Implement command line authentication (#9)

* Add working version of OAuth2 with github

* Add tests

* Add readme and constants

* Update guthub client and tests

Author: rafalstepien

.gitignore

@@ -129,3 +129,4 @@ dmypy.json
 .pyre/
 .idea/
 run.py
+environment/local.env

README.md

@@ -1 +1,24 @@
-# pephubClient
+# `PEPHubClient`
+
+`PEPHubClient` is a tool to provide Python and CLI interface for `pephub`.
+Authorization is based on `OAuth` with using GitHub.
+
+The authorization process is slightly complex and needs more explanation.
+The explanation will be provided based on two commands:
+
+
+## 1. `pephubclient login`
+To authenticate itself user must execute `pephubclient login` command (1).
+Command triggers the process of authenticating with GitHub.
+`PEPHubClient` sends the request for user and device verification codes (2), and
+GitHub responds with the data (3). Next, if user is not logged in, GitHub
+asks for login (4), user logs in (5) and then GitHub asks to input 
+verification code (6) that is shown to user in the CLI. 
+After inputting the correct verification code (7), `PEPHubClient`
+sends the request to GitHub and asks about access token (8), which is then
+provided by GitHub based on data from authentication (9).
+![](static/pephubclient_login.png)
+
+
+## 2. `pephubclient pull project/name:tag`
+![](static/pephubclient_pull.png)

error_handling/constants.py

@@ -0,0 +1,7 @@
+from enum import Enum
+
+
+class ResponseStatusCodes(int, Enum):
+    FORBIDDEN_403 = 403
+    NOT_EXIST_404 = 404
+    OK_200 = 200

error_handling/error_handler.py

@@ -0,0 +1,16 @@
+from error_handling.exceptions import AuthorizationPendingError
+from typing import Union
+import pydantic
+from error_handling.models import GithubErrorModel
+from contextlib import suppress
+
+
+class ErrorHandler:
+    @staticmethod
+    def parse_github_response_error(github_response) -> Union[Exception, None]:
+        with suppress(pydantic.ValidationError):
+            GithubErrorModel(**github_response)
+            return AuthorizationPendingError(
+                message="You must first authorize with GitHub by using "
+                "provided code."
+            )

error_handling/exceptions.py

@@ -0,0 +1,23 @@
+class BasePephubclientException(Exception):
+    def __init__(self, message: str):
+        super().__init__(message)
+
+
+class IncorrectQueryStringError(BasePephubclientException):
+    def __init__(self, query_string: str = None):
+        self.query_string = query_string
+        super().__init__(
+            f"PEP data with passed namespace and project ({self.query_string}) name not found."
+        )
+
+
+class ResponseError(BasePephubclientException):
+    default_message = "The response looks incorrect and must be verified manually."
+
+    def __init__(self, message: str = None):
+        self.message = message
+        super().__init__(self.message or self.default_message)
+
+
+class AuthorizationPendingError(BasePephubclientException):
+    ...

error_handling/models.py

@@ -0,0 +1,6 @@
+from pydantic import BaseModel
+
+
+class GithubErrorModel(BaseModel):
+    error: str
+    error_description: str

github_oauth_client/__init__.py

@@ -0,0 +1,8 @@
+GITHUB_BASE_API_URL = "https://api.github.com"
+GITHUB_BASE_LOGIN_URL = "https://github.com/login"
+GITHUB_VERIFICATION_CODES_ENDPOINT = "/device/code"
+GITHUB_OAUTH_ENDPOINT = "/oauth/access_token"
+
+HEADERS = {"Content-Type": "application/json", "Accept": "application/json"}
+ENCODING = "utf-8"
+GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code"

github_oauth_client/constants.py

@@ -0,0 +1,106 @@
+import json
+from typing import Type
+from error_handling.error_handler import ErrorHandler
+import requests
+from github_oauth_client.constants import (
+    GITHUB_BASE_LOGIN_URL,
+    GITHUB_OAUTH_ENDPOINT,
+    GITHUB_VERIFICATION_CODES_ENDPOINT,
+    GRANT_TYPE,
+    HEADERS,
+)
+from github_oauth_client.models import (
+    AccessTokenResponseModel,
+    VerificationCodesResponseModel,
+)
+from pephubclient.models import ClientData
+from pydantic import BaseModel, ValidationError
+from error_handling.exceptions import ResponseError
+from helpers import RequestManager
+
+
+class GitHubOAuthClient(RequestManager):
+    """
+    Class responsible for authorization with GitHub.
+    """
+
+    def get_access_token(self, client_data: ClientData):
+        """
+        Requests user with specified ClientData.client_id to enter the verification code, and then
+        responds with GitHub access token.
+        """
+        device_code = self._get_device_verification_code(client_data)
+        return self._request_github_for_access_token(device_code, client_data)
+
+    def _get_device_verification_code(self, client_data: ClientData) -> str:
+        """
+        Send the request for verification codes, parse the response and return device code.
+
+        Returns:
+            Device code which is needed later to obtain the access code.
+        """
+        resp = GitHubOAuthClient.send_request(
+            method="POST",
+            url=f"{GITHUB_BASE_LOGIN_URL}{GITHUB_VERIFICATION_CODES_ENDPOINT}",
+            params={"client_id": client_data.client_id},
+            headers=HEADERS,
+        )
+        verification_codes_response = self._handle_github_response(
+            resp, VerificationCodesResponseModel
+        )
+        print(
+            f"User verification code: {verification_codes_response.user_code}, "
+            f"please enter the code here: {verification_codes_response.verification_uri} and"
+            f"hit enter when you are done with authentication on the website"
+        )
+        input()
+
+        return verification_codes_response.device_code
+
+    def _request_github_for_access_token(
+        self, device_code: str, client_data: ClientData
+    ) -> str:
+        """
+        Send the request for access token, parse the response and return access token.
+
+        Args:
+            device_code: Device code from verification codes request.
+
+        Returns:
+            Access token.
+        """
+        response = GitHubOAuthClient.send_request(
+            method="POST",
+            url=f"{GITHUB_BASE_LOGIN_URL}{GITHUB_OAUTH_ENDPOINT}",
+            params={
+                "client_id": client_data.client_id,
+                "device_code": device_code,
+                "grant_type": GRANT_TYPE,
+            },
+            headers=HEADERS,
+        )
+        return self._handle_github_response(
+            response, AccessTokenResponseModel
+        ).access_token
+
+    @staticmethod
+    def _handle_github_response(response: requests.Response, model: Type[BaseModel]):
+        """
+        Decode the response from GitHub and pack the returned data into appropriate model.
+
+        Args:
+            response: Response from GitHub.
+            model: Model that the data will be packed to.
+
+        Returns:
+            Response data as an instance of correct model.
+        """
+        try:
+            content = json.loads(GitHubOAuthClient.decode_response(response))
+        except json.JSONDecodeError:
+            raise ResponseError("Something went wrong with GitHub response")
+
+        try:
+            return model(**content)
+        except ValidationError:
+            raise ErrorHandler.parse_github_response_error(content) or ResponseError()

