google proxy stuff

uc-cdis · Nov 22, 2021 · dcaf3de · dcaf3de
1 parent d5fd0f2
commit dcaf3de
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 9 deletions.
diff --git a/fence/blueprints/data/indexd.py b/fence/blueprints/data/indexd.py
@@ -5,6 +5,8 @@
 
 from datetime import datetime, timedelta
 
+from sqlalchemy.sql.functions import user
+
 from cached_property import cached_property
 import cirrus
 from cirrus import GoogleCloudManager
@@ -19,6 +21,7 @@
     AccountSasPermissions,
     generate_blob_sas,
 )
+from fence import auth
 
 from fence.auth import (
     get_jwt,
@@ -99,7 +102,6 @@ def get_signed_url_for_file(
     )
 
     prepare_presigned_url_audit_log(requested_protocol, indexed_file)
-
     signed_url = indexed_file.get_signed_url(
         requested_protocol,
         action,
@@ -407,6 +409,7 @@ def get_signed_url(
         file_name=None,
         user_ids_from_passports=None,
     ):
+        authorized_user_id = None
         if self.index_document.get("authz"):
             action_to_permission = {
                 "upload": "write-storage",
@@ -422,6 +425,7 @@ def get_signed_url(
                     f"{action_to_permission[action]} permission "
                     f"on authz resource: {self.index_document['authz']}"
                 )
+            authorized_user_id = authorized_user_id if isinstance(authorized_user_id, str) else None
         else:
             if self.public_acl and action == "upload":
                 raise Unauthorized(
@@ -435,7 +439,6 @@ def get_signed_url(
                 raise Unauthorized(
                     f"You don't have access permission on this file: {self.file_id}"
                 )
-
         if action is not None and action not in SUPPORTED_ACTIONS:
             raise NotSupported("action {} is not supported".format(action))
         return self._get_signed_url(
@@ -517,6 +520,7 @@ def check_authz(self, action, user_ids_from_passports=None):
         )
 
         # handle multiple GA4GH passports as a means of authn/z
+
         if user_ids_from_passports:
             for user_id in user_ids_from_passports:
                 authorized = flask.current_app.arborist.auth_request(
@@ -1458,7 +1462,6 @@ def _get_user_info(sub_type=str, user=None):
     # TODO Update to support POSTed passport
     try:
         if user:
-            print("-------------user true-----------")
             if hasattr(flask.current_app, "db"):
                 with flask.current_app.db.session as session:
                     result = query_for_user(session, user)

diff --git a/fence/resources/google/utils.py b/fence/resources/google/utils.py
@@ -3,6 +3,7 @@
 import os
 from cryptography.fernet import Fernet
 import flask
+from sqlalchemy.sql.functions import user
 from flask_sqlalchemy_session import current_session
 from sqlalchemy import desc, func
 
@@ -525,8 +526,13 @@ def get_or_create_proxy_group_id(expires=None, user_id=None):
     """
     proxy_group_id = _get_proxy_group_id(user_id=user_id)
     if not proxy_group_id:
-        user_id = current_token["sub"]
-        username = current_token.get("context", {}).get("user", {}).get("name", "")
+        if user_id:
+            user = current_session.query(User).filter_by(id=int(user_id)).first()
+            user_id = user_id
+            username = user.username
+        else:
+            user_id = current_token["sub"]
+            username = current_token.get("context", {}).get("user", {}).get("name", "")
         proxy_group_id = _create_proxy_group(user_id, username).id
 
         privileges = current_session.query(AccessPrivilege).filter(
@@ -572,11 +578,7 @@ def _get_proxy_group_id(user_id=None):
         user = (
             current_session.query(User).filter(User.id == user_id).first()
         )
-        print("-----------userid-----------")
-        print(user)
         proxy_group_id = user.google_proxy_group_id
-        print("-----proxy----")
-        print(proxy_group_id)
 
     return proxy_group_id
 
@@ -605,6 +607,10 @@ def _create_proxy_group(user_id, username):
 
     # link proxy group to user
     user = current_session.query(User).filter_by(id=user_id).first()
+    print("----------proxy grou id----------------  ")
+    print(proxy_group)
+    print(proxy_group.id)
+    print(user)
     user.google_proxy_group_id = proxy_group.id
 
     current_session.add(proxy_group)

diff --git a/tests/test_drs.py b/tests/test_drs.py
@@ -391,3 +391,5 @@ def test_get_presigned_url_with_passport_for_non_public_acl(
         data=json.dumps(data),
     )
     assert res.status_code == 200
+
+    flask.current_app.jwt_public_keys = {}