fractal-server 2.16.6__py3-none-any.whl → 2.17.0__py3-none-any.whl

fractal_server/app/schemas/v2/resource.py

@@ -0,0 +1,137 @@
+from enum import StrEnum
+from typing import Annotated
+from typing import Any
+from typing import Literal
+from typing import Self
+
+from pydantic import AfterValidator
+from pydantic import BaseModel
+from pydantic import Discriminator
+from pydantic import model_validator
+from pydantic import Tag
+from pydantic import validate_call
+from pydantic.types import AwareDatetime
+
+from fractal_server.runner.config import JobRunnerConfigLocal
+from fractal_server.runner.config import JobRunnerConfigSLURM
+from fractal_server.tasks.config import TasksPixiSettings
+from fractal_server.tasks.config import TasksPythonSettings
+from fractal_server.types import AbsolutePathStr
+from fractal_server.types import NonEmptyStr
+
+
+class ResourceType(StrEnum):
+    SLURM_SUDO = "slurm_sudo"
+    SLURM_SSH = "slurm_ssh"
+    LOCAL = "local"
+
+
+def cast_serialize_pixi_settings(
+    v: dict[NonEmptyStr, Any],
+) -> dict[NonEmptyStr, Any]:
+    """
+    Validate current value, and enrich it with default values.
+    """
+    if v != {}:
+        v = TasksPixiSettings(**v).model_dump()
+    return v
+
+
+class _ValidResourceBase(BaseModel):
+    type: ResourceType
+    name: NonEmptyStr
+
+    # Tasks
+    tasks_python_config: TasksPythonSettings
+    tasks_pixi_config: Annotated[
+        dict[NonEmptyStr, Any],
+        AfterValidator(cast_serialize_pixi_settings),
+    ]
+    tasks_local_dir: AbsolutePathStr
+
+    # Jobs
+    jobs_local_dir: AbsolutePathStr
+    jobs_runner_config: dict[NonEmptyStr, Any]
+    jobs_poll_interval: int = 5
+
+    @model_validator(mode="after")
+    def _pixi_slurm_config(self) -> Self:
+        if (
+            self.tasks_pixi_config != {}
+            and self.type == ResourceType.SLURM_SSH
+            and self.tasks_pixi_config["SLURM_CONFIG"] is None
+        ):
+            raise ValueError(
+                "`tasks_pixi_config` must include `SLURM_CONFIG`."
+            )
+        return self
+
+
+class ValidResourceLocal(_ValidResourceBase):
+    type: Literal[ResourceType.LOCAL]
+    jobs_runner_config: JobRunnerConfigLocal
+    jobs_slurm_python_worker: None = None
+    host: None = None
+
+
+class ValidResourceSlurmSudo(_ValidResourceBase):
+    type: Literal[ResourceType.SLURM_SUDO]
+    jobs_slurm_python_worker: AbsolutePathStr
+    jobs_runner_config: JobRunnerConfigSLURM
+    host: None = None
+
+
+class ValidResourceSlurmSSH(_ValidResourceBase):
+    type: Literal[ResourceType.SLURM_SSH]
+    host: NonEmptyStr
+    jobs_slurm_python_worker: AbsolutePathStr
+    jobs_runner_config: JobRunnerConfigSLURM
+
+
+def get_discriminator_value(v: Any) -> str:
+    # See https://github.com/fastapi/fastapi/discussions/12941
+    if isinstance(v, dict):
+        return v.get("type", None)
+    return getattr(v, "type", None)
+
+
+ResourceCreate = Annotated[
+    Annotated[ValidResourceLocal, Tag(ResourceType.LOCAL)]
+    | Annotated[ValidResourceSlurmSudo, Tag(ResourceType.SLURM_SUDO)]
+    | Annotated[ValidResourceSlurmSSH, Tag(ResourceType.SLURM_SSH)],
+    Discriminator(get_discriminator_value),
+]
+
+
+class ResourceRead(BaseModel):
+    id: int
+
+    type: str
+
+    name: str
+    timestamp_created: AwareDatetime
+
+    host: str | None
+
+    jobs_local_dir: str
+    jobs_runner_config: dict[str, Any]
+    jobs_slurm_python_worker: str | None
+    jobs_poll_interval: int
+
+    tasks_local_dir: str
+    tasks_python_config: dict[str, Any]
+    tasks_pixi_config: dict[str, Any]
+
+
+@validate_call
+def cast_serialize_resource(_data: ResourceCreate) -> dict[str, Any]:
+    """
+    Cast/serialize round-trip for `Resource` data.
+
+    We use `@validate_call` because `ResourceCreate` is a `Union` type and it
+    cannot be instantiated directly.
+
+    Return:
+        Serialized version of a valid resource object.
+    """
+    return _data.model_dump()

