Commit 85c8344d authored by Barbora Kompišová's avatar Barbora Kompišová
Browse files

GitLab token validation

parent 31575502
......@@ -20,6 +20,7 @@ flask-cors = "*"
flask-emails = "*"
pytz = "*"
flask-migrate = "*"
python-gitlab = "*"
pytest-cov = "*"
......@@ -5,8 +5,8 @@ from flask_oauthlib.client import OAuth, OAuthRemoteApp
from typing import Union
from portal import oauth
from portal.database.models import User
from portal.service import general
from portal.service.users import create_user
log = logging.getLogger(__name__)
......@@ -61,15 +61,12 @@ def oauth_login():
def user_oauth_register(user_info):
# TODO: Call create_user
new_user = User(
new_user = create_user(
) = user_info['name']
log.debug(f"Created user={new_user}")
return new_user
......@@ -120,7 +120,7 @@ class UserList(Resource):
raise ForbiddenError(
data = rest_helpers.parse_request_data(user_schema, action='create', resource='user')
new_user = create_user(data)
new_user = create_user(**data)
return user_schema.dump(new_user)[0], 201
from flask_jwt_extended import get_jwt_identity, get_jwt_claims
from typing import Union
from portal import gitlab_factory
from portal.database.models import User, Component
from portal.service.errors import UnauthorizedError, PortalAPIError, IncorrectCredentialsError
from portal.service.errors import UnauthorizedError, PortalAPIError, IncorrectCredentialsError, \
from portal.service.general import find_component, find_user
......@@ -23,7 +25,7 @@ def login_user(gitlab_access_token: str = None, password: str = None, username:
return auth_gitlab_access_token(
return auth_username_password(username=username, password=password)
......@@ -39,13 +41,32 @@ def auth_gitlab_access_token(username: str, gitlab_access_token: str) -> User:
if gitlab_access_token is None:
raise PortalAPIError(400, 'No gitlab access token found.')
# TODO: validate gitlab token
validate_gitlab_token(gitlab_access_token, username=username)
user = find_user(username, throws=False)
if user is None:
raise IncorrectCredentialsError()
raise InvalidGitlabAccessTokenError()
return user
def validate_gitlab_token(token: str, username: str, throws: bool = True):
"""Validates gitlab access token using the gitlab client
token(str): Gitlab access token
username(str): Username
throws(bool): Throws an exception if the token is not valid
client = gitlab_factory.instance(oauth_token=token)
user = client.user
if user.username != username:
if throws:
raise InvalidGitlabAccessTokenError()
return False
return True
def auth_username_password(username: str, password: str) -> User:
"""Authorizes the user using username and password
import json
class PortalError(RuntimeError):
class PortalError(Exception):
"""Base exception class
......@@ -84,6 +84,11 @@ class IncorrectCredentialsError(UnauthorizedError):
super().__init__(note="Incorrect username or password.")
class InvalidGitlabAccessTokenError(UnauthorizedError):
def __init__(self):
super().__init__(note='Invalid Gitlab Access token.')
class ValidationError(PortalAPIError): # currently not used
def __init__(self, schema, data, failures: list):
message = dict(
import gitlab
from flask import Flask
class GitlabFactory(object):
"""Gitlab client wrapper for flask
def __init__(self, app: Flask=None):
"""Creates instance of the Gitlab Client Factory
app(Flask): Flask application Optional argument
""" Flask = app
def init_app(self, app: Flask):
"""Initializes the client with a flask application
app(Flask): Flask application
""" = app
def instance(self, *args, **kwargs) -> gitlab.Gitlab:
"""Creates instance of the Gitlab client
Returns(gitlab.Gitlab): Gitlab client instance
return gitlab.Gitlab('GITLAB_URL'), *args, **kwargs)
......@@ -6,7 +6,7 @@ BIND="${ADDRESS}:${PORT}"
export FLASK_APP="app:setup_application()"
export FLASK_APP="app:app"
gunicorn --workers ${WORKERS} --bind "${BIND}" "${FLASK_APP}"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment