" claims = AUTH_CLAIMS.copy() - claims["status"] = "inactive" + del claims["id"] token = sign_and_serialize_token(claims, AUTH_KEY_PAIR) return headers_for_token(token) diff --git a/tests/test_api.py b/tests/test_api.py index 598b236..97baa5e 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -65,7 +65,7 @@ async def test_create_work_package_unauthorized( response = await client.post( "/work-packages", json=CREATION_DATA, headers=bad_auth_headers ) - assert response.status_code == status.HTTP_403_FORBIDDEN + assert response.status_code == status.HTTP_401_UNAUTHORIZED @mark.asyncio(scope="session")