deriva 1.7.10__py3-none-any.whl → 1.7.11__py3-none-any.whl

deriva/core/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "1.7.10"
+__version__ = "1.7.11"
 
 from deriva.core.utils.core_utils import *
 from deriva.core.base_cli import BaseCLI, KeyValuePairArgs

deriva/core/utils/credenza_auth_utils.py

@@ -0,0 +1,299 @@
+import sys
+import json
+import logging
+import traceback
+from pprint import pprint
+from requests.exceptions import HTTPError, ConnectionError
+from bdbag.fetch.auth import keychain as bdbkc
+from deriva.core import DEFAULT_CREDENTIAL_FILE, read_credential, write_credential, format_exception, BaseCLI, \
+    get_new_requests_session, urlparse, urljoin
+from deriva.core.utils import eprint
+
+logger = logging.getLogger(__name__)
+
+
+def host_to_url(host, path="/", protocol="https"):
+    if not host:
+        return None
+    upr = urlparse(host)
+    if upr.scheme and upr.netloc:
+        url = urljoin(host, path)
+    else:
+        url = "%s://%s%s" % (protocol, host, path if not host.endswith("/") else "")
+    return url.lower()
+
+class UsageException(ValueError):
+    """Usage exception.
+    """
+    def __init__(self, message):
+        """Initializes the exception.
+        """
+        super(UsageException, self).__init__(message)
+
+class CredenzaAuthUtilCLI(BaseCLI):
+    """CredenzaAuthUtil Command-line Interface.
+    """
+    def __init__(self, *args, **kwargs):
+        super(CredenzaAuthUtilCLI, self).__init__(*args, **kwargs)
+        self.remove_options(['--token', '--oauth2-token'])
+        self.parser.add_argument("--pretty", "-p", action="store_true",
+                                 help="Pretty-print all result output.")
+        self.credentials = None
+
+        # init subparsers and corresponding functions
+        self.subparsers = self.parser.add_subparsers(title='sub-commands', dest='subcmd')
+        self.login_init()
+        self.logout_init()
+        self.get_session_init()
+        self.put_session_init()
+
+    @staticmethod
+    def update_bdbag_keychain(token=None, host=None, keychain_file=None, allow_redirects=False, delete=False):
+        if (token is None) or (host is None):
+            return
+        keychain_file = keychain_file or bdbkc.DEFAULT_KEYCHAIN_FILE
+        entry = {
+            "uri": host_to_url(host),
+            "auth_type": "bearer-token",
+            "auth_params": {
+                "token": token,
+                "allow_redirects_with_token": True if allow_redirects else False
+            }
+        }
+        bdbkc.update_keychain(entry, keychain_file=keychain_file, delete=delete)
+
+    def load_credential(self, host, credential_file=None):
+        if not self.credentials:
+            self.credentials = read_credential(credential_file or DEFAULT_CREDENTIAL_FILE, create_default=True)
+        credential = self.credentials.get(host, self.credentials.get(host.lower()))
+        if not credential:
+            return None
+        return credential.get("bearer-token")
+
+    def save_credential(self, host, credential_file=None, credential=None):
+        if not self.credentials:
+            self.credentials = read_credential(credential_file or DEFAULT_CREDENTIAL_FILE, create_default=True)
+
+        if credential is not None:
+            self.credentials[host] = {"bearer-token": credential}
+        else:
+            self.credentials.pop(host, None)
+
+        write_credential(credential_file or DEFAULT_CREDENTIAL_FILE, self.credentials)
+
+    def get_session(self, args, check_only=False):
+        credential = self.load_credential(args.host, args.credential_file)
+        if not credential:
+            return None if check_only else "Credential not found. Login required."
+
+        url = host_to_url(args.host, "/authn/session")
+        session = get_new_requests_session(url)
+        session.headers.update({"Authorization": f"Bearer {credential}"})
+        response = session.get(url)
+
+        if response.status_code == 200:
+            return response.json()
+        elif response.status_code == 404:
+            return None if check_only else f"No valid session found for host '{args.host}'."
+        else:
+            response.raise_for_status()
+            return None
+
+    def put_session(self, args):
+        credential = self.load_credential(args.host, args.credential_file)
