fractal-server 2.3.10__py3-none-any.whl → 2.4.0__py3-none-any.whl

fractal_server/app/routes/auth/group_names.py

@@ -0,0 +1,34 @@
+"""
+Definition `/auth/group-names/` endpoints
+"""
+from fastapi import APIRouter
+from fastapi import Depends
+from fastapi import status
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlmodel import select
+
+from . import current_active_user
+from ...db import get_async_db
+from fractal_server.app.models import UserGroup
+from fractal_server.app.models import UserOAuth
+
+router_group_names = APIRouter()
+
+
+@router_group_names.get(
+    "/group-names/", response_model=list[str], status_code=status.HTTP_200_OK
+)
+async def get_list_user_group_names(
+    user: UserOAuth = Depends(current_active_user),
+    db: AsyncSession = Depends(get_async_db),
+) -> list[str]:
+    """
+    Return the available group names.
+
+    This endpoint is not restricted to superusers.
+    """
+    stm_all_groups = select(UserGroup)
+    res = await db.execute(stm_all_groups)
+    groups = res.scalars().all()
+    group_names = [group.name for group in groups]
+    return group_names

fractal_server/app/routes/auth/login.py

@@ -0,0 +1,25 @@
+"""
+Definition of `/auth/{login,logout}/`, `/auth/token/{login/logout}` routes.
+"""
+from fastapi import APIRouter
+
+from . import cookie_backend
+from . import fastapi_users
+from . import token_backend
+
+router_login = APIRouter()
+
+
+router_login.include_router(
+    fastapi_users.get_auth_router(token_backend),
+    prefix="/token",
+)
+router_login.include_router(
+    fastapi_users.get_auth_router(cookie_backend),
+)
+
+
+# Add trailing slash to all routes paths
+for route in router_login.routes:
+    if not route.path.endswith("/"):
+        route.path = f"{route.path}/"

fractal_server/app/routes/auth/oauth.py

@@ -0,0 +1,63 @@
+from fastapi import APIRouter
+
+from . import cookie_backend
+from . import fastapi_users
+from ....config import get_settings
+from ....syringe import Inject
+
+router_oauth = APIRouter()
+
+
+# OAUTH CLIENTS
+
+# NOTE: settings.OAUTH_CLIENTS are collected by
+# Settings.collect_oauth_clients(). If no specific client is specified in the
+# environment variables (e.g. by setting OAUTH_FOO_CLIENT_ID and
+# OAUTH_FOO_CLIENT_SECRET), this list is empty
+
+# FIXME:Dependency injection should be wrapped within a function call to make
+# it truly lazy. This function could then be called on startup of the FastAPI
+# app (cf. fractal_server.main)
+settings = Inject(get_settings)
+
+for client_config in settings.OAUTH_CLIENTS_CONFIG:
+    client_name = client_config.CLIENT_NAME.lower()
+
+    if client_name == "google":
+        from httpx_oauth.clients.google import GoogleOAuth2
+
+        client = GoogleOAuth2(
+            client_config.CLIENT_ID, client_config.CLIENT_SECRET
+        )
+    elif client_name == "github":
+        from httpx_oauth.clients.github import GitHubOAuth2
+
+        client = GitHubOAuth2(
+            client_config.CLIENT_ID, client_config.CLIENT_SECRET
+        )
+    else:
+        from httpx_oauth.clients.openid import OpenID
+
+        client = OpenID(
+            client_config.CLIENT_ID,
+            client_config.CLIENT_SECRET,
+            client_config.OIDC_CONFIGURATION_ENDPOINT,
+        )
+
+    router_oauth.include_router(
+        fastapi_users.get_oauth_router(
+            client,
+            cookie_backend,
+            settings.JWT_SECRET_KEY,
+            is_verified_by_default=False,
+            associate_by_email=True,
+            redirect_url=client_config.REDIRECT_URL,
+        ),
+        prefix=f"/{client_name}",
+    )
+
+
+# Add trailing slash to all routes' paths
+for route in router_oauth.routes:
+    if not route.path.endswith("/"):
+        route.path = f"{route.path}/"

fractal_server/app/routes/auth/register.py

@@ -0,0 +1,23 @@
+"""
+Definition of `/auth/register/` routes.
+"""
+from fastapi import APIRouter
+from fastapi import Depends
+
+from . import current_active_superuser
+from . import fastapi_users
+from ...schemas.user import UserCreate
+from ...schemas.user import UserRead
+
+router_register = APIRouter()
+
+router_register.include_router(
+    fastapi_users.get_register_router(UserRead, UserCreate),
+    dependencies=[Depends(current_active_superuser)],
+)
+
+
+# Add trailing slash to all routes' paths
+for route in router_register.routes:
+    if not route.path.endswith("/"):
+        route.path = f"{route.path}/"

