From 1ce9f08e08653a0b201413b3b7a7d6f58f69d36e Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:09:03 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=20web-server:=20Refactor?= =?UTF-8?q?=20`users`=20domain=20=20for=20improved=20layer=20separation=20?= =?UTF-8?q?and=20upgrading=20to=20asyncpg=20(#6937)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/specs/web-server/_users.py | 46 +- .../src/common_library}/dict_tools.py | 26 +- .../src/common_library/users_enums.py | 59 +++ .../tests/test_dict_tools.py} | 41 +- .../common-library/tests/test_users_enums.py | 79 ++++ .../api_schemas_webserver/_base.py | 8 + .../api_schemas_webserver/groups.py | 115 +++-- .../api_schemas_webserver/users.py | 184 +++++++- .../src/models_library/groups.py | 47 +- .../src/models_library/users.py | 76 +++ packages/models-library/tests/test_users.py | 27 ++ .../simcore_postgres_database/models/users.py | 65 +-- .../utils_groups_extra_properties.py | 123 +++-- .../simcore_postgres_database/utils_models.py | 9 +- .../simcore_postgres_database/utils_repos.py | 11 +- .../simcore_postgres_database/utils_users.py | 10 +- .../postgres-database/tests/test_users.py | 79 +--- .../test_utils_groups_extra_properties.py | 136 +++++- .../tests/test_utils_projects.py | 8 +- .../src/pytest_simcore/docker_swarm.py | 10 +- .../simcore_webserver_groups_fixtures.py | 6 +- .../client/source/class/osparc/Application.js | 2 +- .../source/class/osparc/auth/Manager.js | 2 +- .../api/v0/openapi.yaml | 423 +++++++++-------- .../application_settings_utils.py | 10 +- .../exporter/_handlers.py | 2 +- .../garbage_collector/_core_guests.py | 21 +- .../garbage_collector/_core_orphans.py | 2 +- .../garbage_collector/_core_utils.py | 2 +- .../garbage_collector/_tasks_users.py | 6 +- ...fiers_handlers.py => _classifiers_rest.py} | 2 +- ...sifiers_api.py => _classifiers_service.py} | 0 .../{_groups_db.py => _groups_repository.py} | 5 +- .../{_groups_handlers.py => _groups_rest.py} | 24 +- .../{_groups_api.py => _groups_service.py} | 44 +- .../simcore_service_webserver/groups/api.py | 6 +- .../groups/plugin.py | 6 +- .../projects/_crud_api_create.py | 2 +- .../projects/_crud_handlers.py | 3 +- .../projects/_nodes_handlers.py | 2 +- .../projects/_states_handlers.py | 4 +- .../projects/projects_api.py | 39 +- .../studies_dispatcher/_users.py | 55 +-- .../simcore_service_webserver/users/_api.py | 166 ------- .../users/_common/__init__.py | 0 .../users/{_models.py => _common/models.py} | 34 +- .../users/{_schemas.py => _common/schemas.py} | 62 +-- .../users/_constants.py | 7 - .../simcore_service_webserver/users/_db.py | 216 --------- .../users/_handlers.py | 149 ------ ...ons_handlers.py => _notifications_rest.py} | 18 +- ...ences_db.py => _preferences_repository.py} | 0 ...ences_handlers.py => _preferences_rest.py} | 4 +- ...erences_api.py => _preferences_service.py} | 8 +- .../{_tokens_handlers.py => _tokens_rest.py} | 32 +- .../users/{_tokens.py => _tokens_service.py} | 26 +- .../users/_users_repository.py | 441 ++++++++++++++++++ .../users/_users_rest.py | 173 +++++++ .../users/_users_service.py | 344 ++++++++++++++ .../simcore_service_webserver/users/api.py | 405 ++-------------- .../users/exceptions.py | 5 +- .../simcore_service_webserver/users/plugin.py | 15 +- .../users/preferences_api.py | 5 +- .../users/schemas.py | 44 -- services/web/server/tests/conftest.py | 12 +- .../integration/01/test_garbage_collection.py | 13 +- .../web/server/tests/integration/conftest.py | 10 +- services/web/server/tests/unit/conftest.py | 4 +- .../server/tests/unit/isolated/conftest.py | 4 +- .../test_application_settings_utils.py | 6 +- .../isolated/test_garbage_collector_core.py | 4 +- .../tests/unit/isolated/test_users_models.py | 6 +- .../01/groups/test_groups_handlers_crud.py | 6 +- .../01/groups/test_groups_handlers_users.py | 10 +- .../with_dbs/01/test_groups_classifiers.py | 4 +- .../01/test_groups_handlers_classifers.py | 4 +- .../tests/unit/with_dbs/01/test_statics.py | 4 +- .../02/test_projects_crud_handlers.py | 2 +- .../02/test_projects_groups_handlers.py | 1 + .../test_meta_modeling_iterations.py | 4 +- .../tests/unit/with_dbs/03/test_project_db.py | 2 +- .../tests/unit/with_dbs/03/test_session.py | 4 +- .../tests/unit/with_dbs/03/test_users.py | 74 ++- .../with_dbs/03/test_users__notifications.py | 10 +- .../03/test_users__preferences_api.py | 12 +- .../unit/with_dbs/03/test_users__tokens.py | 14 +- .../tests/unit/with_dbs/03/test_users_api.py | 120 ++++- .../test_studies_dispatcher_studies_access.py | 8 +- .../server/tests/unit/with_dbs/conftest.py | 23 +- tests/e2e-playwright/tests/conftest.py | 2 +- .../tests/platform_CI_tests/test_platform.py | 23 +- 91 files changed, 2568 insertions(+), 1799 deletions(-) rename packages/{pytest-simcore/src/pytest_simcore/helpers => common-library/src/common_library}/dict_tools.py (63%) create mode 100644 packages/common-library/src/common_library/users_enums.py rename packages/{pytest-simcore/tests/test_helpers_utils_dict.py => common-library/tests/test_dict_tools.py} (89%) create mode 100644 packages/common-library/tests/test_users_enums.py create mode 100644 packages/models-library/tests/test_users.py rename services/web/server/src/simcore_service_webserver/groups/{_classifiers_handlers.py => _classifiers_rest.py} (97%) rename services/web/server/src/simcore_service_webserver/groups/{_classifiers_api.py => _classifiers_service.py} (100%) rename services/web/server/src/simcore_service_webserver/groups/{_groups_db.py => _groups_repository.py} (99%) rename services/web/server/src/simcore_service_webserver/groups/{_groups_handlers.py => _groups_rest.py} (91%) rename services/web/server/src/simcore_service_webserver/groups/{_groups_api.py => _groups_service.py} (81%) delete mode 100644 services/web/server/src/simcore_service_webserver/users/_api.py create mode 100644 services/web/server/src/simcore_service_webserver/users/_common/__init__.py rename services/web/server/src/simcore_service_webserver/users/{_models.py => _common/models.py} (63%) rename services/web/server/src/simcore_service_webserver/users/{_schemas.py => _common/schemas.py} (62%) delete mode 100644 services/web/server/src/simcore_service_webserver/users/_constants.py delete mode 100644 services/web/server/src/simcore_service_webserver/users/_db.py delete mode 100644 services/web/server/src/simcore_service_webserver/users/_handlers.py rename services/web/server/src/simcore_service_webserver/users/{_notifications_handlers.py => _notifications_rest.py} (91%) rename services/web/server/src/simcore_service_webserver/users/{_preferences_db.py => _preferences_repository.py} (100%) rename services/web/server/src/simcore_service_webserver/users/{_preferences_handlers.py => _preferences_rest.py} (94%) rename services/web/server/src/simcore_service_webserver/users/{_preferences_api.py => _preferences_service.py} (95%) rename services/web/server/src/simcore_service_webserver/users/{_tokens_handlers.py => _tokens_rest.py} (74%) rename services/web/server/src/simcore_service_webserver/users/{_tokens.py => _tokens_service.py} (78%) create mode 100644 services/web/server/src/simcore_service_webserver/users/_users_repository.py create mode 100644 services/web/server/src/simcore_service_webserver/users/_users_rest.py create mode 100644 services/web/server/src/simcore_service_webserver/users/_users_service.py delete mode 100644 services/web/server/src/simcore_service_webserver/users/schemas.py diff --git a/api/specs/web-server/_users.py b/api/specs/web-server/_users.py index cb1904f3bb7..95915497c52 100644 --- a/api/specs/web-server/_users.py +++ b/api/specs/web-server/_users.py @@ -7,27 +7,27 @@ from typing import Annotated from fastapi import APIRouter, Depends, status -from models_library.api_schemas_webserver.users import MyProfileGet, MyProfilePatch +from models_library.api_schemas_webserver.users import ( + MyPermissionGet, + MyProfileGet, + MyProfilePatch, + MyTokenCreate, + MyTokenGet, + UserGet, + UsersSearchQueryParams, +) from models_library.api_schemas_webserver.users_preferences import PatchRequestBody from models_library.generics import Envelope from models_library.user_preferences import PreferenceIdentifier from simcore_service_webserver._meta import API_VTAG -from simcore_service_webserver.users._handlers import PreUserProfile, _SearchQueryParams +from simcore_service_webserver.users._common.schemas import PreRegisteredUserGet from simcore_service_webserver.users._notifications import ( UserNotification, UserNotificationCreate, UserNotificationPatch, ) -from simcore_service_webserver.users._notifications_handlers import ( - _NotificationPathParams, -) -from simcore_service_webserver.users._schemas import UserProfile -from simcore_service_webserver.users._tokens_handlers import _TokenPathParams -from simcore_service_webserver.users.schemas import ( - PermissionGet, - ThirdPartyToken, - TokenCreate, -) +from simcore_service_webserver.users._notifications_rest import _NotificationPathParams +from simcore_service_webserver.users._tokens_rest import _TokenPathParams router = APIRouter(prefix=f"/{API_VTAG}", tags=["user"]) @@ -63,15 +63,15 @@ async def replace_my_profile(_profile: MyProfilePatch): status_code=status.HTTP_204_NO_CONTENT, ) async def set_frontend_preference( - preference_id: PreferenceIdentifier, # noqa: ARG001 - body_item: PatchRequestBody, # noqa: ARG001 + preference_id: PreferenceIdentifier, + body_item: PatchRequestBody, ): ... @router.get( "/me/tokens", - response_model=Envelope[list[ThirdPartyToken]], + response_model=Envelope[list[MyTokenGet]], ) async def list_tokens(): ... @@ -79,16 +79,16 @@ async def list_tokens(): @router.post( "/me/tokens", - response_model=Envelope[ThirdPartyToken], + response_model=Envelope[MyTokenGet], status_code=status.HTTP_201_CREATED, ) -async def create_token(_token: TokenCreate): +async def create_token(_token: MyTokenCreate): ... @router.get( "/me/tokens/{service}", - response_model=Envelope[ThirdPartyToken], + response_model=Envelope[MyTokenGet], ) async def get_token(_params: Annotated[_TokenPathParams, Depends()]): ... @@ -131,7 +131,7 @@ async def mark_notification_as_read( @router.get( "/me/permissions", - response_model=Envelope[list[PermissionGet]], + response_model=Envelope[list[MyPermissionGet]], ) async def list_user_permissions(): ... @@ -139,22 +139,22 @@ async def list_user_permissions(): @router.get( "/users:search", - response_model=Envelope[list[UserProfile]], + response_model=Envelope[list[UserGet]], tags=[ "po", ], ) -async def search_users(_params: Annotated[_SearchQueryParams, Depends()]): +async def search_users(_params: Annotated[UsersSearchQueryParams, Depends()]): # NOTE: see `Search` in `Common Custom Methods` in https://cloud.google.com/apis/design/custom_methods ... @router.post( "/users:pre-register", - response_model=Envelope[UserProfile], + response_model=Envelope[UserGet], tags=[ "po", ], ) -async def pre_register_user(_body: PreUserProfile): +async def pre_register_user(_body: PreRegisteredUserGet): ... diff --git a/packages/pytest-simcore/src/pytest_simcore/helpers/dict_tools.py b/packages/common-library/src/common_library/dict_tools.py similarity index 63% rename from packages/pytest-simcore/src/pytest_simcore/helpers/dict_tools.py rename to packages/common-library/src/common_library/dict_tools.py index b31123d5ff5..43ef7166308 100644 --- a/packages/pytest-simcore/src/pytest_simcore/helpers/dict_tools.py +++ b/packages/common-library/src/common_library/dict_tools.py @@ -1,9 +1,17 @@ -""" Utils to operate with dicts """ +""" A collection of free functions to manipulate dicts +""" -from copy import deepcopy -from typing import Any, Mapping +from collections.abc import Mapping +from copy import copy, deepcopy +from typing import Any -ConfigDict = dict[str, Any] + +def remap_keys(data: dict, rename: dict[str, str]) -> dict[str, Any]: + """A new dict that renames the keys of a dict while keeping the values unchanged + + NOTE: Does not support renaming of nested keys + """ + return {rename.get(k, k): v for k, v in data.items()} def get_from_dict(obj: Mapping[str, Any], dotted_key: str, default=None) -> Any: @@ -28,10 +36,10 @@ def copy_from_dict( # if include is None: - return deepcopy(data) if deep else data.copy() + return deepcopy(data) if deep else copy(data) if include == ...: - return deepcopy(data) if deep else data.copy() + return deepcopy(data) if deep else copy(data) if isinstance(include, set): return {key: data[key] for key in include} @@ -46,7 +54,7 @@ def copy_from_dict( def update_dict(obj: dict, **updates): for key, update_value in updates.items(): - if callable(update_value): - update_value = update_value(obj[key]) - obj.update({key: update_value}) + obj.update( + {key: update_value(obj[key]) if callable(update_value) else update_value} + ) return obj diff --git a/packages/common-library/src/common_library/users_enums.py b/packages/common-library/src/common_library/users_enums.py new file mode 100644 index 00000000000..7ebe4a617e9 --- /dev/null +++ b/packages/common-library/src/common_library/users_enums.py @@ -0,0 +1,59 @@ +from enum import Enum +from functools import total_ordering + +_USER_ROLE_TO_LEVEL = { + "ANONYMOUS": 0, + "GUEST": 10, + "USER": 20, + "TESTER": 30, + "PRODUCT_OWNER": 40, + "ADMIN": 100, +} + + +@total_ordering +class UserRole(Enum): + """SORTED enumeration of user roles + + A role defines a set of privileges the user can perform + Roles are sorted from lower to highest privileges + USER is the role assigned by default A user with a higher/lower role is denoted super/infra user + + ANONYMOUS : The user is not logged in + GUEST : Temporary user with very limited access. Main used for demos and for a limited amount of time + USER : Registered user. Basic permissions to use the platform [default] + TESTER : Upgraded user. First level of super-user with privileges to test the framework. + Can use everything but does not have an effect in other users or actual data + ADMIN : Framework admin. + + See security_access.py + """ + + ANONYMOUS = "ANONYMOUS" + GUEST = "GUEST" + USER = "USER" + TESTER = "TESTER" + PRODUCT_OWNER = "PRODUCT_OWNER" + ADMIN = "ADMIN" + + @property + def privilege_level(self) -> int: + return _USER_ROLE_TO_LEVEL[self.name] + + def __lt__(self, other: "UserRole") -> bool: + if self.__class__ is other.__class__: + return self.privilege_level < other.privilege_level + return NotImplemented + + +class UserStatus(str, Enum): + # This is a transition state. The user is registered but not confirmed. NOTE that state is optional depending on LOGIN_REGISTRATION_CONFIRMATION_REQUIRED + CONFIRMATION_PENDING = "CONFIRMATION_PENDING" + # This user can now operate the platform + ACTIVE = "ACTIVE" + # This user is inactive because it expired after a trial period + EXPIRED = "EXPIRED" + # This user is inactive because he has been a bad boy + BANNED = "BANNED" + # This user is inactive because it was marked for deletion + DELETED = "DELETED" diff --git a/packages/pytest-simcore/tests/test_helpers_utils_dict.py b/packages/common-library/tests/test_dict_tools.py similarity index 89% rename from packages/pytest-simcore/tests/test_helpers_utils_dict.py rename to packages/common-library/tests/test_dict_tools.py index 9fa34442a99..fb374ff1791 100644 --- a/packages/pytest-simcore/tests/test_helpers_utils_dict.py +++ b/packages/common-library/tests/test_dict_tools.py @@ -3,16 +3,19 @@ # pylint: disable=unused-variable -import json -import sys +from typing import Any import pytest -from pytest_simcore.helpers.dict_tools import copy_from_dict, get_from_dict -from pytest_simcore.helpers.typing_docker import TaskDict +from common_library.dict_tools import ( + copy_from_dict, + get_from_dict, + remap_keys, + update_dict, +) @pytest.fixture -def data(): +def data() -> dict[str, Any]: return { "ID": "3ifd79yhz2vpgu1iz43mf9m2d", "Version": {"Index": 176}, @@ -113,7 +116,20 @@ def data(): } -def test_get_from_dict(data: TaskDict): +def test_remap_keys(): + assert remap_keys({"a": 1, "b": 2}, rename={"a": "A"}) == {"A": 1, "b": 2} + + +def test_update_dict(): + def _increment(x): + return x + 1 + + data = {"a": 1, "b": 2, "c": 3} + + assert update_dict(data, a=_increment, b=42) == {"a": 2, "b": 42, "c": 3} + + +def test_get_from_dict(data: dict[str, Any]): assert get_from_dict(data, "Spec.ContainerSpec.Labels") == { "com.docker.stack.namespace": "master-simcore" @@ -122,7 +138,7 @@ def test_get_from_dict(data: TaskDict): assert get_from_dict(data, "Invalid.Invalid.Invalid", default=42) == 42 -def test_copy_from_dict(data: TaskDict): +def test_copy_from_dict(data: dict[str, Any]): selected_data = copy_from_dict( data, @@ -136,8 +152,6 @@ def test_copy_from_dict(data: TaskDict): }, ) - print(json.dumps(selected_data, indent=2)) - assert selected_data["ID"] == data["ID"] assert ( selected_data["Spec"]["ContainerSpec"]["Image"] @@ -145,11 +159,4 @@ def test_copy_from_dict(data: TaskDict): ) assert selected_data["Status"]["State"] == data["Status"]["State"] assert "Message" not in selected_data["Status"]["State"] - assert "Message" in data["Status"]["State"] - - -if __name__ == "__main__": - # NOTE: use in vscode "Run and Debug" -> select 'Python: Current File' - sys.exit( - pytest.main(["-vv", "-s", "--pdb", "--log-cli-level=WARNING", sys.argv[0]]) - ) + assert "running" in data["Status"]["State"] diff --git a/packages/common-library/tests/test_users_enums.py b/packages/common-library/tests/test_users_enums.py new file mode 100644 index 00000000000..e52d66b3f11 --- /dev/null +++ b/packages/common-library/tests/test_users_enums.py @@ -0,0 +1,79 @@ +# pylint: disable=no-value-for-parameter +# pylint: disable=redefined-outer-name +# pylint: disable=unused-argument +# pylint: disable=unused-variable + + +from common_library.users_enums import _USER_ROLE_TO_LEVEL, UserRole + + +def test_user_role_to_level_map_in_sync(): + # If fails, then update _USER_ROLE_TO_LEVEL map + assert set(_USER_ROLE_TO_LEVEL.keys()) == set(UserRole.__members__.keys()) + + +def test_user_roles_compares_to_admin(): + assert UserRole.ANONYMOUS < UserRole.ADMIN + assert UserRole.GUEST < UserRole.ADMIN + assert UserRole.USER < UserRole.ADMIN + assert UserRole.TESTER < UserRole.ADMIN + assert UserRole.PRODUCT_OWNER < UserRole.ADMIN + assert UserRole.ADMIN == UserRole.ADMIN + + +def test_user_roles_compares_to_product_owner(): + assert UserRole.ANONYMOUS < UserRole.PRODUCT_OWNER + assert UserRole.GUEST < UserRole.PRODUCT_OWNER + assert UserRole.USER < UserRole.PRODUCT_OWNER + assert UserRole.TESTER < UserRole.PRODUCT_OWNER + assert UserRole.PRODUCT_OWNER == UserRole.PRODUCT_OWNER + assert UserRole.ADMIN > UserRole.PRODUCT_OWNER + + +def test_user_roles_compares_to_tester(): + assert UserRole.ANONYMOUS < UserRole.TESTER + assert UserRole.GUEST < UserRole.TESTER + assert UserRole.USER < UserRole.TESTER + assert UserRole.TESTER == UserRole.TESTER + assert UserRole.PRODUCT_OWNER > UserRole.TESTER + assert UserRole.ADMIN > UserRole.TESTER + + +def test_user_roles_compares_to_user(): + assert UserRole.ANONYMOUS < UserRole.USER + assert UserRole.GUEST < UserRole.USER + assert UserRole.USER == UserRole.USER + assert UserRole.TESTER > UserRole.USER + assert UserRole.PRODUCT_OWNER > UserRole.USER + assert UserRole.ADMIN > UserRole.USER + + +def test_user_roles_compares_to_guest(): + assert UserRole.ANONYMOUS < UserRole.GUEST + assert UserRole.GUEST == UserRole.GUEST + assert UserRole.USER > UserRole.GUEST + assert UserRole.TESTER > UserRole.GUEST + assert UserRole.PRODUCT_OWNER > UserRole.GUEST + assert UserRole.ADMIN > UserRole.GUEST + + +def test_user_roles_compares_to_anonymous(): + assert UserRole.ANONYMOUS == UserRole.ANONYMOUS + assert UserRole.GUEST > UserRole.ANONYMOUS + assert UserRole.USER > UserRole.ANONYMOUS + assert UserRole.TESTER > UserRole.ANONYMOUS + assert UserRole.PRODUCT_OWNER > UserRole.ANONYMOUS + assert UserRole.ADMIN > UserRole.ANONYMOUS + + +def test_user_roles_compares(): + # < and > + assert UserRole.TESTER < UserRole.ADMIN + assert UserRole.ADMIN > UserRole.TESTER + + # >=, == and <= + assert UserRole.TESTER <= UserRole.ADMIN + assert UserRole.ADMIN >= UserRole.TESTER + + assert UserRole.ADMIN <= UserRole.ADMIN + assert UserRole.ADMIN == UserRole.ADMIN diff --git a/packages/models-library/src/models_library/api_schemas_webserver/_base.py b/packages/models-library/src/models_library/api_schemas_webserver/_base.py index 948c4c9b3ea..a5eaa42c006 100644 --- a/packages/models-library/src/models_library/api_schemas_webserver/_base.py +++ b/packages/models-library/src/models_library/api_schemas_webserver/_base.py @@ -29,6 +29,14 @@ class InputSchema(BaseModel): ) +class OutputSchemaWithoutCamelCase(BaseModel): + model_config = ConfigDict( + populate_by_name=True, + extra="ignore", + frozen=True, + ) + + class OutputSchema(BaseModel): model_config = ConfigDict( alias_generator=snake_to_camel, diff --git a/packages/models-library/src/models_library/api_schemas_webserver/groups.py b/packages/models-library/src/models_library/api_schemas_webserver/groups.py index 3b2b77199fb..7af1eeb2f96 100644 --- a/packages/models-library/src/models_library/api_schemas_webserver/groups.py +++ b/packages/models-library/src/models_library/api_schemas_webserver/groups.py @@ -1,8 +1,8 @@ from contextlib import suppress -from typing import Annotated, Any, Self, TypeVar +from typing import Annotated, Self, TypeVar from common_library.basic_types import DEFAULT_FACTORY -from models_library.groups import EVERYONE_GROUP_ID +from common_library.dict_tools import remap_keys from pydantic import ( AnyHttpUrl, AnyUrl, @@ -14,13 +14,16 @@ field_validator, model_validator, ) +from pydantic.config import JsonDict from ..emails import LowerCaseEmailStr from ..groups import ( + EVERYONE_GROUP_ID, AccessRightsDict, Group, GroupID, GroupMember, + GroupsByTypeTuple, StandardGroupCreate, StandardGroupUpdate, ) @@ -31,10 +34,6 @@ S = TypeVar("S", bound=BaseModel) -def _rename_keys(source: dict, name_map: dict[str, str]) -> dict[str, Any]: - return {name_map.get(k, k): v for k, v in source.items()} - - class GroupAccessRights(BaseModel): """ defines acesss rights for the user @@ -75,10 +74,10 @@ class GroupGet(OutputSchema): @classmethod def from_model(cls, group: Group, access_rights: AccessRightsDict) -> Self: - # Merges both service models into this schema + # Adapts these domain models into this schema return cls.model_validate( { - **_rename_keys( + **remap_keys( group.model_dump( include={ "gid", @@ -86,11 +85,13 @@ def from_model(cls, group: Group, access_rights: AccessRightsDict) -> Self: "description", "thumbnail", }, - exclude={"access_rights", "inclusion_rules"}, + exclude={ + "inclusion_rules", # deprecated + }, exclude_unset=True, by_alias=False, ), - name_map={ + rename={ "name": "label", }, ), @@ -98,38 +99,42 @@ def from_model(cls, group: Group, access_rights: AccessRightsDict) -> Self: } ) - model_config = ConfigDict( - json_schema_extra={ - "examples": [ - { - "gid": "27", - "label": "A user", - "description": "A very special user", - "thumbnail": "https://placekitten.com/10/10", - "accessRights": {"read": True, "write": False, "delete": False}, - }, - { - "gid": 1, - "label": "ITIS Foundation", - "description": "The Foundation for Research on Information Technologies in Society", - "accessRights": {"read": True, "write": False, "delete": False}, - }, - { - "gid": "1", - "label": "All", - "description": "Open to all users", - "accessRights": {"read": True, "write": True, "delete": True}, - }, - { - "gid": 5, - "label": "SPARCi", - "description": "Stimulating Peripheral Activity to Relieve Conditions", - "thumbnail": "https://placekitten.com/15/15", - "accessRights": {"read": True, "write": True, "delete": True}, - }, - ] - } - ) + @staticmethod + def _update_json_schema_extra(schema: JsonDict) -> None: + schema.update( + { + "examples": [ + { + "gid": "27", + "label": "A user", + "description": "A very special user", + "thumbnail": "https://placekitten.com/10/10", + "accessRights": {"read": True, "write": False, "delete": False}, + }, + { + "gid": 1, + "label": "ITIS Foundation", + "description": "The Foundation for Research on Information Technologies in Society", + "accessRights": {"read": True, "write": False, "delete": False}, + }, + { + "gid": "1", + "label": "All", + "description": "Open to all users", + "accessRights": {"read": True, "write": True, "delete": True}, + }, + { + "gid": 5, + "label": "SPARCi", + "description": "Stimulating Peripheral Activity to Relieve Conditions", + "thumbnail": "https://placekitten.com/15/15", + "accessRights": {"read": True, "write": True, "delete": True}, + }, + ] + } + ) + + model_config = ConfigDict(json_schema_extra=_update_json_schema_extra) @field_validator("thumbnail", mode="before") @classmethod @@ -147,14 +152,14 @@ class GroupCreate(InputSchema): thumbnail: AnyUrl | None = None def to_model(self) -> StandardGroupCreate: - data = _rename_keys( + data = remap_keys( self.model_dump( mode="json", # NOTE: intentionally inclusion_rules are not exposed to the REST api include={"label", "description", "thumbnail"}, exclude_unset=True, ), - name_map={"label": "name"}, + rename={"label": "name"}, ) return StandardGroupCreate(**data) @@ -165,14 +170,14 @@ class GroupUpdate(InputSchema): thumbnail: AnyUrl | None = None def to_model(self) -> StandardGroupUpdate: - data = _rename_keys( + data = remap_keys( self.model_dump( mode="json", # NOTE: intentionally inclusion_rules are not exposed to the REST api include={"label", "description", "thumbnail"}, exclude_unset=True, ), - name_map={"label": "name"}, + rename={"label": "name"}, ) return StandardGroupUpdate(**data) @@ -224,6 +229,24 @@ class MyGroupsGet(OutputSchema): } ) + @classmethod + def from_model( + cls, + groups_by_type: GroupsByTypeTuple, + my_product_group: tuple[Group, AccessRightsDict] | None, + ) -> Self: + assert groups_by_type.primary # nosec + assert groups_by_type.everyone # nosec + + return cls( + me=GroupGet.from_model(*groups_by_type.primary), + organizations=[GroupGet.from_model(*gi) for gi in groups_by_type.standard], + all=GroupGet.from_model(*groups_by_type.everyone), + product=GroupGet.from_model(*my_product_group) + if my_product_group + else None, + ) + class GroupUserGet(BaseModel): # OutputSchema diff --git a/packages/models-library/src/models_library/api_schemas_webserver/users.py b/packages/models-library/src/models_library/api_schemas_webserver/users.py index f0dd3d8bcfb..6fcccddaa3a 100644 --- a/packages/models-library/src/models_library/api_schemas_webserver/users.py +++ b/packages/models-library/src/models_library/api_schemas_webserver/users.py @@ -1,16 +1,38 @@ import re from datetime import date from enum import Enum -from typing import Annotated, Literal +from typing import Annotated, Any, Literal, Self -from models_library.api_schemas_webserver.groups import MyGroupsGet -from models_library.api_schemas_webserver.users_preferences import AggregatedPreferences -from models_library.basic_types import IDStr -from models_library.emails import LowerCaseEmailStr -from models_library.users import FirstNameStr, LastNameStr, UserID -from pydantic import BaseModel, ConfigDict, Field, field_validator +from common_library.basic_types import DEFAULT_FACTORY +from common_library.dict_tools import remap_keys +from common_library.users_enums import UserStatus +from models_library.groups import AccessRightsDict +from pydantic import BaseModel, ConfigDict, Field, ValidationInfo, field_validator -from ._base import InputSchema, OutputSchema +from ..basic_types import IDStr +from ..emails import LowerCaseEmailStr +from ..groups import AccessRightsDict, Group, GroupsByTypeTuple +from ..products import ProductName +from ..users import ( + FirstNameStr, + LastNameStr, + MyProfile, + UserID, + UserPermission, + UserThirdPartyToken, +) +from ._base import ( + InputSchema, + InputSchemaWithoutCamelCase, + OutputSchema, + OutputSchemaWithoutCamelCase, +) +from .groups import MyGroupsGet +from .users_preferences import AggregatedPreferences + +# +# MY PROFILE +# class MyProfilePrivacyGet(OutputSchema): @@ -23,8 +45,7 @@ class MyProfilePrivacyPatch(InputSchema): hide_email: bool | None = None -class MyProfileGet(BaseModel): - # WARNING: do not use InputSchema until front-end is updated! +class MyProfileGet(OutputSchemaWithoutCamelCase): id: UserID user_name: Annotated[ IDStr, Field(description="Unique username identifier", alias="userName") @@ -76,9 +97,38 @@ def _to_upper_string(cls, v): return v.name.upper() return v + @classmethod + def from_model( + cls, + my_profile: MyProfile, + my_groups_by_type: GroupsByTypeTuple, + my_product_group: tuple[Group, AccessRightsDict] | None, + my_preferences: AggregatedPreferences, + ) -> Self: + data = remap_keys( + my_profile.model_dump( + include={ + "id", + "user_name", + "first_name", + "last_name", + "email", + "role", + "privacy", + "expiration_date", + }, + exclude_unset=True, + ), + rename={"email": "login"}, + ) + return cls( + **data, + groups=MyGroupsGet.from_model(my_groups_by_type, my_product_group), + preferences=my_preferences, + ) + -class MyProfilePatch(BaseModel): - # WARNING: do not use InputSchema until front-end is updated! +class MyProfilePatch(InputSchemaWithoutCamelCase): first_name: FirstNameStr | None = None last_name: LastNameStr | None = None user_name: Annotated[IDStr | None, Field(alias="userName")] = None @@ -128,3 +178,113 @@ def _validate_user_name(cls, value: str): raise ValueError(msg) return value + + +# +# USER +# + + +class UsersSearchQueryParams(BaseModel): + email: Annotated[ + str, + Field( + min_length=3, + max_length=200, + description="complete or glob pattern for an email", + ), + ] + + +class UserGet(OutputSchema): + first_name: str | None + last_name: str | None + email: LowerCaseEmailStr + institution: str | None + phone: str | None + address: str | None + city: str | None + state: Annotated[str | None, Field(description="State, province, canton, ...")] + postal_code: str | None + country: str | None + extras: Annotated[ + dict[str, Any], + Field( + default_factory=dict, + description="Keeps extra information provided in the request form", + ), + ] = DEFAULT_FACTORY + + # authorization + invited_by: str | None = None + + # user status + registered: bool + status: UserStatus | None + products: Annotated[ + list[ProductName] | None, + Field( + description="List of products this users is included or None if fields is unset", + ), + ] = None + + @field_validator("status") + @classmethod + def _consistency_check(cls, v, info: ValidationInfo): + registered = info.data["registered"] + status = v + if not registered and status is not None: + msg = f"{registered=} and {status=} is not allowed" + raise ValueError(msg) + return v + + +# +# THIRD-PARTY TOKENS +# + + +class MyTokenCreate(InputSchemaWithoutCamelCase): + service: Annotated[ + IDStr, + Field(description="uniquely identifies the service where this token is used"), + ] + token_key: IDStr + token_secret: IDStr + + def to_model(self) -> UserThirdPartyToken: + return UserThirdPartyToken( + service=self.service, + token_key=self.token_key, + token_secret=self.token_secret, + ) + + +class MyTokenGet(OutputSchemaWithoutCamelCase): + service: IDStr + token_key: IDStr + token_secret: Annotated[ + IDStr | None, Field(deprecated=True, description="Will be removed") + ] = None + + @classmethod + def from_model(cls, token: UserThirdPartyToken) -> Self: + return cls( + service=token.service, # type: ignore[arg-type] + token_key=token.token_key, # type: ignore[arg-type] + token_secret=None, + ) + + +# +# PERMISSIONS +# + + +class MyPermissionGet(OutputSchema): + name: str + allowed: bool + + @classmethod + def from_model(cls, permission: UserPermission) -> Self: + return cls(name=permission.name, allowed=permission.allowed) diff --git a/packages/models-library/src/models_library/groups.py b/packages/models-library/src/models_library/groups.py index 797453922f9..a7d4810d534 100644 --- a/packages/models-library/src/models_library/groups.py +++ b/packages/models-library/src/models_library/groups.py @@ -3,8 +3,11 @@ from common_library.basic_types import DEFAULT_FACTORY from common_library.groups_enums import GroupType as GroupType from pydantic import BaseModel, ConfigDict, EmailStr, Field, field_validator +from pydantic.config import JsonDict from pydantic.types import PositiveInt -from typing_extensions import TypedDict +from typing_extensions import ( # https://docs.pydantic.dev/latest/api/standard_library_types/#typeddict + TypedDict, +) from .basic_types import IDStr from .users import UserID @@ -35,7 +38,47 @@ class Group(BaseModel): create_enums_pre_validator(GroupType) ) - model_config = ConfigDict(populate_by_name=True) + @staticmethod + def _update_json_schema_extra(schema: JsonDict) -> None: + schema.update( + { + "examples": [ + { + "gid": 1, + "name": "Everyone", + "type": "everyone", + "description": "all users", + "thumbnail": None, + }, + { + "gid": 2, + "name": "User", + "description": "primary group", + "type": "primary", + "thumbnail": None, + }, + { + "gid": 3, + "name": "Organization", + "description": "standard group", + "type": "standard", + "thumbnail": None, + "inclusionRules": {}, + }, + { + "gid": 4, + "name": "Product", + "description": "standard group for products", + "type": "standard", + "thumbnail": None, + }, + ] + } + ) + + model_config = ConfigDict( + populate_by_name=True, json_schema_extra=_update_json_schema_extra + ) class AccessRightsDict(TypedDict): diff --git a/packages/models-library/src/models_library/users.py b/packages/models-library/src/models_library/users.py index af532978320..c8860171b64 100644 --- a/packages/models-library/src/models_library/users.py +++ b/packages/models-library/src/models_library/users.py @@ -1,7 +1,15 @@ +import datetime from typing import Annotated, TypeAlias +from common_library.users_enums import UserRole from models_library.basic_types import IDStr from pydantic import BaseModel, ConfigDict, Field, PositiveInt, StringConstraints +from pydantic.config import JsonDict +from typing_extensions import ( # https://docs.pydantic.dev/latest/api/standard_library_types/#typeddict + TypedDict, +) + +from .emails import LowerCaseEmailStr UserID: TypeAlias = PositiveInt UserNameID: TypeAlias = IDStr @@ -16,6 +24,40 @@ ] +class PrivacyDict(TypedDict): + hide_fullname: bool + hide_email: bool + + +class MyProfile(BaseModel): + id: UserID + user_name: IDStr + first_name: str | None + last_name: str | None + email: LowerCaseEmailStr + role: UserRole + privacy: PrivacyDict + expiration_date: datetime.date | None = None + + @staticmethod + def _update_json_schema_extra(schema: JsonDict) -> None: + schema.update( + { + "example": { + "id": 1, + "email": "PtN5Ab0uv@guest-at-osparc.io", + "user_name": "PtN5Ab0uv", + "first_name": "PtN5Ab0uv", + "last_name": "", + "role": "GUEST", + "privacy": {"hide_email": True, "hide_fullname": False}, + } + } + ) + + model_config = ConfigDict(json_schema_extra=_update_json_schema_extra) + + class UserBillingDetails(BaseModel): first_name: str | None last_name: str | None @@ -28,3 +70,37 @@ class UserBillingDetails(BaseModel): phone: str | None model_config = ConfigDict(from_attributes=True) + + +# +# THIRD-PARTY TOKENS +# + + +class UserThirdPartyToken(BaseModel): + """ + Tokens used to access third-party services connected to osparc (e.g. pennsieve, scicrunch, etc) + """ + + service: str + token_key: str + token_secret: str | None = None + + model_config = ConfigDict( + json_schema_extra={ + "example": { + "service": "github-api-v1", + "token_key": "5f21abf5-c596-47b7-bfd1-c0e436ef1107", + } + } + ) + + +# +# PERMISSIONS +# + + +class UserPermission(BaseModel): + name: str + allowed: bool diff --git a/packages/models-library/tests/test_users.py b/packages/models-library/tests/test_users.py new file mode 100644 index 00000000000..97496e133a9 --- /dev/null +++ b/packages/models-library/tests/test_users.py @@ -0,0 +1,27 @@ +from models_library.api_schemas_webserver.users import MyProfileGet +from models_library.api_schemas_webserver.users_preferences import Preference +from models_library.groups import AccessRightsDict, Group, GroupsByTypeTuple +from models_library.users import MyProfile +from pydantic import TypeAdapter + + +def test_adapter_from_model_to_schema(): + my_profile = MyProfile.model_validate(MyProfile.model_json_schema()["example"]) + + groups = TypeAdapter(list[Group]).validate_python( + Group.model_json_schema()["examples"] + ) + + ar = AccessRightsDict(read=False, write=False, delete=False) + + my_groups_by_type = GroupsByTypeTuple( + primary=(groups[1], ar), standard=[(groups[2], ar)], everyone=(groups[0], ar) + ) + my_product_group = groups[-1], AccessRightsDict( + read=False, write=False, delete=False + ) + my_preferences = {"foo": Preference(default_value=3, value=1)} + + MyProfileGet.from_model( + my_profile, my_groups_by_type, my_product_group, my_preferences + ) diff --git a/packages/postgres-database/src/simcore_postgres_database/models/users.py b/packages/postgres-database/src/simcore_postgres_database/models/users.py index bdff1293211..b8ff7a455cd 100644 --- a/packages/postgres-database/src/simcore_postgres_database/models/users.py +++ b/packages/postgres-database/src/simcore_postgres_database/models/users.py @@ -1,69 +1,14 @@ -from enum import Enum -from functools import total_ordering - import sqlalchemy as sa +from common_library.users_enums import UserRole, UserStatus from sqlalchemy.sql import expression from ._common import RefActions from .base import metadata -_USER_ROLE_TO_LEVEL = { - "ANONYMOUS": 0, - "GUEST": 10, - "USER": 20, - "TESTER": 30, - "PRODUCT_OWNER": 40, - "ADMIN": 100, -} - - -@total_ordering -class UserRole(Enum): - """SORTED enumeration of user roles - - A role defines a set of privileges the user can perform - Roles are sorted from lower to highest privileges - USER is the role assigned by default A user with a higher/lower role is denoted super/infra user - - ANONYMOUS : The user is not logged in - GUEST : Temporary user with very limited access. Main used for demos and for a limited amount of time - USER : Registered user. Basic permissions to use the platform [default] - TESTER : Upgraded user. First level of super-user with privileges to test the framework. - Can use everything but does not have an effect in other users or actual data - ADMIN : Framework admin. - - See security_access.py - """ - - ANONYMOUS = "ANONYMOUS" - GUEST = "GUEST" - USER = "USER" - TESTER = "TESTER" - PRODUCT_OWNER = "PRODUCT_OWNER" - ADMIN = "ADMIN" - - @property - def privilege_level(self) -> int: - return _USER_ROLE_TO_LEVEL[self.name] - - def __lt__(self, other: "UserRole") -> bool: - if self.__class__ is other.__class__: - return self.privilege_level < other.privilege_level - return NotImplemented - - -class UserStatus(str, Enum): - # This is a transition state. The user is registered but not confirmed. NOTE that state is optional depending on LOGIN_REGISTRATION_CONFIRMATION_REQUIRED - CONFIRMATION_PENDING = "CONFIRMATION_PENDING" - # This user can now operate the platform - ACTIVE = "ACTIVE" - # This user is inactive because it expired after a trial period - EXPIRED = "EXPIRED" - # This user is inactive because he has been a bad boy - BANNED = "BANNED" - # This user is inactive because it was marked for deletion - DELETED = "DELETED" - +__all__: tuple[str, ...] = ( + "UserRole", + "UserStatus", +) users = sa.Table( "users", diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_groups_extra_properties.py b/packages/postgres-database/src/simcore_postgres_database/utils_groups_extra_properties.py index b6c25183a21..709096572c6 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_groups_extra_properties.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_groups_extra_properties.py @@ -1,18 +1,26 @@ import datetime import logging +import warnings from dataclasses import dataclass, fields -from typing import Any +from typing import Any, Callable import sqlalchemy as sa from aiopg.sa.connection import SAConnection from aiopg.sa.result import RowProxy +from sqlalchemy.ext.asyncio import AsyncConnection, AsyncEngine from .models.groups import GroupType, groups, user_to_groups from .models.groups_extra_properties import groups_extra_properties from .utils_models import FromRowMixin +from .utils_repos import pass_or_acquire_connection _logger = logging.getLogger(__name__) +_WARNING_FMSG = ( + f"{__name__}.{{}} uses aiopg which has been deprecated in this repo. Use {{}} instead. " + "SEE https://github.com/ITISFoundation/osparc-simcore/issues/4529" +) + class GroupExtraPropertiesError(Exception): ... @@ -35,10 +43,8 @@ class GroupExtraProperties(FromRowMixin): enable_efs: bool -async def _list_table_entries_ordered_by_group_type( - connection: SAConnection, user_id: int, product_name: str -) -> list[RowProxy]: - list_stmt = ( +def _list_table_entries_ordered_by_group_type_stmt(user_id: int, product_name: str): + return ( sa.select( groups_extra_properties, groups.c.type, @@ -68,15 +74,6 @@ async def _list_table_entries_ordered_by_group_type( .alias() ) - result = await connection.execute( - sa.select(list_stmt).order_by(list_stmt.c.type_order) - ) - assert result # nosec - - rows: list[RowProxy] | None = await result.fetchall() - assert rows is not None # nosec - return rows - def _merge_extra_properties_booleans( instance1: GroupExtraProperties, instance2: GroupExtraProperties @@ -95,34 +92,55 @@ def _merge_extra_properties_booleans( @dataclass(frozen=True, slots=True, kw_only=True) class GroupExtraPropertiesRepo: + @staticmethod + def _get_stmt(gid: int, product_name: str): + return sa.select(groups_extra_properties).where( + (groups_extra_properties.c.group_id == gid) + & (groups_extra_properties.c.product_name == product_name) + ) + @staticmethod async def get( connection: SAConnection, *, gid: int, product_name: str ) -> GroupExtraProperties: - get_stmt = sa.select(groups_extra_properties).where( - (groups_extra_properties.c.group_id == gid) - & (groups_extra_properties.c.product_name == product_name) + warnings.warn( + _WARNING_FMSG.format("get", "get_v2"), + DeprecationWarning, + stacklevel=1, ) - result = await connection.execute(get_stmt) + + query = GroupExtraPropertiesRepo._get_stmt(gid, product_name) + result = await connection.execute(query) assert result # nosec if row := await result.first(): - return GroupExtraProperties.from_row(row) + return GroupExtraProperties.from_row_proxy(row) msg = f"Properties for group {gid} not found" raise GroupExtraPropertiesNotFoundError(msg) @staticmethod - async def get_aggregated_properties_for_user( - connection: SAConnection, + async def get_v2( + engine: AsyncEngine, + connection: AsyncConnection | None = None, *, - user_id: int, + gid: int, product_name: str, ) -> GroupExtraProperties: - rows = await _list_table_entries_ordered_by_group_type( - connection, user_id, product_name - ) + async with pass_or_acquire_connection(engine, connection) as conn: + query = GroupExtraPropertiesRepo._get_stmt(gid, product_name) + result = await conn.stream(query) + assert result # nosec + if row := await result.first(): + return GroupExtraProperties.from_row(row) + msg = f"Properties for group {gid} not found" + raise GroupExtraPropertiesNotFoundError(msg) + + @staticmethod + def _aggregate( + rows, user_id, product_name, from_row: Callable + ) -> GroupExtraProperties: merged_standard_extra_properties = None for row in rows: - group_extra_properties = GroupExtraProperties.from_row(row) + group_extra_properties: GroupExtraProperties = from_row(row) match row.type: case GroupType.PRIMARY: # this always has highest priority @@ -153,3 +171,56 @@ async def get_aggregated_properties_for_user( return merged_standard_extra_properties msg = f"Properties for user {user_id} in {product_name} not found" raise GroupExtraPropertiesNotFoundError(msg) + + @staticmethod + async def get_aggregated_properties_for_user( + connection: SAConnection, + *, + user_id: int, + product_name: str, + ) -> GroupExtraProperties: + warnings.warn( + _WARNING_FMSG.format( + "get_aggregated_properties_for_user", + "get_aggregated_properties_for_user_v2", + ), + DeprecationWarning, + stacklevel=1, + ) + + list_stmt = _list_table_entries_ordered_by_group_type_stmt( + user_id=user_id, product_name=product_name + ) + + result = await connection.execute( + sa.select(list_stmt).order_by(list_stmt.c.type_order) + ) + assert result # nosec + + rows: list[RowProxy] | None = await result.fetchall() + assert rows is not None # nosec + + return GroupExtraPropertiesRepo._aggregate( + rows, user_id, product_name, GroupExtraProperties.from_row_proxy + ) + + @staticmethod + async def get_aggregated_properties_for_user_v2( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + user_id: int, + product_name: str, + ) -> GroupExtraProperties: + async with pass_or_acquire_connection(engine, connection) as conn: + + list_stmt = _list_table_entries_ordered_by_group_type_stmt( + user_id=user_id, product_name=product_name + ) + result = await conn.stream( + sa.select(list_stmt).order_by(list_stmt.c.type_order) + ) + rows = [row async for row in result] + return GroupExtraPropertiesRepo._aggregate( + rows, user_id, product_name, GroupExtraProperties.from_row + ) diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_models.py b/packages/postgres-database/src/simcore_postgres_database/utils_models.py index 0fe50578aae..2cbf0e1d699 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_models.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_models.py @@ -2,6 +2,7 @@ from typing import TypeVar from aiopg.sa.result import RowProxy +from sqlalchemy.engine.row import Row ModelType = TypeVar("ModelType") @@ -10,7 +11,13 @@ class FromRowMixin: """Mixin to allow instance construction from aiopg.sa.result.RowProxy""" @classmethod - def from_row(cls: type[ModelType], row: RowProxy) -> ModelType: + def from_row_proxy(cls: type[ModelType], row: RowProxy) -> ModelType: assert is_dataclass(cls) # nosec field_names = [f.name for f in fields(cls)] return cls(**{k: v for k, v in row.items() if k in field_names}) # type: ignore[return-value] + + @classmethod + def from_row(cls: type[ModelType], row: Row) -> ModelType: + assert is_dataclass(cls) # nosec + field_names = [f.name for f in fields(cls)] + return cls(**{k: v for k, v in row._asdict().items() if k in field_names}) # type: ignore[return-value] diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_repos.py b/packages/postgres-database/src/simcore_postgres_database/utils_repos.py index e013a09b526..efbdebc48f2 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_repos.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_repos.py @@ -13,7 +13,13 @@ async def pass_or_acquire_connection( ) -> AsyncIterator[AsyncConnection]: """ When to use: For READ operations! - It ensures that a connection is available for use within the context, either by using an existing connection passed as a parameter or by acquiring a new one from the engine. The caller must manage the lifecycle of any connection explicitly passed in, but the function handles the cleanup for connections it creates itself. This function **does not open new transactions** and therefore is recommended only for read-only database operations. + It ensures that a connection is available for use within the context, + either by using an existing connection passed as a parameter or by acquiring a new one from the engine. + + The caller must manage the lifecycle of any connection explicitly passed in, but the function handles the + cleanup for connections it creates itself. + + This function **does not open new transactions** and therefore is recommended only for read-only database operations. """ # NOTE: When connection is passed, the engine is actually not needed # NOTE: Creator is responsible of closing connection @@ -36,7 +42,8 @@ async def transaction_context( ): """ When to use: For WRITE operations! - This function manages the database connection and ensures that a transaction context is established for write operations. It supports both outer and nested transactions, providing flexibility for scenarios where transactions may already exist in the calling context. + This function manages the database connection and ensures that a transaction context is established for write operations. + It supports both outer and nested transactions, providing flexibility for scenarios where transactions may already exist in the calling context. """ async with pass_or_acquire_connection(engine, connection) as conn: if conn.in_transaction(): diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_users.py b/packages/postgres-database/src/simcore_postgres_database/utils_users.py index 9026cdd27b4..082cb7c2952 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_users.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_users.py @@ -134,8 +134,8 @@ async def join_and_update_from_pre_registration_details( ) @staticmethod - async def get_billing_details(conn: SAConnection, user_id: int) -> RowProxy | None: - result = await conn.execute( + def get_billing_details_query(user_id: int): + return ( sa.select( users.c.first_name, users.c.last_name, @@ -155,6 +155,12 @@ async def get_billing_details(conn: SAConnection, user_id: int) -> RowProxy | No ) .where(users.c.id == user_id) ) + + @staticmethod + async def get_billing_details(conn: SAConnection, user_id: int) -> RowProxy | None: + result = await conn.execute( + UsersRepo.get_billing_details_query(user_id=user_id) + ) value: RowProxy | None = await result.fetchone() return value diff --git a/packages/postgres-database/tests/test_users.py b/packages/postgres-database/tests/test_users.py index 97bfa3b2f99..1c10636e772 100644 --- a/packages/postgres-database/tests/test_users.py +++ b/packages/postgres-database/tests/test_users.py @@ -12,12 +12,7 @@ from faker import Faker from pytest_simcore.helpers.faker_factories import random_user from simcore_postgres_database.errors import InvalidTextRepresentation, UniqueViolation -from simcore_postgres_database.models.users import ( - _USER_ROLE_TO_LEVEL, - UserRole, - UserStatus, - users, -) +from simcore_postgres_database.models.users import UserRole, UserStatus, users from simcore_postgres_database.utils_users import ( UsersRepo, _generate_random_chars, @@ -26,78 +21,6 @@ from sqlalchemy.sql import func -def test_user_role_to_level_map_in_sync(): - # If fails, then update _USER_ROLE_TO_LEVEL map - assert set(_USER_ROLE_TO_LEVEL.keys()) == set(UserRole.__members__.keys()) - - -def test_user_roles_compares_to_admin(): - assert UserRole.ANONYMOUS < UserRole.ADMIN - assert UserRole.GUEST < UserRole.ADMIN - assert UserRole.USER < UserRole.ADMIN - assert UserRole.TESTER < UserRole.ADMIN - assert UserRole.PRODUCT_OWNER < UserRole.ADMIN - assert UserRole.ADMIN == UserRole.ADMIN - - -def test_user_roles_compares_to_product_owner(): - assert UserRole.ANONYMOUS < UserRole.PRODUCT_OWNER - assert UserRole.GUEST < UserRole.PRODUCT_OWNER - assert UserRole.USER < UserRole.PRODUCT_OWNER - assert UserRole.TESTER < UserRole.PRODUCT_OWNER - assert UserRole.PRODUCT_OWNER == UserRole.PRODUCT_OWNER - assert UserRole.ADMIN > UserRole.PRODUCT_OWNER - - -def test_user_roles_compares_to_tester(): - assert UserRole.ANONYMOUS < UserRole.TESTER - assert UserRole.GUEST < UserRole.TESTER - assert UserRole.USER < UserRole.TESTER - assert UserRole.TESTER == UserRole.TESTER - assert UserRole.PRODUCT_OWNER > UserRole.TESTER - assert UserRole.ADMIN > UserRole.TESTER - - -def test_user_roles_compares_to_user(): - assert UserRole.ANONYMOUS < UserRole.USER - assert UserRole.GUEST < UserRole.USER - assert UserRole.USER == UserRole.USER - assert UserRole.TESTER > UserRole.USER - assert UserRole.PRODUCT_OWNER > UserRole.USER - assert UserRole.ADMIN > UserRole.USER - - -def test_user_roles_compares_to_guest(): - assert UserRole.ANONYMOUS < UserRole.GUEST - assert UserRole.GUEST == UserRole.GUEST - assert UserRole.USER > UserRole.GUEST - assert UserRole.TESTER > UserRole.GUEST - assert UserRole.PRODUCT_OWNER > UserRole.GUEST - assert UserRole.ADMIN > UserRole.GUEST - - -def test_user_roles_compares_to_anonymous(): - assert UserRole.ANONYMOUS == UserRole.ANONYMOUS - assert UserRole.GUEST > UserRole.ANONYMOUS - assert UserRole.USER > UserRole.ANONYMOUS - assert UserRole.TESTER > UserRole.ANONYMOUS - assert UserRole.PRODUCT_OWNER > UserRole.ANONYMOUS - assert UserRole.ADMIN > UserRole.ANONYMOUS - - -def test_user_roles_compares(): - # < and > - assert UserRole.TESTER < UserRole.ADMIN - assert UserRole.ADMIN > UserRole.TESTER - - # >=, == and <= - assert UserRole.TESTER <= UserRole.ADMIN - assert UserRole.ADMIN >= UserRole.TESTER - - assert UserRole.ADMIN <= UserRole.ADMIN - assert UserRole.ADMIN == UserRole.ADMIN - - @pytest.fixture async def clean_users_db_table(connection: SAConnection): yield diff --git a/packages/postgres-database/tests/test_utils_groups_extra_properties.py b/packages/postgres-database/tests/test_utils_groups_extra_properties.py index fafc97d1551..e7900de6082 100644 --- a/packages/postgres-database/tests/test_utils_groups_extra_properties.py +++ b/packages/postgres-database/tests/test_utils_groups_extra_properties.py @@ -21,6 +21,7 @@ GroupExtraPropertiesRepo, ) from sqlalchemy import literal_column +from sqlalchemy.ext.asyncio import AsyncEngine async def test_get_raises_if_not_found( @@ -64,7 +65,7 @@ async def _creator( assert result row = await result.first() assert row - properties = GroupExtraProperties.from_row(row) + properties = GroupExtraProperties.from_row_proxy(row) created_properties.append((properties.group_id, properties.product_name)) return properties @@ -101,6 +102,28 @@ async def test_get( assert created_extra_properties == received_extra_properties +async def test_get_v2( + asyncpg_engine: AsyncEngine, + registered_user: RowProxy, + product_name: str, + create_fake_product: Callable[..., Awaitable[RowProxy]], + create_fake_group_extra_properties: Callable[..., Awaitable[GroupExtraProperties]], +): + with pytest.raises(GroupExtraPropertiesNotFoundError): + await GroupExtraPropertiesRepo.get_v2( + asyncpg_engine, gid=registered_user.primary_gid, product_name=product_name + ) + + await create_fake_product(product_name) + created_extra_properties = await create_fake_group_extra_properties( + registered_user.primary_gid, product_name + ) + received_extra_properties = await GroupExtraPropertiesRepo.get_v2( + asyncpg_engine, gid=registered_user.primary_gid, product_name=product_name + ) + assert created_extra_properties == received_extra_properties + + @pytest.fixture async def everyone_group_id(connection: aiopg.sa.connection.SAConnection) -> int: result = await connection.scalar( @@ -355,3 +378,114 @@ async def test_get_aggregated_properties_for_user_returns_property_values_as_tru assert aggregated_group_properties.internet_access is False assert aggregated_group_properties.override_services_specifications is False assert aggregated_group_properties.use_on_demand_clusters is True + + +async def test_get_aggregated_properties_for_user_returns_property_values_as_truthy_if_one_of_them_is_v2( + asyncpg_engine: AsyncEngine, + connection: aiopg.sa.connection.SAConnection, + product_name: str, + registered_user: RowProxy, + create_fake_product: Callable[..., Awaitable[RowProxy]], + create_fake_group: Callable[..., Awaitable[RowProxy]], + create_fake_group_extra_properties: Callable[..., Awaitable[GroupExtraProperties]], + everyone_group_id: int, +): + await create_fake_product(product_name) + await create_fake_product(f"{product_name}_additional_just_for_fun") + + # create a specific extra properties for group that disallow everything + everyone_group_extra_properties = await create_fake_group_extra_properties( + everyone_group_id, + product_name, + internet_access=False, + override_services_specifications=False, + use_on_demand_clusters=False, + ) + # this should return the everyone group properties + aggregated_group_properties = ( + await GroupExtraPropertiesRepo.get_aggregated_properties_for_user_v2( + asyncpg_engine, user_id=registered_user.id, product_name=product_name + ) + ) + assert aggregated_group_properties == everyone_group_extra_properties + + # now we create some standard groups and add the user to them and make everything false for now + standard_groups = [await create_fake_group(connection) for _ in range(5)] + for group in standard_groups: + await create_fake_group_extra_properties( + group.gid, + product_name, + internet_access=False, + override_services_specifications=False, + use_on_demand_clusters=False, + ) + await _add_user_to_group( + connection, user_id=registered_user.id, group_id=group.gid + ) + + # now we still should not have any of these value Truthy + aggregated_group_properties = ( + await GroupExtraPropertiesRepo.get_aggregated_properties_for_user_v2( + asyncpg_engine, user_id=registered_user.id, product_name=product_name + ) + ) + assert aggregated_group_properties.internet_access is False + assert aggregated_group_properties.override_services_specifications is False + assert aggregated_group_properties.use_on_demand_clusters is False + + # let's change one of these standard groups + random_standard_group = random.choice(standard_groups) # noqa: S311 + result = await connection.execute( + groups_extra_properties.update() + .where(groups_extra_properties.c.group_id == random_standard_group.gid) + .values(internet_access=True) + ) + assert result.rowcount == 1 + + # now we should have internet access + aggregated_group_properties = ( + await GroupExtraPropertiesRepo.get_aggregated_properties_for_user_v2( + asyncpg_engine, user_id=registered_user.id, product_name=product_name + ) + ) + assert aggregated_group_properties.internet_access is True + assert aggregated_group_properties.override_services_specifications is False + assert aggregated_group_properties.use_on_demand_clusters is False + + # let's change another one of these standard groups + random_standard_group = random.choice(standard_groups) # noqa: S311 + result = await connection.execute( + groups_extra_properties.update() + .where(groups_extra_properties.c.group_id == random_standard_group.gid) + .values(override_services_specifications=True) + ) + assert result.rowcount == 1 + + # now we should have internet access and service override + aggregated_group_properties = ( + await GroupExtraPropertiesRepo.get_aggregated_properties_for_user_v2( + asyncpg_engine, user_id=registered_user.id, product_name=product_name + ) + ) + assert aggregated_group_properties.internet_access is True + assert aggregated_group_properties.override_services_specifications is True + assert aggregated_group_properties.use_on_demand_clusters is False + + # and we can deny it again by setting a primary extra property + # now create some personal extra properties + personal_group_extra_properties = await create_fake_group_extra_properties( + registered_user.primary_gid, + product_name, + internet_access=False, + use_on_demand_clusters=True, + ) + assert personal_group_extra_properties + + aggregated_group_properties = ( + await GroupExtraPropertiesRepo.get_aggregated_properties_for_user_v2( + asyncpg_engine, user_id=registered_user.id, product_name=product_name + ) + ) + assert aggregated_group_properties.internet_access is False + assert aggregated_group_properties.override_services_specifications is False + assert aggregated_group_properties.use_on_demand_clusters is True diff --git a/packages/postgres-database/tests/test_utils_projects.py b/packages/postgres-database/tests/test_utils_projects.py index c0c00d271e6..c97c822090f 100644 --- a/packages/postgres-database/tests/test_utils_projects.py +++ b/packages/postgres-database/tests/test_utils_projects.py @@ -3,9 +3,9 @@ # pylint: disable=unused-variable # pylint: disable=too-many-arguments import uuid -from collections.abc import Awaitable, Callable -from datetime import datetime, timezone -from typing import Any, AsyncIterator +from collections.abc import AsyncIterator, Awaitable, Callable +from datetime import UTC, datetime +from typing import Any import pytest import sqlalchemy as sa @@ -53,7 +53,7 @@ async def registered_project( await _delete_project(connection, project["uuid"]) -@pytest.mark.parametrize("expected", (datetime.now(tz=timezone.utc), None)) +@pytest.mark.parametrize("expected", (datetime.now(tz=UTC), None)) async def test_get_project_trashed_at_column_can_be_converted_to_datetime( asyncpg_engine: AsyncEngine, registered_project: dict, expected: datetime | None ): diff --git a/packages/pytest-simcore/src/pytest_simcore/docker_swarm.py b/packages/pytest-simcore/src/pytest_simcore/docker_swarm.py index 579d9b52bca..e848ddc6df1 100644 --- a/packages/pytest-simcore/src/pytest_simcore/docker_swarm.py +++ b/packages/pytest-simcore/src/pytest_simcore/docker_swarm.py @@ -7,15 +7,16 @@ import json import logging import subprocess -from collections.abc import Iterator +from collections.abc import AsyncIterator, Awaitable, Callable, Iterator from contextlib import suppress from pathlib import Path -from typing import Any, AsyncIterator, Awaitable, Callable +from typing import Any import aiodocker import docker import pytest import yaml +from common_library.dict_tools import copy_from_dict from docker.errors import APIError from faker import Faker from tenacity import AsyncRetrying, Retrying, TryAgain, retry @@ -25,7 +26,6 @@ from tenacity.wait import wait_fixed, wait_random_exponential from .helpers.constants import HEADER_STR, MINUTE -from .helpers.dict_tools import copy_from_dict from .helpers.host import get_localhost_ip from .helpers.typing_env import EnvVarsDict @@ -222,7 +222,7 @@ def _deploy_stack(compose_file: Path, stack_name: str) -> None: f"{stack_name}", ] subprocess.run( - cmd, # noqa: S603 + cmd, check=True, cwd=compose_file.parent, capture_output=True, @@ -238,7 +238,7 @@ def _deploy_stack(compose_file: Path, stack_name: str) -> None: def _make_dask_sidecar_certificates(simcore_service_folder: Path) -> None: dask_sidecar_root_folder = simcore_service_folder / "dask-sidecar" subprocess.run( - ["make", "certificates"], # noqa: S603, S607 + ["make", "certificates"], # noqa: S607 cwd=dask_sidecar_root_folder, check=True, capture_output=True, diff --git a/packages/pytest-simcore/src/pytest_simcore/simcore_webserver_groups_fixtures.py b/packages/pytest-simcore/src/pytest_simcore/simcore_webserver_groups_fixtures.py index 0c79aba5622..be032c8f6f4 100644 --- a/packages/pytest-simcore/src/pytest_simcore/simcore_webserver_groups_fixtures.py +++ b/packages/pytest-simcore/src/pytest_simcore/simcore_webserver_groups_fixtures.py @@ -19,7 +19,7 @@ from models_library.groups import GroupsByTypeTuple, StandardGroupCreate from models_library.users import UserID from pytest_simcore.helpers.webserver_login import NewUser, UserInfoDict -from simcore_service_webserver.groups._groups_api import ( +from simcore_service_webserver.groups._groups_service import ( add_user_in_group, create_standard_group, delete_standard_group, @@ -29,7 +29,9 @@ def _groupget_model_dump(group, access_rights) -> dict[str, Any]: return GroupGet.from_model(group, access_rights).model_dump( - mode="json", by_alias=True + mode="json", + by_alias=True, + exclude_unset=True, ) diff --git a/services/static-webserver/client/source/class/osparc/Application.js b/services/static-webserver/client/source/class/osparc/Application.js index 20750d2f941..463ddbd3492 100644 --- a/services/static-webserver/client/source/class/osparc/Application.js +++ b/services/static-webserver/client/source/class/osparc/Application.js @@ -462,7 +462,7 @@ qx.Class.define("osparc.Application", { if (osparc.auth.Data.getInstance().isGuest()) { const msg = osparc.utils.Utils.createAccountMessage(); osparc.FlashMessenger.getInstance().logAs(msg, "WARNING"); - } else if ("expirationDate" in profile) { + } else if (profile["expirationDate"]) { const now = new Date(); const today = new Date(now.toISOString().slice(0, 10)); const expirationDay = new Date(profile["expirationDate"]); diff --git a/services/static-webserver/client/source/class/osparc/auth/Manager.js b/services/static-webserver/client/source/class/osparc/auth/Manager.js index ca497e5eabb..fdd082cff96 100644 --- a/services/static-webserver/client/source/class/osparc/auth/Manager.js +++ b/services/static-webserver/client/source/class/osparc/auth/Manager.js @@ -243,7 +243,7 @@ qx.Class.define("osparc.auth.Manager", { username: profile["userName"], firstName: profile["first_name"], lastName: profile["last_name"], - expirationDate: "expirationDate" in profile ? new Date(profile["expirationDate"]) : null + expirationDate: profile["expirationDate"] ? new Date(profile["expirationDate"]) : null }); }, diff --git a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml index ce36e2e6e93..93cf60aa82c 100644 --- a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml +++ b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml @@ -1207,7 +1207,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Envelope_list_ThirdPartyToken__' + $ref: '#/components/schemas/Envelope_list_MyTokenGet__' post: tags: - user @@ -1217,7 +1217,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/TokenCreate' + $ref: '#/components/schemas/MyTokenCreate' required: true responses: '201': @@ -1225,7 +1225,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Envelope_ThirdPartyToken_' + $ref: '#/components/schemas/Envelope_MyTokenGet_' /v0/me/tokens/{service}: get: tags: @@ -1245,7 +1245,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Envelope_ThirdPartyToken_' + $ref: '#/components/schemas/Envelope_MyTokenGet_' delete: tags: - user @@ -1322,7 +1322,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Envelope_list_PermissionGet__' + $ref: '#/components/schemas/Envelope_list_MyPermissionGet__' /v0/users:search: get: tags: @@ -1345,7 +1345,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Envelope_list_UserProfile__' + $ref: '#/components/schemas/Envelope_list_UserGet__' /v0/users:pre-register: post: tags: @@ -1357,7 +1357,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PreUserProfile' + $ref: '#/components/schemas/PreRegisteredUserGet' required: true responses: '200': @@ -1365,7 +1365,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Envelope_UserProfile_' + $ref: '#/components/schemas/Envelope_UserGet_' /v0/wallets: get: tags: @@ -8185,6 +8185,19 @@ components: title: Error type: object title: Envelope[MyProfileGet] + Envelope_MyTokenGet_: + properties: + data: + anyOf: + - $ref: '#/components/schemas/MyTokenGet' + - type: 'null' + error: + anyOf: + - {} + - type: 'null' + title: Error + type: object + title: Envelope[MyTokenGet] Envelope_NodeCreated_: properties: data: @@ -8484,19 +8497,6 @@ components: title: Error type: object title: Envelope[TaskStatus] - Envelope_ThirdPartyToken_: - properties: - data: - anyOf: - - $ref: '#/components/schemas/ThirdPartyToken' - - type: 'null' - error: - anyOf: - - {} - - type: 'null' - title: Error - type: object - title: Envelope[ThirdPartyToken] Envelope_Union_EmailTestFailed__EmailTestPassed__: properties: data: @@ -8556,11 +8556,11 @@ components: title: Error type: object title: Envelope[Union[WalletGet, NoneType]] - Envelope_UserProfile_: + Envelope_UserGet_: properties: data: anyOf: - - $ref: '#/components/schemas/UserProfile' + - $ref: '#/components/schemas/UserGet' - type: 'null' error: anyOf: @@ -8568,7 +8568,7 @@ components: - type: 'null' title: Error type: object - title: Envelope[UserProfile] + title: Envelope[UserGet] Envelope_WalletGetWithAvailableCredits_: properties: data: @@ -8930,12 +8930,12 @@ components: title: Error type: object title: Envelope[list[LicensedItemGet]] - Envelope_list_OsparcCreditsAggregatedByServiceGet__: + Envelope_list_MyPermissionGet__: properties: data: anyOf: - items: - $ref: '#/components/schemas/OsparcCreditsAggregatedByServiceGet' + $ref: '#/components/schemas/MyPermissionGet' type: array - type: 'null' title: Data @@ -8945,13 +8945,13 @@ components: - type: 'null' title: Error type: object - title: Envelope[list[OsparcCreditsAggregatedByServiceGet]] - Envelope_list_PaymentMethodGet__: + title: Envelope[list[MyPermissionGet]] + Envelope_list_MyTokenGet__: properties: data: anyOf: - items: - $ref: '#/components/schemas/PaymentMethodGet' + $ref: '#/components/schemas/MyTokenGet' type: array - type: 'null' title: Data @@ -8961,13 +8961,29 @@ components: - type: 'null' title: Error type: object - title: Envelope[list[PaymentMethodGet]] - Envelope_list_PermissionGet__: + title: Envelope[list[MyTokenGet]] + Envelope_list_OsparcCreditsAggregatedByServiceGet__: + properties: + data: + anyOf: + - items: + $ref: '#/components/schemas/OsparcCreditsAggregatedByServiceGet' + type: array + - type: 'null' + title: Data + error: + anyOf: + - {} + - type: 'null' + title: Error + type: object + title: Envelope[list[OsparcCreditsAggregatedByServiceGet]] + Envelope_list_PaymentMethodGet__: properties: data: anyOf: - items: - $ref: '#/components/schemas/PermissionGet' + $ref: '#/components/schemas/PaymentMethodGet' type: array - type: 'null' title: Data @@ -8977,7 +8993,7 @@ components: - type: 'null' title: Error type: object - title: Envelope[list[PermissionGet]] + title: Envelope[list[PaymentMethodGet]] Envelope_list_PricingPlanAdminGet__: properties: data: @@ -9186,12 +9202,12 @@ components: title: Error type: object title: Envelope[list[TaskGet]] - Envelope_list_ThirdPartyToken__: + Envelope_list_UserGet__: properties: data: anyOf: - items: - $ref: '#/components/schemas/ThirdPartyToken' + $ref: '#/components/schemas/UserGet' type: array - type: 'null' title: Data @@ -9201,7 +9217,7 @@ components: - type: 'null' title: Error type: object - title: Envelope[list[ThirdPartyToken]] + title: Envelope[list[UserGet]] Envelope_list_UserNotification__: properties: data: @@ -9218,22 +9234,6 @@ components: title: Error type: object title: Envelope[list[UserNotification]] - Envelope_list_UserProfile__: - properties: - data: - anyOf: - - items: - $ref: '#/components/schemas/UserProfile' - type: array - - type: 'null' - title: Data - error: - anyOf: - - {} - - type: 'null' - title: Error - type: object - title: Envelope[list[UserProfile]] Envelope_list_Viewer__: properties: data: @@ -10662,6 +10662,19 @@ components: description: Some foundation gid: '16' label: Blue Fundation + MyPermissionGet: + properties: + name: + type: string + title: Name + allowed: + type: boolean + title: Allowed + type: object + required: + - name + - allowed + title: MyPermissionGet MyProfileGet: properties: id: @@ -10792,6 +10805,56 @@ components: title: Hideemail type: object title: MyProfilePrivacyPatch + MyTokenCreate: + properties: + service: + type: string + maxLength: 100 + minLength: 1 + title: Service + description: uniquely identifies the service where this token is used + token_key: + type: string + maxLength: 100 + minLength: 1 + title: Token Key + token_secret: + type: string + maxLength: 100 + minLength: 1 + title: Token Secret + type: object + required: + - service + - token_key + - token_secret + title: MyTokenCreate + MyTokenGet: + properties: + service: + type: string + maxLength: 100 + minLength: 1 + title: Service + token_key: + type: string + maxLength: 100 + minLength: 1 + title: Token Key + token_secret: + anyOf: + - type: string + maxLength: 100 + minLength: 1 + - type: 'null' + title: Token Secret + description: Will be removed + deprecated: true + type: object + required: + - service + - token_key + title: MyTokenGet Node-Input: properties: key: @@ -11761,19 +11824,6 @@ components: - completedAt - completedStatus title: PaymentTransaction - PermissionGet: - properties: - name: - type: string - title: Name - allowed: - type: boolean - title: Allowed - type: object - required: - - name - - allowed - title: PermissionGet PhoneConfirmationBody: properties: email: @@ -11869,7 +11919,7 @@ components: - x - y title: Position - PreUserProfile: + PreRegisteredUserGet: properties: firstName: type: string @@ -11912,8 +11962,7 @@ components: extras: type: object title: Extras - description: Keeps extra information provided in the request form. At most - MAX_NUM_EXTRAS fields + description: Keeps extra information provided in the request form. type: object required: - firstName @@ -11924,7 +11973,7 @@ components: - city - postalCode - country - title: PreUserProfile + title: PreRegisteredUserGet Preference: properties: defaultValue: @@ -14167,58 +14216,6 @@ components: - url - thumbnail title: ThirdPartyInfoDict - ThirdPartyToken: - properties: - service: - type: string - title: Service - description: uniquely identifies the service where this token is used - token_key: - type: string - format: uuid - title: Token Key - description: basic token key - token_secret: - anyOf: - - type: string - format: uuid - - type: 'null' - title: Token Secret - type: object - required: - - service - - token_key - title: ThirdPartyToken - description: Tokens used to access third-party services connected to osparc - (e.g. pennsieve, scicrunch, etc) - example: - service: github-api-v1 - token_key: 5f21abf5-c596-47b7-bfd1-c0e436ef1107 - TokenCreate: - properties: - service: - type: string - title: Service - description: uniquely identifies the service where this token is used - token_key: - type: string - format: uuid - title: Token Key - description: basic token key - token_secret: - anyOf: - - type: string - format: uuid - - type: 'null' - title: Token Secret - type: object - required: - - service - - token_key - title: TokenCreate - example: - service: github-api-v1 - token_key: 5f21abf5-c596-47b7-bfd1-c0e436ef1107 UnitExtraInfo-Input: properties: CPU: @@ -14351,6 +14348,98 @@ components: - number - e_tag title: UploadedPart + UserGet: + properties: + firstName: + anyOf: + - type: string + - type: 'null' + title: Firstname + lastName: + anyOf: + - type: string + - type: 'null' + title: Lastname + email: + type: string + format: email + title: Email + institution: + anyOf: + - type: string + - type: 'null' + title: Institution + phone: + anyOf: + - type: string + - type: 'null' + title: Phone + address: + anyOf: + - type: string + - type: 'null' + title: Address + city: + anyOf: + - type: string + - type: 'null' + title: City + state: + anyOf: + - type: string + - type: 'null' + title: State + description: State, province, canton, ... + postalCode: + anyOf: + - type: string + - type: 'null' + title: Postalcode + country: + anyOf: + - type: string + - type: 'null' + title: Country + extras: + type: object + title: Extras + description: Keeps extra information provided in the request form + invitedBy: + anyOf: + - type: string + - type: 'null' + title: Invitedby + registered: + type: boolean + title: Registered + status: + anyOf: + - $ref: '#/components/schemas/UserStatus' + - type: 'null' + products: + anyOf: + - items: + type: string + type: array + - type: 'null' + title: Products + description: List of products this users is included or None if fields is + unset + type: object + required: + - firstName + - lastName + - email + - institution + - phone + - address + - city + - state + - postalCode + - country + - registered + - status + title: UserGet UserNotification: properties: user_id: @@ -14472,98 +14561,6 @@ components: required: - read title: UserNotificationPatch - UserProfile: - properties: - firstName: - anyOf: - - type: string - - type: 'null' - title: Firstname - lastName: - anyOf: - - type: string - - type: 'null' - title: Lastname - email: - type: string - format: email - title: Email - institution: - anyOf: - - type: string - - type: 'null' - title: Institution - phone: - anyOf: - - type: string - - type: 'null' - title: Phone - address: - anyOf: - - type: string - - type: 'null' - title: Address - city: - anyOf: - - type: string - - type: 'null' - title: City - state: - anyOf: - - type: string - - type: 'null' - title: State - description: State, province, canton, ... - postalCode: - anyOf: - - type: string - - type: 'null' - title: Postalcode - country: - anyOf: - - type: string - - type: 'null' - title: Country - extras: - type: object - title: Extras - description: Keeps extra information provided in the request form - invitedBy: - anyOf: - - type: string - - type: 'null' - title: Invitedby - registered: - type: boolean - title: Registered - status: - anyOf: - - $ref: '#/components/schemas/UserStatus' - - type: 'null' - products: - anyOf: - - items: - type: string - type: array - - type: 'null' - title: Products - description: List of products this users is included or None if fields is - unset - type: object - required: - - firstName - - lastName - - email - - institution - - phone - - address - - city - - state - - postalCode - - country - - registered - - status - title: UserProfile UserStatus: type: string enum: diff --git a/services/web/server/src/simcore_service_webserver/application_settings_utils.py b/services/web/server/src/simcore_service_webserver/application_settings_utils.py index 162a927e0ad..d5180c07192 100644 --- a/services/web/server/src/simcore_service_webserver/application_settings_utils.py +++ b/services/web/server/src/simcore_service_webserver/application_settings_utils.py @@ -7,7 +7,7 @@ import functools import logging -from typing import Any +from typing import Any, TypeAlias from aiohttp import web from common_library.pydantic_fields_extension import get_type, is_nullable @@ -19,8 +19,10 @@ _logger = logging.getLogger(__name__) +AppConfigDict: TypeAlias = dict[str, Any] -def convert_to_app_config(app_settings: ApplicationSettings) -> dict[str, Any]: + +def convert_to_app_config(app_settings: ApplicationSettings) -> AppConfigDict: """Maps current ApplicationSettings object into former trafaret-based config""" return { @@ -186,8 +188,8 @@ def convert_to_app_config(app_settings: ApplicationSettings) -> dict[str, Any]: def convert_to_environ_vars( # noqa: C901, PLR0915, PLR0912 - cfg: dict[str, Any] -) -> dict[str, Any]: + cfg: AppConfigDict, +) -> AppConfigDict: """Creates envs dict out of config dict NOTE: ONLY used to support legacy introduced by traferet vs settings_library. diff --git a/services/web/server/src/simcore_service_webserver/exporter/_handlers.py b/services/web/server/src/simcore_service_webserver/exporter/_handlers.py index cdb075638bd..97749637f54 100644 --- a/services/web/server/src/simcore_service_webserver/exporter/_handlers.py +++ b/services/web/server/src/simcore_service_webserver/exporter/_handlers.py @@ -49,7 +49,7 @@ async def export_project(request: web.Request): project_uuid, ProjectStatus.EXPORTING, user_id, - await get_user_fullname(request.app, user_id), + await get_user_fullname(request.app, user_id=user_id), ): await retrieve_and_notify_project_locked_state( user_id, project_uuid, request.app diff --git a/services/web/server/src/simcore_service_webserver/garbage_collector/_core_guests.py b/services/web/server/src/simcore_service_webserver/garbage_collector/_core_guests.py index cf92d38292c..8649d2e2451 100644 --- a/services/web/server/src/simcore_service_webserver/garbage_collector/_core_guests.py +++ b/services/web/server/src/simcore_service_webserver/garbage_collector/_core_guests.py @@ -5,6 +5,7 @@ import asyncpg.exceptions from aiohttp import web from models_library.projects import ProjectID +from models_library.users import UserID, UserNameID from redis.asyncio import Redis from servicelib.common_headers import UNDEFINED_DEFAULT_SIMCORE_USER_AGENT_VALUE from simcore_postgres_database.errors import DatabaseError @@ -19,7 +20,7 @@ from ..users.api import ( delete_user_without_projects, get_guest_user_ids_and_names, - get_user, + get_user_primary_group_id, get_user_role, ) from ..users.exceptions import UserNotFoundError @@ -44,7 +45,9 @@ async def _delete_all_projects_for_user(app: web.Application, user_id: int) -> N """ # recover user's primary_gid try: - project_owner: dict = await get_user(app=app, user_id=user_id) + project_owner_primary_gid = await get_user_primary_group_id( + app=app, user_id=user_id + ) except exceptions.UserNotFoundError: _logger.warning( "Could not recover user data for user '%s', stopping removal of projects!", @@ -52,8 +55,6 @@ async def _delete_all_projects_for_user(app: web.Application, user_id: int) -> N ) return - user_primary_gid = int(project_owner["primary_gid"]) - # fetch all projects for the user user_project_uuids = await ProjectDBAPI.get_from_app_context( app @@ -62,7 +63,7 @@ async def _delete_all_projects_for_user(app: web.Application, user_id: int) -> N _logger.info( "Removing or transfering projects of user with %s, %s: %s", f"{user_id=}", - f"{project_owner=}", + f"{project_owner_primary_gid=}", f"{user_project_uuids=}", ) @@ -90,7 +91,7 @@ async def _delete_all_projects_for_user(app: web.Application, user_id: int) -> N app=app, project_uuid=project_uuid, user_id=user_id, - user_primary_gid=user_primary_gid, + user_primary_gid=project_owner_primary_gid, project=project, ) @@ -129,7 +130,7 @@ async def _delete_all_projects_for_user(app: web.Application, user_id: int) -> N await replace_current_owner( app=app, project_uuid=project_uuid, - user_primary_gid=user_primary_gid, + user_primary_gid=project_owner_primary_gid, new_project_owner_gid=new_project_owner_gid, project=project, ) @@ -145,7 +146,7 @@ async def remove_guest_user_with_all_its_resources( """Removes a GUEST user with all its associated projects and S3/MinIO files""" try: - user_role: UserRole = await get_user_role(app, user_id) + user_role: UserRole = await get_user_role(app, user_id=user_id) if user_role > UserRole.GUEST: # NOTE: This acts as a protection barrier to avoid removing resources to more # priviledge users @@ -201,7 +202,9 @@ async def remove_users_manually_marked_as_guests( } # Prevent creating this list if a guest user - guest_users: list[tuple[int, str]] = await get_guest_user_ids_and_names(app) + guest_users: list[tuple[UserID, UserNameID]] = await get_guest_user_ids_and_names( + app + ) for guest_user_id, guest_user_name in guest_users: # Prevents removing GUEST users that were automatically (NOT manually) created diff --git a/services/web/server/src/simcore_service_webserver/garbage_collector/_core_orphans.py b/services/web/server/src/simcore_service_webserver/garbage_collector/_core_orphans.py index d369de3ed2f..0920aecd168 100644 --- a/services/web/server/src/simcore_service_webserver/garbage_collector/_core_orphans.py +++ b/services/web/server/src/simcore_service_webserver/garbage_collector/_core_orphans.py @@ -37,7 +37,7 @@ async def _remove_service( save_service_state = False else: try: - if await get_user_role(app, service.user_id) <= UserRole.GUEST: + if await get_user_role(app, user_id=service.user_id) <= UserRole.GUEST: save_service_state = False else: save_service_state = await has_user_project_access_rights( diff --git a/services/web/server/src/simcore_service_webserver/garbage_collector/_core_utils.py b/services/web/server/src/simcore_service_webserver/garbage_collector/_core_utils.py index a2108766786..6a85dc83539 100644 --- a/services/web/server/src/simcore_service_webserver/garbage_collector/_core_utils.py +++ b/services/web/server/src/simcore_service_webserver/garbage_collector/_core_utils.py @@ -31,7 +31,7 @@ async def _fetch_new_project_owner_from_groups( # go through user_to_groups table and fetch all uid for matching gid for group_gid in standard_groups: # remove the current owner from the bunch - target_group_users = await get_users_in_group(app=app, gid=group_gid) - { + target_group_users = await get_users_in_group(app=app, gid=int(group_gid)) - { user_id } _logger.info("Found group users '%s'", target_group_users) diff --git a/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_users.py b/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_users.py index 48d781aee8d..e99f9c4a225 100644 --- a/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_users.py +++ b/services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_users.py @@ -8,14 +8,12 @@ from collections.abc import AsyncIterator, Callable from aiohttp import web -from aiopg.sa.engine import Engine from models_library.users import UserID from servicelib.logging_utils import get_log_record_extra, log_context from tenacity import retry from tenacity.before_sleep import before_sleep_log from tenacity.wait import wait_exponential -from ..db.plugin import get_database_engine from ..login.utils import notify_user_logout from ..security.api import clean_auth_policy_cache from ..users.api import update_expired_users @@ -60,10 +58,8 @@ async def _update_expired_users(app: web.Application): """ It is resilient, i.e. if update goes wrong, it waits a bit and retries """ - engine: Engine = get_database_engine(app) - assert engine # nosec - if updated := await update_expired_users(engine): + if updated := await update_expired_users(app): # expired users might be cached in the auth. If so, any request # with this user-id will get thru producing unexpected side-effects await clean_auth_policy_cache(app) diff --git a/services/web/server/src/simcore_service_webserver/groups/_classifiers_handlers.py b/services/web/server/src/simcore_service_webserver/groups/_classifiers_rest.py similarity index 97% rename from services/web/server/src/simcore_service_webserver/groups/_classifiers_handlers.py rename to services/web/server/src/simcore_service_webserver/groups/_classifiers_rest.py index 40ce8c41a34..e9113e5b666 100644 --- a/services/web/server/src/simcore_service_webserver/groups/_classifiers_handlers.py +++ b/services/web/server/src/simcore_service_webserver/groups/_classifiers_rest.py @@ -14,7 +14,7 @@ from ..scicrunch.service_client import SciCrunch from ..security.decorators import permission_required from ..utils_aiohttp import envelope_json_response -from ._classifiers_api import GroupClassifierRepository, build_rrids_tree_view +from ._classifiers_service import GroupClassifierRepository, build_rrids_tree_view from ._common.exceptions_handlers import handle_plugin_requests_exceptions from ._common.schemas import GroupsClassifiersQuery, GroupsPathParams diff --git a/services/web/server/src/simcore_service_webserver/groups/_classifiers_api.py b/services/web/server/src/simcore_service_webserver/groups/_classifiers_service.py similarity index 100% rename from services/web/server/src/simcore_service_webserver/groups/_classifiers_api.py rename to services/web/server/src/simcore_service_webserver/groups/_classifiers_service.py diff --git a/services/web/server/src/simcore_service_webserver/groups/_groups_db.py b/services/web/server/src/simcore_service_webserver/groups/_groups_repository.py similarity index 99% rename from services/web/server/src/simcore_service_webserver/groups/_groups_db.py rename to services/web/server/src/simcore_service_webserver/groups/_groups_repository.py index aedc78676d3..7ba1b3fd25a 100644 --- a/services/web/server/src/simcore_service_webserver/groups/_groups_db.py +++ b/services/web/server/src/simcore_service_webserver/groups/_groups_repository.py @@ -17,6 +17,7 @@ ) from models_library.users import UserID from simcore_postgres_database.errors import UniqueViolation +from simcore_postgres_database.models.users import users from simcore_postgres_database.utils_products import execute_get_or_create_product_group from simcore_postgres_database.utils_repos import ( pass_or_acquire_connection, @@ -27,7 +28,7 @@ from sqlalchemy.engine.row import Row from sqlalchemy.ext.asyncio import AsyncConnection -from ..db.models import GroupType, groups, user_to_groups, users +from ..db.models import groups, user_to_groups, users from ..db.plugin import get_asyncpg_engine from ..users.exceptions import UserNotFoundError from .exceptions import ( @@ -744,6 +745,6 @@ async def auto_add_user_to_product_group( gid=product_group_id, access_rights=_DEFAULT_PRODUCT_GROUP_ACCESS_RIGHTS, ) - .on_conflict_do_nothing() # in case the user was already added + .on_conflict_do_nothing() # in case the user was already added to this group ) return product_group_id diff --git a/services/web/server/src/simcore_service_webserver/groups/_groups_handlers.py b/services/web/server/src/simcore_service_webserver/groups/_groups_rest.py similarity index 91% rename from services/web/server/src/simcore_service_webserver/groups/_groups_handlers.py rename to