github_oauth_client/github_oauth_client.py

@@ -0,0 +1,16 @@
+from typing import Optional
+from pydantic import BaseModel
+
+
+class VerificationCodesResponseModel(BaseModel):
+    device_code: str
+    user_code: str
+    verification_uri: str
+    expires_in: Optional[int]
+    interval: Optional[int]
+
+
+class AccessTokenResponseModel(BaseModel):
+    access_token: str
+    scope: Optional[str]
+    token_type: Optional[str]

github_oauth_client/models.py

@@ -0,0 +1,43 @@
+import json
+from typing import Optional
+
+import requests
+
+from error_handling.exceptions import ResponseError
+from github_oauth_client.constants import ENCODING
+
+
+class RequestManager:
+    @staticmethod
+    def send_request(
+        method: str,
+        url: str,
+        headers: Optional[dict] = None,
+        cookies: Optional[dict] = None,
+        params: Optional[dict] = None,
+    ) -> requests.Response:
+        return requests.request(
+            method=method,
+            url=url,
+            verify=False,
+            cookies=cookies,
+            headers=headers,
+            params=params,
+        )
+
+    @staticmethod
+    def decode_response(response: requests.Response) -> str:
+        """
+        Decode the response from GitHub and pack the returned data into appropriate model.
+
+        Args:
+            response: Response from GitHub.
+            model: Model that the data will be packed to.
+
+        Returns:
+            Response data as an instance of correct model.
+        """
+        try:
+            return response.content.decode(ENCODING)
+        except json.JSONDecodeError:
+            raise ResponseError()

helpers.py

@@ -1,8 +1,5 @@
-from .pephubclient import PEPHubClient
-
-
 __app_name__ = "pephubclient"
 __version__ = "0.1.0"
 
 
-__all__ = ["PEPHubClient", "__app_name__", "__version__"]
+__all__ = ["__app_name__", "__version__"]

pephubclient/__init__.py

@@ -1,4 +1,4 @@
-from pephubclient.cli import app, __app_name__
+from pephubclient.cli import __app_name__, app
 
 
 def main():

pephubclient/__main__.py

@@ -1,20 +1,32 @@
 import typer
-
+from github_oauth_client.github_oauth_client import GitHubOAuthClient
 from pephubclient import __app_name__, __version__
 from pephubclient.pephubclient import PEPHubClient
+from pephubclient.models import ClientData
+
+
+GITHUB_CLIENT_ID = "20a452cc59b908235e50"
+
 
 pep_hub_client = PEPHubClient()
+github_client = GitHubOAuthClient()
 app = typer.Typer()
+client_data = ClientData(client_id=GITHUB_CLIENT_ID)
 
 
 @app.command()
-def pull(project_query_string: str):
-    pep_hub_client.save_pep_locally(project_query_string)
+def login():
+    pep_hub_client.login(client_data)
 
 
 @app.command()
-def login():
-    print("Logging in...")
+def logout():
+    pep_hub_client.logout()
+
+
+@app.command()
+def pull(project_query_string: str):
+    pep_hub_client.pull(project_query_string)
 
 
 @app.command()

pephubclient/cli.py

@@ -1,8 +1,13 @@
 from typing import Optional
+
 from pydantic import BaseModel
 
-PEPHUB_BASE_URL = "https://pephub.databio.org/pep/"
-DEFAULT_FILENAME = "pep_project.csv"
+# PEPHUB_BASE_URL = "https://pephub.databio.org/"
+# PEPHUB_PEP_API_BASE_URL = "https://pephub.databio.org/pep/"
+# PEPHUB_LOGIN_URL = "https://pephub.databio.org/auth/login"
+PEPHUB_BASE_URL = "http://0.0.0.0:8000/"
+PEPHUB_PEP_API_BASE_URL = "http://0.0.0.0:8000/pep/"
+PEPHUB_LOGIN_URL = "http://127.0.0.1:8000/auth/login"
 
 
 class RegistryPath(BaseModel):