fractal_server/app/schemas/v2/task_collection.py

@@ -51,9 +51,17 @@ class TaskCollectPipV2(BaseModel):
     package: NonEmptyStr | None = None
     package_version: NonEmptyStr | None = None
     package_extras: NonEmptyStr | None = None
-    python_version: Literal[
-        "3.9", "3.10", "3.11", "3.12", "3.13"
-    ] | None = None
+    python_version: (
+        Literal[
+            "3.9",
+            "3.10",
+            "3.11",
+            "3.12",
+            "3.13",
+            "3.14",
+        ]
+        | None
+    ) = None
     pinned_package_versions_pre: DictStrStr | None = None
     pinned_package_versions_post: DictStrStr | None = None
 

fractal_server/app/schemas/v2/task_group.py

@@ -37,6 +37,7 @@ class TaskGroupActivityActionV2(StrEnum):
 class TaskGroupCreateV2(BaseModel):
     model_config = ConfigDict(extra="forbid")
     user_id: int
+    resource_id: int
     user_group_id: int | None = None
     active: bool = True
     origin: TaskGroupV2OriginEnum
@@ -95,6 +96,10 @@ class TaskGroupReadV2(BaseModel):
         return v.isoformat()
 
 
+class TaskGroupReadSuperuser(TaskGroupReadV2):
+    resource_id: int
+
+
 class TaskGroupUpdateV2(BaseModel):
     model_config = ConfigDict(extra="forbid")
     user_group_id: int | None = None

fractal_server/app/security/__init__.py

@@ -1,14 +1,3 @@
-# Copyright 2022 (C) Friedrich Miescher Institute for Biomedical Research and
-# University of Zurich
-#
-# Original authors:
-# Jacopo Nespolo <jacopo.nespolo@exact-lab.it>
-# Tommaso Comparin <tommaso.comparin@exact-lab.it>
-#
-# This file is part of Fractal and was originally developed by eXact lab S.r.l.
-# <exact-lab.it> under contract with Liberali Lab from the Friedrich Miescher
-# Institute for Biomedical Research and Pelkmans Lab from the University of
-# Zurich.
 """
 Auth subsystem
 
@@ -30,6 +19,7 @@ import contextlib
 from collections.abc import AsyncGenerator
 from typing import Any
 from typing import Generic
+from typing import Self
 
 from fastapi import Depends
 from fastapi import Request
@@ -55,17 +45,18 @@ from fractal_server.app.models import LinkUserGroup
 from fractal_server.app.models import OAuthAccount
 from fractal_server.app.models import UserGroup
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.models import UserSettings
 from fractal_server.app.schemas.user import UserCreate
-from fractal_server.app.security.signup_email import mail_new_oauth_signup
+from fractal_server.app.security.signup_email import (
+    send_fractal_email_or_log_failure,
+)
+from fractal_server.config import get_email_settings
 from fractal_server.config import get_settings
+from fractal_server.logger import close_logger
 from fractal_server.logger import set_logger
 from fractal_server.syringe import Inject
 
 logger = set_logger(__name__)
 
-FRACTAL_DEFAULT_GROUP_NAME = "All"
-
 
 class SQLModelUserDatabaseAsync(Generic[UP, ID], BaseUserDatabase[UP, ID]):
     """
@@ -209,67 +200,166 @@ class UserManager(IntegerIDMixin, BaseUserManager[UserOAuth, int]):
                 f"The password is too long (maximum length: {min_length})."
             )
 
+    async def oauth_callback(
+        self: Self,
+        oauth_name: str,
+        access_token: str,
+        account_id: str,
+        account_email: str,
+        expires_at: int | None = None,
+        refresh_token: str | None = None,
+        request: Request | None = None,
+        *,
+        associate_by_email: bool = False,
+        is_verified_by_default: bool = False,
+    ) -> UserOAuth:
+        """
+        Handle the callback after a successful OAuth authentication.
+
+        This method extends the corresponding `BaseUserManager` method of
+        > fastapi-users v14.0.1, Copyright (c) 2019 François Voron, MIT License
+
+        If the user already exists with this OAuth account, the token is
+        updated.
+
+        If a user with the same e-mail already exists and `associate_by_email`
+        is True, the OAuth account is associated to this user.
+        Otherwise, the `UserNotExists` exception is raised.
+
+        If the user does not exist, send an email to the Fractal admins (if
+        configured) and respond with a 400 error status. NOTE: This is the
+        function branch where the `fractal-server` implementation deviates
+        from the original `fastapi-users` one.
+
+        :param oauth_name: Name of the OAuth client.
+        :param access_token: Valid access token for the service provider.
+        :param account_id: models.ID of the user on the service provider.
+        :param account_email: E-mail of the user on the service provider.
+        :param expires_at: Optional timestamp at which the access token
+        expires.
+        :param refresh_token: Optional refresh token to get a
+        fresh access token from the service provider.
+        :param request: Optional FastAPI request that
+        triggered the operation, defaults to None
+        :param associate_by_email: If True, any existing user with the same
+        e-mail address will be associated to this user. Defaults to False.
+        :param is_verified_by_default: If True, the `is_verified` flag will be
+        set to `True` on newly created user. Make sure the OAuth Provider you
+        are using does verify the email address before enabling this flag.
+        Defaults to False.
+        :return: A user.
+        """
+        from fastapi import HTTPException
+        from fastapi import status
+        from fastapi_users import exceptions
+
+        oauth_account_dict = {
+            "oauth_name": oauth_name,
+            "access_token": access_token,
+            "account_id": account_id,
+            "account_email": account_email,
+            "expires_at": expires_at,
+            "refresh_token": refresh_token,
+        }
+
+        try:
+            user = await self.get_by_oauth_account(oauth_name, account_id)
+        except exceptions.UserNotExists:
+            try:
+                # Associate account
+                user = await self.get_by_email(account_email)
+                if not associate_by_email:
+                    raise exceptions.UserAlreadyExists()
+                user = await self.user_db.add_oauth_account(
+                    user, oauth_account_dict
+                )
+            except exceptions.UserNotExists:
+                # (0) Log
+                logger.warning(
+                    f"Self-registration attempt by {account_email}."
+                )
+
+                # (1) Prepare user-facing error message
+                error_msg = (
+                    "Thank you for registering for the Fractal service. "
+                    "Administrators have been informed to configure your "
+                    "account and will get back to you."
+                )
+                settings = Inject(get_settings)
+                if settings.FRACTAL_HELP_URL is not None:
+                    error_msg = (
+                        f"{error_msg}\n"
+                        "You can find more information about the onboarding "
+                        f"process at {settings.FRACTAL_HELP_URL}."
+                    )
+
+                # (2) Send email to admins
+                email_settings = Inject(get_email_settings)
+                send_fractal_email_or_log_failure(
+                    subject="New OAuth self-registration",
+                    msg=(
+                        f"User '{account_email}' tried to "
+                        "self-register through OAuth.\n"
+                        "Please create the Fractal account manually.\n"
+                        "Here is the error message displayed to the "
+                        f"user:\n{error_msg}"
+                    ),
+                    email_settings=email_settings.public,
+                )
+
+                # (3) Raise
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=error_msg,
+                )
+        else:
+            # Update oauth
+            for existing_oauth_account in user.oauth_accounts:
+                if (
+                    existing_oauth_account.account_id == account_id
+                    and existing_oauth_account.oauth_name == oauth_name
+                ):
+                    user = await self.user_db.update_oauth_account(
+                        user, existing_oauth_account, oauth_account_dict
+                    )
+
+        return user
+
     async def on_after_register(
         self, user: UserOAuth, request: Request | None = None
     ):
+        settings = Inject(get_settings)
         logger.info(
             f"New-user registration completed ({user.id=}, {user.email=})."
         )
         async for db in get_async_db():
-            # Find default group
-            stm = select(UserGroup).where(
-                UserGroup.name == FRACTAL_DEFAULT_GROUP_NAME
+            # Note: if `FRACTAL_DEFAULT_GROUP_NAME=None`, this query will
+            # result into `None`
+            settings = Inject(get_settings)
+            stm = select(UserGroup.id).where(
+                UserGroup.name == settings.FRACTAL_DEFAULT_GROUP_NAME
             )
             res = await db.execute(stm)
-            default_group = res.scalar_one_or_none()
-            if default_group is None:
-                logger.warning(
-                    f"No group found with name {FRACTAL_DEFAULT_GROUP_NAME}"
-                )
-            else:
+            default_group_id_or_none = res.scalars().one_or_none()
+            if default_group_id_or_none is not None:
                 link = LinkUserGroup(
-                    user_id=user.id, group_id=default_group.id
+                    user_id=user.id, group_id=default_group_id_or_none
                 )
                 db.add(link)
                 await db.commit()
                 logger.info(
-                    f"Added {user.email} user to group {default_group.id=}."
+                    f"Added {user.email} user to group "
+                    f"{default_group_id_or_none=}."
                 )
-
-            this_user = await db.get(UserOAuth, user.id)
-
-            this_user.settings = UserSettings()
-            await db.merge(this_user)
-            await db.commit()
-            await db.refresh(this_user)
-            logger.info(
-                f"Associated empty settings (id={this_user.user_settings_id}) "
-                f"to '{this_user.email}'."
-            )
-
-            # Send mail section
-            settings = Inject(get_settings)
-
-            if (
-                this_user.oauth_accounts
-                and settings.email_settings is not None
-            ):
-                try:
-                    logger.info(
-                        "START sending email about new signup to "
-                        f"{settings.email_settings.recipients}."
-                    )
-                    mail_new_oauth_signup(
-                        msg=f"New user registered: '{this_user.email}'.",
-                        email_settings=settings.email_settings,
-                    )
-                    logger.info("END sending email about new signup.")
-                except Exception as e:
-                    logger.error(
-                        "ERROR sending notification email after oauth "
-                        f"registration of {this_user.email}. "
-                        f"Original error: '{e}'."
-                    )
+            elif settings.FRACTAL_DEFAULT_GROUP_NAME is not None:
+                logger.error(
+                    "No group found with name "
+                    f"{settings.FRACTAL_DEFAULT_GROUP_NAME}"
+                )
+            # NOTE: the `else` of this branch would simply be a `pass`. The
+            # "All" group was not found, but this is not worth a WARNING
+            # because `FRACTAL_DEFAULT_GROUP_NAME` is set to `None` in the
+            # settings.
 
 
 async def get_user_manager(
@@ -286,9 +376,10 @@ get_user_manager_context = contextlib.asynccontextmanager(get_user_manager)
 async def _create_first_user(
     email: str,
     password: str,
+    project_dir: str,
+    profile_id: int | None = None,
     is_superuser: bool = False,
     is_verified: bool = False,
-    username: str | None = None,
 ) -> None:
     """
     Private method to create the first fractal-server user
@@ -306,12 +397,11 @@ async def _create_first_user(
     See [fastapi_users docs](https://fastapi-users.github.io/fastapi-users/
     12.1/cookbook/create-user-programmatically)
 
-    Arguments:
+    Args:
         email: New user's email
         password: New user's password
         is_superuser: `True` if the new user is a superuser
         is_verified: `True` if the new user is verified
-        username:
     """
     function_logger = set_logger("fractal_server.create_first_user")
     function_logger.info(f"START _create_first_user, with email '{email}'")
@@ -336,11 +426,11 @@ async def _create_first_user(
                     kwargs = dict(
                         email=email,
                         password=password,
+                        project_dir=project_dir,
+                        profile_id=profile_id,
                         is_superuser=is_superuser,
                         is_verified=is_verified,
                     )
-                    if username is not None:
-                        kwargs["username"] = username
                     user = await user_manager.create(UserCreate(**kwargs))
                     function_logger.info(f"User '{user.email}' created")
     except UserAlreadyExists:
@@ -352,34 +442,43 @@ async def _create_first_user(
         raise e
     finally:
         function_logger.info(f"END   _create_first_user, with email '{email}'")
+        close_logger(function_logger)
 
 
 def _create_first_group():
     """
-    Create a `UserGroup` with `name=FRACTAL_DEFAULT_GROUP_NAME`, if missing.
+    Create a `UserGroup` named `FRACTAL_DEFAULT_GROUP_NAME`, if this variable
+    is set and if such a group does not already exist.
     """
+    settings = Inject(get_settings)
     function_logger = set_logger("fractal_server.create_first_group")
 
+    if settings.FRACTAL_DEFAULT_GROUP_NAME is None:
+        function_logger.info(
+            f"SKIP because '{settings.FRACTAL_DEFAULT_GROUP_NAME=}'"
+        )
+        return
+
     function_logger.info(
-        f"START _create_first_group, with name '{FRACTAL_DEFAULT_GROUP_NAME}'"
+        f"START, name '{settings.FRACTAL_DEFAULT_GROUP_NAME}'"
     )
     with next(get_sync_db()) as db:
         group_all = db.execute(
             select(UserGroup).where(
-                UserGroup.name == FRACTAL_DEFAULT_GROUP_NAME
+                UserGroup.name == settings.FRACTAL_DEFAULT_GROUP_NAME
             )
         )
         if group_all.scalars().one_or_none() is None:
-            first_group = UserGroup(name=FRACTAL_DEFAULT_GROUP_NAME)
+            first_group = UserGroup(name=settings.FRACTAL_DEFAULT_GROUP_NAME)
             db.add(first_group)
             db.commit()
             function_logger.info(
-                f"Created group '{FRACTAL_DEFAULT_GROUP_NAME}'"
+                f"Created group '{settings.FRACTAL_DEFAULT_GROUP_NAME}'"
             )
         else:
             function_logger.info(
-                f"Group '{FRACTAL_DEFAULT_GROUP_NAME}' already exists, skip."
+                f"Group '{settings.FRACTAL_DEFAULT_GROUP_NAME}' "
+                "already exists, skip."
             )
-    function_logger.info(
-        f"END   _create_first_group, with name '{FRACTAL_DEFAULT_GROUP_NAME}'"
-    )
+    function_logger.info("END")
+    close_logger(function_logger)

fractal_server/app/security/signup_email.py

@@ -2,47 +2,65 @@ import smtplib
 from email.message import EmailMessage
 from email.utils import formataddr
 
-from cryptography.fernet import Fernet
+from fractal_server.config import PublicEmailSettings
+from fractal_server.logger import set_logger
 
-from fractal_server.config import MailSettings
+logger = set_logger(__name__)
 
 
-def mail_new_oauth_signup(msg: str, email_settings: MailSettings):
+def send_fractal_email_or_log_failure(
+    *,
+    subject: str,
+    msg: str,
+    email_settings: PublicEmailSettings | None,
+):
     """
-    Send an email using the specified settings to notify a new OAuth signup.
+    Send an email using the specified settings, or log about failure.
     """
 
-    mail_msg = EmailMessage()
-    mail_msg.set_content(msg)
-    mail_msg["From"] = formataddr(
-        (email_settings.sender, email_settings.sender)
-    )
-    mail_msg["To"] = ", ".join(
-        [
-            formataddr((recipient, recipient))
-            for recipient in email_settings.recipients
-        ]
-    )
-    mail_msg[
-        "Subject"
-    ] = f"[Fractal, {email_settings.instance_name}] New OAuth signup"
+    if email_settings is None:
+        logger.error(
+            f"Cannot send email with {subject=}, because {email_settings=}."
+        )
 
-    with smtplib.SMTP(
-        email_settings.smtp_server, email_settings.port
-    ) as server:
-        server.ehlo()
-        if email_settings.use_starttls:
-            server.starttls()
+    try:
+        logger.info(f"START sending email with {subject=}.")
+        mail_msg = EmailMessage()
+        mail_msg.set_content(msg)
+        mail_msg["From"] = formataddr(
+            (email_settings.sender, email_settings.sender)
+        )
+        mail_msg["To"] = ", ".join(
+            [
+                formataddr((recipient, recipient))
+                for recipient in email_settings.recipients
+            ]
+        )
+        mail_msg[
+            "Subject"
+        ] = f"[Fractal, {email_settings.instance_name}] {subject}"
+        with smtplib.SMTP(
+            email_settings.smtp_server,
+            email_settings.port,
+        ) as server:
             server.ehlo()
-        if email_settings.use_login:
-            password = (
-                Fernet(email_settings.encryption_key.get_secret_value())
-                .decrypt(email_settings.encrypted_password.get_secret_value())
-                .decode("utf-8")
+            if email_settings.use_starttls:
+                server.starttls()
+                server.ehlo()
+            if email_settings.use_login:
+                server.login(
+                    user=email_settings.sender,
+                    password=email_settings.password.get_secret_value(),
+                )
+            server.sendmail(
+                from_addr=email_settings.sender,
+                to_addrs=email_settings.recipients,
+                msg=mail_msg.as_string(),
             )
-            server.login(user=email_settings.sender, password=password)
-        server.sendmail(
-            from_addr=email_settings.sender,
-            to_addrs=email_settings.recipients,
-            msg=mail_msg.as_string(),
+        logger.info(f"END sending email with {subject=}.")
+
+    except Exception as e:
+        logger.error(
+            "Could not send self-registration email, "
+            f"original error: {str(e)}."
         )

fractal_server/config/__init__.py

@@ -0,0 +1,27 @@
+from ._data import DataAuthScheme  # noqa F401
+from ._data import DataSettings
+from ._database import DatabaseSettings
+from ._email import EmailSettings
+from ._email import PublicEmailSettings  # noqa F401
+from ._main import Settings
+from ._oauth import OAuthSettings
+
+
+def get_db_settings(db_settings=DatabaseSettings()) -> DatabaseSettings:
+    return db_settings
+
+
+def get_settings(settings=Settings()) -> Settings:
+    return settings
+
+
+def get_email_settings(email_settings=EmailSettings()) -> EmailSettings:
+    return email_settings
+
+
+def get_oauth_settings(oauth_settings=OAuthSettings()) -> OAuthSettings:
+    return oauth_settings
+
+
+def get_data_settings(data_settings=DataSettings()) -> DataSettings:
+    return data_settings