Merge branch 'develop' into feature/internal_endpoint_user

README.md

@@ -162,6 +162,8 @@ You can set environment variables in your OS, write on ```.env``` file or pass v
 | OIDC_RP_SCOPES | ```string``` | ```openid email``` | The OpenID Connect scopes to request during login.
 | CONNECT_GRPC_SERVER_URL | ```string``` | ```localhost:8002``` | Define grpc connect server url
 | CONNECT_CERTIFICATE_GRPC_CRT | ```string``` | ```None``` | Absolute certificate path for secure grpc communication
+| CONNECT_API_URL | ```string``` | ```None``` | Connect module api url
+| USE_GRPC | ```bool``` | ```False``` | Use connect gRPC clients
 | RECAPTCHA_SECRET_KEY | ```string``` | ```''``` | Token of the recaptcha used in the validation of a user's registration.
 | REPOSITORY_NLP_LOG_LIMIT | ```int``` | ```10000``` | Limit of query size to repository log.
 | REPOSITORY_RESTRICT_ACCESS_NLP_LOGS | ```list``` | ```[]``` | Restricts log access to a particular or multiple intelligences

bothub/api/v2/internal/connect_rest_client.py

@@ -0,0 +1,82 @@
+import requests
+import json
+from typing import List, Dict
+
+from django.conf import settings
+
+
+class ConnectRESTClient:
+    def __init__(self):
+        self.base_url = settings.CONNECT_API_URL
+        self.headers = {
+            "Content-Type": "application/json; charset: utf-8",
+            "Authorization": self.get_auth_token(),
+        }
+
+    def get_auth_token(self) -> str:
+        request = requests.post(
+            url=settings.OIDC_OP_TOKEN_ENDPOINT,
+            data={
+                "client_id": settings.OIDC_RP_CLIENT_ID,
+                "client_secret": settings.OIDC_RP_CLIENT_SECRET,
+                "grant_type": "client_credentials",
+            },
+        )
+        token = request.json().get("access_token")
+        return f"Bearer {token}"
+
+    def list_classifiers(
+        self, project_uuid: str, user_email: str
+    ) -> List[Dict[str, str]]:
+        request = requests.get(
+            url=f"{self.base_url}/v1/organization/project/list_classifier/",
+            headers=self.headers,
+            params={"project_uuid": project_uuid, "user_email": user_email},
+        )
+
+        return request.json()
+
+    def list_authorizations(self, project_uuid: str, user_email: str) -> List[str]:
+        classifiers = self.list_classifiers(
+            project_uuid=project_uuid, user_email=user_email
+        )
+
+        return [classifier.get("authorization_uuid") for classifier in classifiers]
+
+    def get_authorization_classifier(
+        self, project_uuid: str, authorization_uuid: str, user_email: str
+    ) -> str:
+        """
+        Recives a authorization UUID and returns the respective classifier UUID
+        """
+        classifiers = self.list_classifiers(project_uuid, user_email)
+        classifier = filter(
+            lambda classifier: classifier["authorization_uuid"] == authorization_uuid,
+            classifiers,
+        )
+
+        return classifier.get("uuid")
+
+    def remove_authorization(
+        self, project_uuid: str, authorization_uuid: str, user_email: str
+    ):
+        classifier_uuid = self.get_authorization_classifier(
+            project_uuid,
+            authorization_uuid,
+            user_email,
+        )
+        request = requests.delete(
+            url=f"{self.base_url}/v1/organization/project/destroy_classifier/",
+            headers=self.headers,
+            json=json.dumps({"uuid": classifier_uuid, "user_email": user_email}),
+        )
+
+        return request.json()
+
+    def create_classifier(self, **kwargs):
+        request = requests.post(
+            url=f"{self.base_url}/v1/organization/project/create_classifier/",
+            headers=self.headers,
+            json=json.dumps({**kwargs, "classifier_type": "bothub"}),
+        )
+        return request.json()

bothub/api/v2/repository/views.py

@@ -804,7 +804,7 @@ def list_project_organizatiton(self, request, **kwargs):
             raise ValidationError(_("Need to pass 'project_uuid' in query params"))
 
         task = celery_app.send_task(
-            name="get_project_organization", args=[project_uuid]
+            name="get_project_organization", args=[project_uuid, request.user.email]
         )
         task.wait()
 

bothub/authentication/authorization.py

@@ -1,4 +1,5 @@
 import logging
+import re
 
 from django.utils.translation import ugettext_lazy as _
 from bothub.utils import check_module_permission
@@ -95,6 +96,7 @@ def create_user(self, claims):
         # Override existing create_user method in OIDCAuthenticationBackend
         email = claims.get("email")
         username = self.get_username(claims)[:16]
+        username = re.sub("[^A-Za-z0-9]+", "", username)
         user = self.UserModel.objects.create_user(email, username)
 
         user.name = claims.get("name", "")

bothub/common/tasks.py

@@ -12,7 +12,6 @@
 from django_elasticsearch_dsl.registries import registry
 
 from bothub import translate
-from bothub.api.grpc.connect_grpc_client import ConnectGRPCClient
 from bothub.celery import app
 from bothub.common.models import (
     RepositoryQueueTask,
@@ -40,6 +39,14 @@
 )
 
 
+if settings.USE_GRPC:
+    from bothub.api.grpc.connect_grpc_client import ConnectGRPCClient as ConnectClient
+else:
+    from bothub.api.v2.internal.connect_rest_client import (
+        ConnectRESTClient as ConnectClient,
+    )
+
+
 @app.task(name="es_handle_save")
 def handle_save(pk, app_label, model_name):
     sender = apps.get_model(app_label, model_name)
@@ -544,23 +551,30 @@ def evaluate_crossvalidation(data, authorization_token):  # pragma: no cover
 
 
 @app.task(name="get_project_organization")
-def get_project_organization(project_uuid: str):  # pragma: no cover
-    grpc_client = ConnectGRPCClient()
-    authorizations = grpc_client.list_authorizations(project_uuid=project_uuid)
+def get_project_organization(
+    project_uuid: str, user_email: str = ""
+):  # pragma: no cover
+    grpc_client = ConnectClient()
+    if settings.USE_GRPC:
+        authorizations = grpc_client.list_authorizations(project_uuid=project_uuid)
+    else:
+        authorizations = grpc_client.list_authorizations(
+            project_uuid=project_uuid, user_email=user_email
+        )
     return authorizations
 
 
 @app.task(name="remove_authorizations_project")
 def remove_authorizations_project(
     project_uuid: str, authorizations_uuids: list, user_email: str
 ):
-    grpc_client = ConnectGRPCClient()
+    grpc_client = ConnectClient()
     for authorization_uuid in authorizations_uuids:
         grpc_client.remove_authorization(project_uuid, authorization_uuid, user_email)
 
 
 @app.task(name="create_repository_project")
 def create_repository_project(**kwargs):
-    grpc_client = ConnectGRPCClient()
+    grpc_client = ConnectClient()
     grpc_client.create_classifier(**kwargs)
     return kwargs

bothub/settings.py

@@ -75,6 +75,8 @@
     SECRET_KEY_CHECK_LEGACY_USER=(str, None),
     CONNECT_GRPC_SERVER_URL=(str, "localhost:8002"),
     CONNECT_CERTIFICATE_GRPC_CRT=(str, None),
+    USE_GRPC=(bool, False),
+    CONNECT_API_URL=(str, ""),
     REPOSITORY_RESTRICT_ACCESS_NLP_LOGS=(list, []),
     REPOSITORY_BLOCK_USER_LOGS=(list, []),
     REPOSITORY_KNOWLEDGE_BASE_DESCRIPTION_LIMIT=(int, 450),
@@ -92,6 +94,15 @@
     ELASTICSEARCH_LOGS_DELETE_AGE=(str, "90d"),
     ELASTICSEARCH_LOGS_ROLLOVER_AGE=(str, "1d"),
     ELASTICSEARCH_TIMESTAMP_PIPELINE_FIELD=(str, "created_at"),
+    CSP_DEFAULT_SRC=(tuple, "CSP_DEFAULT_SRC"),
+    CSP_FRAME_ANCESTORS=(tuple, "CSP_FRAME_ANCESTORS"),
+    CSP_FONT_SRC=(tuple, "CSP_FONT_SRC"),
+    CSP_STYLE_SRC=(tuple, "CSP_STYLE_SRC"),
+    CSP_STYLE_SRC_ELEM=(tuple, "CSP_STYLE_SRC_ELEM"),
+    CSP_SCRIPT_SRC=(tuple, "CSP_SCRIPT_SRC"),
+    CSP_SCRIPT_SRC_ELEM=(tuple, "CSP_SCRIPT_SRC_ELEM"),
+    CSP_FRAME_SRC=(tuple, "CSP_FRAME_SRC"),
+    CSP_CONNECT_SRC=(tuple, "CSP_CONNECT_SRC"),
 )
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
@@ -144,12 +155,12 @@
     "whitenoise.middleware.WhiteNoiseMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.locale.LocaleMiddleware",
+    "csp.middleware.CSPMiddleware",
     "corsheaders.middleware.CorsMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "bothub.api.v2.middleware.UserLanguageMiddleware",
 ]
 
@@ -299,6 +310,23 @@
 CSRF_COOKIE_SECURE = env.bool("CSRF_COOKIE_SECURE")
 
 
+# CSP headers
+
+CSP_DEFAULT_SRC = env.tuple("CSP_DEFAULT_SRC", default=("'self'",))
+CSP_FRAME_ANCESTORS = env.tuple("CSP_FRAME_ANCESTORS", default=("'self'", "*.weni.ai"))
+CSP_FONT_SRC = env.tuple("CSP_FONT_SRC", default=CSP_DEFAULT_SRC)
+CSP_STYLE_SRC = env.tuple(
+    "CSP_STYLE_SRC", default=("'self'", "'unsafe-inline'", "'unsafe-eval'")
+)
+CSP_STYLE_SRC_ELEM = env.tuple("CSP_STYLE_SRC_ELEM", default=CSP_STYLE_SRC)
+CSP_SCRIPT_SRC = env.tuple(
+    "CSP_SCRIPT_SRC", default=("'self'", "'unsafe-inline'", "'unsafe-eval'")
+)
+CSP_SCRIPT_SRC_ELEM = env.tuple("CSP_SCRIPT_SRC_ELEM", default=CSP_SCRIPT_SRC)
+CSP_FRAME_SRC = env.tuple("CSP_FRAME_SRC", default=CSP_DEFAULT_SRC)
+CSP_CONNECT_SRC = env.tuple("CSP_CONNECT_SRC", default=CSP_DEFAULT_SRC)
+
+
 # Logging
 
 LOGGING = DEFAULT_LOGGING
@@ -531,6 +559,10 @@
 
 CONNECT_CERTIFICATE_GRPC_CRT = env.str("CONNECT_CERTIFICATE_GRPC_CRT")
 
+USE_GRPC = env.bool("USE_GRPC", default=False)
+
+CONNECT_API_URL = env.str("CONNECT_API_URL", default="https://api.dev.cloud.weni.ai")
+
 # ElasticSearch
 ELASTICSEARCH_DSL = {
     "default": {"hosts": env.str("ELASTICSEARCH_DSL", default="es:9200")}

pyproject.toml

@@ -52,6 +52,7 @@ psycopg2-binary = "~=2.9.1"
 weni-protobuffers = "~=1.2.1"
 black = "21.7b0"
 Pillow = "~=8.4.0"
+django-csp = "^3.7"
 
 [tool.poetry.dev-dependencies]
 flake8 = "~=4.0.0"