Merge pull request #130 from jverswijver/oidc_integration

OIDC integration

Author: guzman-raphael

CHANGELOG.md

@@ -3,92 +3,123 @@
 Observes [Semantic Versioning](https://semver.org/spec/v2.0.0.html) standard and [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) convention.
 
 ## [0.5.1] - 2022-09-27
+
 ### Added
+
 - Schema templating for insert queries using query params PR #131
+- Add support for OIDC login flow PR #130 (#125)
 
 ## [0.5.0] - 2022-09-21
+
 ### Fixed
+
 - Bugs with returning UUID and NaN values PR #128
 
 ### Added
+
 - Support schemas with a `-` by specifying instead with `__` in dynamic spec PR #128
 - Support for new `antd-table` component. Prior `table` component will be deprecated in the next minor release. PR #128
 - Support for InsertComponent
 
 ## [0.4.1] - 2022-03-24
+
 ### Fixed
+
 - Bug with otumat version not being tied to the latest PR #119
 
 ## [0.4.0] - 2022-03-18
+
 ### Fixed
+
 - Bug with `order_by` not applying from fetch args PR #117
 
 ### Added
+
 - Support for new `slider` and `dropdown-query` components PR #118
 - Numpy parser for `component_interface.py` to remove numpy types for json serialization PR #118
 - Support for loginless mode PR #118
 
 ## [0.3.0] - 2022-01-21
+
 ### Changed
+
 - Hot-reload mechanism to use `otumat watch` PR #116
 - Renamed environment variable defining spec sheet to `PHARUS_SPEC_PATH` PR #116
 
 ### Added
-- Autoformatting strategy using `black` PR #116 
+
+- Autoformatting strategy using `black` PR #116
 - Support for sci-viz components `metadata`, `image`, `dynamic grid` PR #116
 - `component interface` for users to be able to load their own custom interface for sci-viz PR #116
 
 ### Fixed
+
 - Various bugs related to datetime PR #116
 
 ## [0.2.3] - 2021-11-18
+
 ### Added
+
 - Support for plot component PR #155
 - Fetch argument specification in `dj_query` PR #155
 
 ## [0.2.2] - 2021-11-10
+
 ### Fixed
+
 - Optimize dynamic api virtual modules. PR #113
 
 ## [0.2.1] - 2021-11-08
+
 ### Fixed
+
 - Error with retrieving the module's installation root path. PR #112
 
 ## [0.2.0] - 2021-11-02
+
 ### Added
+
 - Dynamic api generation from spec sheet.(#103, #104, #105, #107, #108, #110) PR #106, #109
 - `dynamic_api_gen.py` Python script that generates `dynamic_api.py`.
 - Add Tests for the new dynamic api.
 - `server.py` now loads the routes generated dynamically from `dynamic_api.py` when it is present.
 
 ## [0.1.0] - 2021-03-31
+
 ### Added
+
 - Local database instance pre-populated with sample data for `dev` Docker Compose environment. PR #99
 - Capability to insert multiple, update multiple, and delete multiple. PR #99
 - Allow dependency restriction to include secondary attributes from parent table. PR #99
 
 ### Changed
+
 - Update `datajoint` to newly released `0.13.0`. PR #97
 - Rename service `pharus` to `pharus-docs` in `docs` Docker Compose environment to allow simulataneous development. PR #99
 - Update NGINX reverse proxy image reference. PR #99
 - Refactored API design to align with common REST resource naming convention. (#38) PR #99
 - Hide classes and methods that are internal and subject to change. PR #99
 
 ### Removed
+
 - `InvalidDeleteRequest` exception is no longer available as it is now allowed to delete more than 1 record at a time. PR #99
 
 ### Fixed
+
 - `uuid` types not properly restricted on `GET /record`, `DELETE /record`, and `GET /dependency`. PR #102
 
 ## [0.1.0b2] - 2021-03-12
 
 ### Fixed
+
 - Fixed behavior where using list_table with a nonexistent schema_name creates it instead of returning an error message (#65) PR #63
 
 ### Changed
+
 - Contribution policy to follow directly the general DataJoint Contribution Guideline. (#91) PR #94, #95
 
 ### Added
+
 - Issue templates for bug reports and enhancement requests. PR #94, #95
 - Docker environment for documentation build. (#92) PR #94, #95
 - Add Sphinx-based documentation source and fix parsing issues. (#92) PR #94, #95
@@ -97,29 +128,36 @@ Observes [Semantic Versioning](https://semver.org/spec/v2.0.0.html) standard and
 ## [0.1.0b0] - 2021-02-26
 
 ### Security
+
 - Documentation with detail regarding warning on bearer token. (#83) PR #88
 
 ### Fixed
+
 - Incorrect virtual module reference of `schema_virtual_module` in table metadata. (#85) PR #88
 
 ### Added
+
 - Docker `dev` environment that supports hot reloading. PR #79
 - Documentation on setting up environments within `docker-compose` header. PR #79
 - `cascade` option for `/delete_tuple` route. (#86) PR #88
 - When delete with `cascade=False` fails due to foreign key relations, returns a HTTP error code of `409 Conflict` with a JSON body containing specifics of 1st child. (#86) PR #88
 
 ### Changed
+
 - Replaced `DJConnector.snake_to_camel_case` usage with `datajoint.utils.to_camel_case`. PR #88
 - Default behavior for `/delete_tuple` now deletes without cascading. (#86) PR #88
 - Consolidated `pytest` fixtures into `__init__.py` to facilitate reuse. PR #88
 - Modify dependency check to not perform deep check and use accessible fk relations only. (#89) PR #90
 - Update nginx image to pull from datajoint organization. (#80) PR #90
 
 ### Removed
+
 - Docker `base` environment to simplify dependencies. PR #79
 
 ## [0.1.0a5] - 2021-02-18
+
 ### Added
+
 - List schemas method.
 - List tables method.
 - Data entry, update, delete, and view operations for DataJoint table tiers: `dj.Manual`, `dj.Lookup`.
@@ -128,6 +166,8 @@ Observes [Semantic Versioning](https://semver.org/spec/v2.0.0.html) standard and
 - Support for DataJoint attribute types: `varchar`, `int`, `float`, `datetime`, `date`, `time`, `decimal`, `uuid`.
 - Check dependency utility to determine child table references.
 
+[0.5.1]: https://github.com/datajoint/pharus/compare/0.5.0...0.5.1
+[0.5.0]: https://github.com/datajoint/pharus/compare/0.4.1...0.5.0
 [0.4.1]: https://github.com/datajoint/pharus/compare/0.4.0...0.4.1
 [0.4.0]: https://github.com/datajoint/pharus/compare/0.3.0...0.4.0
 [0.3.0]: https://github.com/datajoint/pharus/compare/0.2.3...0.3.0
@@ -138,4 +178,4 @@ Observes [Semantic Versioning](https://semver.org/spec/v2.0.0.html) standard and
 [0.1.0]: https://github.com/datajoint/pharus/compare/0.1.0b2...0.1.0
 [0.1.0b2]: https://github.com/datajoint/pharus/compare/0.1.0b0...0.1.0b2
 [0.1.0b0]: https://github.com/datajoint/pharus/compare/0.1.0a5...0.1.0b0
-[0.1.0a5]: https://github.com/datajoint/pharus/releases/tag/0.1.0a5
+[0.1.0a5]: https://github.com/datajoint/pharus/releases/tag/0.1.0a5