+        if not credential:
+            return "Credential not found. Login required."
+
+        path = "/authn/session"
+        if args.refresh_upstream:
+            path += "?refresh_upstream=true"
+        url = host_to_url(args.host, path)
+        session = get_new_requests_session(url)
+        session.headers.update({"Authorization": f"Bearer {credential}"})
+        response = session.put(url)
+
+        if response.status_code == 200:
+            return response.json()
+        elif response.status_code == 404:
+            return f"No valid session found for host '{args.host}'."
+        else:
+            response.raise_for_status()
+            return None
+
+    def login(self, args):
+
+        if not sys.stdin.isatty():
+            raise RuntimeError("Interactive TTY required for device login.")
+
+        if not args.force:
+            resp = self.get_session(args, check_only=True)
+            if resp:
+                return f"You are already logged in to host '{args.host}'"
+
+        path = "/authn/device/start"
+        if args.refresh:
+            path += "?refresh=true"
+        url = host_to_url(args.host, path)
+        session = get_new_requests_session(url)
+        response = session.post(url)
+        response.raise_for_status()
+        body = response.json()
+        verification_url = body["verification_uri"]
+
+        login_prompt = f"""
+
+    Device login initiated to {args.host}.
+    
+    1. Please visit {verification_url} in a browser to complete authentication.
+    2. After that, return here and enter "y" or "yes" at the prompt below to proceed.
+
+        """
+        sys.stdout.write(login_prompt)
+        sys.stdout.flush()
+        try:
+            while True:
+                sys.stdout.write("\nProceed? (y/N): ")
+                sys.stdout.flush()
+                response = sys.stdin.readline()
+
+                ans = response.strip().lower()
+                if ans in {"y", "yes"}:
+                    break
+                elif ans in {"n", "no", ""}:  # default is No on empty/enter
+                    return f"Login cancelled for '{args.host}'."
+        except KeyboardInterrupt:
+            sys.stdout.write("\nCancelled by user (Ctrl-C).\n")
+            return f"Login cancelled for '{args.host}'."
+
+        token_response = session.post(
+            f"https://{args.host}/authn/device/token",
+            json={"device_code": body["device_code"]}
+        )
+        token_response.raise_for_status()
+        body = token_response.json()
+        token = body["access_token"]
+        self.save_credential(args.host, args.credential_file, token)
+        if not args.no_bdbag_keychain:
+            self.update_bdbag_keychain(host=args.host,
+                                       token=token,
+                                       keychain_file=args.bdbag_keychain_file or bdbkc.DEFAULT_KEYCHAIN_FILE)
+        token_display = f"Access token: {token}" if args.show_token else ""
+        return f"You have been successfully logged in to host '{args.host}'. {token_display}"
+
+    def logout(self, args):
+        credential = self.load_credential(args.host, args.credential_file)
+        if not credential:
+            return "Credential not found. Not logged in."
+
+        url = host_to_url(args.host, "/authn/device/logout")
+        session = get_new_requests_session(url)
+        session.headers.update({"Authorization": f"Bearer {credential}"})
+        response = session.post(url)
+        response.raise_for_status()
+
+        self.save_credential(args.host, args.credential_file)
+        if not args.no_bdbag_keychain:
+            self.update_bdbag_keychain(host=args.host,
+                                       token=credential,
+                                       delete=True,
+                                       keychain_file=args.bdbag_keychain_file or bdbkc.DEFAULT_KEYCHAIN_FILE)
+
+        return f"You have been successfully logged out of host '{args.host}'."
+
+    def login_init(self):
+        parser = self.subparsers.add_parser('login',
+                                            help="Login with Globus Auth and get OAuth tokens for resource access.")
+
+        parser.add_argument("--no-bdbag-keychain", action="store_true",
+                            help="Do not update the bdbag keychain file with result access tokens. Default false.")
+        parser.add_argument('--bdbag-keychain-file', metavar='<file>',
+                            help="Non-default path to a bdbag keychain file.")
+        parser.add_argument("--refresh", action="store_true",
+                            help="Allow the session manager to automatically refresh access tokens on the user's behalf "
+                                 "until either the refresh token expires or the user logs out.")
+        parser.add_argument("--force", action="store_true",
+                            help="Force a login flow even if the current access token is valid.")
+        parser.add_argument("--show-token", action="store_true",
+                            help="Display the token from the authorization response.")
+        parser.set_defaults(func=self.login)
+
+    def logout_init(self):
+        parser = self.subparsers.add_parser("logout", help="Logout and revoke all access and refresh tokens.")
+        parser.add_argument("--no-bdbag-keychain", action="store_true",
+                            help="Do not update the bdbag keychain file by removing access tokens on logout. Default false.")
+        parser.add_argument('--bdbag-keychain-file', metavar='<file>',
+                            help="Non-default path to a bdbag keychain file.")
+        parser.set_defaults(func=self.logout)
+
+    def get_session_init(self):
+        parser = self.subparsers.add_parser("get-session",
+                                            help="Retrieve information about the currently logged-in user.")
+        parser.set_defaults(func=self.get_session)
+
+    def put_session_init(self):
+        parser = self.subparsers.add_parser("put-session",
+                                            help="Extend the current logged-in user's session.")
+        parser.add_argument("--refresh-upstream", action="store_true",
+                            help="Attempt to refresh access tokens, other dependent tokens, and claims from the "
+                                 "upstream identity provider.")
+        parser.set_defaults(func=self.put_session)
+
+    def main(self):
+        args = self.parse_cli()
+
+        def _cmd_error_message(emsg):
+            return "{prog} {subcmd}: {msg}".format(
+                prog=self.parser.prog, subcmd=args.subcmd, msg=emsg)
+
+        try:
+            if not hasattr(args, 'func'):
+                self.parser.print_usage()
+                return 2
+
+            if args.subcmd == "login" or args.subcmd == "logout" or args.subcmd == "session":
+                pass
+            else:
+                pass
+
+            response = args.func(args)
+            if args.pretty:
+                if isinstance(response, dict) or isinstance(response, list):
+                    try:
+                        print(json.dumps(response, indent=2))
+                        return 0
+                    except:
+                        pprint(response)
+                        return 0
+                elif not isinstance(response, str):
+                    pprint(response)
+                    return 0
+            print(response)
+            return 0
+
+        except UsageException as e:
+            eprint("{prog} {subcmd}: {msg}".format(prog=self.parser.prog, subcmd=args.subcmd, msg=e))
+        except ConnectionError as e:
+            eprint("{prog}: Connection error occurred".format(prog=self.parser.prog))
+        except HTTPError as e:
+            if 401 == e.response.status_code:
+                msg = 'Authentication required: %s' % format_exception(e)
+            elif 403 == e.response.status_code:
+                msg = 'Permission denied: %s' % format_exception(e)
+            else:
+                msg = e
+            eprint(_cmd_error_message(msg))
+        except RuntimeError as e:
+            logging.debug(format_exception(e))
+            eprint('An unexpected runtime error occurred')
+        except:
+            eprint('An unexpected error occurred')
+            traceback.print_exc()
+        return 1
+
+def main():
+    desc = "Credenza Auth Utilities"
+    info = "For more information see: https://github.com/informatics-isi-edu/deriva-py"
+    return CredenzaAuthUtilCLI(desc, info).main()
+
+if __name__ == '__main__':
+    sys.exit(main())

{deriva-1.7.10.dist-info → deriva-1.7.11.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: deriva
-Version: 1.7.10
+Version: 1.7.11
 Summary: Python APIs and CLIs (Command-Line Interfaces) for the DERIVA platform.
 Home-page: https://github.com/informatics-isi-edu/deriva-py
 Author: USC Information Sciences Institute, Informatics Systems Research Division
@@ -15,7 +15,6 @@ Classifier: Operating System :: POSIX
 Classifier: Operating System :: MacOS :: MacOS X
 Classifier: Operating System :: Microsoft :: Windows
 Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -28,7 +27,7 @@ Requires-Dist: requests
 Requires-Dist: pika
 Requires-Dist: urllib3<3,>=1.26.20
 Requires-Dist: portalocker>=1.2.1
-Requires-Dist: bdbag>=1.7.5
+Requires-Dist: bdbag>=1.8.0
 Requires-Dist: globus_sdk<4,>=3
 Requires-Dist: fair-research-login>=0.3.1
 Requires-Dist: fair-identifiers-client>=0.5.1

{deriva-1.7.10.dist-info → deriva-1.7.11.dist-info}/RECORD

@@ -8,7 +8,7 @@ deriva/config/dump_catalog_annotations.py,sha256=QzaWDLfWIAQ0eWVV11zeceWgwDBOYIe
 deriva/config/rollback_annotation.py,sha256=vqrIcen-KZX8LDpu2OVNivzIHpQoQgWkZAChZJctvtk,3015
 deriva/config/examples/group_owner_policy.json,sha256=8v3GWM1F_BWnYD9x_f6Eo4kBDvyy8g7mRqujfoEKLNc,2408
 deriva/config/examples/self_serve_policy.json,sha256=pW-cqWz4rJNNXwY4eVZFkQ8gKCHclC9yDa22ylfcDqY,1676
-deriva/core/__init__.py,sha256=2YJow_azmav6XbSDKH_fIO7or9_VyHdN1Od8_H-T964,4976
+deriva/core/__init__.py,sha256=u3pzQuTb0mKvl0GenoQWGuiUMDDdzjVnoPXHmX5pdwY,4976
 deriva/core/annotation.py,sha256=PkAkPkxX1brQsb8_drR1Qj5QjQA5mjkpXhkq9NuZ1g8,13432
 deriva/core/base_cli.py,sha256=78Ilf3_f2xREQb3IIj6q0jwWAiXSObZszG0JURs36lA,2902
 deriva/core/catalog_cli.py,sha256=CwfTf7C81SpU1J_aPsWiIbPOBAyekkIh384KUivq5H8,23550
@@ -45,6 +45,7 @@ deriva/core/schemas/visible_foreign_keys.schema.json,sha256=K-oa2qzj5EbmJCEyN6mN
 deriva/core/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 deriva/core/utils/__init__.py,sha256=XSbGaWe44hebxYvoh5huFzZkMY6TSKPOCRSjUOvaY70,124
 deriva/core/utils/core_utils.py,sha256=bMPVBG0W5-OAPcY7rXYlIfPAofmN1We6h1uyzXYnR9s,19821
+deriva/core/utils/credenza_auth_utils.py,sha256=JX-sOwSltfmXbDWdaWJHP5gCMOOBkELKEsnnhqxoRk8,12435
 deriva/core/utils/globus_auth_utils.py,sha256=x5Dh4PlAMIKTm4b8nKUeuCMSFn7NMgj_NqtmnS_FM0I,57366
 deriva/core/utils/hash_utils.py,sha256=JqUYVB3jXusCQYX9fkKmweUKBC0WQi8ZI2N8m-uKygQ,2299
 deriva/core/utils/mime_utils.py,sha256=ZT7pMjY2kQWBsgsGC3jY6kjfygdsIyiYW3BKNw_pPyg,1128
@@ -97,20 +98,9 @@ deriva/transfer/upload/processors/metadata_update_processor.py,sha256=Hgu5huZf7Z
 deriva/transfer/upload/processors/rename_processor.py,sha256=UQ-JQuQgyYCGT-fU9kHA53kPdQ20kt-2Bb486od7B14,2423
 deriva/transfer/upload/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 deriva/utils/__init__.py,sha256=jv2YF__bseklT3OWEzlqJ5qE24c4aWd5F4r0TTjOrWQ,65
