GitLab token validation

85c8344d · Barbora Kompišová · 31575502 · 85c8344d · 85c8344d · 85c8344d
Commit 85c8344d authored May 19, 2018 by Barbora Kompišová
--- a/Pipfile
+++ b/Pipfile
@@ -20,6 +20,7 @@ flask-cors = "*"
 flask-emails = "*"
 pytz = "*"
 flask-migrate = "*"
+python-gitlab = "*"

 [dev-packages]
 pytest-cov = "*"

--- a/portal/rest/auth/gitlab.py
+++ b/portal/rest/auth/gitlab.py
@@ -5,8 +5,8 @@ from flask_oauthlib.client import OAuth, OAuthRemoteApp
 from typing import Union

 from portal import oauth
-from portal.database.models import User
 from portal.service import general
+from portal.service.users import create_user

 log = logging.getLogger(__name__)

@@ -61,15 +61,12 @@ def oauth_login():


 def user_oauth_register(user_info):
-    # TODO: Call create_user
-    new_user = User(
+    new_user = create_user(
        uco=None,
-        email=user_info['email'],
        username=user_info['username'],
+        name=user_info['name'],
        is_admin=False
        )
-    new_user.name = user_info['name']
-    general.write_entity(new_user)
    log.debug(f"Created user={new_user}")
    return new_user


--- a/portal/rest/users/users.py
+++ b/portal/rest/users/users.py
@@ -120,7 +120,7 @@ class UserList(Resource):
            raise ForbiddenError(uid=client.id)

        data = rest_helpers.parse_request_data(user_schema, action='create', resource='user')
-        new_user = create_user(data)
+        new_user = create_user(**data)
        return user_schema.dump(new_user)[0], 201



--- a/portal/service/auth.py
+++ b/portal/service/auth.py
 from flask_jwt_extended import get_jwt_identity, get_jwt_claims
 from typing import Union

+from portal import gitlab_factory
 from portal.database.models import User, Component
-from portal.service.errors import UnauthorizedError, PortalAPIError, IncorrectCredentialsError
+from portal.service.errors import UnauthorizedError, PortalAPIError, IncorrectCredentialsError, \
+    InvalidGitlabAccessTokenError
 from portal.service.general import find_component, find_user


@@ -23,7 +25,7 @@ def login_user(gitlab_access_token: str = None, password: str = None, username:
        return auth_gitlab_access_token(
            username=username,
            gitlab_access_token=gitlab_access_token
-        )
+            )

    return auth_username_password(username=username, password=password)

@@ -39,13 +41,32 @@ def auth_gitlab_access_token(username: str, gitlab_access_token: str) -> User:
    """
    if gitlab_access_token is None:
        raise PortalAPIError(400, 'No gitlab access token found.')
-    # TODO: validate gitlab token
+
+    validate_gitlab_token(gitlab_access_token, username=username)
+
    user = find_user(username, throws=False)
    if user is None:
-        raise IncorrectCredentialsError()
+        raise InvalidGitlabAccessTokenError()
    return user


+def validate_gitlab_token(token: str, username: str, throws: bool = True):
+    """Validates gitlab access token using the gitlab client
+    Args:
+        token(str): Gitlab access token
+        username(str): Username
+        throws(bool): Throws an exception if the token is not valid
+    Returns(Bool):
+    """
+    client = gitlab_factory.instance(oauth_token=token)
+    user = client.user
+    if user.username != username:
+        if throws:
+            raise InvalidGitlabAccessTokenError()
+        return False
+    return True
+
+
 def auth_username_password(username: str, password: str) -> User:
    """Authorizes the user using username and password
    Args:

--- a/portal/service/errors.py
+++ b/portal/service/errors.py
 import json


-class PortalError(RuntimeError):
+class PortalError(Exception):
    """Base exception class
    """

@@ -84,6 +84,11 @@ class IncorrectCredentialsError(UnauthorizedError):
        super().__init__(note="Incorrect username or password.")


+class InvalidGitlabAccessTokenError(UnauthorizedError):
+    def __init__(self):
+        super().__init__(note='Invalid Gitlab Access token.')
+
+
 class ValidationError(PortalAPIError):  # currently not used
    def __init__(self, schema, data, failures: list):
        message = dict(

--- a/portal/tools/gitlab_client.py
+++ b/portal/tools/gitlab_client.py
+import gitlab
+from flask import Flask
+
+
+class GitlabFactory(object):
+    """Gitlab client wrapper for flask
+    DOC: http://python-gitlab.readthedocs.io/en/stable/api-usage.html
+    """
+    def __init__(self, app: Flask=None):
+        """Creates instance of the Gitlab Client Factory
+        Args:
+            app(Flask): Flask application Optional argument
+        """
+        self.app: Flask = app
+
+    def init_app(self, app: Flask):
+        """Initializes the client with a flask application
+        Args:
+            app(Flask): Flask application
+        """
+        self.app = app
+
+    def instance(self, *args, **kwargs) -> gitlab.Gitlab:
+        """Creates instance of the Gitlab client
+        Args:
+            *args:
+            **kwargs:
+
+        Returns(gitlab.Gitlab): Gitlab client instance
+        """
+        return gitlab.Gitlab(self.app.config.get('GITLAB_URL'), *args, **kwargs)
--- a/run.sh
+++ b/run.sh
@@ -6,7 +6,7 @@ BIND="${ADDRESS}:${PORT}"

 WORKERS="1"

-export FLASK_APP="app:setup_application()"
+export FLASK_APP="app:app"

 gunicorn --workers ${WORKERS}  --bind "${BIND}" "${FLASK_APP}"