diff --git a/internimsclient.py b/internimsclient.py
index 2503b0678cf288d54dca31b92deb2f00878d6c1d..b3424ba96de5981817b43cffe822e0aaa036e578 100644
--- a/internimsclient.py
+++ b/internimsclient.py
@@ -44,10 +44,10 @@ def update(db, api_uri, site_id, privkey, internims_url):
new_remotes = response['users']
log.debug('users w/ remotes: ' + str(new_remotes))
for user in response['users']:
- db.users.update({'oa2_id': user}, {'$set': {'remotes': new_remotes.get(user, [])}})
+ db.users.update({'user_id': user}, {'$set': {'remotes': new_remotes.get(user, [])}})
# cannot use new_remotes.viewkeys(). leads to 'bson.errors.InvalidDocument: Cannot encode object: dict_keys([])'
- db.users.update({'remotes': {'$exists':True}, 'oa2_id': {'$nin': new_remotes.keys()}}, {'$unset': {'remotes': ''}}, multi=True)
+ db.users.update({'remotes': {'$exists':True}, 'user_id': {'$nin': new_remotes.keys()}}, {'$unset': {'remotes': ''}}, multi=True)
else:
log.warning((r.status_code, r.reason))
diff --git a/nimsapi.py b/nimsapi.py
index 8399add3405a6d8f7408609250c562c9ff3293ac..a7298c6ade4be88baba57bc661f83dadf382e8ef 100755
--- a/nimsapi.py
+++ b/nimsapi.py
@@ -43,7 +43,7 @@ class NIMSAPI(nimsapiutil.NIMSRequestHandler):
nimsapi/remotes | list of remote instances
[(nimsapi/log)] | list of uwsgi log messages
[(nimsapi/users)] | list of users
- (nimsapi/users/current) | details for currently logged in user
+ nimsapi/users/current | details for currently logged in user
[(nimsapi/users/count)] | count of users
[(nimsapi/users/listschema)] | schema for user list
[(nimsapi/users/schema)] | schema for single user
@@ -132,7 +132,7 @@ class NIMSAPI(nimsapiutil.NIMSRequestHandler):
def remotes(self):
"""Return the list of remotes where user has membership"""
remotes = [remote['_id'] for remote in list(self.app.db.remotes.find({}, []))]
- self.response.write(json.dumps(remotes))
+ self.response.write(json.dumps(remotes, default=bson.json_util.default))
def log(self):
"""Return logs"""
@@ -212,7 +212,8 @@ class Users(nimsapiutil.NIMSRequestHandler):
def current(self):
"""Return the current User."""
- self.response.write(json.dumps(self.user))
+ # FIXME: trim this down to not use the self.user object, and only send relevant info
+ self.response.write(json.dumps(self.user, default=bson.json_util.default))
def post(self):
"""Create a new User"""
@@ -272,12 +273,12 @@ class User(nimsapiutil.NIMSRequestHandler):
def get(self, uid):
"""Return User details."""
- user = self.app.db.users.find_one({'oa2_id': uid})
+ user = self.app.db.users.find_one({'user_info': uid})
self.response.write(json.dumps(user, default=bson.json_util.default))
def put(self, uid):
"""Update an existing User."""
- user = self.app.db.users.find_one({'oa2_id': uid})
+ user = self.app.db.users.find_one({'user_info': uid})
if not user:
self.abort(404)
if uid == self.userid or self.user_is_superuser: # users can only update their own info
@@ -292,7 +293,7 @@ class User(nimsapiutil.NIMSRequestHandler):
updates['$set'][k] = False # superuser is tri-state: False indicates granted, but disabled, superuser privileges
elif v.lower() not in ('1', 'true'):
updates['$unset'][k] = ''
- self.app.db.users.update({'oa2_id': uid}, updates)
+ self.app.db.users.update({'user_info': uid}, updates)
else:
self.abort(403)
@@ -463,6 +464,7 @@ if __name__ == '__main__':
arg_parser.add_argument('--stage_path', help='path to staging area')
arg_parser.add_argument('--ssl_key', help='path to private SSL key file')
arg_parser.add_argument('--site_id', help='InterNIMS site ID')
+ arg_parser.add_argument('--oauth2_id_endpoint', help='OAuth2 provider ID endpoint')
args = arg_parser.parse_args()
config = ConfigParser.ConfigParser({'here': os.path.dirname(os.path.abspath(args.config_file))})
@@ -483,7 +485,8 @@ if __name__ == '__main__':
app.config['site_id'] = args.site_id or 'local'
app.config['stage_path'] = args.stage_path or config.get('nims', 'stage_path')
-
+ app.config['oauth2_id_endpoint'] = args.oauth2_id_endpoint or config.get('oauth2', 'id_endpoint')
+ log.debug(app.config['oauth2_id_endpoint'])
db_uri = args.db_uri or config.get('nims', 'db_uri')
app.db = (pymongo.MongoReplicaSetClient(db_uri) if 'replicaSet' in db_uri else pymongo.MongoClient(db_uri)).get_default_database()
diff --git a/nimsapi.wsgi b/nimsapi.wsgi
index 6915565d9d991ba29da9f61c2ded9d5f7f398cbd..8322407110c412eddcb047f2b1efc584c078352b 100644
--- a/nimsapi.wsgi
+++ b/nimsapi.wsgi
@@ -50,6 +50,7 @@ application = nimsapi.app
application.config['stage_path'] = config.get('nims', 'stage_path')
application.config['site_id'] = site_id
application.config['ssl_key'] = privkey
+application.config['oauth2_id_endpoint'] = config.get('oauth2', 'id_endpoint')
# connect to db
db_uri = config.get('nims', 'db_uri')
diff --git a/nimsapiutil.py b/nimsapiutil.py
index 4e1ec8acec7470635bcb4b6ea62370e2c041c9a7..ce5a64e10d55af22cbc5753420e679c6e2d0af5c 100644
--- a/nimsapiutil.py
+++ b/nimsapiutil.py
@@ -55,27 +55,29 @@ class NIMSRequestHandler(webapp2.RequestHandler):
log.debug('accesstoken: ' + str(self.access_token))
self.userid = '@public' # @public is default user
+ # self.user_is_superuser = None
# check for user as url encoded param
if self.request.remote_user:
self.userid = self.request.remote_user
# handle access token
- if self.access_token:
+ if self.access_token and self.app.config['oauth2_id_endpoint']:
r = requests.request(method='GET',
- url='https://www.googleapis.com/plus/v1/people/me/openIdConnect',
- params={'access_token': self.access_token})
+ url = self.app.config['oauth2_id_endpoint'],
+ headers={'Authorization': 'Bearer ' + self.access_token})
if r.status_code == 200:
# TODO: reduce to minimum needed to match
user_profile = json.loads(r.content)
- # FIXME: lookup should be on oauth_id
- self.user = self.app.db.users.find_one({'firstname': user_profile['given_name'], 'lastname': user_profile['family_name']})
- self.userid = self.user['_id']
+ # FIXME: lookup should be on user_id
+ self.user = self.app.db.users.find_one({'user_id': user_profile['email']})
+ # self.user_is_superuser = self.user.get('superuser', None)
+ self.userid = self.user['user_id']
log.debug('oauth user: ' + user_profile['email'])
else:
#TODO: add handlers for bad tokens.
log.debug('ERR: ' + str(r.status_code) + ' bad token')
- self.user = self.app.db.users.find_one({'oa2_id': self.userid})
- self.user_is_superuser = self.user.get('superuser', None)
- log.debug(self.user)
+ # self.user = self.app.db.users.find_one({'user_info': self.user_info})
+ self.user = self.app.db.users.find_one({'user_id': self.userid})
+ self.user_is_superuser = self.user.get('superuser', None) if self.user else False
# p2p request
self.target_id = self.request.get('iid', None)
@@ -143,6 +145,10 @@ class NIMSRequestHandler(webapp2.RequestHandler):
except KeyError as e:
pass # not all requests will have access_token
+ # build up a description of request to sign
+ # msg = self.request.method + self.request.path + str(self.request.params) + str(self.request.headers) + self.request.body
+ # log.debug(msg)
+
# create a signature of the incoming request payload
h = Crypto.Hash.SHA.new(reqpayload)
signature = Crypto.Signature.PKCS1_v1_5.new(self.ssl_key).sign(h)
@@ -153,7 +159,7 @@ class NIMSRequestHandler(webapp2.RequestHandler):
r = requests.request(method=self.request.method, data=reqpayload, url=target_api, params=reqparams, headers=reqheaders, verify=False)
# return response content
- # TODO: headers
+ # TODO: think about: are the headers even useful?
self.response.write(r.content)
elif self.ssl_key is None or self.site_id is None: