(PXP-7166): use ras validation endpoint to validate passports #849
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The style in this PR agrees with This formatting comment was generated automatically by a script in uc-cdis/wool. |
Pull Request Test Coverage Report for Build 10121
💛 - Coveralls |
…nce into feat/add_ras_validation_endpt
| """ | ||
| Validate passport with RAS's validation endpoint. | ||
| TODO: Remove this once we can locally validate passports | ||
| NOTE: RAS has an option to query a single visa with the /passport/validate?visa= but not using these since we hit the limit for an http header pretty quick |
There was a problem hiding this comment.
Suggested change
| NOTE: RAS has an option to query a single visa with the /passport/validate?visa= but not using these since we hit the limit for an http header pretty quick | |
| NOTE: RAS has an option to validate a single visa using "/passport/validate?visa=". Not using this since visas are too large (we hit the http header limit) |
| """ | ||
| Validate passport with RAS's validation endpoint. | ||
| TODO: Remove this once we can locally validate passports | ||
| NOTE: RAS has an option to query a single visa with the /passport/validate?visa= but not using these since we hit the limit for an http header pretty quick |
There was a problem hiding this comment.
and can you mention why we would want to validate a single visa in the first place
| @@ -93,7 +110,16 @@ def get_user_id(self, code): | |||
| self.logger.info("Using {} field as username.".format(field_name)) | |||
There was a problem hiding this comment.
Suggested change
| self.logger.info("Using {} field as username.".format(field_name)) | |
| self.logger.debug("Using {} field as username.".format(field_name)) |
| flask.g.userinfo = userinfo | ||
| flask.g.userinfo = {} | ||
| if validation == "Valid": | ||
| self.logger.info("Passport validated") |
There was a problem hiding this comment.
Suggested change
| self.logger.info("Passport validated") | |
| self.logger.debug("Passport validated") |
|
|
||
| token = self.get_token(token_endpoint, code) | ||
| keys = self.get_jwt_keys(jwks_endpoint) | ||
| userinfo = self.get_userinfo(token, userinfo_endpoint) | ||
|
|
||
| validation = self.validate_passport(validation_endpoint, userinfo) |
There was a problem hiding this comment.
this probably slows down the login flow, do we really need to validate a passport freshly obtained from RAS' userinfo endpoint?
Comment on lines
+158
to
+160
| encoded_visas = ( | ||
| userinfo.get("ga4gh_passport_v1", []) if validation == "Valid" else [] | ||
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If the passport is not valid then don't add it to the database.
New Features
/passport/validationendpoint.