-deriva-1.7.10.dist-info/licenses/LICENSE,sha256=tAkwu8-AdEyGxGoSvJ2gVmQdcicWw3j1ZZueVV74M-E,11357
-tests/deriva/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/deriva/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/deriva/core/test_datapath.py,sha256=ft7qDp9peomnhtREry5et4QDO4RyfCCBSE6YnNDNYe8,40225
-tests/deriva/core/test_ermrest_model.py,sha256=tmWmAgXTcLBueY4iUS14uq-b1SjgKMaFGt2lw9mYvbg,34330
-tests/deriva/core/mmo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/deriva/core/mmo/base.py,sha256=3iLqUDNdiJaERB-8-G-5NEvkJr9fz0YUMvPxl5hMINE,9356
-tests/deriva/core/mmo/test_mmo_drop.py,sha256=R_yl-PIHGx-3kchT5TH8O9TJktepWjgs6hHISOc6d2k,8930
-tests/deriva/core/mmo/test_mmo_find.py,sha256=PcUN76sik68B3XKg0G3wHVpKcPEld_6RtbxeGzkrMQ8,4172
-tests/deriva/core/mmo/test_mmo_prune.py,sha256=4pYtYL8g1BgadlewNPVpVA5lT_gV6SPTDYf04ZKzBTA,6851
-tests/deriva/core/mmo/test_mmo_rename.py,sha256=4oSR1G3Od701Ss3AnolI1Z7CbMxKuQF2uSr2_IcoR6s,8512
-tests/deriva/core/mmo/test_mmo_replace.py,sha256=w-66LWyiQ_ajC7Ipmhc4kAKwIloPdQELeUPsvelTdX8,8439
-deriva-1.7.10.dist-info/METADATA,sha256=OrMw19lEt6tH9VyJq5a8wL4WpeIu-Wr1a8rjrJLKNdk,1891
-deriva-1.7.10.dist-info/WHEEL,sha256=0CuiUZ_p9E4cD6NyLD6UG80LBXYyiSYZOKDm5lp32xk,91
-deriva-1.7.10.dist-info/entry_points.txt,sha256=HmYCHlgbjYQ_aZX_j4_4tApH4tDTbYtS66jKlfytbn8,850
-deriva-1.7.10.dist-info/top_level.txt,sha256=_LHDie5-O53wFlexfrxjewpVkf04oydf3CqX5h75DXE,13
-deriva-1.7.10.dist-info/RECORD,,
+deriva-1.7.11.dist-info/licenses/LICENSE,sha256=tAkwu8-AdEyGxGoSvJ2gVmQdcicWw3j1ZZueVV74M-E,11357
+deriva-1.7.11.dist-info/METADATA,sha256=8K51AvD17zR_kZpJf2PDUA8ObbFUbSBSuIADf_9yS_M,1840
+deriva-1.7.11.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+deriva-1.7.11.dist-info/entry_points.txt,sha256=uS-e7FxTP7lVm-QJdq_ErytmAbXvlRkEvrjab33ctRE,922
+deriva-1.7.11.dist-info/top_level.txt,sha256=OoTnCAuRnf-pPKMre5HA7mgLMIPl_2-lAWoZ63y74-U,7
+deriva-1.7.11.dist-info/RECORD,,

{deriva-1.7.10.dist-info → deriva-1.7.11.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.3.1)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

{deriva-1.7.10.dist-info → deriva-1.7.11.dist-info}/entry_points.txt

@@ -6,6 +6,7 @@ deriva-annotation-rollback = deriva.config.rollback_annotation:main
 deriva-annotation-validate = deriva.config.annotation_validate:main
 deriva-backup-cli = deriva.transfer.backup.__main__:main
 deriva-catalog-cli = deriva.core.catalog_cli:main
+deriva-credenza-auth-utils = deriva.core.utils.credenza_auth_utils:main
 deriva-download-cli = deriva.transfer.download.__main__:main
 deriva-export-cli = deriva.transfer.download.deriva_export:main
 deriva-globus-auth-utils = deriva.core.utils.globus_auth_utils:main

{deriva-1.7.10.dist-info → deriva-1.7.11.dist-info}/top_level.txt

@@ -1,2 +1 @@
 deriva
-tests