services/web/server/src/simcore_service_webserver/groups/_groups_rest.py index 46131510489..3f5f778a7bc 100644 --- a/services/web/server/src/simcore_service_webserver/groups/_groups_handlers.py +++ b/services/web/server/src/simcore_service_webserver/groups/_groups_rest.py @@ -22,7 +22,7 @@ from ..products.api import Product, get_current_product from ..security.decorators import permission_required from ..utils_aiohttp import envelope_json_response -from . import _groups_api +from . import _groups_service from ._common.exceptions_handlers import handle_plugin_requests_exceptions from ._common.schemas import ( GroupsPathParams, @@ -48,7 +48,7 @@ async def list_groups(request: web.Request): product: Product = get_current_product(request) req_ctx = GroupsRequestContext.model_validate(request) - groups_by_type = await _groups_api.list_user_groups_with_read_access( + groups_by_type = await _groups_service.list_user_groups_with_read_access( request.app, user_id=req_ctx.user_id ) @@ -60,7 +60,7 @@ async def list_groups(request: web.Request): if product.group_id: with suppress(GroupNotFoundError): # Product is optional - my_product_group = await _groups_api.get_product_group_for_user( + my_product_group = await _groups_service.get_product_group_for_user( app=request.app, user_id=req_ctx.user_id, product_gid=product.group_id, @@ -90,7 +90,7 @@ async def get_group(request: web.Request): req_ctx = GroupsRequestContext.model_validate(request) path_params = parse_request_path_parameters_as(GroupsPathParams, request) - group, access_rights = await _groups_api.get_associated_group( + group, access_rights = await _groups_service.get_associated_group( request.app, user_id=req_ctx.user_id, group_id=path_params.gid ) @@ -107,7 +107,7 @@ async def create_group(request: web.Request): create = await parse_request_body_as(GroupCreate, request) - group, access_rights = await _groups_api.create_standard_group( + group, access_rights = await _groups_service.create_standard_group( request.app, user_id=req_ctx.user_id, create=create.to_model(), @@ -127,7 +127,7 @@ async def update_group(request: web.Request): path_params = parse_request_path_parameters_as(GroupsPathParams, request) update: GroupUpdate = await parse_request_body_as(GroupUpdate, request) - group, access_rights = await _groups_api.update_standard_group( + group, access_rights = await _groups_service.update_standard_group( request.app, user_id=req_ctx.user_id, group_id=path_params.gid, @@ -147,7 +147,7 @@ async def delete_group(request: web.Request): req_ctx = GroupsRequestContext.model_validate(request) path_params = parse_request_path_parameters_as(GroupsPathParams, request) - await _groups_api.delete_standard_group( + await _groups_service.delete_standard_group( request.app, user_id=req_ctx.user_id, group_id=path_params.gid ) @@ -168,7 +168,7 @@ async def get_all_group_users(request: web.Request): req_ctx = GroupsRequestContext.model_validate(request) path_params = parse_request_path_parameters_as(GroupsPathParams, request) - users_in_group = await _groups_api.list_group_members( + users_in_group = await _groups_service.list_group_members( request.app, req_ctx.user_id, path_params.gid ) @@ -189,7 +189,7 @@ async def add_group_user(request: web.Request): path_params = parse_request_path_parameters_as(GroupsPathParams, request) added: GroupUserAdd = await parse_request_body_as(GroupUserAdd, request) - await _groups_api.add_user_in_group( + await _groups_service.add_user_in_group( request.app, req_ctx.user_id, path_params.gid, @@ -212,7 +212,7 @@ async def get_group_user(request: web.Request): req_ctx = GroupsRequestContext.model_validate(request) path_params = parse_request_path_parameters_as(GroupsUsersPathParams, request) - user = await _groups_api.get_group_member( + user = await _groups_service.get_group_member( request.app, req_ctx.user_id, path_params.gid, path_params.uid ) @@ -228,7 +228,7 @@ async def update_group_user(request: web.Request): path_params = parse_request_path_parameters_as(GroupsUsersPathParams, request) update: GroupUserUpdate = await parse_request_body_as(GroupUserUpdate, request) - user = await _groups_api.update_group_member( + user = await _groups_service.update_group_member( request.app, user_id=req_ctx.user_id, group_id=path_params.gid, @@ -246,7 +246,7 @@ async def update_group_user(request: web.Request): async def delete_group_user(request: web.Request): req_ctx = GroupsRequestContext.model_validate(request) path_params = parse_request_path_parameters_as(GroupsUsersPathParams, request) - await _groups_api.delete_group_member( + await _groups_service.delete_group_member( request.app, req_ctx.user_id, path_params.gid, path_params.uid ) diff --git a/services/web/server/src/simcore_service_webserver/groups/_groups_api.py b/services/web/server/src/simcore_service_webserver/groups/_groups_service.py similarity index 81% rename from services/web/server/src/simcore_service_webserver/groups/_groups_api.py rename to services/web/server/src/simcore_service_webserver/groups/_groups_service.py index 465b57c8f80..9bb5587759b 100644 --- a/services/web/server/src/simcore_service_webserver/groups/_groups_api.py +++ b/services/web/server/src/simcore_service_webserver/groups/_groups_service.py @@ -15,7 +15,7 @@ from pydantic import EmailStr from ..users.api import get_user -from . import _groups_db +from . import _groups_repository from .exceptions import GroupsError # @@ -24,7 +24,7 @@ async def get_group_from_gid(app: web.Application, group_id: GroupID) -> Group | None: - group_db = await _groups_db.get_group_from_gid(app, group_id=group_id) + group_db = await _groups_repository.get_group_from_gid(app, group_id=group_id) if group_db: return Group.model_construct(**group_db.model_dump()) @@ -45,13 +45,15 @@ async def list_user_groups_with_read_access( # NOTE: Careful! It seems we are filtering out groups, such as Product Groups, # because they do not have read access. I believe this was done because the # frontend did not want to display them. - return await _groups_db.get_all_user_groups_with_read_access(app, user_id=user_id) + return await _groups_repository.get_all_user_groups_with_read_access( + app, user_id=user_id + ) async def list_user_groups_ids_with_read_access( app: web.Application, *, user_id: UserID ) -> list[GroupID]: - return await _groups_db.get_ids_of_all_user_groups_with_read_access( + return await _groups_repository.get_ids_of_all_user_groups_with_read_access( app, user_id=user_id ) @@ -59,7 +61,7 @@ async def list_user_groups_ids_with_read_access( async def list_all_user_groups_ids( app: web.Application, *, user_id: UserID ) -> list[GroupID]: - return await _groups_db.get_ids_of_all_user_groups(app, user_id=user_id) + return await _groups_repository.get_ids_of_all_user_groups(app, user_id=user_id) async def get_product_group_for_user( @@ -69,7 +71,7 @@ async def get_product_group_for_user( Returns product's group if user belongs to it, otherwise it raises GroupNotFoundError """ - return await _groups_db.get_product_group_for_user( + return await _groups_repository.get_product_group_for_user( app, user_id=user_id, product_gid=product_gid ) @@ -90,7 +92,7 @@ async def create_standard_group( raises GroupNotFoundError raises UserInsufficientRightsError: needs WRITE access """ - return await _groups_db.create_standard_group( + return await _groups_repository.create_standard_group( app, user_id=user_id, create=create, @@ -108,7 +110,9 @@ async def get_associated_group( raises GroupNotFoundError raises UserInsufficientRightsError: needs READ access """ - return await _groups_db.get_user_group(app, user_id=user_id, group_id=group_id) + return await _groups_repository.get_user_group( + app, user_id=user_id, group_id=group_id + ) async def update_standard_group( @@ -124,7 +128,7 @@ async def update_standard_group( raises UserInsufficientRightsError: needs WRITE access """ - return await _groups_db.update_standard_group( + return await _groups_repository.update_standard_group( app, user_id=user_id, group_id=group_id, @@ -140,7 +144,7 @@ async def delete_standard_group( raises GroupNotFoundError raises UserInsufficientRightsError: needs DELETE access """ - return await _groups_db.delete_standard_group( + return await _groups_repository.delete_standard_group( app, user_id=user_id, group_id=group_id ) @@ -153,7 +157,9 @@ async def delete_standard_group( async def list_group_members( app: web.Application, user_id: UserID, group_id: GroupID ) -> list[GroupMember]: - return await _groups_db.list_users_in_group(app, user_id=user_id, group_id=group_id) + return await _groups_repository.list_users_in_group( + app, user_id=user_id, group_id=group_id + ) async def get_group_member( @@ -163,7 +169,7 @@ async def get_group_member( the_user_id_in_group: UserID, ) -> GroupMember: - return await _groups_db.get_user_in_group( + return await _groups_repository.get_user_in_group( app, user_id=user_id, group_id=group_id, @@ -178,7 +184,7 @@ async def update_group_member( the_user_id_in_group: UserID, access_rights: AccessRightsDict, ) -> GroupMember: - return await _groups_db.update_user_in_group( + return await _groups_repository.update_user_in_group( app, user_id=user_id, group_id=group_id, @@ -193,7 +199,7 @@ async def delete_group_member( group_id: GroupID, the_user_id_in_group: UserID, ) -> None: - return await _groups_db.delete_user_from_group( + return await _groups_repository.delete_user_from_group( app, user_id=user_id, group_id=group_id, @@ -205,7 +211,7 @@ async def is_user_by_email_in_group( app: web.Application, user_email: LowerCaseEmailStr, group_id: GroupID ) -> bool: - return await _groups_db.is_user_by_email_in_group( + return await _groups_repository.is_user_by_email_in_group( app, email=user_email, group_id=group_id, @@ -214,7 +220,7 @@ async def is_user_by_email_in_group( async def auto_add_user_to_groups(app: web.Application, user_id: UserID) -> None: user: dict = await get_user(app, user_id) - return await _groups_db.auto_add_user_to_groups(app, user=user) + return await _groups_repository.auto_add_user_to_groups(app, user=user) async def auto_add_user_to_product_group( @@ -222,7 +228,7 @@ async def auto_add_user_to_product_group( user_id: UserID, product_name: ProductName, ) -> GroupID: - return await _groups_db.auto_add_user_to_product_group( + return await _groups_repository.auto_add_user_to_product_group( app, user_id=user_id, product_name=product_name ) @@ -254,12 +260,12 @@ async def add_user_in_group( raise GroupsError(msg=msg) if new_by_user_email: - user = await _groups_db.get_user_from_email( + user = await _groups_repository.get_user_from_email( app, email=new_by_user_email, caller_user_id=user_id ) new_by_user_id = user.id - return await _groups_db.add_new_user_in_group( + return await _groups_repository.add_new_user_in_group( app, user_id=user_id, group_id=group_id, diff --git a/services/web/server/src/simcore_service_webserver/groups/api.py b/services/web/server/src/simcore_service_webserver/groups/api.py index 207e1ffb303..a01fe9ef63f 100644 --- a/services/web/server/src/simcore_service_webserver/groups/api.py +++ b/services/web/server/src/simcore_service_webserver/groups/api.py @@ -1,14 +1,16 @@ # # Domain-Specific Interfaces # -from ._groups_api import ( +from ._groups_service import ( add_user_in_group, auto_add_user_to_groups, auto_add_user_to_product_group, get_group_from_gid, + get_product_group_for_user, is_user_by_email_in_group, list_all_user_groups_ids, list_user_groups_ids_with_read_access, + list_user_groups_with_read_access, ) __all__: tuple[str, ...] = ( @@ -16,8 +18,10 @@ "auto_add_user_to_groups", "auto_add_user_to_product_group", "get_group_from_gid", + "get_product_group_for_user", "is_user_by_email_in_group", "list_all_user_groups_ids", "list_user_groups_ids_with_read_access", + "list_user_groups_with_read_access", # nopycln: file ) diff --git a/services/web/server/src/simcore_service_webserver/groups/plugin.py b/services/web/server/src/simcore_service_webserver/groups/plugin.py index 7000926383c..4b240bee190 100644 --- a/services/web/server/src/simcore_service_webserver/groups/plugin.py +++ b/services/web/server/src/simcore_service_webserver/groups/plugin.py @@ -5,7 +5,7 @@ from .._constants import APP_SETTINGS_KEY from ..products.plugin import setup_products -from . import _classifiers_handlers, _groups_handlers +from . import _classifiers_rest, _groups_rest _logger = logging.getLogger(__name__) @@ -23,5 +23,5 @@ def setup_groups(app: web.Application): # plugin dependencies setup_products(app) - app.router.add_routes(_groups_handlers.routes) - app.router.add_routes(_classifiers_handlers.routes) + app.router.add_routes(_groups_rest.routes) + app.router.add_routes(_classifiers_rest.routes) diff --git a/services/web/server/src/simcore_service_webserver/projects/_crud_api_create.py b/services/web/server/src/simcore_service_webserver/projects/_crud_api_create.py index 39dc3aec7c2..9953914f5d0 100644 --- a/services/web/server/src/simcore_service_webserver/projects/_crud_api_create.py +++ b/services/web/server/src/simcore_service_webserver/projects/_crud_api_create.py @@ -172,7 +172,7 @@ async def _copy_files_from_source_project( source_project["uuid"], ProjectStatus.CLONING, user_id, - await get_user_fullname(app, user_id), + await get_user_fullname(app, user_id=user_id), ) ) starting_value = task_progress.percent diff --git a/services/web/server/src/simcore_service_webserver/projects/_crud_handlers.py b/services/web/server/src/simcore_service_webserver/projects/_crud_handlers.py index 95e35582c9e..91f43f8a94c 100644 --- a/services/web/server/src/simcore_service_webserver/projects/_crud_handlers.py +++ b/services/web/server/src/simcore_service_webserver/projects/_crud_handlers.py @@ -448,7 +448,8 @@ async def delete_project(request: web.Request): ) if project_users: other_user_names = { - await get_user_fullname(request.app, uid) for uid in project_users + await get_user_fullname(request.app, user_id=uid) + for uid in project_users } raise web.HTTPForbidden( reason=f"Project is open by {other_user_names}. " diff --git a/services/web/server/src/simcore_service_webserver/projects/_nodes_handlers.py b/services/web/server/src/simcore_service_webserver/projects/_nodes_handlers.py index 6670ed64442..7e4b35bab5d 100644 --- a/services/web/server/src/simcore_service_webserver/projects/_nodes_handlers.py +++ b/services/web/server/src/simcore_service_webserver/projects/_nodes_handlers.py @@ -376,7 +376,7 @@ async def stop_node(request: web.Request) -> web.Response: permission="write", ) - user_role = await get_user_role(request.app, req_ctx.user_id) + user_role = await get_user_role(request.app, user_id=req_ctx.user_id) if user_role is None or user_role <= UserRole.GUEST: save_state = False diff --git a/services/web/server/src/simcore_service_webserver/projects/_states_handlers.py b/services/web/server/src/simcore_service_webserver/projects/_states_handlers.py index b2f5e46381c..8ec0400238c 100644 --- a/services/web/server/src/simcore_service_webserver/projects/_states_handlers.py +++ b/services/web/server/src/simcore_service_webserver/projects/_states_handlers.py @@ -109,7 +109,9 @@ async def open_project(request: web.Request) -> web.Response: project_type: ProjectType = await projects_api.get_project_type( request.app, path_params.project_id ) - user_role: UserRole = await api.get_user_role(request.app, req_ctx.user_id) + user_role: UserRole = await api.get_user_role( + request.app, user_id=req_ctx.user_id + ) if project_type is ProjectType.TEMPLATE and user_role < UserRole.USER: # only USERS/TESTERS can do that raise web.HTTPForbidden(reason="Wrong user role to open/edit a template") diff --git a/services/web/server/src/simcore_service_webserver/projects/projects_api.py b/services/web/server/src/simcore_service_webserver/projects/projects_api.py index 88918b7106a..80195446249 100644 --- a/services/web/server/src/simcore_service_webserver/projects/projects_api.py +++ b/services/web/server/src/simcore_service_webserver/projects/projects_api.py @@ -593,7 +593,7 @@ async def _start_dynamic_service( raise save_state = False - user_role: UserRole = await get_user_role(request.app, user_id) + user_role: UserRole = await get_user_role(request.app, user_id=user_id) if user_role > UserRole.GUEST: save_state = await has_user_project_access_rights( request.app, project_id=project_uuid, user_id=user_id, permission="write" @@ -1247,7 +1247,7 @@ async def try_open_project_for_user( project_uuid, ProjectStatus.OPENING, user_id, - await get_user_fullname(app, user_id), + await get_user_fullname(app, user_id=user_id), notify_users=False, ): with managed_resource(user_id, client_session_id, app) as user_session: @@ -1417,22 +1417,23 @@ async def _get_project_lock_state( f"{set_user_ids=}", ) usernames: list[FullNameDict] = [ - await get_user_fullname(app, uid) for uid in set_user_ids + await get_user_fullname(app, user_id=uid) for uid in set_user_ids ] # let's check if the project is opened by the same user, maybe already opened or closed in a orphaned session - if set_user_ids.issubset({user_id}): - if not await _user_has_another_client_open(user_session_id_list, app): - # in this case the project is re-openable by the same user until it gets closed - log.debug( - "project [%s] is in use by the same user [%s] that is currently disconnected, so it is unlocked for this specific user and opened", - f"{project_uuid=}", - f"{set_user_ids=}", - ) - return ProjectLocked( - value=False, - owner=Owner(user_id=next(iter(set_user_ids)), **usernames[0]), - status=ProjectStatus.OPENED, - ) + if set_user_ids.issubset({user_id}) and not await _user_has_another_client_open( + user_session_id_list, app + ): + # in this case the project is re-openable by the same user until it gets closed + log.debug( + "project [%s] is in use by the same user [%s] that is currently disconnected, so it is unlocked for this specific user and opened", + f"{project_uuid=}", + f"{set_user_ids=}", + ) + return ProjectLocked( + value=False, + owner=Owner(user_id=next(iter(set_user_ids)), **usernames[0]), + status=ProjectStatus.OPENED, + ) # the project is opened in another tab or browser, or by another user, both case resolves to the project being locked, and opened log.debug( "project [%s] is in use by another user [%s], so it is locked", @@ -1716,11 +1717,13 @@ async def remove_project_dynamic_services( user_id, ) - user_name_data: FullNameDict = user_name or await get_user_fullname(app, user_id) + user_name_data: FullNameDict = user_name or await get_user_fullname( + app, user_id=user_id + ) user_role: UserRole | None = None try: - user_role = await get_user_role(app, user_id) + user_role = await get_user_role(app, user_id=user_id) except UserNotFoundError: user_role = None diff --git a/services/web/server/src/simcore_service_webserver/studies_dispatcher/_users.py b/services/web/server/src/simcore_service_webserver/studies_dispatcher/_users.py index b76d8a4b3f9..531759b062f 100644 --- a/services/web/server/src/simcore_service_webserver/studies_dispatcher/_users.py +++ b/services/web/server/src/simcore_service_webserver/studies_dispatcher/_users.py @@ -13,6 +13,7 @@ import string from contextlib import suppress from datetime import datetime +from typing import Final import redis.asyncio as aioredis from aiohttp import web @@ -65,6 +66,33 @@ async def get_authorized_user(request: web.Request) -> dict: return {} +# GUEST_USER_RC_LOCK: +# +# These locks prevents the GC from deleting a GUEST user in to stages of its lifefime: +# +# 1. During construction: +# - Prevents GC from deleting this GUEST user while it is being created +# - Since the user still does not have an ID assigned, the lock is named with his random_user_name +# - the timeout here is the TTL of the lock in Redis. in case the webserver is overwhelmed and cannot create +# a user during that time or crashes, then redis will ensure the lock disappears and let the garbage collector do its work +# +MAX_DELAY_TO_CREATE_USER: Final[int] = 8 # secs +# +# 2. During initialization +# - Prevents the GC from deleting this GUEST user, with ID assigned, while it gets initialized and acquires it's first resource +# - Uses the ID assigned to name the lock +# +MAX_DELAY_TO_GUEST_FIRST_CONNECTION: Final[int] = 15 # secs +# +# +# NOTES: +# - In case of failure or excessive delay the lock has a timeout that automatically unlocks it +# and the GC can clean up what remains +# - Notice that the ids to name the locks are unique, therefore the lock can be acquired w/o errors +# - These locks are very specific to resources and have timeout so the risk of blocking from GC is small +# + + async def create_temporary_guest_user(request: web.Request): """Creates a guest user with a random name and @@ -86,33 +114,6 @@ async def create_temporary_guest_user(request: web.Request): password = generate_password(length=12) expires_at = datetime.utcnow() + settings.STUDIES_GUEST_ACCOUNT_LIFETIME - # GUEST_USER_RC_LOCK: - # - # These locks prevents the GC from deleting a GUEST user in to stages of its lifefime: - # - # 1. During construction: - # - Prevents GC from deleting this GUEST user while it is being created - # - Since the user still does not have an ID assigned, the lock is named with his random_user_name - # - the timeout here is the TTL of the lock in Redis. in case the webserver is overwhelmed and cannot create - # a user during that time or crashes, then redis will ensure the lock disappears and let the garbage collector do its work - # - MAX_DELAY_TO_CREATE_USER = 5 # secs - # - # 2. During initialization - # - Prevents the GC from deleting this GUEST user, with ID assigned, while it gets initialized and acquires it's first resource - # - Uses the ID assigned to name the lock - # - MAX_DELAY_TO_GUEST_FIRST_CONNECTION = 15 # secs - # - # - # NOTES: - # - In case of failure or excessive delay the lock has a timeout that automatically unlocks it - # and the GC can clean up what remains - # - Notice that the ids to name the locks are unique, therefore the lock can be acquired w/o errors - # - These locks are very specific to resources and have timeout so the risk of blocking from GC is small - # - - # (1) read details above usr = None try: async with redis_locks_client.lock( diff --git a/services/web/server/src/simcore_service_webserver/users/_api.py b/services/web/server/src/simcore_service_webserver/users/_api.py deleted file mode 100644 index 458366367f5..00000000000 --- a/services/web/server/src/simcore_service_webserver/users/_api.py +++ /dev/null @@ -1,166 +0,0 @@ -import logging -from typing import NamedTuple - -import pycountry -from aiohttp import web -from models_library.emails import LowerCaseEmailStr -from models_library.payments import UserInvoiceAddress -from models_library.users import UserBillingDetails, UserID -from pydantic import TypeAdapter -from simcore_postgres_database.models.users import UserStatus - -from ..db.plugin import get_database_engine -from . import _db, _schemas -from ._db import get_user_or_raise -from ._db import list_user_permissions as db_list_of_permissions -from ._db import update_user_status -from .exceptions import AlreadyPreRegisteredError -from .schemas import Permission - -_logger = logging.getLogger(__name__) - - -async def list_user_permissions( - app: web.Application, user_id: UserID, product_name: str -) -> list[Permission]: - permissions: list[Permission] = await db_list_of_permissions( - app, user_id=user_id, product_name=product_name - ) - return permissions - - -class UserCredentialsTuple(NamedTuple): - email: LowerCaseEmailStr - password_hash: str - display_name: str - - -async def get_user_credentials( - app: web.Application, *, user_id: UserID -) -> UserCredentialsTuple: - row = await get_user_or_raise( - get_database_engine(app), - user_id=user_id, - return_column_names=[ - "name", - "first_name", - "email", - "password_hash", - ], - ) - - return UserCredentialsTuple( - email=TypeAdapter(LowerCaseEmailStr).validate_python(row.email), - password_hash=row.password_hash, - display_name=row.first_name or row.name.capitalize(), - ) - - -async def set_user_as_deleted(app: web.Application, user_id: UserID) -> None: - await update_user_status( - get_database_engine(app), user_id=user_id, new_status=UserStatus.DELETED - ) - - -def _glob_to_sql_like(glob_pattern: str) -> str: - # Escape SQL LIKE special characters in the glob pattern - sql_like_pattern = glob_pattern.replace("%", r"\%").replace("_", r"\_") - # Convert glob wildcards to SQL LIKE wildcards - return sql_like_pattern.replace("*", "%").replace("?", "_") - - -async def search_users( - app: web.Application, email_glob: str, *, include_products: bool = False -) -> list[_schemas.UserProfile]: - # NOTE: this search is deploy-wide i.e. independent of the product! - rows = await _db.search_users_and_get_profile( - get_database_engine(app), email_like=_glob_to_sql_like(email_glob) - ) - - async def _list_products_or_none(user_id): - if user_id is not None and include_products: - products = await _db.get_user_products( - get_database_engine(app), user_id=user_id - ) - return [_.product_name for _ in products] - return None - - return [ - _schemas.UserProfile( - first_name=r.first_name or r.pre_first_name, - last_name=r.last_name or r.pre_last_name, - email=r.email or r.pre_email, - institution=r.institution, - phone=r.phone or r.pre_phone, - address=r.address, - city=r.city, - state=r.state, - postal_code=r.postal_code, - country=r.country, - extras=r.extras or {}, - invited_by=r.invited_by, - products=await _list_products_or_none(r.user_id), - # NOTE: old users will not have extra details - registered=r.user_id is not None if r.pre_email else r.status is not None, - status=r.status, - ) - for r in rows - ] - - -async def pre_register_user( - app: web.Application, profile: _schemas.PreUserProfile, creator_user_id: UserID -) -> _schemas.UserProfile: - - found = await search_users(app, email_glob=profile.email, include_products=False) - if found: - raise AlreadyPreRegisteredError(num_found=len(found), email=profile.email) - - details = profile.model_dump( - include={ - "first_name", - "last_name", - "phone", - "institution", - "address", - "city", - "state", - "country", - "postal_code", - "extras", - }, - exclude_none=True, - ) - - for key in ("first_name", "last_name", "phone"): - if key in details: - details[f"pre_{key}"] = details.pop(key) - - await _db.new_user_details( - get_database_engine(app), - email=profile.email, - created_by=creator_user_id, - **details, - ) - - found = await search_users(app, email_glob=profile.email, include_products=False) - - assert len(found) == 1 # nosec - return found[0] - - -async def get_user_invoice_address( - app: web.Application, user_id: UserID -) -> UserInvoiceAddress: - user_billing_details: UserBillingDetails = await _db.get_user_billing_details( - get_database_engine(app), user_id=user_id - ) - _user_billing_country = pycountry.countries.lookup(user_billing_details.country) - _user_billing_country_alpha_2_format = _user_billing_country.alpha_2 - return UserInvoiceAddress( - line1=user_billing_details.address, - state=user_billing_details.state, - postal_code=user_billing_details.postal_code, - city=user_billing_details.city, - country=_user_billing_country_alpha_2_format, - ) diff --git a/services/web/server/src/simcore_service_webserver/users/_common/__init__.py b/services/web/server/src/simcore_service_webserver/users/_common/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/services/web/server/src/simcore_service_webserver/users/_models.py b/services/web/server/src/simcore_service_webserver/users/_common/models.py similarity index 63% rename from services/web/server/src/simcore_service_webserver/users/_models.py rename to services/web/server/src/simcore_service_webserver/users/_common/models.py index cd9de6a873c..513d8bed102 100644 --- a/services/web/server/src/simcore_service_webserver/users/_models.py +++ b/services/web/server/src/simcore_service_webserver/users/_common/models.py @@ -1,6 +1,30 @@ -from typing import Annotated, Any, Self +from typing import Annotated, Any, NamedTuple, Self, TypedDict + +from models_library.basic_types import IDStr +from models_library.emails import LowerCaseEmailStr +from pydantic import BaseModel, ConfigDict, EmailStr, Field + + +class FullNameDict(TypedDict): + first_name: str | None + last_name: str | None + + +class UserDisplayAndIdNamesTuple(NamedTuple): + name: str + email: EmailStr + first_name: IDStr + last_name: IDStr + + @property + def full_name(self) -> IDStr: + return IDStr.concatenate(self.first_name, self.last_name) + + +class UserIdNamesTuple(NamedTuple): + name: str + email: str -from pydantic import BaseModel, ConfigDict, Field # # DB models @@ -45,3 +69,9 @@ def from_api(cls, profile_update) -> Self: def to_db(self) -> dict[str, Any]: return self.model_dump(exclude_unset=True, by_alias=False) + + +class UserCredentialsTuple(NamedTuple): + email: LowerCaseEmailStr + password_hash: str + display_name: str diff --git a/services/web/server/src/simcore_service_webserver/users/_schemas.py b/services/web/server/src/simcore_service_webserver/users/_common/schemas.py similarity index 62% rename from services/web/server/src/simcore_service_webserver/users/_schemas.py rename to services/web/server/src/simcore_service_webserver/users/_common/schemas.py index 4b9aa7acf63..b4455abfa07 100644 --- a/services/web/server/src/simcore_service_webserver/users/_schemas.py +++ b/services/web/server/src/simcore_service_webserver/users/_common/schemas.py @@ -1,62 +1,37 @@ -""" models for rest api schemas, i.e. those defined in openapi.json +""" input/output datasets used in the rest-API +NOTE: Most of the model schemas are in `models_library.api_schemas_webserver.users`, +the rest (hidden or needs a dependency) is here """ + import re import sys from contextlib import suppress from typing import Annotated, Any, Final import pycountry -from models_library.api_schemas_webserver._base import InputSchema, OutputSchema +from models_library.api_schemas_webserver._base import InputSchema +from models_library.api_schemas_webserver.users import UserGet from models_library.emails import LowerCaseEmailStr -from models_library.products import ProductName -from pydantic import ConfigDict, Field, ValidationInfo, field_validator, model_validator -from simcore_postgres_database.models.users import UserStatus - - -class UserProfile(OutputSchema): - first_name: str | None - last_name: str | None - email: LowerCaseEmailStr - institution: str | None - phone: str | None - address: str | None - city: str | None - state: str | None = Field(description="State, province, canton, ...") - postal_code: str | None - country: str | None - extras: dict[str, Any] = Field( - default_factory=dict, - description="Keeps extra information provided in the request form", - ) +from models_library.users import UserID +from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator +from servicelib.request_keys import RQT_USERID_KEY - # authorization - invited_by: str | None = Field(default=None) +from ..._constants import RQ_PRODUCT_KEY - # user status - registered: bool - status: UserStatus | None - products: list[ProductName] | None = Field( - default=None, - description="List of products this users is included or None if fields is unset", - ) - @field_validator("status") - @classmethod - def _consistency_check(cls, v, info: ValidationInfo): - registered = info.data["registered"] - status = v - if not registered and status is not None: - msg = f"{registered=} and {status=} is not allowed" - raise ValueError(msg) - return v +class UsersRequestContext(BaseModel): + user_id: UserID = Field(..., alias=RQT_USERID_KEY) # type: ignore[literal-required] + product_name: str = Field(..., alias=RQ_PRODUCT_KEY) # type: ignore[literal-required] MAX_BYTES_SIZE_EXTRAS: Final[int] = 512 -class PreUserProfile(InputSchema): +class PreRegisteredUserGet(InputSchema): + # NOTE: validators need pycountry! + first_name: str last_name: str email: LowerCaseEmailStr @@ -74,7 +49,7 @@ class PreUserProfile(InputSchema): dict[str, Any], Field( default_factory=dict, - description="Keeps extra information provided in the request form. At most MAX_NUM_EXTRAS fields", + description="Keeps extra information provided in the request form.", ), ] @@ -133,4 +108,5 @@ def _pre_check_and_normalize_country(cls, v): return v -assert set(PreUserProfile.model_fields).issubset(UserProfile.model_fields) # nosec +# asserts field names are in sync +assert set(PreRegisteredUserGet.model_fields).issubset(UserGet.model_fields) # nosec diff --git a/services/web/server/src/simcore_service_webserver/users/_constants.py b/services/web/server/src/simcore_service_webserver/users/_constants.py deleted file mode 100644 index 5347d3e7527..00000000000 --- a/services/web/server/src/simcore_service_webserver/users/_constants.py +++ /dev/null @@ -1,7 +0,0 @@ -from typing import Final - -FMSG_MISSING_CONFIG_WITH_OEC: Final[str] = ( - "The product is not ready for use until the configuration is fully completed. " - "Please wait and try again. " - "If the issue continues, contact support with error code: {error_code}." -) diff --git a/services/web/server/src/simcore_service_webserver/users/_db.py b/services/web/server/src/simcore_service_webserver/users/_db.py deleted file mode 100644 index f80c4596423..00000000000 --- a/services/web/server/src/simcore_service_webserver/users/_db.py +++ /dev/null @@ -1,216 +0,0 @@ -import contextlib - -import sqlalchemy as sa -from aiohttp import web -from aiopg.sa.connection import SAConnection -from aiopg.sa.engine import Engine -from aiopg.sa.result import ResultProxy, RowProxy -from models_library.groups import GroupID -from models_library.users import UserBillingDetails, UserID -from simcore_postgres_database.models.groups import groups, user_to_groups -from simcore_postgres_database.models.products import products -from simcore_postgres_database.models.users import UserStatus, users -from simcore_postgres_database.models.users_details import ( - users_pre_registration_details, -) -from simcore_postgres_database.utils_groups_extra_properties import ( - GroupExtraPropertiesNotFoundError, - GroupExtraPropertiesRepo, -) -from simcore_postgres_database.utils_users import UsersRepo -from simcore_service_webserver.users.exceptions import UserNotFoundError - -from ..db.models import user_to_groups -from ..db.plugin import get_database_engine -from .exceptions import BillingDetailsNotFoundError -from .schemas import Permission - -_ALL = None - - -async def get_user_or_raise( - engine: Engine, *, user_id: UserID, return_column_names: list[str] | None = _ALL -) -> RowProxy: - if return_column_names == _ALL: - return_column_names = list(users.columns.keys()) - - assert return_column_names is not None # nosec - assert set(return_column_names).issubset(users.columns.keys()) # nosec - - async with engine.acquire() as conn: - row: RowProxy | None = await ( - await conn.execute( - sa.select(*(users.columns[name] for name in return_column_names)).where( - users.c.id == user_id - ) - ) - ).first() - if row is None: - raise UserNotFoundError(uid=user_id) - return row - - -async def get_users_ids_in_group(conn: SAConnection, gid: GroupID) -> set[UserID]: - result: set[UserID] = set() - query_result = await conn.execute( - sa.select(user_to_groups.c.uid).where(user_to_groups.c.gid == gid) - ) - async for entry in query_result: - result.add(entry[0]) - return result - - -async def list_user_permissions( - app: web.Application, *, user_id: UserID, product_name: str -) -> list[Permission]: - override_services_specifications = Permission( - name="override_services_specifications", - allowed=False, - ) - with contextlib.suppress(GroupExtraPropertiesNotFoundError): - async with get_database_engine(app).acquire() as conn: - user_group_extra_properties = ( - await GroupExtraPropertiesRepo.get_aggregated_properties_for_user( - conn, user_id=user_id, product_name=product_name - ) - ) - override_services_specifications.allowed = ( - user_group_extra_properties.override_services_specifications - ) - - return [override_services_specifications] - - -async def do_update_expired_users(conn: SAConnection) -> list[UserID]: - result: ResultProxy = await conn.execute( - users.update() - .values(status=UserStatus.EXPIRED) - .where( - (users.c.expires_at.is_not(None)) - & (users.c.status == UserStatus.ACTIVE) - & (users.c.expires_at < sa.sql.func.now()) - ) - .returning(users.c.id) - ) - if rows := await result.fetchall(): - return [r.id for r in rows] - return [] - - -async def update_user_status( - engine: Engine, *, user_id: UserID, new_status: UserStatus -): - async with engine.acquire() as conn: - await conn.execute( - users.update().values(status=new_status).where(users.c.id == user_id) - ) - - -async def search_users_and_get_profile( - engine: Engine, *, email_like: str -) -> list[RowProxy]: - - users_alias = sa.alias(users, name="users_alias") - - invited_by = ( - sa.select(users_alias.c.name) - .where(users_pre_registration_details.c.created_by == users_alias.c.id) - .label("invited_by") - ) - - async with engine.acquire() as conn: - columns = ( - users.c.first_name, - users.c.last_name, - users.c.email, - users.c.phone, - users_pre_registration_details.c.pre_email, - users_pre_registration_details.c.pre_first_name, - users_pre_registration_details.c.pre_last_name, - users_pre_registration_details.c.institution, - users_pre_registration_details.c.pre_phone, - users_pre_registration_details.c.address, - users_pre_registration_details.c.city, - users_pre_registration_details.c.state, - users_pre_registration_details.c.postal_code, - users_pre_registration_details.c.country, - users_pre_registration_details.c.user_id, - users_pre_registration_details.c.extras, - users.c.status, - invited_by, - ) - - left_outer_join = ( - sa.select(*columns) - .select_from( - users_pre_registration_details.outerjoin( - users, users.c.id == users_pre_registration_details.c.user_id - ) - ) - .where(users_pre_registration_details.c.pre_email.like(email_like)) - ) - right_outer_join = ( - sa.select(*columns) - .select_from( - users.outerjoin( - users_pre_registration_details, - users.c.id == users_pre_registration_details.c.user_id, - ) - ) - .where(users.c.email.like(email_like)) - ) - - result = await conn.execute(sa.union(left_outer_join, right_outer_join)) - return await result.fetchall() or [] - - -async def get_user_products(engine: Engine, user_id: UserID) -> list[RowProxy]: - async with engine.acquire() as conn: - product_name_subq = ( - sa.select(products.c.name) - .where(products.c.group_id == groups.c.gid) - .label("product_name") - ) - products_gis_subq = sa.select(products.c.group_id).distinct().subquery() - query = ( - sa.select( - groups.c.gid, - product_name_subq, - ) - .select_from( - users.join(user_to_groups, user_to_groups.c.uid == users.c.id).join( - groups, - (groups.c.gid == user_to_groups.c.gid) - & groups.c.gid.in_(products_gis_subq), - ) - ) - .where(users.c.id == user_id) - .order_by(groups.c.gid) - ) - result = await conn.execute(query) - return await result.fetchall() or [] - - -async def new_user_details( - engine: Engine, email: str, created_by: UserID, **other_values -) -> None: - async with engine.acquire() as conn: - await conn.execute( - sa.insert(users_pre_registration_details).values( - created_by=created_by, pre_email=email, **other_values - ) - ) - - -async def get_user_billing_details( - engine: Engine, user_id: UserID -) -> UserBillingDetails: - """ - Raises: - BillingDetailsNotFoundError - """ - async with engine.acquire() as conn: - user_billing_details = await UsersRepo.get_billing_details(conn, user_id) - if not user_billing_details: - raise BillingDetailsNotFoundError(user_id=user_id) - return UserBillingDetails.model_validate(user_billing_details) diff --git a/services/web/server/src/simcore_service_webserver/users/_handlers.py b/services/web/server/src/simcore_service_webserver/users/_handlers.py deleted file mode 100644 index 25785673a03..00000000000 --- a/services/web/server/src/simcore_service_webserver/users/_handlers.py +++ /dev/null @@ -1,149 +0,0 @@ -import functools -import logging - -from aiohttp import web -from models_library.api_schemas_webserver.users import MyProfileGet, MyProfilePatch -from models_library.users import UserID -from pydantic import BaseModel, Field -from servicelib.aiohttp import status -from servicelib.aiohttp.requests_validation import ( - parse_request_body_as, - parse_request_query_parameters_as, -) -from servicelib.aiohttp.typing_extension import Handler -from servicelib.logging_errors import create_troubleshotting_log_kwargs -from servicelib.request_keys import RQT_USERID_KEY -from servicelib.rest_constants import RESPONSE_MODEL_POLICY - -from .._constants import RQ_PRODUCT_KEY -from .._meta import API_VTAG -from ..login.decorators import login_required -from ..security.decorators import permission_required -from ..utils_aiohttp import envelope_json_response -from . import _api, api -from ._constants import FMSG_MISSING_CONFIG_WITH_OEC -from ._schemas import PreUserProfile -from .exceptions import ( - AlreadyPreRegisteredError, - MissingGroupExtraPropertiesForProductError, - UserNameDuplicateError, - UserNotFoundError, -) - -_logger = logging.getLogger(__name__) - - -routes = web.RouteTableDef() - - -class UsersRequestContext(BaseModel): - user_id: UserID = Field(..., alias=RQT_USERID_KEY) # type: ignore[literal-required] - product_name: str = Field(..., alias=RQ_PRODUCT_KEY) # type: ignore[literal-required] - - -def _handle_users_exceptions(handler: Handler): - @functools.wraps(handler) - async def wrapper(request: web.Request) -> web.StreamResponse: - try: - return await handler(request) - - except UserNotFoundError as exc: - raise web.HTTPNotFound(reason=f"{exc}") from exc - - except UserNameDuplicateError as exc: - raise web.HTTPConflict(reason=f"{exc}") from exc - - except MissingGroupExtraPropertiesForProductError as exc: - error_code = exc.error_code() - user_error_msg = FMSG_MISSING_CONFIG_WITH_OEC.format(error_code=error_code) - _logger.exception( - **create_troubleshotting_log_kwargs( - user_error_msg, - error=exc, - error_code=error_code, - tip="Row in `groups_extra_properties` for this product is missing.", - ) - ) - raise web.HTTPServiceUnavailable(reason=user_error_msg) from exc - - return wrapper - - -@routes.get(f"/{API_VTAG}/me", name="get_my_profile") -@login_required -@_handle_users_exceptions -async def get_my_profile(request: web.Request) -> web.Response: - req_ctx = UsersRequestContext.model_validate(request) - profile: MyProfileGet = await api.get_user_profile( - request.app, req_ctx.user_id, req_ctx.product_name - ) - return envelope_json_response(profile) - - -@routes.patch(f"/{API_VTAG}/me", name="update_my_profile") -@routes.put( - f"/{API_VTAG}/me", name="replace_my_profile" # deprecated. Use patch instead -) -@login_required -@permission_required("user.profile.update") -@_handle_users_exceptions -async def update_my_profile(request: web.Request) -> web.Response: - req_ctx = UsersRequestContext.model_validate(request) - profile_update = await parse_request_body_as(MyProfilePatch, request) - - await api.update_user_profile( - request.app, user_id=req_ctx.user_id, update=profile_update - ) - return web.json_response(status=status.HTTP_204_NO_CONTENT) - - -class _SearchQueryParams(BaseModel): - email: str = Field( - min_length=3, - max_length=200, - description="complete or glob pattern for an email", - ) - - -_RESPONSE_MODEL_MINIMAL_POLICY = RESPONSE_MODEL_POLICY.copy() -_RESPONSE_MODEL_MINIMAL_POLICY["exclude_none"] = True - - -@routes.get(f"/{API_VTAG}/users:search", name="search_users") -@login_required -@permission_required("user.users.*") -@_handle_users_exceptions -async def search_users(request: web.Request) -> web.Response: - req_ctx = UsersRequestContext.model_validate(request) - assert req_ctx.product_name # nosec - - query_params: _SearchQueryParams = parse_request_query_parameters_as( - _SearchQueryParams, request - ) - - found = await _api.search_users( - request.app, email_glob=query_params.email, include_products=True - ) - - return envelope_json_response( - [_.model_dump(**_RESPONSE_MODEL_MINIMAL_POLICY) for _ in found] - ) - - -@routes.post(f"/{API_VTAG}/users:pre-register", name="pre_register_user") -@login_required -@permission_required("user.users.*") -@_handle_users_exceptions -async def pre_register_user(request: web.Request) -> web.Response: - req_ctx = UsersRequestContext.model_validate(request) - pre_user_profile = await parse_request_body_as(PreUserProfile, request) - - try: - user_profile = await _api.pre_register_user( - request.app, profile=pre_user_profile, creator_user_id=req_ctx.user_id - ) - return envelope_json_response( - user_profile.model_dump(**_RESPONSE_MODEL_MINIMAL_POLICY) - ) - except AlreadyPreRegisteredError as err: - raise web.HTTPConflict(reason=f"{err}") from err diff --git a/services/web/server/src/simcore_service_webserver/users/_notifications_handlers.py b/services/web/server/src/simcore_service_webserver/users/_notifications_rest.py similarity index 91% rename from services/web/server/src/simcore_service_webserver/users/_notifications_handlers.py rename to services/web/server/src/simcore_service_webserver/users/_notifications_rest.py index 58fb1a483e5..e9f3b1788e9 100644 --- a/services/web/server/src/simcore_service_webserver/users/_notifications_handlers.py +++ b/services/web/server/src/simcore_service_webserver/users/_notifications_rest.py @@ -3,6 +3,8 @@ import redis.asyncio as aioredis from aiohttp import web +from models_library.api_schemas_webserver.users import MyPermissionGet +from models_library.users import UserPermission from pydantic import BaseModel from servicelib.aiohttp import status from servicelib.aiohttp.requests_validation import ( @@ -17,8 +19,8 @@ from ..redis import get_redis_user_notifications_client from ..security.decorators import permission_required from ..utils_aiohttp import envelope_json_response -from . import _api -from ._handlers import UsersRequestContext +from . import _users_service +from ._common.schemas import UsersRequestContext from ._notifications import ( MAX_NOTIFICATIONS_FOR_USER_TO_KEEP, MAX_NOTIFICATIONS_FOR_USER_TO_SHOW, @@ -27,7 +29,6 @@ UserNotificationPatch, get_notification_key, ) -from .schemas import Permission, PermissionGet _logger = logging.getLogger(__name__) @@ -125,14 +126,9 @@ async def mark_notification_as_read(request: web.Request) -> web.Response: @permission_required("user.permissions.read") async def list_user_permissions(request: web.Request) -> web.Response: req_ctx = UsersRequestContext.model_validate(request) - list_permissions: list[Permission] = await _api.list_user_permissions( - request.app, req_ctx.user_id, req_ctx.product_name + list_permissions: list[UserPermission] = await _users_service.list_user_permissions( + request.app, user_id=req_ctx.user_id, product_name=req_ctx.product_name ) return envelope_json_response( - [ - PermissionGet.model_construct( - _fields_set=p.model_fields_set, **p.model_dump() - ) - for p in list_permissions - ] + [MyPermissionGet.from_model(p) for p in list_permissions] ) diff --git a/services/web/server/src/simcore_service_webserver/users/_preferences_db.py b/services/web/server/src/simcore_service_webserver/users/_preferences_repository.py similarity index 100% rename from services/web/server/src/simcore_service_webserver/users/_preferences_db.py rename to services/web/server/src/simcore_service_webserver/users/_preferences_repository.py diff --git a/services/web/server/src/simcore_service_webserver/users/_preferences_handlers.py b/services/web/server/src/simcore_service_webserver/users/_preferences_rest.py similarity index 94% rename from services/web/server/src/simcore_service_webserver/users/_preferences_handlers.py rename to services/web/server/src/simcore_service_webserver/users/_preferences_rest.py index 0c886472171..1793cd65ccd 100644 --- a/services/web/server/src/simcore_service_webserver/users/_preferences_handlers.py +++ b/services/web/server/src/simcore_service_webserver/users/_preferences_rest.py @@ -18,7 +18,7 @@ from .._meta import API_VTAG from ..login.decorators import login_required from ..models import RequestContext -from . import _preferences_api +from . import _preferences_service from .exceptions import FrontendUserPreferenceIsNotDefinedError routes = web.RouteTableDef() @@ -50,7 +50,7 @@ async def set_frontend_preference(request: web.Request) -> web.Response: req_body = await parse_request_body_as(PatchRequestBody, request) req_path_params = parse_request_path_parameters_as(PatchPathParams, request) - await _preferences_api.set_frontend_user_preference( + await _preferences_service.set_frontend_user_preference( request.app, user_id=req_ctx.user_id, product_name=req_ctx.product_name, diff --git a/services/web/server/src/simcore_service_webserver/users/_preferences_api.py b/services/web/server/src/simcore_service_webserver/users/_preferences_service.py similarity index 95% rename from services/web/server/src/simcore_service_webserver/users/_preferences_api.py rename to services/web/server/src/simcore_service_webserver/users/_preferences_service.py index fb55ac58d2f..0a5893141e1 100644 --- a/services/web/server/src/simcore_service_webserver/users/_preferences_api.py +++ b/services/web/server/src/simcore_service_webserver/users/_preferences_service.py @@ -20,7 +20,7 @@ ) from ..db.plugin import get_database_engine -from . import _preferences_db +from . import _preferences_repository from ._preferences_models import ( ALL_FRONTEND_PREFERENCES, TelemetryLowDiskSpaceWarningThresholdFrontendUserPreference, @@ -39,7 +39,7 @@ async def _get_frontend_user_preferences( ) -> list[FrontendUserPreference]: saved_user_preferences: list[FrontendUserPreference | None] = await logged_gather( *( - _preferences_db.get_user_preference( + _preferences_repository.get_user_preference( app, user_id=user_id, product_name=product_name, @@ -64,7 +64,7 @@ async def get_frontend_user_preference( product_name: ProductName, preference_class: type[FrontendUserPreference], ) -> AnyUserPreference | None: - return await _preferences_db.get_user_preference( + return await _preferences_repository.get_user_preference( app, user_id=user_id, product_name=product_name, @@ -127,7 +127,7 @@ async def set_frontend_user_preference( FrontendUserPreference.get_preference_class_from_name(preference_name), ) - await _preferences_db.set_user_preference( + await _preferences_repository.set_user_preference( app, user_id=user_id, preference=TypeAdapter(preference_class).validate_python({"value": value}), # type: ignore[arg-type] # GitHK this is suspicious diff --git a/services/web/server/src/simcore_service_webserver/users/_tokens_handlers.py b/services/web/server/src/simcore_service_webserver/users/_tokens_rest.py similarity index 74% rename from services/web/server/src/simcore_service_webserver/users/_tokens_handlers.py rename to services/web/server/src/simcore_service_webserver/users/_tokens_rest.py index 9f5dfc941b8..64c971761a7 100644 --- a/services/web/server/src/simcore_service_webserver/users/_tokens_handlers.py +++ b/services/web/server/src/simcore_service_webserver/users/_tokens_rest.py @@ -2,6 +2,7 @@ import logging from aiohttp import web +from models_library.api_schemas_webserver.users import MyTokenCreate, MyTokenGet from pydantic import BaseModel from servicelib.aiohttp import status from servicelib.aiohttp.requests_validation import ( @@ -14,10 +15,9 @@ from ..login.decorators import login_required from ..security.decorators import permission_required from ..utils_aiohttp import envelope_json_response -from . import _tokens -from ._handlers import UsersRequestContext +from . import _tokens_service +from ._common.schemas import UsersRequestContext from .exceptions import TokenNotFoundError -from .schemas import TokenCreate _logger = logging.getLogger(__name__) @@ -45,8 +45,8 @@ async def _wrapper(request: web.Request) -> web.StreamResponse: @permission_required("user.tokens.*") async def list_tokens(request: web.Request) -> web.Response: req_ctx = UsersRequestContext.model_validate(request) - all_tokens = await _tokens.list_tokens(request.app, req_ctx.user_id) - return envelope_json_response(all_tokens) + all_tokens = await _tokens_service.list_tokens(request.app, req_ctx.user_id) + return envelope_json_response([MyTokenGet.from_model(t) for t in all_tokens]) @routes.post(f"/{API_VTAG}/me/tokens", name="create_token") @@ -55,9 +55,13 @@ async def list_tokens(request: web.Request) -> web.Response: @permission_required("user.tokens.*") async def create_token(request: web.Request) -> web.Response: req_ctx = UsersRequestContext.model_validate(request) - token_create = await parse_request_body_as(TokenCreate, request) - await _tokens.create_token(request.app, req_ctx.user_id, token_create) - return envelope_json_response(token_create, web.HTTPCreated) + token_create = await parse_request_body_as(MyTokenCreate, request) + + token = await _tokens_service.create_token( + request.app, req_ctx.user_id, token_create.to_model() + ) + + return envelope_json_response(MyTokenGet.from_model(token), web.HTTPCreated) class _TokenPathParams(BaseModel): @@ -71,10 +75,12 @@ class _TokenPathParams(BaseModel): async def get_token(request: web.Request) -> web.Response: req_ctx = UsersRequestContext.model_validate(request) req_path_params = parse_request_path_parameters_as(_TokenPathParams, request) - token = await _tokens.get_token( + + token = await _tokens_service.get_token( request.app, req_ctx.user_id, req_path_params.service ) - return envelope_json_response(token) + + return envelope_json_response(MyTokenGet.from_model(token)) @routes.delete(f"/{API_VTAG}/me/tokens/{{service}}", name="delete_token") @@ -84,5 +90,9 @@ async def get_token(request: web.Request) -> web.Response: async def delete_token(request: web.Request) -> web.Response: req_ctx = UsersRequestContext.model_validate(request) req_path_params = parse_request_path_parameters_as(_TokenPathParams, request) - await _tokens.delete_token(request.app, req_ctx.user_id, req_path_params.service) + + await _tokens_service.delete_token( + request.app, req_ctx.user_id, req_path_params.service + ) + return web.json_response(status=status.HTTP_204_NO_CONTENT) diff --git a/services/web/server/src/simcore_service_webserver/users/_tokens.py b/services/web/server/src/simcore_service_webserver/users/_tokens_service.py similarity index 78% rename from services/web/server/src/simcore_service_webserver/users/_tokens.py rename to services/web/server/src/simcore_service_webserver/users/_tokens_service.py index 6b4e58c8443..18e2f6323fd 100644 --- a/services/web/server/src/simcore_service_webserver/users/_tokens.py +++ b/services/web/server/src/simcore_service_webserver/users/_tokens_service.py @@ -4,43 +4,43 @@ """ import sqlalchemy as sa from aiohttp import web -from models_library.users import UserID -from models_library.utils.fastapi_encoders import jsonable_encoder +from models_library.users import UserID, UserThirdPartyToken from sqlalchemy import and_, literal_column from ..db.models import tokens from ..db.plugin import get_database_engine from .exceptions import TokenNotFoundError -from .schemas import ThirdPartyToken, TokenCreate async def create_token( - app: web.Application, user_id: UserID, token: TokenCreate -) -> ThirdPartyToken: + app: web.Application, user_id: UserID, token: UserThirdPartyToken +) -> UserThirdPartyToken: async with get_database_engine(app).acquire() as conn: await conn.execute( tokens.insert().values( user_id=user_id, token_service=token.service, - token_data=jsonable_encoder(token), + token_data=token.model_dump(mode="json"), ) ) return token -async def list_tokens(app: web.Application, user_id: UserID) -> list[ThirdPartyToken]: - user_tokens: list[ThirdPartyToken] = [] +async def list_tokens( + app: web.Application, user_id: UserID +) -> list[UserThirdPartyToken]: + user_tokens: list[UserThirdPartyToken] = [] async with get_database_engine(app).acquire() as conn: async for row in conn.execute( sa.select(tokens.c.token_data).where(tokens.c.user_id == user_id) ): - user_tokens.append(ThirdPartyToken.model_construct(**row["token_data"])) + user_tokens.append(UserThirdPartyToken.model_construct(**row["token_data"])) return user_tokens async def get_token( app: web.Application, user_id: UserID, service_id: str -) -> ThirdPartyToken: +) -> UserThirdPartyToken: async with get_database_engine(app).acquire() as conn: result = await conn.execute( sa.select(tokens.c.token_data).where( @@ -48,13 +48,13 @@ async def get_token( ) ) if row := await result.first(): - return ThirdPartyToken.model_construct(**row["token_data"]) + return UserThirdPartyToken.model_construct(**row["token_data"]) raise TokenNotFoundError(service_id=service_id) async def update_token( app: web.Application, user_id: UserID, service_id: str, token_data: dict[str, str] -) -> ThirdPartyToken: +) -> UserThirdPartyToken: async with get_database_engine(app).acquire() as conn: result = await conn.execute( sa.select(tokens.c.token_data, tokens.c.token_id).where( @@ -78,7 +78,7 @@ async def update_token( assert resp.rowcount == 1 # nosec updated_token = await resp.fetchone() assert updated_token # nosec - return ThirdPartyToken.model_construct(**updated_token["token_data"]) + return UserThirdPartyToken.model_construct(**updated_token["token_data"]) async def delete_token(app: web.Application, user_id: UserID, service_id: str) -> None: diff --git a/services/web/server/src/simcore_service_webserver/users/_users_repository.py b/services/web/server/src/simcore_service_webserver/users/_users_repository.py new file mode 100644 index 00000000000..4c536536950 --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/users/_users_repository.py @@ -0,0 +1,441 @@ +import contextlib +from typing import Any + +import sqlalchemy as sa +from aiohttp import web +from common_library.users_enums import UserRole +from models_library.groups import GroupID +from models_library.users import ( + MyProfile, + UserBillingDetails, + UserID, + UserNameID, + UserPermission, +) +from pydantic import TypeAdapter, ValidationError +from simcore_postgres_database.models.groups import groups, user_to_groups +from simcore_postgres_database.models.products import products +from simcore_postgres_database.models.users import UserStatus, users +from simcore_postgres_database.models.users_details import ( + users_pre_registration_details, +) +from simcore_postgres_database.utils_groups_extra_properties import ( + GroupExtraPropertiesNotFoundError, + GroupExtraPropertiesRepo, +) +from simcore_postgres_database.utils_repos import ( + pass_or_acquire_connection, + transaction_context, +) +from simcore_postgres_database.utils_users import ( + UsersRepo, + generate_alternative_username, +) +from sqlalchemy import delete +from sqlalchemy.engine.row import Row +from sqlalchemy.exc import IntegrityError +from sqlalchemy.ext.asyncio import AsyncConnection, AsyncEngine + +from ..db.plugin import get_asyncpg_engine +from ._common.models import FullNameDict, ToUserUpdateDB +from .exceptions import ( + BillingDetailsNotFoundError, + UserNameDuplicateError, + UserNotFoundError, +) + + +def _parse_as_user(user_id: Any) -> UserID: + try: + return TypeAdapter(UserID).validate_python(user_id) + except ValidationError as err: + raise UserNotFoundError(uid=user_id, user_id=user_id) from err + + +async def get_user_or_raise( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + user_id: UserID, + return_column_names: list[str] | None = None, +) -> dict[str, Any]: + if not return_column_names: # None or empty list, returns all + return_column_names = list(users.columns.keys()) + + assert return_column_names is not None # nosec + assert set(return_column_names).issubset(users.columns.keys()) # nosec + + async with pass_or_acquire_connection(engine, connection) as conn: + result = await conn.stream( + sa.select(*(users.columns[name] for name in return_column_names)).where( + users.c.id == user_id + ) + ) + row = await result.first() + if row is None: + raise UserNotFoundError(uid=user_id) + user: dict[str, Any] = row._asdict() + return user + + +async def get_user_primary_group_id( + engine: AsyncEngine, connection: AsyncConnection | None = None, *, user_id: UserID +) -> GroupID: + async with pass_or_acquire_connection(engine, connection) as conn: + primary_gid: GroupID | None = await conn.scalar( + sa.select( + users.c.primary_gid, + ).where(users.c.id == user_id) + ) + if primary_gid is None: + raise UserNotFoundError(uid=user_id) + return primary_gid + + +async def get_users_ids_in_group( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + group_id: GroupID, +) -> set[UserID]: + async with pass_or_acquire_connection(engine, connection) as conn: + result = await conn.stream( + sa.select(user_to_groups.c.uid).where(user_to_groups.c.gid == group_id) + ) + return {row.uid async for row in result} + + +async def get_user_id_from_pgid(app: web.Application, primary_gid: int) -> UserID: + async with pass_or_acquire_connection(engine=get_asyncpg_engine(app)) as conn: + user_id: UserID = await conn.scalar( + sa.select(users.c.id).where(users.c.primary_gid == primary_gid) + ) + return user_id + + +async def get_user_fullname(app: web.Application, *, user_id: UserID) -> FullNameDict: + """ + :raises UserNotFoundError: + """ + user_id = _parse_as_user(user_id) + + async with pass_or_acquire_connection(engine=get_asyncpg_engine(app)) as conn: + result = await conn.stream( + sa.select( + users.c.first_name, + users.c.last_name, + ).where(users.c.id == user_id) + ) + user = await result.first() + if not user: + raise UserNotFoundError(uid=user_id) + + return FullNameDict( + first_name=user.first_name, + last_name=user.last_name, + ) + + +async def get_guest_user_ids_and_names( + app: web.Application, +) -> list[tuple[UserID, UserNameID]]: + async with pass_or_acquire_connection(engine=get_asyncpg_engine(app)) as conn: + result = await conn.stream( + sa.select(users.c.id, users.c.name).where(users.c.role == UserRole.GUEST) + ) + + return TypeAdapter(list[tuple[UserID, UserNameID]]).validate_python( + [(row.id, row.name) async for row in result] + ) + + +async def get_user_role(app: web.Application, *, user_id: UserID) -> UserRole: + """ + :raises UserNotFoundError: + """ + user_id = _parse_as_user(user_id) + + async with pass_or_acquire_connection(engine=get_asyncpg_engine(app)) as conn: + user_role = await conn.scalar( + sa.select(users.c.role).where(users.c.id == user_id) + ) + if user_role is None: + raise UserNotFoundError(uid=user_id) + assert isinstance(user_role, UserRole) # nosec + return user_role + + +async def list_user_permissions( + app: web.Application, + connection: AsyncConnection | None = None, + *, + user_id: UserID, + product_name: str, +) -> list[UserPermission]: + override_services_specifications = UserPermission( + name="override_services_specifications", + allowed=False, + ) + engine = get_asyncpg_engine(app) + with contextlib.suppress(GroupExtraPropertiesNotFoundError): + async with pass_or_acquire_connection(engine, connection) as conn: + user_group_extra_properties = ( + await GroupExtraPropertiesRepo.get_aggregated_properties_for_user_v2( + engine, conn, user_id=user_id, product_name=product_name + ) + ) + override_services_specifications.allowed = ( + user_group_extra_properties.override_services_specifications + ) + + return [override_services_specifications] + + +async def do_update_expired_users( + engine: AsyncEngine, + connection: AsyncConnection | None = None, +) -> list[UserID]: + async with transaction_context(engine, connection) as conn: + result = await conn.stream( + users.update() + .values(status=UserStatus.EXPIRED) + .where( + (users.c.expires_at.is_not(None)) + & (users.c.status == UserStatus.ACTIVE) + & (users.c.expires_at < sa.sql.func.now()) + ) + .returning(users.c.id) + ) + return [row.id async for row in result] + + +async def update_user_status( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + user_id: UserID, + new_status: UserStatus, +): + async with transaction_context(engine, connection) as conn: + await conn.execute( + users.update().values(status=new_status).where(users.c.id == user_id) + ) + + +async def search_users_and_get_profile( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + email_like: str, +) -> list[Row]: + + users_alias = sa.alias(users, name="users_alias") + + invited_by = ( + sa.select(users_alias.c.name) + .where(users_pre_registration_details.c.created_by == users_alias.c.id) + .label("invited_by") + ) + + async with pass_or_acquire_connection(engine, connection) as conn: + columns = ( + users.c.first_name, + users.c.last_name, + users.c.email, + users.c.phone, + users_pre_registration_details.c.pre_email, + users_pre_registration_details.c.pre_first_name, + users_pre_registration_details.c.pre_last_name, + users_pre_registration_details.c.institution, + users_pre_registration_details.c.pre_phone, + users_pre_registration_details.c.address, + users_pre_registration_details.c.city, + users_pre_registration_details.c.state, + users_pre_registration_details.c.postal_code, + users_pre_registration_details.c.country, + users_pre_registration_details.c.user_id, + users_pre_registration_details.c.extras, + users.c.status, + invited_by, + ) + + left_outer_join = ( + sa.select(*columns) + .select_from( + users_pre_registration_details.outerjoin( + users, users.c.id == users_pre_registration_details.c.user_id + ) + ) + .where(users_pre_registration_details.c.pre_email.like(email_like)) + ) + right_outer_join = ( + sa.select(*columns) + .select_from( + users.outerjoin( + users_pre_registration_details, + users.c.id == users_pre_registration_details.c.user_id, + ) + ) + .where(users.c.email.like(email_like)) + ) + + result = await conn.stream(sa.union(left_outer_join, right_outer_join)) + return [row async for row in result] + + +async def get_user_products( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + user_id: UserID, +) -> list[Row]: + async with pass_or_acquire_connection(engine, connection) as conn: + product_name_subq = ( + sa.select(products.c.name) + .where(products.c.group_id == groups.c.gid) + .label("product_name") + ) + products_gis_subq = sa.select(products.c.group_id).distinct().subquery() + query = ( + sa.select( + groups.c.gid, + product_name_subq, + ) + .select_from( + users.join(user_to_groups, user_to_groups.c.uid == users.c.id).join( + groups, + (groups.c.gid == user_to_groups.c.gid) + & groups.c.gid.in_(products_gis_subq), + ) + ) + .where(users.c.id == user_id) + .order_by(groups.c.gid) + ) + result = await conn.stream(query) + return [row async for row in result] + + +async def create_user_details( + engine: AsyncEngine, + connection: AsyncConnection | None = None, + *, + email: str, + created_by: UserID, + **other_values, +) -> None: + async with transaction_context(engine, connection) as conn: + await conn.execute( + sa.insert(users_pre_registration_details).values( + created_by=created_by, pre_email=email, **other_values + ) + ) + + +async def get_user_billing_details( + engine: AsyncEngine, connection: AsyncConnection | None = None, *, user_id: UserID +) -> UserBillingDetails: + """ + Raises: + BillingDetailsNotFoundError + """ + async with pass_or_acquire_connection(engine, connection) as conn: + query = UsersRepo.get_billing_details_query(user_id=user_id) + result = await conn.execute(query) + row = result.fetchone() + if not row: + raise BillingDetailsNotFoundError(user_id=user_id) + return UserBillingDetails.model_validate(row) + + +async def delete_user_by_id( + engine: AsyncEngine, connection: AsyncConnection | None = None, *, user_id: UserID +) -> bool: + async with transaction_context(engine, connection) as conn: + result = await conn.execute( + delete(users) + .where(users.c.id == user_id) + .returning(users.c.id) # Return the ID of the deleted row otherwise None + ) + deleted_user = result.fetchone() + + # If no row was deleted, the user did not exist + return bool(deleted_user) + + +# +# USER PROFILE +# + + +async def get_my_profile(app: web.Application, *, user_id: UserID) -> MyProfile: + user_id = _parse_as_user(user_id) + + async with pass_or_acquire_connection(engine=get_asyncpg_engine(app)) as conn: + result = await conn.stream( + sa.select( + # users -> MyProfile map + users.c.id, + users.c.name.label("user_name"), + users.c.first_name, + users.c.last_name, + users.c.email, + users.c.role, + sa.func.json_build_object( + "hide_fullname", + users.c.privacy_hide_fullname, + "hide_email", + users.c.privacy_hide_email, + ).label("privacy"), + sa.case( + ( + users.c.expires_at.isnot(None), + sa.func.date(users.c.expires_at), + ), + else_=None, + ).label("expiration_date"), + ).where(users.c.id == user_id) + ) + row = await result.first() + if not row: + raise UserNotFoundError(uid=user_id) + + my_profile = MyProfile.model_validate(row, from_attributes=True) + assert my_profile.id == user_id # nosec + + return my_profile + + +async def update_user_profile( + app: web.Application, + *, + user_id: UserID, + update: ToUserUpdateDB, +) -> None: + """ + Raises: + UserNotFoundError + UserNameAlreadyExistsError + """ + user_id = _parse_as_user(user_id) + + if updated_values := update.to_db(): + try: + + async with transaction_context(engine=get_asyncpg_engine(app)) as conn: + await conn.execute( + users.update() + .where( + users.c.id == user_id, + ) + .values(**updated_values) + ) + + except IntegrityError as err: + user_name = updated_values.get("name") + + raise UserNameDuplicateError( + user_name=user_name, + alternative_user_name=generate_alternative_username(user_name), + user_id=user_id, + updated_values=updated_values, + ) from err diff --git a/services/web/server/src/simcore_service_webserver/users/_users_rest.py b/services/web/server/src/simcore_service_webserver/users/_users_rest.py new file mode 100644 index 00000000000..33540de2424 --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/users/_users_rest.py @@ -0,0 +1,173 @@ +import logging +from contextlib import suppress + +from aiohttp import web +from models_library.api_schemas_webserver.users import ( + MyProfileGet, + MyProfilePatch, + UsersSearchQueryParams, +) +from servicelib.aiohttp import status +from servicelib.aiohttp.requests_validation import ( + parse_request_body_as, + parse_request_query_parameters_as, +) +from servicelib.rest_constants import RESPONSE_MODEL_POLICY +from simcore_service_webserver.products._api import get_current_product +from simcore_service_webserver.products._model import Product + +from .._meta import API_VTAG +from ..exception_handling import ( + ExceptionToHttpErrorMap, + HttpErrorInfo, + exception_handling_decorator, + to_exceptions_handlers_map, +) +from ..groups import api as groups_api +from ..groups.exceptions import GroupNotFoundError +from ..login.decorators import login_required +from ..security.decorators import permission_required +from ..utils_aiohttp import envelope_json_response +from . import _users_service +from ._common.schemas import PreRegisteredUserGet, UsersRequestContext +from .exceptions import ( + AlreadyPreRegisteredError, + MissingGroupExtraPropertiesForProductError, + UserNameDuplicateError, + UserNotFoundError, +) + +_logger = logging.getLogger(__name__) + + +_TO_HTTP_ERROR_MAP: ExceptionToHttpErrorMap = { + UserNotFoundError: HttpErrorInfo( + status.HTTP_404_NOT_FOUND, + "This user cannot be found. Either it is not registered or has enabled privacy settings.", + ), + UserNameDuplicateError: HttpErrorInfo( + status.HTTP_409_CONFLICT, + "Username '{user_name}' is already taken. " + "Consider '{alternative_user_name}' instead.", + ), + AlreadyPreRegisteredError: HttpErrorInfo( + status.HTTP_409_CONFLICT, + "Found {num_found} matches for '{email}'. Cannot pre-register existing user", + ), + MissingGroupExtraPropertiesForProductError: HttpErrorInfo( + status.HTTP_503_SERVICE_UNAVAILABLE, + "The product is not ready for use until the configuration is fully completed. " + "Please wait and try again. " + "If this issue persists, contact support indicating this support code: {error_code}.", + ), +} + +_handle_users_exceptions = exception_handling_decorator( + # Transforms raised service exceptions into controller-errors (i.e. http 4XX,5XX responses) + to_exceptions_handlers_map(_TO_HTTP_ERROR_MAP) +) + + +routes = web.RouteTableDef() + +# +# MY PROFILE: /me +# + + +@routes.get(f"/{API_VTAG}/me", name="get_my_profile") +@login_required +@_handle_users_exceptions +async def get_my_profile(request: web.Request) -> web.Response: + product: Product = get_current_product(request) + req_ctx = UsersRequestContext.model_validate(request) + + groups_by_type = await groups_api.list_user_groups_with_read_access( + request.app, user_id=req_ctx.user_id + ) + + assert groups_by_type.primary + assert groups_by_type.everyone + + my_product_group = None + + if product.group_id: + with suppress(GroupNotFoundError): + # Product is optional + my_product_group = await groups_api.get_product_group_for_user( + app=request.app, + user_id=req_ctx.user_id, + product_gid=product.group_id, + ) + + my_profile, preferences = await _users_service.get_my_profile( + request.app, user_id=req_ctx.user_id, product_name=req_ctx.product_name + ) + + profile = MyProfileGet.from_model( + my_profile, groups_by_type, my_product_group, preferences + ) + + return envelope_json_response(profile) + + +@routes.patch(f"/{API_VTAG}/me", name="update_my_profile") +@routes.put( + f"/{API_VTAG}/me", name="replace_my_profile" # deprecated. Use patch instead +) +@login_required +@permission_required("user.profile.update") +@_handle_users_exceptions +async def update_my_profile(request: web.Request) -> web.Response: + req_ctx = UsersRequestContext.model_validate(request) + profile_update = await parse_request_body_as(MyProfilePatch, request) + + await _users_service.update_my_profile( + request.app, user_id=req_ctx.user_id, update=profile_update + ) + return web.json_response(status=status.HTTP_204_NO_CONTENT) + + +# +# USERS (only POs) +# + +_RESPONSE_MODEL_MINIMAL_POLICY = RESPONSE_MODEL_POLICY.copy() +_RESPONSE_MODEL_MINIMAL_POLICY["exclude_none"] = True + + +@routes.get(f"/{API_VTAG}/users:search", name="search_users") +@login_required +@permission_required("user.users.*") +@_handle_users_exceptions +async def search_users(request: web.Request) -> web.Response: + req_ctx = UsersRequestContext.model_validate(request) + assert req_ctx.product_name # nosec + + query_params: UsersSearchQueryParams = parse_request_query_parameters_as( + UsersSearchQueryParams, request + ) + + found = await _users_service.search_users( + request.app, email_glob=query_params.email, include_products=True + ) + + return envelope_json_response( + [_.model_dump(**_RESPONSE_MODEL_MINIMAL_POLICY) for _ in found] + ) + + +@routes.post(f"/{API_VTAG}/users:pre-register", name="pre_register_user") +@login_required +@permission_required("user.users.*") +@_handle_users_exceptions +async def pre_register_user(request: web.Request) -> web.Response: + req_ctx = UsersRequestContext.model_validate(request) + pre_user_profile = await parse_request_body_as(PreRegisteredUserGet, request) + + user_profile = await _users_service.pre_register_user( + request.app, profile=pre_user_profile, creator_user_id=req_ctx.user_id + ) + return envelope_json_response( + user_profile.model_dump(**_RESPONSE_MODEL_MINIMAL_POLICY) + ) diff --git a/services/web/server/src/simcore_service_webserver/users/_users_service.py b/services/web/server/src/simcore_service_webserver/users/_users_service.py new file mode 100644 index 00000000000..289b4dd641e --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/users/_users_service.py @@ -0,0 +1,344 @@ +import logging +from typing import Any + +import pycountry +from aiohttp import web +from models_library.api_schemas_webserver.users import MyProfilePatch, UserGet +from models_library.basic_types import IDStr +from models_library.emails import LowerCaseEmailStr +from models_library.groups import GroupID +from models_library.payments import UserInvoiceAddress +from models_library.products import ProductName +from models_library.users import UserBillingDetails, UserID, UserPermission +from pydantic import TypeAdapter +from simcore_postgres_database.models.users import UserStatus +from simcore_postgres_database.utils_groups_extra_properties import ( + GroupExtraPropertiesNotFoundError, +) + +from ..db.plugin import get_asyncpg_engine +from ..security.api import clean_auth_policy_cache +from . import _preferences_service, _users_repository +from ._common.models import ( + FullNameDict, + ToUserUpdateDB, + UserCredentialsTuple, + UserDisplayAndIdNamesTuple, + UserIdNamesTuple, +) +from ._common.schemas import PreRegisteredUserGet +from .exceptions import ( + AlreadyPreRegisteredError, + MissingGroupExtraPropertiesForProductError, +) + +_logger = logging.getLogger(__name__) + +# +# PRE-REGISTRATION +# + + +async def pre_register_user( + app: web.Application, + profile: PreRegisteredUserGet, + creator_user_id: UserID, +) -> UserGet: + + found = await search_users(app, email_glob=profile.email, include_products=False) + if found: + raise AlreadyPreRegisteredError(num_found=len(found), email=profile.email) + + details = profile.model_dump( + include={ + "first_name", + "last_name", + "phone", + "institution", + "address", + "city", + "state", + "country", + "postal_code", + "extras", + }, + exclude_none=True, + ) + + for key in ("first_name", "last_name", "phone"): + if key in details: + details[f"pre_{key}"] = details.pop(key) + + await _users_repository.create_user_details( + get_asyncpg_engine(app), + email=profile.email, + created_by=creator_user_id, + **details, + ) + + found = await search_users(app, email_glob=profile.email, include_products=False) + + assert len(found) == 1 # nosec + return found[0] + + +# +# GET USERS +# + + +async def get_user(app: web.Application, user_id: UserID) -> dict[str, Any]: + """ + :raises UserNotFoundError: if missing but NOT if marked for deletion! + """ + return await _users_repository.get_user_or_raise( + engine=get_asyncpg_engine(app), user_id=user_id + ) + + +async def get_user_primary_group_id(app: web.Application, user_id: UserID) -> GroupID: + return await _users_repository.get_user_primary_group_id( + engine=get_asyncpg_engine(app), user_id=user_id + ) + + +async def get_user_id_from_gid(app: web.Application, primary_gid: GroupID) -> UserID: + return await _users_repository.get_user_id_from_pgid(app, primary_gid) + + +async def search_users( + app: web.Application, email_glob: str, *, include_products: bool = False +) -> list[UserGet]: + # NOTE: this search is deploy-wide i.e. independent of the product! + + def _glob_to_sql_like(glob_pattern: str) -> str: + # Escape SQL LIKE special characters in the glob pattern + sql_like_pattern = glob_pattern.replace("%", r"\%").replace("_", r"\_") + # Convert glob wildcards to SQL LIKE wildcards + return sql_like_pattern.replace("*", "%").replace("?", "_") + + rows = await _users_repository.search_users_and_get_profile( + get_asyncpg_engine(app), email_like=_glob_to_sql_like(email_glob) + ) + + async def _list_products_or_none(user_id): + if user_id is not None and include_products: + products = await _users_repository.get_user_products( + get_asyncpg_engine(app), user_id=user_id + ) + return [_.product_name for _ in products] + return None + + return [ + UserGet( + first_name=r.first_name or r.pre_first_name, + last_name=r.last_name or r.pre_last_name, + email=r.email or r.pre_email, + institution=r.institution, + phone=r.phone or r.pre_phone, + address=r.address, + city=r.city, + state=r.state, + postal_code=r.postal_code, + country=r.country, + extras=r.extras or {}, + invited_by=r.invited_by, + products=await _list_products_or_none(r.user_id), + # NOTE: old users will not have extra details + registered=r.user_id is not None if r.pre_email else r.status is not None, + status=r.status, + ) + for r in rows + ] + + +async def get_users_in_group(app: web.Application, *, gid: GroupID) -> set[UserID]: + return await _users_repository.get_users_ids_in_group( + get_asyncpg_engine(app), group_id=gid + ) + + +get_guest_user_ids_and_names = _users_repository.get_guest_user_ids_and_names + + +# +# GET USER PROPERTIES +# + + +async def get_user_fullname(app: web.Application, *, user_id: UserID) -> FullNameDict: + """ + :raises UserNotFoundError: + """ + return await _users_repository.get_user_fullname(app, user_id=user_id) + + +async def get_user_name_and_email( + app: web.Application, *, user_id: UserID +) -> UserIdNamesTuple: + """ + Raises: + UserNotFoundError + + Returns: + (user, email) + """ + row = await _users_repository.get_user_or_raise( + get_asyncpg_engine(app), + user_id=user_id, + return_column_names=["name", "email"], + ) + return UserIdNamesTuple(name=row["name"], email=row["email"]) + + +async def get_user_display_and_id_names( + app: web.Application, *, user_id: UserID +) -> UserDisplayAndIdNamesTuple: + """ + Raises: + UserNotFoundError + """ + row = await _users_repository.get_user_or_raise( + get_asyncpg_engine(app), + user_id=user_id, + return_column_names=["name", "email", "first_name", "last_name"], + ) + return UserDisplayAndIdNamesTuple( + name=row["name"], + email=row["email"], + first_name=row["first_name"] or row["name"].capitalize(), + last_name=IDStr(row["last_name"] or ""), + ) + + +get_user_role = _users_repository.get_user_role + + +async def get_user_credentials( + app: web.Application, *, user_id: UserID +) -> UserCredentialsTuple: + row = await _users_repository.get_user_or_raise( + get_asyncpg_engine(app), + user_id=user_id, + return_column_names=[ + "name", + "first_name", + "email", + "password_hash", + ], + ) + + return UserCredentialsTuple( + email=TypeAdapter(LowerCaseEmailStr).validate_python(row["email"]), + password_hash=row["password_hash"], + display_name=row["first_name"] or row["name"].capitalize(), + ) + + +async def list_user_permissions( + app: web.Application, + *, + user_id: UserID, + product_name: ProductName, +) -> list[UserPermission]: + permissions: list[UserPermission] = await _users_repository.list_user_permissions( + app, user_id=user_id, product_name=product_name + ) + return permissions + + +async def get_user_invoice_address( + app: web.Application, *, user_id: UserID +) -> UserInvoiceAddress: + user_billing_details: UserBillingDetails = ( + await _users_repository.get_user_billing_details( + get_asyncpg_engine(app), user_id=user_id + ) + ) + _user_billing_country = pycountry.countries.lookup(user_billing_details.country) + _user_billing_country_alpha_2_format = _user_billing_country.alpha_2 + return UserInvoiceAddress( + line1=user_billing_details.address, + state=user_billing_details.state, + postal_code=user_billing_details.postal_code, + city=user_billing_details.city, + country=_user_billing_country_alpha_2_format, + ) + + +# +# DELETE USER +# + + +async def delete_user_without_projects(app: web.Application, user_id: UserID) -> None: + """Deletes a user from the database if the user exists""" + # WARNING: user cannot be deleted without deleting first all ist project + # otherwise this function will raise asyncpg.exceptions.ForeignKeyViolationError + # Consider "marking" users as deleted and havning a background job that + # cleans it up + is_deleted = await _users_repository.delete_user_by_id( + engine=get_asyncpg_engine(app), user_id=user_id + ) + if not is_deleted: + _logger.warning( + "User with id '%s' could not be deleted because it does not exist", user_id + ) + return + + # This user might be cached in the auth. If so, any request + # with this user-id will get thru producing unexpected side-effects + await clean_auth_policy_cache(app) + + +async def set_user_as_deleted(app: web.Application, *, user_id: UserID) -> None: + await _users_repository.update_user_status( + get_asyncpg_engine(app), user_id=user_id, new_status=UserStatus.DELETED + ) + + +async def update_expired_users(app: web.Application) -> list[UserID]: + return await _users_repository.do_update_expired_users(get_asyncpg_engine(app)) + + +# +# MY USER PROFILE +# + + +async def get_my_profile( + app: web.Application, *, user_id: UserID, product_name: ProductName +): + """Caller and target user is the same. Privacy settings do not apply here + + :raises UserNotFoundError: + :raises MissingGroupExtraPropertiesForProductError: when product is not properly configured + """ + my_profile = await _users_repository.get_my_profile(app, user_id=user_id) + + try: + preferences = ( + await _preferences_service.get_frontend_user_preferences_aggregation( + app, user_id=user_id, product_name=product_name + ) + ) + except GroupExtraPropertiesNotFoundError as err: + raise MissingGroupExtraPropertiesForProductError( + user_id=user_id, product_name=product_name + ) from err + + return my_profile, preferences + + +async def update_my_profile( + app: web.Application, + *, + user_id: UserID, + update: MyProfilePatch, +) -> None: + + await _users_repository.update_user_profile( + app, + user_id=user_id, + update=ToUserUpdateDB.from_api(update), + ) diff --git a/services/web/server/src/simcore_service_webserver/users/api.py b/services/web/server/src/simcore_service_webserver/users/api.py index 1c1d217a28e..09ca7b757e6 100644 --- a/services/web/server/src/simcore_service_webserver/users/api.py +++ b/services/web/server/src/simcore_service_webserver/users/api.py @@ -1,382 +1,39 @@ # mypy: disable-error-code=truthy-function -""" - This should be the interface other modules should use to get - information from user module -""" - -import logging -from collections import deque -from typing import Any, NamedTuple, TypedDict - -import simcore_postgres_database.errors as db_errors -import sqlalchemy as sa -from aiohttp import web -from aiopg.sa.engine import Engine -from aiopg.sa.result import RowProxy -from models_library.api_schemas_webserver.users import ( - MyProfileGet, - MyProfilePatch, - MyProfilePrivacyGet, -) -from models_library.basic_types import IDStr -from models_library.groups import GroupID -from models_library.products import ProductName -from models_library.users import UserID -from pydantic import EmailStr, TypeAdapter, ValidationError -from simcore_postgres_database.models.groups import GroupType, groups, user_to_groups -from simcore_postgres_database.models.users import UserRole, users -from simcore_postgres_database.utils_groups_extra_properties import ( - GroupExtraPropertiesNotFoundError, -) -from simcore_postgres_database.utils_users import generate_alternative_username - -from ..db.plugin import get_database_engine -from ..login.storage import AsyncpgStorage, get_plugin_storage -from ..security.api import clean_auth_policy_cache -from . import _db -from ._api import get_user_credentials, get_user_invoice_address, set_user_as_deleted -from ._models import ToUserUpdateDB -from ._preferences_api import get_frontend_user_preferences_aggregation -from .exceptions import ( - MissingGroupExtraPropertiesForProductError, - UserNameDuplicateError, - UserNotFoundError, +from ._common.models import FullNameDict, UserDisplayAndIdNamesTuple +from ._users_service import ( + delete_user_without_projects, + get_guest_user_ids_and_names, + get_user, + get_user_credentials, + get_user_display_and_id_names, + get_user_fullname, + get_user_id_from_gid, + get_user_invoice_address, + get_user_name_and_email, + get_user_primary_group_id, + get_user_role, + get_users_in_group, + set_user_as_deleted, + update_expired_users, ) -_logger = logging.getLogger(__name__) - - -_GROUPS_SCHEMA_TO_DB = { - "gid": "gid", - "label": "name", - "description": "description", - "thumbnail": "thumbnail", - "accessRights": "access_rights", -} - - -def _convert_groups_db_to_schema( - db_row: RowProxy, *, prefix: str | None = "", **kwargs -) -> dict: - # NOTE: Deprecated. has to be replaced with - converted_dict = { - k: db_row[f"{prefix}{v}"] - for k, v in _GROUPS_SCHEMA_TO_DB.items() - if f"{prefix}{v}" in db_row - } - converted_dict.update(**kwargs) - converted_dict["inclusionRules"] = {} - return converted_dict - - -def _parse_as_user(user_id: Any) -> UserID: - try: - return TypeAdapter(UserID).validate_python(user_id) - except ValidationError as err: - raise UserNotFoundError(uid=user_id, user_id=user_id) from err - - -async def get_user_profile( - app: web.Application, user_id: UserID, product_name: ProductName -) -> MyProfileGet: - """ - :raises UserNotFoundError: - :raises MissingGroupExtraPropertiesForProductError: when product is not properly configured - """ - - engine = get_database_engine(app) - user_profile: dict[str, Any] = {} - user_primary_group = everyone_group = {} - user_standard_groups = [] - user_id = _parse_as_user(user_id) - - async with engine.acquire() as conn: - row: RowProxy - - async for row in conn.execute( - sa.select(users, groups, user_to_groups.c.access_rights) - .select_from( - users.join(user_to_groups, users.c.id == user_to_groups.c.uid).join( - groups, user_to_groups.c.gid == groups.c.gid - ) - ) - .where(users.c.id == user_id) - .order_by(sa.asc(groups.c.name)) - .set_label_style(sa.LABEL_STYLE_TABLENAME_PLUS_COL) - ): - if not user_profile: - user_profile = { - "id": row.users_id, - "user_name": row.users_name, - "first_name": row.users_first_name, - "last_name": row.users_last_name, - "login": row.users_email, - "role": row.users_role, - "privacy_hide_fullname": row.users_privacy_hide_fullname, - "privacy_hide_email": row.users_privacy_hide_email, - "expiration_date": ( - row.users_expires_at.date() if row.users_expires_at else None - ), - } - assert user_profile["id"] == user_id # nosec - - if row.groups_type == GroupType.EVERYONE: - everyone_group = _convert_groups_db_to_schema( - row, - prefix="groups_", - accessRights=row["user_to_groups_access_rights"], - ) - elif row.groups_type == GroupType.PRIMARY: - user_primary_group = _convert_groups_db_to_schema( - row, - prefix="groups_", - accessRights=row["user_to_groups_access_rights"], - ) - else: - user_standard_groups.append( - _convert_groups_db_to_schema( - row, - prefix="groups_", - accessRights=row["user_to_groups_access_rights"], - ) - ) - - if not user_profile: - raise UserNotFoundError(uid=user_id) - - try: - preferences = await get_frontend_user_preferences_aggregation( - app, user_id=user_id, product_name=product_name - ) - except GroupExtraPropertiesNotFoundError as err: - raise MissingGroupExtraPropertiesForProductError( - user_id=user_id, product_name=product_name - ) from err - - # NOTE: expirationDate null is not handled properly in front-end. - # https://github.com/ITISFoundation/osparc-simcore/issues/5244 - optional = {} - if user_profile.get("expiration_date"): - optional["expiration_date"] = user_profile["expiration_date"] - - return MyProfileGet( - id=user_profile["id"], - user_name=user_profile["user_name"], - first_name=user_profile["first_name"], - last_name=user_profile["last_name"], - login=user_profile["login"], - role=user_profile["role"], - groups={ # type: ignore[arg-type] - "me": user_primary_group, - "organizations": user_standard_groups, - "all": everyone_group, - }, - privacy=MyProfilePrivacyGet( - hide_fullname=user_profile["privacy_hide_fullname"], - hide_email=user_profile["privacy_hide_email"], - ), - preferences=preferences, - **optional, - ) - - -async def update_user_profile( - app: web.Application, - *, - user_id: UserID, - update: MyProfilePatch, -) -> None: - """ - Raises: - UserNotFoundError - UserNameAlreadyExistsError - """ - user_id = _parse_as_user(user_id) - - if updated_values := ToUserUpdateDB.from_api(update).to_db(): - async with get_database_engine(app).acquire() as conn: - query = users.update().where(users.c.id == user_id).values(**updated_values) - - try: - - resp = await conn.execute(query) - assert resp.rowcount == 1 # nosec - - except db_errors.UniqueViolation as err: - user_name = updated_values.get("name") - - raise UserNameDuplicateError( - user_name=user_name, - alternative_user_name=generate_alternative_username(user_name), - user_id=user_id, - updated_values=updated_values, - ) from err - - -async def get_user_role(app: web.Application, user_id: UserID) -> UserRole: - """ - :raises UserNotFoundError: - """ - user_id = _parse_as_user(user_id) - - engine = get_database_engine(app) - async with engine.acquire() as conn: - user_role: RowProxy | None = await conn.scalar( - sa.select(users.c.role).where(users.c.id == user_id) - ) - if user_role is None: - raise UserNotFoundError(uid=user_id) - return UserRole(user_role) - - -class UserIdNamesTuple(NamedTuple): - name: str - email: str - - -async def get_user_name_and_email( - app: web.Application, *, user_id: UserID -) -> UserIdNamesTuple: - """ - Raises: - UserNotFoundError - - Returns: - (user, email) - """ - row = await _db.get_user_or_raise( - get_database_engine(app), - user_id=_parse_as_user(user_id), - return_column_names=["name", "email"], - ) - return UserIdNamesTuple(name=row.name, email=row.email) - - -class UserDisplayAndIdNamesTuple(NamedTuple): - name: str - email: EmailStr - first_name: IDStr - last_name: IDStr - - @property - def full_name(self) -> IDStr: - return IDStr.concatenate(self.first_name, self.last_name) - - -async def get_user_display_and_id_names( - app: web.Application, *, user_id: UserID -) -> UserDisplayAndIdNamesTuple: - """ - Raises: - UserNotFoundError - """ - row = await _db.get_user_or_raise( - get_database_engine(app), - user_id=_parse_as_user(user_id), - return_column_names=["name", "email", "first_name", "last_name"], - ) - return UserDisplayAndIdNamesTuple( - name=row.name, - email=row.email, - first_name=row.first_name or row.name.capitalize(), - last_name=IDStr(row.last_name or ""), - ) - - -async def get_guest_user_ids_and_names(app: web.Application) -> list[tuple[int, str]]: - engine = get_database_engine(app) - result: deque = deque() - async with engine.acquire() as conn: - async for row in conn.execute( - sa.select(users.c.id, users.c.name).where(users.c.role == UserRole.GUEST) - ): - result.append(row.as_tuple()) - return list(result) - - -async def delete_user_without_projects(app: web.Application, user_id: UserID) -> None: - """Deletes a user from the database if the user exists""" - # WARNING: user cannot be deleted without deleting first all ist project - # otherwise this function will raise asyncpg.exceptions.ForeignKeyViolationError - # Consider "marking" users as deleted and havning a background job that - # cleans it up - db: AsyncpgStorage = get_plugin_storage(app) - user = await db.get_user({"id": user_id}) - if not user: - _logger.warning( - "User with id '%s' could not be deleted because it does not exist", user_id - ) - return - - await db.delete_user(dict(user)) - - # This user might be cached in the auth. If so, any request - # with this user-id will get thru producing unexpected side-effects - await clean_auth_policy_cache(app) - - -class FullNameDict(TypedDict): - first_name: str | None - last_name: str | None - - -async def get_user_fullname(app: web.Application, user_id: UserID) -> FullNameDict: - """ - :raises UserNotFoundError: - """ - user_id = _parse_as_user(user_id) - - async with get_database_engine(app).acquire() as conn: - result = await conn.execute( - sa.select(users.c.first_name, users.c.last_name).where( - users.c.id == user_id - ) - ) - user = await result.first() - if not user: - raise UserNotFoundError(uid=user_id) - - return FullNameDict( - first_name=user.first_name, - last_name=user.last_name, - ) - - -async def get_user(app: web.Application, user_id: UserID) -> dict[str, Any]: - """ - :raises UserNotFoundError: - """ - row = await _db.get_user_or_raise(engine=get_database_engine(app), user_id=user_id) - return dict(row) - - -async def get_user_id_from_gid(app: web.Application, primary_gid: int) -> UserID: - engine = get_database_engine(app) - async with engine.acquire() as conn: - user_id: UserID = await conn.scalar( - sa.select(users.c.id).where(users.c.primary_gid == primary_gid) - ) - return user_id - - -async def get_users_in_group(app: web.Application, gid: GroupID) -> set[UserID]: - engine = get_database_engine(app) - async with engine.acquire() as conn: - return await _db.get_users_ids_in_group(conn, gid) - - -async def update_expired_users(engine: Engine) -> list[UserID]: - async with engine.acquire() as conn: - return await _db.do_update_expired_users(conn) - - -assert set_user_as_deleted # nosec -assert get_user_credentials # nosec -assert get_user_invoice_address # nosec - __all__: tuple[str, ...] = ( + "delete_user_without_projects", + "get_guest_user_ids_and_names", "get_user_credentials", - "set_user_as_deleted", + "get_user_display_and_id_names", + "get_user_fullname", + "get_user_id_from_gid", "get_user_invoice_address", + "get_user_name_and_email", + "get_user_primary_group_id", + "get_user_role", + "get_user", + "get_users_in_group", + "set_user_as_deleted", + "update_expired_users", + "FullNameDict", + "UserDisplayAndIdNamesTuple", ) +# nopycln: file diff --git a/services/web/server/src/simcore_service_webserver/users/exceptions.py b/services/web/server/src/simcore_service_webserver/users/exceptions.py index d1f838d2133..edb552a2958 100644 --- a/services/web/server/src/simcore_service_webserver/users/exceptions.py +++ b/services/web/server/src/simcore_service_webserver/users/exceptions.py @@ -22,10 +22,7 @@ def __init__(self, *, uid: int | None = None, email: str | None = None, **ctx: A class UserNameDuplicateError(UsersBaseError): - msg_template = ( - "The username '{user_name}' is already taken. " - "Consider using '{alternative_user_name}' instead." - ) + msg_template = "username is a unique ID and cannot create a new as '{user_name}' since it already exists " class TokenNotFoundError(UsersBaseError): diff --git a/services/web/server/src/simcore_service_webserver/users/plugin.py b/services/web/server/src/simcore_service_webserver/users/plugin.py index 697ed277ca6..e9fb7d2ea53 100644 --- a/services/web/server/src/simcore_service_webserver/users/plugin.py +++ b/services/web/server/src/simcore_service_webserver/users/plugin.py @@ -9,12 +9,7 @@ from servicelib.aiohttp.application_setup import ModuleCategory, app_module_setup from servicelib.aiohttp.observer import setup_observer_registry -from . import ( - _handlers, - _notifications_handlers, - _preferences_handlers, - _tokens_handlers, -) +from . import _notifications_rest, _preferences_rest, _tokens_rest, _users_rest from ._preferences_models import overwrite_user_preferences_defaults _logger = logging.getLogger(__name__) @@ -32,7 +27,7 @@ def setup_users(app: web.Application): setup_observer_registry(app) overwrite_user_preferences_defaults(app) - app.router.add_routes(_handlers.routes) - app.router.add_routes(_tokens_handlers.routes) - app.router.add_routes(_notifications_handlers.routes) - app.router.add_routes(_preferences_handlers.routes) + app.router.add_routes(_users_rest.routes) + app.router.add_routes(_tokens_rest.routes) + app.router.add_routes(_notifications_rest.routes) + app.router.add_routes(_preferences_rest.routes) diff --git a/services/web/server/src/simcore_service_webserver/users/preferences_api.py b/services/web/server/src/simcore_service_webserver/users/preferences_api.py index a0f3e11fdc9..9f51b52e8b3 100644 --- a/services/web/server/src/simcore_service_webserver/users/preferences_api.py +++ b/services/web/server/src/simcore_service_webserver/users/preferences_api.py @@ -1,8 +1,11 @@ -from ._preferences_api import get_frontend_user_preference, set_frontend_user_preference from ._preferences_models import ( PreferredWalletIdFrontendUserPreference, TwoFAFrontendUserPreference, ) +from ._preferences_service import ( + get_frontend_user_preference, + set_frontend_user_preference, +) from .exceptions import UserDefaultWalletNotFoundError __all__ = ( diff --git a/services/web/server/src/simcore_service_webserver/users/schemas.py b/services/web/server/src/simcore_service_webserver/users/schemas.py deleted file mode 100644 index 8ad46a5c317..00000000000 --- a/services/web/server/src/simcore_service_webserver/users/schemas.py +++ /dev/null @@ -1,44 +0,0 @@ -from uuid import UUID - -from models_library.api_schemas_webserver._base import OutputSchema -from pydantic import BaseModel, ConfigDict, Field - - -# -# TOKENS resource -# -class ThirdPartyToken(BaseModel): - """ - Tokens used to access third-party services connected to osparc (e.g. pennsieve, scicrunch, etc) - """ - - service: str = Field( - ..., description="uniquely identifies the service where this token is used" - ) - token_key: UUID = Field(..., description="basic token key") - token_secret: UUID | None = None - - model_config = ConfigDict( - json_schema_extra={ - "example": { - "service": "github-api-v1", - "token_key": "5f21abf5-c596-47b7-bfd1-c0e436ef1107", - } - } - ) - - -class TokenCreate(ThirdPartyToken): - ... - - -# -# Permissions -# -class Permission(BaseModel): - name: str - allowed: bool - - -class PermissionGet(Permission, OutputSchema): - ... diff --git a/services/web/server/tests/conftest.py b/services/web/server/tests/conftest.py index c97f84ed5c0..26bd1d6f5dd 100644 --- a/services/web/server/tests/conftest.py +++ b/services/web/server/tests/conftest.py @@ -23,7 +23,6 @@ from models_library.projects_state import ProjectState from pytest_mock import MockerFixture from pytest_simcore.helpers.assert_checks import assert_status -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.monkeypatch_envs import EnvVarsDict, setenvs_from_dict from pytest_simcore.helpers.webserver_login import LoggedUser, NewUser, UserInfoDict from pytest_simcore.simcore_webserver_projects_rest_api import NEW_PROJECT @@ -33,7 +32,10 @@ X_SIMCORE_PARENT_NODE_ID, X_SIMCORE_PARENT_PROJECT_UUID, ) -from simcore_service_webserver.application_settings_utils import convert_to_environ_vars +from simcore_service_webserver.application_settings_utils import ( + AppConfigDict, + convert_to_environ_vars, +) from simcore_service_webserver.db.models import UserRole from simcore_service_webserver.projects._crud_api_create import ( OVERRIDABLE_DOCUMENT_KEYS, @@ -133,8 +135,8 @@ async def user(client: TestClient) -> AsyncIterator[UserInfoDict]: "name": "test-user", }, app=client.app, - ) as user: - yield user + ) as user_info: + yield user_info @pytest.fixture @@ -164,7 +166,7 @@ async def logged_user( @pytest.fixture def monkeypatch_setenv_from_app_config( monkeypatch: pytest.MonkeyPatch, -) -> Callable[[ConfigDict], EnvVarsDict]: +) -> Callable[[AppConfigDict], EnvVarsDict]: # TODO: Change signature to be analogous to # packages/pytest-simcore/src/pytest_simcore/helpers/utils_envs.py # That solution is more flexible e.g. for context manager with monkeypatch diff --git a/services/web/server/tests/integration/01/test_garbage_collection.py b/services/web/server/tests/integration/01/test_garbage_collection.py index 0e683fb06ec..62075ff6ba0 100644 --- a/services/web/server/tests/integration/01/test_garbage_collection.py +++ b/services/web/server/tests/integration/01/test_garbage_collection.py @@ -35,8 +35,9 @@ from simcore_service_webserver.db.plugin import setup_db from simcore_service_webserver.director_v2.plugin import setup_director_v2 from simcore_service_webserver.garbage_collector import _core as gc_core +from simcore_service_webserver.garbage_collector._tasks_core import _GC_TASK_NAME from simcore_service_webserver.garbage_collector.plugin import setup_garbage_collector -from simcore_service_webserver.groups._groups_api import create_standard_group +from simcore_service_webserver.groups._groups_service import create_standard_group from simcore_service_webserver.groups.api import add_user_in_group from simcore_service_webserver.login.plugin import setup_login from simcore_service_webserver.projects._crud_api_delete import get_scheduled_tasks @@ -274,7 +275,7 @@ async def get_template_project( ) -async def get_group(client: TestClient, user: dict): +async def get_group(client: TestClient, user: UserInfoDict): """Creates a group for a given user""" assert client.app @@ -631,7 +632,7 @@ async def test_t4_project_shared_with_group_transferred_to_user_in_group_on_owne await assert_projects_count(aiopg_engine, 1) await assert_user_is_owner_of_project(aiopg_engine, u1, project) - await asyncio.sleep(WAIT_FOR_COMPLETE_GC_CYCLE) + await asyncio.sleep(2 * WAIT_FOR_COMPLETE_GC_CYCLE) # expected outcome: u1 was deleted, one of the users in g1 is the new owner await assert_user_not_in_db(aiopg_engine, u1) @@ -1015,6 +1016,12 @@ async def test_t10_owner_and_all_shared_users_marked_as_guests( USER "u1", "u2" and "u3" are manually marked as "GUEST"; EXPECTED: the project and all the users are removed """ + + gc_task: asyncio.Task = next( + task for task in asyncio.all_tasks() if task.get_name() == _GC_TASK_NAME + ) + assert not gc_task.done() + u1 = await login_user(client) u2 = await login_user(client) u3 = await login_user(client) diff --git a/services/web/server/tests/integration/conftest.py b/services/web/server/tests/integration/conftest.py index 2f8cda8aa5e..c6575d80e21 100644 --- a/services/web/server/tests/integration/conftest.py +++ b/services/web/server/tests/integration/conftest.py @@ -24,8 +24,8 @@ import yaml from pytest_mock import MockerFixture from pytest_simcore.helpers import FIXTURE_CONFIG_CORE_SERVICES_SELECTION -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.docker import get_service_published_port +from simcore_service_webserver.application_settings_utils import AppConfigDict CURRENT_DIR = Path(sys.argv[0] if __name__ == "__main__" else __file__).resolve().parent @@ -100,7 +100,7 @@ def _default_app_config_for_integration_tests( default_app_config_integration_file: Path, webserver_environ: dict, osparc_simcore_root_dir: Path, -) -> ConfigDict: +) -> AppConfigDict: """ Swarm with integration stack already started @@ -135,7 +135,7 @@ def _default_app_config_for_integration_tests( # recreate config-file config_template = Template(default_app_config_integration_file.read_text()) config_text = config_template.substitute(**test_environ) - cfg: ConfigDict = yaml.safe_load(config_text) + cfg: AppConfigDict = yaml.safe_load(config_text) # NOTE: test webserver works in host cfg["main"]["host"] = "127.0.0.1" @@ -149,8 +149,8 @@ def _default_app_config_for_integration_tests( @pytest.fixture() def app_config( - _default_app_config_for_integration_tests: ConfigDict, unused_tcp_port_factory -) -> ConfigDict: + _default_app_config_for_integration_tests: AppConfigDict, unused_tcp_port_factory +) -> AppConfigDict: """ Swarm with integration stack already started This fixture can be safely modified during test since it is renovated on every call diff --git a/services/web/server/tests/unit/conftest.py b/services/web/server/tests/unit/conftest.py index 695a7aa1ed4..b322655c20c 100644 --- a/services/web/server/tests/unit/conftest.py +++ b/services/web/server/tests/unit/conftest.py @@ -14,8 +14,8 @@ import pytest import yaml -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.webserver_projects import empty_project_data +from simcore_service_webserver.application_settings_utils import AppConfigDict CURRENT_DIR = Path(sys.argv[0] if __name__ == "__main__" else __file__).resolve().parent @@ -40,7 +40,7 @@ def default_app_config_unit_file(tests_data_dir: Path) -> Path: @pytest.fixture(scope="session") -def default_app_cfg(default_app_config_unit_file: Path) -> ConfigDict: +def default_app_cfg(default_app_config_unit_file: Path) -> AppConfigDict: # NOTE: ONLY used at the session scopes # TODO: create instead a loader function and return a Callable config: dict = yaml.safe_load(default_app_config_unit_file.read_text()) diff --git a/services/web/server/tests/unit/isolated/conftest.py b/services/web/server/tests/unit/isolated/conftest.py index 9cc0948ff88..77a4b7ca567 100644 --- a/services/web/server/tests/unit/isolated/conftest.py +++ b/services/web/server/tests/unit/isolated/conftest.py @@ -6,12 +6,12 @@ import pytest from faker import Faker from pytest_mock import MockerFixture -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.monkeypatch_envs import ( setenvs_from_dict, setenvs_from_envfile, ) from pytest_simcore.helpers.typing_env import EnvVarsDict +from simcore_service_webserver.application_settings_utils import AppConfigDict @pytest.fixture @@ -68,7 +68,7 @@ def make_subdirectories_with_content( @pytest.fixture -def app_config_for_production_legacy(test_data_dir: Path) -> ConfigDict: +def app_config_for_production_legacy(test_data_dir: Path) -> AppConfigDict: app_config = json.loads( (test_data_dir / "server_docker_prod_app_config-unit.json").read_text() ) diff --git a/services/web/server/tests/unit/isolated/test_application_settings_utils.py b/services/web/server/tests/unit/isolated/test_application_settings_utils.py index a8e97785754..77195f3d02a 100644 --- a/services/web/server/tests/unit/isolated/test_application_settings_utils.py +++ b/services/web/server/tests/unit/isolated/test_application_settings_utils.py @@ -1,9 +1,9 @@ -from typing import Callable +from collections.abc import Callable import pytest -from pytest_simcore.helpers.dict_tools import ConfigDict from simcore_service_webserver.application_settings import ApplicationSettings from simcore_service_webserver.application_settings_utils import ( + AppConfigDict, convert_to_app_config, convert_to_environ_vars, ) @@ -11,7 +11,7 @@ @pytest.mark.skip(reason="UNDER DEV") def test_settings_infered_from_default_tests_config( - default_app_cfg: ConfigDict, monkeypatch_setenv_from_app_config: Callable + default_app_cfg: AppConfigDict, monkeypatch_setenv_from_app_config: Callable ): # TODO: use app_config_for_production_legacy envs = monkeypatch_setenv_from_app_config(default_app_cfg) diff --git a/services/web/server/tests/unit/isolated/test_garbage_collector_core.py b/services/web/server/tests/unit/isolated/test_garbage_collector_core.py index 3226abb2284..5205f7fa4da 100644 --- a/services/web/server/tests/unit/isolated/test_garbage_collector_core.py +++ b/services/web/server/tests/unit/isolated/test_garbage_collector_core.py @@ -240,7 +240,9 @@ async def test_remove_orphaned_services_inexisting_user_does_not_save_state( mock.ANY, fake_running_service.node_uuid ) mock_list_node_ids_in_project.assert_called_once_with(mock.ANY, project_id) - mock_get_user_role.assert_called_once_with(mock_app, fake_running_service.user_id) + mock_get_user_role.assert_called_once_with( + mock_app, user_id=fake_running_service.user_id + ) mock_has_write_permission.assert_not_called() mock_stop_dynamic_service.assert_called_once_with( mock_app, diff --git a/services/web/server/tests/unit/isolated/test_users_models.py b/services/web/server/tests/unit/isolated/test_users_models.py index db129b68550..c7cfeba336e 100644 --- a/services/web/server/tests/unit/isolated/test_users_models.py +++ b/services/web/server/tests/unit/isolated/test_users_models.py @@ -16,17 +16,17 @@ MyProfilePrivacyGet, ) from models_library.generics import Envelope +from models_library.users import UserThirdPartyToken from models_library.utils.fastapi_encoders import jsonable_encoder from pydantic import BaseModel from servicelib.rest_constants import RESPONSE_MODEL_POLICY from simcore_postgres_database.models.users import UserRole -from simcore_service_webserver.users._models import ToUserUpdateDB -from simcore_service_webserver.users.schemas import ThirdPartyToken +from simcore_service_webserver.users._common.models import ToUserUpdateDB @pytest.mark.parametrize( "model_cls", - [MyProfileGet, ThirdPartyToken], + [MyProfileGet, UserThirdPartyToken], ) def test_user_models_examples( model_cls: type[BaseModel], model_cls_examples: dict[str, Any] diff --git a/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_crud.py b/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_crud.py index 684f8726089..74aa021ddb6 100644 --- a/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_crud.py +++ b/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_crud.py @@ -71,8 +71,8 @@ async def test_list_user_groups_and_try_modify_organizations( my_groups = MyGroupsGet.model_validate(data) assert not error - assert my_groups.me.model_dump(by_alias=True) == primary_group - assert my_groups.all.model_dump(by_alias=True) == all_group + assert my_groups.me.model_dump(by_alias=True, exclude_unset=True) == primary_group + assert my_groups.all.model_dump(by_alias=True, exclude_unset=True) == all_group assert my_groups.organizations assert len(my_groups.organizations) == len(standard_groups) @@ -80,7 +80,7 @@ async def test_list_user_groups_and_try_modify_organizations( by_gid = operator.itemgetter("gid") assert sorted( TypeAdapter(list[GroupGet]).dump_python( - my_groups.organizations, mode="json", by_alias=True + my_groups.organizations, mode="json", by_alias=True, exclude_unset=True ), key=by_gid, ) == sorted(standard_groups, key=by_gid) diff --git a/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_users.py b/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_users.py index f018e6fab00..0575ae5a4ff 100644 --- a/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_users.py +++ b/services/web/server/tests/unit/with_dbs/01/groups/test_groups_handlers_users.py @@ -24,14 +24,14 @@ from servicelib.status_codes_utils import is_2xx_success from simcore_postgres_database.models.users import UserRole from simcore_service_webserver._meta import API_VTAG -from simcore_service_webserver.groups._groups_api import ( - create_standard_group, - delete_standard_group, -) -from simcore_service_webserver.groups._groups_db import ( +from simcore_service_webserver.groups._groups_repository import ( _DEFAULT_GROUP_OWNER_ACCESS_RIGHTS, _DEFAULT_GROUP_READ_ACCESS_RIGHTS, ) +from simcore_service_webserver.groups._groups_service import ( + create_standard_group, + delete_standard_group, +) from simcore_service_webserver.groups.api import auto_add_user_to_groups from simcore_service_webserver.security.api import clean_auth_policy_cache diff --git a/services/web/server/tests/unit/with_dbs/01/test_groups_classifiers.py b/services/web/server/tests/unit/with_dbs/01/test_groups_classifiers.py index 354a30ef1d9..98fa573cd08 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_groups_classifiers.py +++ b/services/web/server/tests/unit/with_dbs/01/test_groups_classifiers.py @@ -8,7 +8,9 @@ import sqlalchemy as sa from servicelib.common_aiopg_utils import DataSourceName, create_pg_engine from simcore_service_webserver._constants import APP_AIOPG_ENGINE_KEY -from simcore_service_webserver.groups._classifiers_api import GroupClassifierRepository +from simcore_service_webserver.groups._classifiers_service import ( + GroupClassifierRepository, +) from sqlalchemy.sql import text diff --git a/services/web/server/tests/unit/with_dbs/01/test_groups_handlers_classifers.py b/services/web/server/tests/unit/with_dbs/01/test_groups_handlers_classifers.py index 6ccdcf1f44f..c7367b03b94 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_groups_handlers_classifers.py +++ b/services/web/server/tests/unit/with_dbs/01/test_groups_handlers_classifers.py @@ -8,11 +8,11 @@ import pytest from aiohttp import web_exceptions from aioresponses.core import aioresponses -from pytest_simcore.helpers.dict_tools import ConfigDict +from simcore_service_webserver.application_settings_utils import AppConfigDict @pytest.fixture -def app_cfg(default_app_cfg: ConfigDict, unused_tcp_port_factory): +def app_cfg(default_app_cfg: AppConfigDict, unused_tcp_port_factory): """App's configuration used for every test in this module NOTE: Overrides services/web/server/tests/unit/with_dbs/conftest.py::app_cfg to influence app setup diff --git a/services/web/server/tests/unit/with_dbs/01/test_statics.py b/services/web/server/tests/unit/with_dbs/01/test_statics.py index 1edb437b20a..1eb8212d986 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_statics.py +++ b/services/web/server/tests/unit/with_dbs/01/test_statics.py @@ -11,7 +11,6 @@ import sqlalchemy as sa from aiohttp.test_utils import TestClient from aioresponses import aioresponses -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.monkeypatch_envs import setenvs_from_dict from pytest_simcore.helpers.typing_env import EnvVarsDict from servicelib.aiohttp import status @@ -19,6 +18,7 @@ from simcore_postgres_database.models.products import products from simcore_service_webserver._meta import API_VTAG from simcore_service_webserver.application_settings import setup_settings +from simcore_service_webserver.application_settings_utils import AppConfigDict from simcore_service_webserver.db.plugin import setup_db from simcore_service_webserver.products.plugin import setup_products from simcore_service_webserver.rest.plugin import setup_rest @@ -53,7 +53,7 @@ def client( app_environment: EnvVarsDict, event_loop: asyncio.AbstractEventLoop, aiohttp_client: Callable, - app_cfg: ConfigDict, + app_cfg: AppConfigDict, postgres_db: sa.engine.Engine, monkeypatch_setenv_from_app_config: Callable, ) -> TestClient: diff --git a/services/web/server/tests/unit/with_dbs/02/test_projects_crud_handlers.py b/services/web/server/tests/unit/with_dbs/02/test_projects_crud_handlers.py index aa321cd378f..b15a9fb9e45 100644 --- a/services/web/server/tests/unit/with_dbs/02/test_projects_crud_handlers.py +++ b/services/web/server/tests/unit/with_dbs/02/test_projects_crud_handlers.py @@ -33,7 +33,7 @@ from simcore_postgres_database.models.projects_to_products import projects_to_products from simcore_service_webserver._meta import api_version_prefix from simcore_service_webserver.db.models import UserRole -from simcore_service_webserver.groups._groups_api import get_product_group_for_user +from simcore_service_webserver.groups._groups_service import get_product_group_for_user from simcore_service_webserver.groups.api import auto_add_user_to_product_group from simcore_service_webserver.groups.exceptions import GroupNotFoundError from simcore_service_webserver.products.api import get_product diff --git a/services/web/server/tests/unit/with_dbs/02/test_projects_groups_handlers.py b/services/web/server/tests/unit/with_dbs/02/test_projects_groups_handlers.py index 396f18ede5e..5af112ba78f 100644 --- a/services/web/server/tests/unit/with_dbs/02/test_projects_groups_handlers.py +++ b/services/web/server/tests/unit/with_dbs/02/test_projects_groups_handlers.py @@ -57,6 +57,7 @@ async def test_projects_groups_full_workflow( mock_project_uses_available_services, mock_catalog_api_get_services_for_user_in_product_2, ): + assert client.app # check the default project permissions url = client.app.router["list_project_groups"].url_for( project_id=f"{user_project['uuid']}" diff --git a/services/web/server/tests/unit/with_dbs/03/meta_modeling/test_meta_modeling_iterations.py b/services/web/server/tests/unit/with_dbs/03/meta_modeling/test_meta_modeling_iterations.py index 2c0142c2c0b..a278e2e09e3 100644 --- a/services/web/server/tests/unit/with_dbs/03/meta_modeling/test_meta_modeling_iterations.py +++ b/services/web/server/tests/unit/with_dbs/03/meta_modeling/test_meta_modeling_iterations.py @@ -3,6 +3,7 @@ # pylint: disable=unused-variable from collections.abc import Awaitable, Callable +from typing import Any import pytest from aiohttp import ClientResponse @@ -69,11 +70,12 @@ async def context_with_logged_user(client: TestClient, logged_user: UserInfoDict await conn.execute(projects.delete()) +@pytest.mark.skip(reason="TODO: temporary removed to check blocker") @pytest.mark.acceptance_test() async def test_iterators_workflow( client: TestClient, logged_user: UserInfoDict, - primary_group, + primary_group: dict[str, Any], context_with_logged_user: None, mocker: MockerFixture, faker: Faker, diff --git a/services/web/server/tests/unit/with_dbs/03/test_project_db.py b/services/web/server/tests/unit/with_dbs/03/test_project_db.py index 1d73a0e88c4..1ab6ca802f3 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_project_db.py +++ b/services/web/server/tests/unit/with_dbs/03/test_project_db.py @@ -16,11 +16,11 @@ import pytest import sqlalchemy as sa from aiohttp.test_utils import TestClient +from common_library.dict_tools import copy_from_dict_ex from faker import Faker from models_library.projects import ProjectID from models_library.projects_nodes_io import NodeID, NodeIDStr from psycopg2.errors import UniqueViolation -from pytest_simcore.helpers.dict_tools import copy_from_dict_ex from pytest_simcore.helpers.monkeypatch_envs import setenvs_from_dict from pytest_simcore.helpers.typing_env import EnvVarsDict from pytest_simcore.helpers.webserver_login import UserInfoDict, log_client_in diff --git a/services/web/server/tests/unit/with_dbs/03/test_session.py b/services/web/server/tests/unit/with_dbs/03/test_session.py index f9f709c8e3f..c3684acb326 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_session.py +++ b/services/web/server/tests/unit/with_dbs/03/test_session.py @@ -12,10 +12,10 @@ from aiohttp import web from aiohttp.test_utils import TestClient from cryptography.fernet import Fernet -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.typing_env import EnvVarsDict from pytest_simcore.helpers.webserver_login import NewUser from simcore_service_webserver.application import create_application +from simcore_service_webserver.application_settings_utils import AppConfigDict from simcore_service_webserver.session._cookie_storage import ( SharedCookieEncryptedCookieStorage, ) @@ -34,7 +34,7 @@ def client( event_loop: asyncio.AbstractEventLoop, aiohttp_client: Callable, disable_static_webserver: Callable, - app_cfg: ConfigDict, + app_cfg: AppConfigDict, app_environment: EnvVarsDict, postgres_db, mock_orphaned_services, # disables gc diff --git a/services/web/server/tests/unit/with_dbs/03/test_users.py b/services/web/server/tests/unit/with_dbs/03/test_users.py index a872b98858c..cb45fc8d643 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_users.py +++ b/services/web/server/tests/unit/with_dbs/03/test_users.py @@ -16,10 +16,10 @@ import simcore_service_webserver.login._auth_api from aiohttp.test_utils import TestClient from aiopg.sa.connection import SAConnection +from common_library.users_enums import UserRole, UserStatus from faker import Faker from models_library.api_schemas_webserver.auth import AccountRequestInfo -from models_library.api_schemas_webserver.users import MyProfileGet -from models_library.generics import Envelope +from models_library.api_schemas_webserver.users import MyProfileGet, UserGet from psycopg2 import OperationalError from pytest_simcore.helpers.assert_checks import assert_status from pytest_simcore.helpers.faker_factories import ( @@ -30,14 +30,12 @@ from pytest_simcore.helpers.webserver_login import UserInfoDict from servicelib.aiohttp import status from servicelib.rest_constants import RESPONSE_MODEL_POLICY -from simcore_postgres_database.models.users import UserRole, UserStatus -from simcore_service_webserver.users._preferences_api import ( - get_frontend_user_preferences_aggregation, -) -from simcore_service_webserver.users._schemas import ( +from simcore_service_webserver.users._common.schemas import ( MAX_BYTES_SIZE_EXTRAS, - PreUserProfile, - UserProfile, + PreRegisteredUserGet, +) +from simcore_service_webserver.users._preferences_service import ( + get_frontend_user_preferences_aggregation, ) @@ -117,36 +115,31 @@ async def test_get_profile( resp = await client.get(f"{url}") data, error = await assert_status(resp, status.HTTP_200_OK) - resp_model = Envelope[MyProfileGet].model_validate(await resp.json()) - - assert resp_model.data.model_dump(**RESPONSE_MODEL_POLICY, mode="json") == data - assert resp_model.error is None - - profile = resp_model.data - - product_group = { - "accessRights": {"delete": False, "read": False, "write": False}, - "description": "osparc product group", - "gid": 2, - "inclusionRules": {}, - "label": "osparc", - "thumbnail": None, - } + assert not error + profile = MyProfileGet.model_validate(data) assert profile.login == logged_user["email"] assert profile.first_name == logged_user.get("first_name", None) assert profile.last_name == logged_user.get("last_name", None) assert profile.role == user_role.name assert profile.groups + assert profile.expiration_date is None got_profile_groups = profile.groups.model_dump(**RESPONSE_MODEL_POLICY, mode="json") assert got_profile_groups["me"] == primary_group assert got_profile_groups["all"] == all_group + assert got_profile_groups["product"] == { + "accessRights": {"delete": False, "read": False, "write": False}, + "description": "osparc product group", + "gid": 2, + "label": "osparc", + "thumbnail": None, + } sorted_by_group_id = functools.partial(sorted, key=lambda d: d["gid"]) assert sorted_by_group_id( got_profile_groups["organizations"] - ) == sorted_by_group_id([*standard_groups, product_group]) + ) == sorted_by_group_id(standard_groups) assert profile.preferences == await get_frontend_user_preferences_aggregation( client.app, user_id=logged_user["id"], product_name="osparc" @@ -161,14 +154,16 @@ async def test_update_profile( ): assert client.app - resp = await client.get("/v0/me") - data, _ = await assert_status(resp, status.HTTP_200_OK) + # GET + url = client.app.router["get_my_profile"].url_for() + resp = await client.get(f"{url}") + data, _ = await assert_status(resp, status.HTTP_200_OK) assert data["role"] == user_role.name before = deepcopy(data) + # UPDATE url = client.app.router["update_my_profile"].url_for() - assert url.path == "/v0/me" resp = await client.patch( f"{url}", json={ @@ -176,10 +171,11 @@ async def test_update_profile( }, ) _, error = await assert_status(resp, status.HTTP_204_NO_CONTENT) - assert not error - resp = await client.get("/v0/me") + # GET + url = client.app.router["get_my_profile"].url_for() + resp = await client.get(f"{url}") data, _ = await assert_status(resp, status.HTTP_200_OK) assert data["last_name"] == "Foo" @@ -379,9 +375,7 @@ def account_request_form(faker: Faker) -> dict[str, Any]: } # keeps in sync fields from example and this fixture - assert set(form) == set( - AccountRequestInfo.model_config["json_schema_extra"]["example"]["form"] - ) + assert set(form) == set(AccountRequestInfo.model_json_schema()["example"]["form"]) return form @@ -407,7 +401,7 @@ async def test_search_and_pre_registration( found, _ = await assert_status(resp, status.HTTP_200_OK) assert len(found) == 1 - got = UserProfile( + got = UserGet( **found[0], institution=None, address=None, @@ -444,7 +438,7 @@ async def test_search_and_pre_registration( ) found, _ = await assert_status(resp, status.HTTP_200_OK) assert len(found) == 1 - got = UserProfile(**found[0], state=None, status=None) + got = UserGet(**found[0], state=None, status=None) assert got.model_dump(include={"registered", "status"}) == { "registered": False, @@ -467,7 +461,7 @@ async def test_search_and_pre_registration( ) found, _ = await assert_status(resp, status.HTTP_200_OK) assert len(found) == 1 - got = UserProfile(**found[0], state=None) + got = UserGet(**found[0], state=None) assert got.model_dump(include={"registered", "status"}) == { "registered": True, "status": new_user["status"].name, @@ -493,7 +487,7 @@ def test_preuserprofile_parse_model_from_request_form_data( data["comment"] = "extra comment" # pre-processors - pre_user_profile = PreUserProfile(**data) + pre_user_profile = PreRegisteredUserGet(**data) print(pre_user_profile.model_dump_json(indent=1)) @@ -517,11 +511,11 @@ def test_preuserprofile_parse_model_without_extras( ): required = { f.alias or f_name - for f_name, f in PreUserProfile.model_fields.items() + for f_name, f in PreRegisteredUserGet.model_fields.items() if f.is_required() } data = {k: account_request_form[k] for k in required} - assert not PreUserProfile(**data).extras + assert not PreRegisteredUserGet(**data).extras def test_preuserprofile_max_bytes_size_extras_limits(faker: Faker): @@ -541,7 +535,7 @@ def test_preuserprofile_pre_given_names( account_request_form["firstName"] = given_name account_request_form["lastName"] = given_name - pre_user_profile = PreUserProfile(**account_request_form) + pre_user_profile = PreRegisteredUserGet(**account_request_form) print(pre_user_profile.model_dump_json(indent=1)) assert pre_user_profile.first_name in ["Pedro-Luis", "Pedro Luis"] assert pre_user_profile.first_name == pre_user_profile.last_name diff --git a/services/web/server/tests/unit/with_dbs/03/test_users__notifications.py b/services/web/server/tests/unit/with_dbs/03/test_users__notifications.py index 06484b82683..ccf246540bd 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_users__notifications.py +++ b/services/web/server/tests/unit/with_dbs/03/test_users__notifications.py @@ -17,6 +17,7 @@ import pytest import redis.asyncio as aioredis from aiohttp.test_utils import TestClient +from models_library.api_schemas_webserver.users import MyPermissionGet from models_library.products import ProductName from pydantic import TypeAdapter from pytest_simcore.helpers.assert_checks import assert_status @@ -33,10 +34,7 @@ UserNotificationCreate, get_notification_key, ) -from simcore_service_webserver.users._notifications_handlers import ( - _get_user_notifications, -) -from simcore_service_webserver.users.schemas import PermissionGet +from simcore_service_webserver.users._notifications_rest import _get_user_notifications @pytest.fixture @@ -450,7 +448,7 @@ async def test_list_permissions( data, error = await assert_status(resp, expected_response) if data: assert not error - list_of_permissions = TypeAdapter(list[PermissionGet]).validate_python(data) + list_of_permissions = TypeAdapter(list[MyPermissionGet]).validate_python(data) assert ( len(list_of_permissions) == 1 ), "for now there is only 1 permission, but when we sync frontend/backend permissions there will be more" @@ -481,7 +479,7 @@ async def test_list_permissions_with_overriden_extra_properties( data, error = await assert_status(resp, expected_response) assert data assert not error - list_of_permissions = TypeAdapter(list[PermissionGet]).validate_python(data) + list_of_permissions = TypeAdapter(list[MyPermissionGet]).validate_python(data) filtered_permissions = list( filter( lambda x: x.name == "override_services_specifications", list_of_permissions diff --git a/services/web/server/tests/unit/with_dbs/03/test_users__preferences_api.py b/services/web/server/tests/unit/with_dbs/03/test_users__preferences_api.py index 8db8935616d..96f6ba52241 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_users__preferences_api.py +++ b/services/web/server/tests/unit/with_dbs/03/test_users__preferences_api.py @@ -10,8 +10,8 @@ import pytest from aiohttp import web from aiohttp.test_utils import TestClient -from faker import Faker from common_library.pydantic_fields_extension import get_type +from faker import Faker from models_library.api_schemas_webserver.users_preferences import Preference from models_library.products import ProductName from models_library.user_preferences import FrontendUserPreference @@ -24,15 +24,15 @@ groups_extra_properties, ) from simcore_postgres_database.models.users import UserStatus -from simcore_service_webserver.users._preferences_api import ( - _get_frontend_user_preferences, - get_frontend_user_preferences_aggregation, - set_frontend_user_preference, -) from simcore_service_webserver.users._preferences_models import ( ALL_FRONTEND_PREFERENCES, BillingCenterUsageColumnOrderFrontendUserPreference, ) +from simcore_service_webserver.users._preferences_service import ( + _get_frontend_user_preferences, + get_frontend_user_preferences_aggregation, + set_frontend_user_preference, +) @pytest.fixture diff --git a/services/web/server/tests/unit/with_dbs/03/test_users__tokens.py b/services/web/server/tests/unit/with_dbs/03/test_users__tokens.py index 315f4884bc0..fd040e1d88a 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_users__tokens.py +++ b/services/web/server/tests/unit/with_dbs/03/test_users__tokens.py @@ -7,8 +7,10 @@ import random from collections.abc import AsyncIterator +from copy import deepcopy from http import HTTPStatus from itertools import repeat +from typing import Any import pytest from aiohttp.test_utils import TestClient @@ -59,7 +61,7 @@ async def fake_tokens( logged_user: UserInfoDict, tokens_db_cleanup: None, faker: Faker, -) -> list: +) -> list[dict[str, Any]]: all_tokens = [] assert client.app @@ -133,7 +135,7 @@ async def test_read_token( client: TestClient, logged_user: UserInfoDict, tokens_db_cleanup: None, - fake_tokens, + fake_tokens: list[dict[str, Any]], expected: HTTPStatus, ): assert client.app @@ -145,16 +147,18 @@ async def test_read_token( data, error = await assert_status(resp, expected) if not error: - expected_token = random.choice(fake_tokens) + expected_token = deepcopy(random.choice(fake_tokens)) sid = expected_token["service"] # get one url = client.app.router["get_token"].url_for(service=sid) - assert "/v0/me/tokens/%s" % sid == str(url) + assert f"/v0/me/tokens/{sid}" == str(url) resp = await client.get(url.path) data, error = await assert_status(resp, expected) + expected_token["token_key"] = expected_token["token_key"] + expected_token["token_secret"] = None assert data == expected_token, "list and read item are both read operations" @@ -171,7 +175,7 @@ async def test_delete_token( client: TestClient, logged_user: UserInfoDict, tokens_db_cleanup: None, - fake_tokens: list, + fake_tokens: list[dict[str, Any]], expected: HTTPStatus, ): assert client.app diff --git a/services/web/server/tests/unit/with_dbs/03/test_users_api.py b/services/web/server/tests/unit/with_dbs/03/test_users_api.py index 89b5ddea474..48fe21c24c3 100644 --- a/services/web/server/tests/unit/with_dbs/03/test_users_api.py +++ b/services/web/server/tests/unit/with_dbs/03/test_users_api.py @@ -3,24 +3,35 @@ # pylint: disable=unused-variable from datetime import datetime, timedelta +from enum import Enum import pytest from aiohttp.test_utils import TestClient +from common_library.users_enums import UserRole from faker import Faker +from models_library.groups import EVERYONE_GROUP_ID +from models_library.users import UserID, UserNameID +from pydantic import TypeAdapter from pytest_simcore.helpers.assert_checks import assert_status from pytest_simcore.helpers.monkeypatch_envs import EnvVarsDict, setenvs_from_dict -from pytest_simcore.helpers.webserver_login import NewUser +from pytest_simcore.helpers.webserver_login import NewUser, UserInfoDict from servicelib.aiohttp import status -from servicelib.aiohttp.application_keys import APP_AIOPG_ENGINE_KEY from simcore_postgres_database.models.users import UserStatus from simcore_service_webserver.users.api import ( + delete_user_without_projects, + get_guest_user_ids_and_names, + get_user, + get_user_credentials, + get_user_display_and_id_names, + get_user_fullname, + get_user_id_from_gid, get_user_name_and_email, + get_user_role, + get_users_in_group, + set_user_as_deleted, update_expired_users, ) - -_NOW = datetime.utcnow() -YESTERDAY = _NOW - timedelta(days=1) -TOMORROW = _NOW + timedelta(days=1) +from simcore_service_webserver.users.exceptions import UserNotFoundError @pytest.fixture @@ -37,6 +48,101 @@ def app_environment( ) +async def test_reading_a_user(client: TestClient, faker: Faker, user: UserInfoDict): + assert client.app + user_id = user["id"] + + got = await get_user(client.app, user_id=user_id) + + keys = set(got.keys()).intersection(user.keys()) + + def _normalize_val(v): + return v.value if isinstance(v, Enum) else v + + assert {k: _normalize_val(got[k]) for k in keys} == {k: user[k] for k in keys} + + user_primary_group_id = got["primary_gid"] + + email, phash, display = await get_user_credentials(client.app, user_id=user_id) + assert email == user["email"] + assert phash + assert display + + # NOTE: designed to always provide some display name + got = await get_user_display_and_id_names(client.app, user_id=user_id) + assert ( + got.first_name.lower() == (user.get("first_name") or user.get("name")).lower() + ) + assert got.last_name.lower() == (user.get("last_name") or "").lower() + assert got.name == user["name"] + + got = await get_user_fullname(client.app, user_id=user_id) + assert got == {k: v for k, v in user.items() if k in got} + + got = await get_user_name_and_email(client.app, user_id=user_id) + assert got.email == user["email"] + assert got.name == user["name"] + + got = await get_user_role(client.app, user_id=user_id) + assert _normalize_val(got) == user["role"] + + got = await get_user_id_from_gid(client.app, primary_gid=user_primary_group_id) + assert got == user_id + + everyone = await get_users_in_group(client.app, gid=EVERYONE_GROUP_ID) + assert user_id in everyone + assert len(everyone) == 1 + + +async def test_listing_users(client: TestClient, faker: Faker, user: UserInfoDict): + assert client.app + + guests = await get_guest_user_ids_and_names(client.app) + assert not guests + + async with NewUser( + user_data={"role": UserRole.GUEST.value}, app=client.app + ) as guest: + got = await get_guest_user_ids_and_names(client.app) + assert (guest["id"], guest["name"]) in TypeAdapter( + list[tuple[UserID, UserNameID]] + ).validate_python(got) + + guests = await get_guest_user_ids_and_names(client.app) + assert not guests + + +async def test_deleting_a_user( + client: TestClient, + faker: Faker, + user: UserInfoDict, +): + assert client.app + user_id = user["id"] + + # exists + got = await get_user(client.app, user_id=user_id) + assert got["id"] == user_id + + # MARK as deleted + await set_user_as_deleted(client.app, user_id=user_id) + + got = await get_user(client.app, user_id=user_id) + assert got["id"] == user_id + + # DO DELETE + await delete_user_without_projects(client.app, user_id=user_id) + + # does not exist + with pytest.raises(UserNotFoundError): + await get_user(client.app, user_id=user_id) + + +_NOW = datetime.now() # WARNING: UTC affects here since expires is not defined as UTC +YESTERDAY = _NOW - timedelta(days=1) +TOMORROW = _NOW + timedelta(days=1) + + @pytest.mark.parametrize("expires_at", [YESTERDAY, TOMORROW, None]) async def test_update_expired_users( expires_at: datetime | None, client: TestClient, faker: Faker @@ -67,7 +173,7 @@ async def _rq_login(): await assert_status(r1, status.HTTP_200_OK) # apply update - expired = await update_expired_users(client.app[APP_AIOPG_ENGINE_KEY]) + expired = await update_expired_users(client.app) if has_expired: assert expired == [user["id"]] else: diff --git a/services/web/server/tests/unit/with_dbs/04/studies_dispatcher/test_studies_dispatcher_studies_access.py b/services/web/server/tests/unit/with_dbs/04/studies_dispatcher/test_studies_dispatcher_studies_access.py index 04b8e50f7ea..366f10dba16 100644 --- a/services/web/server/tests/unit/with_dbs/04/studies_dispatcher/test_studies_dispatcher_studies_access.py +++ b/services/web/server/tests/unit/with_dbs/04/studies_dispatcher/test_studies_dispatcher_studies_access.py @@ -367,7 +367,7 @@ async def test_access_cookie_of_expired_user( resp = await client.get(f"{me_url}") data, _ = await assert_status(resp, status.HTTP_200_OK) - assert await get_user_role(app, data["id"]) == UserRole.GUEST + assert await get_user_role(app, user_id=data["id"]) == UserRole.GUEST async def enforce_garbage_collect_guest(uid): # TODO: can be replaced now by actual GC @@ -375,7 +375,7 @@ async def enforce_garbage_collect_guest(uid): # - GUEST user expired, cleaning it up # - client still holds cookie with its identifier nonetheless # - assert await get_user_role(app, uid) == UserRole.GUEST + assert await get_user_role(app, user_id=uid) == UserRole.GUEST projects = await _get_user_projects(client) assert len(projects) == 1 @@ -403,14 +403,14 @@ async def enforce_garbage_collect_guest(uid): # as a guest user resp = await client.get(f"{me_url}") data, _ = await assert_status(resp, status.HTTP_200_OK) - assert await get_user_role(app, data["id"]) == UserRole.GUEST + assert await get_user_role(app, user_id=data["id"]) == UserRole.GUEST # But I am another user assert data["id"] != user_id assert data["login"] != user_email -@pytest.mark.parametrize("number_of_simultaneous_requests", [1, 2, 64]) +@pytest.mark.parametrize("number_of_simultaneous_requests", [1, 2, 32]) async def test_guest_user_is_not_garbage_collected( number_of_simultaneous_requests: int, web_server: TestServer, diff --git a/services/web/server/tests/unit/with_dbs/conftest.py b/services/web/server/tests/unit/with_dbs/conftest.py index 991d7fd8d56..6661af40d5e 100644 --- a/services/web/server/tests/unit/with_dbs/conftest.py +++ b/services/web/server/tests/unit/with_dbs/conftest.py @@ -19,6 +19,7 @@ from copy import deepcopy from decimal import Decimal from pathlib import Path +from typing import Any from unittest import mock from unittest.mock import AsyncMock, MagicMock @@ -41,8 +42,8 @@ from models_library.products import ProductName from models_library.services_enums import ServiceState from pydantic import ByteSize, TypeAdapter +from pytest_docker.plugin import Services from pytest_mock import MockerFixture -from pytest_simcore.helpers.dict_tools import ConfigDict from pytest_simcore.helpers.faker_factories import random_product from pytest_simcore.helpers.monkeypatch_envs import setenvs_from_dict from pytest_simcore.helpers.typing_env import EnvVarsDict @@ -67,6 +68,7 @@ ) from simcore_service_webserver._constants import INDEX_RESOURCE_NAME from simcore_service_webserver.application import create_application +from simcore_service_webserver.application_settings_utils import AppConfigDict from simcore_service_webserver.db.plugin import get_database_engine from simcore_service_webserver.projects.models import ProjectDict from simcore_service_webserver.statics._constants import ( @@ -92,7 +94,7 @@ def disable_swagger_doc_generation( @pytest.fixture(scope="session") -def docker_compose_env(default_app_cfg: ConfigDict) -> Iterator[pytest.MonkeyPatch]: +def docker_compose_env(default_app_cfg: AppConfigDict) -> Iterator[pytest.MonkeyPatch]: postgres_cfg = default_app_cfg["db"]["postgres"] redis_cfg = default_app_cfg["resource_manager"]["redis"] # docker-compose reads these environs @@ -117,7 +119,7 @@ def docker_compose_file(docker_compose_env: pytest.MonkeyPatch) -> str: @pytest.fixture -def app_cfg(default_app_cfg: ConfigDict, unused_tcp_port_factory) -> ConfigDict: +def app_cfg(default_app_cfg: AppConfigDict, unused_tcp_port_factory) -> AppConfigDict: """ NOTE: SHOULD be overriden in any test module to configure the app accordingly """ @@ -133,8 +135,8 @@ def app_cfg(default_app_cfg: ConfigDict, unused_tcp_port_factory) -> ConfigDict: @pytest.fixture def app_environment( monkeypatch: pytest.MonkeyPatch, - app_cfg: ConfigDict, - monkeypatch_setenv_from_app_config: Callable[[ConfigDict], dict[str, str]], + app_cfg: AppConfigDict, + monkeypatch_setenv_from_app_config: Callable[[AppConfigDict], dict[str, str]], ) -> EnvVarsDict: # WARNING: this fixture is commonly overriden. Check before renaming. """overridable fixture that defines the ENV for the webserver application @@ -189,7 +191,7 @@ async def _print_mail_to_stdout( @pytest.fixture def web_server( event_loop: asyncio.AbstractEventLoop, - app_cfg: ConfigDict, + app_cfg: AppConfigDict, app_environment: EnvVarsDict, postgres_db: sa.engine.Engine, # tools @@ -452,7 +454,7 @@ async def _create(**service_override_kwargs) -> DynamicServiceGet: return _create -def _is_postgres_responsive(url): +def _is_postgres_responsive(url: str): """Check if something responds to url""" try: engine = sa.create_engine(url) @@ -464,7 +466,9 @@ def _is_postgres_responsive(url): @pytest.fixture(scope="session") -def postgres_dsn(docker_services, docker_ip, default_app_cfg: dict) -> dict: +def postgres_dsn( + docker_services: Services, docker_ip: str | Any, default_app_cfg: dict +) -> dict: cfg = deepcopy(default_app_cfg["db"]["postgres"]) cfg["host"] = docker_ip cfg["port"] = docker_services.port_for("postgres", 5432) @@ -472,7 +476,7 @@ def postgres_dsn(docker_services, docker_ip, default_app_cfg: dict) -> dict: @pytest.fixture(scope="session") -def postgres_service(docker_services, postgres_dsn): +def postgres_service(docker_services: Services, postgres_dsn: dict) -> str: url = DSN.format(**postgres_dsn) # Wait until service is responsive. @@ -647,6 +651,7 @@ async def with_permitted_override_services_specifications( .where(groups_extra_properties.c.group_id == 1) .values(override_services_specifications=True) ) + yield async with aiopg_engine.acquire() as conn: diff --git a/tests/e2e-playwright/tests/conftest.py b/tests/e2e-playwright/tests/conftest.py index e815ff6c522..085e74b15fe 100644 --- a/tests/e2e-playwright/tests/conftest.py +++ b/tests/e2e-playwright/tests/conftest.py @@ -188,7 +188,7 @@ def pytest_runtest_makereport(item: pytest.Item, call): @pytest.hookimpl(tryfirst=True) -def pytest_configure(config): +def pytest_configure(config: pytest.Config): config.pluginmanager.register(pytest_runtest_setup, "osparc_test_times_plugin") config.pluginmanager.register(pytest_runtest_makereport, "osparc_makereport_plugin") diff --git a/tests/e2e-playwright/tests/platform_CI_tests/test_platform.py b/tests/e2e-playwright/tests/platform_CI_tests/test_platform.py index edcac0fca64..382e41518bd 100644 --- a/tests/e2e-playwright/tests/platform_CI_tests/test_platform.py +++ b/tests/e2e-playwright/tests/platform_CI_tests/test_platform.py @@ -1,13 +1,16 @@ +# pylint: disable=no-name-in-module # pylint: disable=redefined-outer-name -# pylint: disable=unused-argument -# pylint: disable=unused-variable # pylint: disable=too-many-arguments # pylint: disable=too-many-statements -# pylint: disable=no-name-in-module +# pylint: disable=unused-argument +# pylint: disable=unused-variable +from collections.abc import Iterable from pathlib import Path import pytest +from playwright.sync_api._generated import BrowserContext, Playwright +from pydantic import AnyUrl @pytest.fixture(scope="session") @@ -17,11 +20,11 @@ def store_browser_context() -> bool: @pytest.fixture def logged_in_context( - playwright, + playwright: Playwright, store_browser_context: bool, request: pytest.FixtureRequest, - pytestconfig, -): + pytestconfig: pytest.Config, +) -> Iterable[BrowserContext]: is_headed = "--headed" in pytestconfig.invocation_params.args file_path = Path("state.json") @@ -36,7 +39,7 @@ def logged_in_context( @pytest.fixture(scope="module") -def test_module_teardown(): +def test_module_teardown() -> Iterable[None]: yield # Run the tests @@ -45,7 +48,9 @@ def test_module_teardown(): file_path.unlink() -def test_simple_folder_workflow(logged_in_context, product_url, test_module_teardown): +def test_simple_folder_workflow( + logged_in_context: BrowserContext, product_url: AnyUrl, test_module_teardown: None +): page = logged_in_context.new_page() page.goto(f"{product_url}") @@ -66,7 +71,7 @@ def test_simple_folder_workflow(logged_in_context, product_url, test_module_tear def test_simple_workspace_workflow( - logged_in_context, product_url, test_module_teardown + logged_in_context: BrowserContext, product_url: AnyUrl, test_module_teardown: None ): page = logged_in_context.new_page()