fractal_server/app/routes/auth/router.py

@@ -0,0 +1,19 @@
+from fastapi import APIRouter
+
+from .current_user import router_current_user
+from .group import router_group
+from .group_names import router_group_names
+from .login import router_login
+from .oauth import router_oauth
+from .register import router_register
+from .users import router_users
+
+router_auth = APIRouter()
+
+router_auth.include_router(router_register)
+router_auth.include_router(router_current_user)
+router_auth.include_router(router_login)
+router_auth.include_router(router_group_names)
+router_auth.include_router(router_users)
+router_auth.include_router(router_group)
+router_auth.include_router(router_oauth)

fractal_server/app/routes/auth/users.py

@@ -0,0 +1,192 @@
+"""
+Definition of `/auth/users/` routes
+"""
+from fastapi import APIRouter
+from fastapi import Depends
+from fastapi import HTTPException
+from fastapi import status
+from fastapi_users import exceptions
+from fastapi_users import schemas
+from fastapi_users.router.common import ErrorCode
+from sqlalchemy.exc import IntegrityError
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlmodel import col
+from sqlmodel import func
+from sqlmodel import select
+
+from . import current_active_superuser
+from ...db import get_async_db
+from ...schemas.user import UserRead
+from ...schemas.user import UserUpdate
+from ...schemas.user import UserUpdateWithNewGroupIds
+from ._aux_auth import _get_single_user_with_group_ids
+from fractal_server.app.models import LinkUserGroup
+from fractal_server.app.models import UserGroup
+from fractal_server.app.models import UserOAuth
+from fractal_server.app.routes.auth._aux_auth import _user_or_404
+from fractal_server.app.security import get_user_manager
+from fractal_server.app.security import UserManager
+from fractal_server.logger import set_logger
+
+router_users = APIRouter()
+
+
+logger = set_logger(__name__)
+
+
+@router_users.get("/users/{user_id}/", response_model=UserRead)
+async def get_user(
+    user_id: int,
+    group_ids: bool = True,
+    superuser: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+) -> UserRead:
+    user = await _user_or_404(user_id, db)
+    if group_ids:
+        user_with_group_ids = await _get_single_user_with_group_ids(user, db)
+        return user_with_group_ids
+    else:
+        return user
+
+
+@router_users.patch("/users/{user_id}/", response_model=UserRead)
+async def patch_user(
+    user_id: int,
+    user_update: UserUpdateWithNewGroupIds,
+    current_superuser: UserOAuth = Depends(current_active_superuser),
+    user_manager: UserManager = Depends(get_user_manager),
+    db: AsyncSession = Depends(get_async_db),
+):
+    """
+    Custom version of the PATCH-user route from `fastapi-users`.
+
+    In order to keep the fastapi-users logic in place (which is convenient to
+    update user attributes), we split the endpoint into two branches. We either
+    go through the fastapi-users-based attribute-update branch, or through the
+    branch where we establish new user/group relationships.
+
+    Note that we prevent making both changes at the same time, since it would
+    be more complex to guarantee that endpoint error would leave the database
+    in the same state as before the API call.
+    """
+
+    # We prevent simultaneous editing of both user attributes and user/group
+    # associations
+    user_update_dict_without_groups = user_update.dict(
+        exclude_unset=True, exclude={"new_group_ids"}
+    )
+    edit_attributes = user_update_dict_without_groups != {}
+    edit_groups = user_update.new_group_ids is not None
+    if edit_attributes and edit_groups:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail=(
+                "Cannot modify both user attributes and group membership. "
+                "Please make two independent PATCH calls"
+            ),
+        )
+
+    # Check that user exists
+    user_to_patch = await _user_or_404(user_id, db)
+
+    if edit_groups:
+        # Establish new user/group relationships
+
+        # Check that all required groups exist
+        # Note: The reason for introducing `col` is as in
+        # https://sqlmodel.tiangolo.com/tutorial/where/#type-annotations-and-errors,
+        stm = select(func.count()).where(
+            col(UserGroup.id).in_(user_update.new_group_ids)
+        )
+        res = await db.execute(stm)
+        number_matching_groups = res.scalar()
+        if number_matching_groups != len(user_update.new_group_ids):
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=(
+                    "Not all requested groups (IDs: "
+                    f"{user_update.new_group_ids}) exist."
+                ),
+            )
+
+        for new_group_id in user_update.new_group_ids:
+            link = LinkUserGroup(user_id=user_id, group_id=new_group_id)
+            db.add(link)
+
+        try:
+            await db.commit()
+        except IntegrityError as e:
+            error_msg = (
+                f"Cannot link groups with IDs {user_update.new_group_ids} "
+                f"to user {user_id}. "
+                "Likely reason: one of these links already exists.\n"
+                f"Original error: {str(e)}"
+            )
+            logger.info(error_msg)
+            raise HTTPException(
+                status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+                detail=error_msg,
+            )
+
+        patched_user = user_to_patch
+
+    elif edit_attributes:
+        # Modify user attributes
+        try:
+            user_update_without_groups = UserUpdate(
+                **user_update_dict_without_groups
+            )
+            user = await user_manager.update(
+                user_update_without_groups,
+                user_to_patch,
+                safe=False,
+                request=None,
+            )
+            patched_user = schemas.model_validate(UserOAuth, user)
+        except exceptions.InvalidPasswordException as e:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail={
+                    "code": ErrorCode.UPDATE_USER_INVALID_PASSWORD,
+                    "reason": e.reason,
+                },
+            )
+    else:
+        # Nothing to do, just continue
+        patched_user = user_to_patch
+
+    # Enrich user object with `group_ids` attribute
+    patched_user_with_group_ids = await _get_single_user_with_group_ids(
+        patched_user, db
+    )
+
+    return patched_user_with_group_ids
+
+
+@router_users.get("/users/", response_model=list[UserRead])
+async def list_users(
+    user: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+):
+    """
+    Return list of all users
+    """
+    stm = select(UserOAuth)
+    res = await db.execute(stm)
+    user_list = res.scalars().unique().all()
+
+    # Get all user/group links
+    stm_all_links = select(LinkUserGroup)
+    res = await db.execute(stm_all_links)
+    links = res.scalars().all()
+
+    # TODO: possible optimizations for this construction are listed in
+    # https://github.com/fractal-analytics-platform/fractal-server/issues/1742
+    for ind, user in enumerate(user_list):
+        user_list[ind] = dict(
+            user.model_dump(),
+            group_ids=[
+                link.group_id for link in links if link.user_id == user.id
+            ],
+        )
+    return user_list

