-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(PXP-7166): use ras validation endpoint to validate passports #849
Conversation
The style in this PR agrees with This formatting comment was generated automatically by a script in uc-cdis/wool. |
Pull Request Test Coverage Report for Build 10121
💛 - Coveralls |
…nce into feat/add_ras_validation_endpt
""" | ||
Validate passport with RAS's validation endpoint. | ||
TODO: Remove this once we can locally validate passports | ||
NOTE: RAS has an option to query a single visa with the /passport/validate?visa= but not using these since we hit the limit for an http header pretty quick |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NOTE: RAS has an option to query a single visa with the /passport/validate?visa= but not using these since we hit the limit for an http header pretty quick | |
NOTE: RAS has an option to validate a single visa using "/passport/validate?visa=". Not using this since visas are too large (we hit the http header limit) |
""" | ||
Validate passport with RAS's validation endpoint. | ||
TODO: Remove this once we can locally validate passports | ||
NOTE: RAS has an option to query a single visa with the /passport/validate?visa= but not using these since we hit the limit for an http header pretty quick |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and can you mention why we would want to validate a single visa in the first place
@@ -93,7 +110,16 @@ def get_user_id(self, code): | |||
self.logger.info("Using {} field as username.".format(field_name)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
self.logger.info("Using {} field as username.".format(field_name)) | |
self.logger.debug("Using {} field as username.".format(field_name)) |
flask.g.userinfo = userinfo | ||
flask.g.userinfo = {} | ||
if validation == "Valid": | ||
self.logger.info("Passport validated") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
self.logger.info("Passport validated") | |
self.logger.debug("Passport validated") |
|
||
token = self.get_token(token_endpoint, code) | ||
keys = self.get_jwt_keys(jwks_endpoint) | ||
userinfo = self.get_userinfo(token, userinfo_endpoint) | ||
|
||
validation = self.validate_passport(validation_endpoint, userinfo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this probably slows down the login flow, do we really need to validate a passport freshly obtained from RAS' userinfo endpoint?
encoded_visas = ( | ||
userinfo.get("ga4gh_passport_v1", []) if validation == "Valid" else [] | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this 🗑️
If the passport is not valid then don't add it to the database.
New Features
/passport/validation
endpoint.