auth: use invenio session cookie to retrieve user

Addresses reanahub#153 Signed-off-by: Leticia Farias Wanderley <leticia.farias.wanderley@cern.ch>
leticiawanderley · Jul 26, 2019 · 720ee5b · 720ee5b
1 parent 683c4f7
commit 720ee5b
Show file tree

Hide file tree

Showing 7 changed files with 534 additions and 401 deletions.
diff --git a/reana_server/rest/ping.py b/reana_server/rest/ping.py
@@ -10,7 +10,7 @@
 
 from flask import Blueprint, jsonify
 
-blueprint = Blueprint('ping', __name__)
+blueprint = Blueprint('ping', __name__, url_prefix='/reana-api')
 
 
 @blueprint.route('/ping', methods=['GET'])

diff --git a/reana_server/rest/secrets.py b/reana_server/rest/secrets.py
@@ -14,16 +14,19 @@
 
 from bravado.exception import HTTPError
 from flask import Blueprint, jsonify, request
+from flask_login import current_user, login_required
 
 from reana_commons.errors import (REANASecretAlreadyExists,
                                   REANASecretDoesNotExist)
 from reana_commons.k8s.secrets import REANAUserSecretsStore
-from reana_server.utils import get_user_from_token
+from reana_server.utils import get_user_from_token, \
+    _get_user_from_invenio_user
 
-blueprint = Blueprint('secrets', __name__)
+blueprint = Blueprint('secrets', __name__, url_prefix='/reana-api')
 
 
 @blueprint.route('/secrets/', methods=['POST'])
+@login_required
 def add_secrets():  # noqa
     r"""Endpoint to create user secrets.
 
@@ -38,8 +41,8 @@ def add_secrets():  # noqa
       parameters:
         - name: access_token
           in: query
-          description: Required. Secrets owner access token.
-          required: true
+          description: Secrets owner access token.
+          required: false
           type: string
         - name: overwrite
           in: query
@@ -112,7 +115,10 @@ def add_secrets():  # noqa
               }
     """
     try:
-        user = get_user_from_token(request.args.get("access_token"))
+        if current_user.is_authenticated:
+            user = _get_user_from_invenio_user(current_user.email)
+        else:
+            user = get_user_from_token(request.args.get('access_token'))
         secrets_store = REANAUserSecretsStore(str(user.id_))
         overwrite = json.loads(request.args.get('overwrite'))
         secrets_store.add_secrets(request.json, overwrite=overwrite)
@@ -127,6 +133,7 @@ def add_secrets():  # noqa
 
 
 @blueprint.route('/secrets', methods=['GET'])
+@login_required
 def get_secrets():  # noqa
     r"""Endpoint to retrieve user secrets.
 
@@ -141,8 +148,8 @@ def get_secrets():  # noqa
       parameters:
         - name: access_token
           in: query
-          description: Required. Secrets owner access token.
-          required: true
+          description: Secrets owner access token.
+          required: false
           type: string
       responses:
         200:
@@ -194,7 +201,10 @@ def get_secrets():  # noqa
               }
     """
     try:
-        user = get_user_from_token(request.args.get("access_token"))
+        if current_user.is_authenticated:
+            user = _get_user_from_invenio_user(current_user.email)
+        else:
+            user = get_user_from_token(request.args.get('access_token'))
         secrets_store = REANAUserSecretsStore(str(user.id_))
         user_secrets = secrets_store.get_secrets()
         return jsonify(user_secrets), 200
@@ -206,6 +216,7 @@ def get_secrets():  # noqa
 
 
 @blueprint.route('/secrets/', methods=['DELETE'])
+@login_required
 def delete_secrets():  # noqa
     r"""Endpoint to delete user secrets.
 
@@ -220,8 +231,8 @@ def delete_secrets():  # noqa
       parameters:
         - name: access_token
           in: query
-          description: Required. API key of the admin.
-          required: true
+          description: API key of the admin.
+          required: false
           type: string
         - name: secrets
           in: body
@@ -283,7 +294,10 @@ def delete_secrets():  # noqa
               }
     """
     try:
-        user = get_user_from_token(request.args.get("access_token"))
+        if current_user.is_authenticated:
+            user = _get_user_from_invenio_user(current_user.email)
+        else:
+            user = get_user_from_token(request.args.get('access_token'))
         secrets_store = REANAUserSecretsStore(str(user.id_))
         deleted_secrets_list = secrets_store.delete_secrets(request.json)
         return jsonify(deleted_secrets_list), 200

diff --git a/reana_server/rest/users.py b/reana_server/rest/users.py
@@ -15,7 +15,7 @@
 
 from reana_server.utils import _create_user, _get_users
 
-blueprint = Blueprint('users', __name__)
+blueprint = Blueprint('users', __name__, url_prefix='/reana-api')
 
 
 @blueprint.route('/users', methods=['GET'])