docker-compose-dev.yaml

@@ -27,6 +27,14 @@ services:
     environment:
       - FLASK_ENV=development # enables logging to console from Flask
       - PHARUS_SPEC_PATH=tests/init/test_dynamic_api_spec.yaml # for dynamic api spec
+      # --- only needed if you need OIDC compatability ---
+      - PHARUS_OIDC_CLIENT_SECRET
+      - PHARUS_OIDC_CLIENT_ID
+      - PHARUS_OIDC_REDIRECT_URI
+      - PHARUS_OIDC_CODE_VERIFIER
+      - PHARUS_OIDC_TOKEN_URL
+      - PHARUS_OIDC_PUBLIC_KEY
+      - PHARUS_OIDC_SUBJECT_KEY=preferred_username
     volumes:
       - ./pharus:/opt/conda/lib/python3.8/site-packages/pharus
     command: pharus

pharus/component_interface.py

@@ -46,7 +46,13 @@ def dumps(cls, obj):
 
 
 class FetchComponent:
-    def __init__(self, name, component_config, static_config, jwt_payload: dict):
+    def __init__(
+        self,
+        name,
+        component_config,
+        static_config,
+        connect_creds: dict,
+    ):
         lcls = locals()
         self.name = name
         if static_config:
@@ -68,15 +74,14 @@ def __init__(self, name, component_config, static_config, jwt_payload: dict):
             self.dj_restriction = lcls["restriction"]
         else:
             self.dj_restriction = lambda: dict()
-
         self.vm_list = [
             dj.VirtualModule(
                 s,
                 s,
                 connection=dj.conn(
-                    host=jwt_payload["databaseAddress"],
-                    user=jwt_payload["username"],
-                    password=jwt_payload["password"],
+                    host=connect_creds["databaseAddress"],
+                    user=connect_creds["username"],
+                    password=connect_creds["password"],
                     reset=True,
                 ),
             )
@@ -124,7 +129,12 @@ class InsertComponent:
     fields_route_format = "{route}/fields"
 
     def __init__(
-        self, name, component_config, static_config, payload, jwt_payload: dict
+        self,
+        name,
+        component_config,
+        static_config,
+        payload,
+        connect_creds: dict,
     ):
         self.name = name
         self.payload = payload
@@ -141,9 +151,9 @@ def __init__(
         self.type = component_config["type"]
         self.route = component_config["route"]
         self.connection = dj.conn(
-            host=jwt_payload["databaseAddress"],
-            user=jwt_payload["username"],
-            password=jwt_payload["password"],
+            host=connect_creds["databaseAddress"],
+            user=connect_creds["username"],
+            password=connect_creds["password"],
             reset=True,
         )
         self.fields_map = component_config.get("map")

pharus/dynamic_api_gen.py

@@ -28,14 +28,14 @@ def populate_api():
 
 @app.route('{route}', methods=['{rest_verb}'])
 @protected_route
-def {method_name}(jwt_payload: dict) -> dict:
+def {method_name}(connect_creds: dict) -> dict:
 
     if request.method in ['{rest_verb}']:
         try:
             component_instance = type_map['{component_type}'](name='{component_name}',
                                                               component_config={component},
                                                               static_config={static_config},
-                                                              jwt_payload=jwt_payload,
+                                                              connect_creds=connect_creds,
                                                               {payload})
             return component_instance.{method_name_type}()
         except Exception as e:
@@ -46,7 +46,7 @@ def {method_name}(jwt_payload: dict) -> dict:
 @app.route('{route}', methods=['{rest_verb}'])
 def {method_name}() -> dict:
     if request.method in ['{rest_verb}']:
-        jwt_payload = dict(
+        connect_creds = dict(
             databaseAddress=os.environ["PHARUS_HOST"],
             username=os.environ["PHARUS_USER"],
             password=os.environ["PHARUS_PASSWORD"],
@@ -55,7 +55,7 @@ def {method_name}() -> dict:
             component_instance = type_map['{component_type}'](name='{component_name}',
                                                               component_config={component},
                                                               static_config={static_config},
-                                                              jwt_payload=jwt_payload,
+                                                              connect_creds=connect_creds,
                                                               {payload})
             return component_instance.{method_name_type}()
         except Exception as e: