[zh2311] Remove auth (#2427)

* remove auth

* Remove all auth code

zh2311

* lint

* remove auth from e2e tests conf

.github/workflows/compatibility_tests.yml

@@ -9,7 +9,6 @@ on:
 
 env:
   JEST_ENV: prod
-  CXG_AUTH_TYPE: none
 
 jobs:
   docker-build:

backend/common/errors.py

@@ -41,9 +41,6 @@ def define_request_exception(name, doc, default_status_code=HTTPStatus.BAD_REQUE
 )
 define_request_exception("ExceedsLimitError", "Raised when an HTTP request exceeds a limit/quota")
 define_request_exception("ColorFormatException", "Raised when color helper functions encounter an unknown color format")
-define_request_exception(
-    "AuthenticationError", "Raised when there is an authentication error", default_status_code=HTTPStatus.UNAUTHORIZED
-)
 
 define_request_exception(
     "AnnotationCategoryNameError",

backend/server/Makefile

@@ -9,7 +9,7 @@ clean:
 .PHONY: unit-test
 unit-test:
 	PYTHONWARNINGS=ignore:ResourceWarning coverage run \
-		--source=app,auth,cli,common,compute,converters,data_anndata,data_common \
+		--source=app,cli,common,compute,converters,data_anndata,data_common \
 		--omit=.coverage,venv \
 		-m unittest discover \
 		--start-directory ../test/test_server/unit \

backend/server/app/app.py

@@ -1,7 +1,6 @@
 import datetime
 import logging
 from functools import wraps
-from http import HTTPStatus
 
 from flask import (
     Flask,
@@ -81,18 +80,6 @@ def handle_request_exception(error):
     return common_rest.abort_and_log(error.status_code, error.message, loglevel=logging.INFO, include_exc_info=True)
 
 
-def requires_authentication(func):
-    @wraps(func)
-    def wrapped_function(self, *args, **kwargs):
-        auth = current_app.auth
-        if auth.is_user_authenticated():
-            return func(self, *args, **kwargs)
-        else:
-            return make_response("not authenticated", HTTPStatus.UNAUTHORIZED)
-
-    return wrapped_function
-
-
 def rest_get_data_adaptor(func):
     @wraps(func)
     def wrapped_function(self):
@@ -128,20 +115,12 @@ def get(self, data_adaptor):
         return common_rest.config_get(current_app.app_config, data_adaptor)
 
 
-class UserInfoAPI(Resource):
-    @cache_control_always(no_store=True)
-    @rest_get_data_adaptor
-    def get(self, data_adaptor):
-        return common_rest.userinfo_get(current_app.app_config, data_adaptor)
-
-
 class AnnotationsObsAPI(Resource):
     @cache_control(public=True, max_age=ONE_WEEK)
     @rest_get_data_adaptor
     def get(self, data_adaptor):
         return common_rest.annotations_obs_get(request, data_adaptor)
 
-    @requires_authentication
     @cache_control(no_store=True)
     @rest_get_data_adaptor
     def put(self, data_adaptor):
@@ -194,7 +173,6 @@ class GenesetsAPI(Resource):
     def get(self, data_adaptor):
         return common_rest.genesets_get(request, data_adaptor)
 
-    @requires_authentication
     @cache_control(no_store=True)
     @rest_get_data_adaptor
     def put(self, data_adaptor):
@@ -233,7 +211,6 @@ def add_resource(resource, url):
     # Initialization routes
     add_resource(SchemaAPI, "/schema")
     add_resource(ConfigAPI, "/config")
-    add_resource(UserInfoAPI, "/userinfo")
     # Data routes
     add_resource(AnnotationsObsAPI, "/annotations/obs")
     add_resource(AnnotationsVarAPI, "/annotations/var")
@@ -288,9 +265,3 @@ def __init__(self, app_config):
 
         self.app.data_adaptor = server_config.data_adaptor
         self.app.app_config = app_config
-
-        auth = server_config.auth
-        self.app.auth = auth
-        if auth.requires_client_login():
-            auth.add_url_rules(self.app)
-        auth.complete_setup(self.app)

backend/server/app/session.py

@@ -0,0 +1,13 @@
+from uuid import uuid4
+
+from flask.sessions import SessionMixin
+
+CXGUID = "cxguid"
+
+
+def get_user_id(session: SessionMixin) -> str:
+    """ Gets a session-persistent user id. Creates one in the Flask session if non-extant """
+    if CXGUID not in session:
+        session[CXGUID] = uuid4().hex
+        session.permanent = True
+    return session[CXGUID]