fractal_server/app/runner/v2/__init__.py

@@ -194,15 +194,11 @@ async def submit_workflow(
                     folder=str(WORKFLOW_DIR_REMOTE), user=slurm_user
                 )
             elif FRACTAL_RUNNER_BACKEND == "slurm_ssh":
+                # Folder creation is deferred to _process_workflow
                 WORKFLOW_DIR_REMOTE = (
                     Path(settings.FRACTAL_SLURM_SSH_WORKING_BASE_DIR)
                     / WORKFLOW_DIR_LOCAL.name
                 )
-                # FIXME SSH: move mkdir to executor, likely within handshake
-                fractal_ssh.mkdir(
-                    folder=str(WORKFLOW_DIR_REMOTE),
-                )
-                logger.info(f"Created {str(WORKFLOW_DIR_REMOTE)} via SSH.")
             else:
                 logger.error(
                     "Invalid FRACTAL_RUNNER_BACKEND="

fractal_server/app/runner/v2/_slurm_ssh/__init__.py

@@ -25,10 +25,15 @@ from .....ssh._fabric import FractalSSH
 from ....models.v2 import DatasetV2
 from ....models.v2 import WorkflowV2
 from ...async_wrap import async_wrap
+from ...exceptions import JobExecutionError
 from ...executors.slurm.ssh.executor import FractalSlurmSSHExecutor
 from ...set_start_and_last_task_index import set_start_and_last_task_index
 from ..runner import execute_tasks_v2
 from ._submit_setup import _slurm_submit_setup
+from fractal_server.logger import set_logger
+
+
+logger = set_logger(__name__)
 
 
 def _process_workflow(
@@ -60,6 +65,18 @@ def _process_workflow(
     if isinstance(worker_init, str):
         worker_init = worker_init.split("\n")
 
+    # Create main remote folder
+    try:
+        fractal_ssh.mkdir(folder=str(workflow_dir_remote))
+        logger.info(f"Created {str(workflow_dir_remote)} via SSH.")
+    except Exception as e:
+        error_msg = (
+            f"Could not create {str(workflow_dir_remote)} via SSH.\n"
+            f"Original error: {str(e)}."
+        )
+        logger.error(error_msg)
+        raise JobExecutionError(info=error_msg)
+
     with FractalSlurmSSHExecutor(
         fractal_ssh=fractal_ssh,
         workflow_dir_local=workflow_dir_local,

fractal_server/app/schemas/user.py

@@ -16,6 +16,7 @@ __all__ = (
     "UserRead",
     "UserUpdate",
     "UserCreate",
+    "UserUpdateWithNewGroupIds",
 )
 
 
@@ -34,6 +35,8 @@ class UserRead(schemas.BaseUser[int]):
     cache_dir: Optional[str]
     username: Optional[str]
     slurm_accounts: list[str]
+    group_names: Optional[list[str]] = None
+    group_ids: Optional[list[int]] = None
 
 
 class UserUpdate(schemas.BaseUserUpdate):
@@ -100,6 +103,14 @@ class UserUpdateStrict(BaseModel, extra=Extra.forbid):
     )
 
 
+class UserUpdateWithNewGroupIds(UserUpdate):
+    new_group_ids: Optional[list[int]] = None
+
+    _val_unique = validator("new_group_ids", allow_reuse=True)(
+        val_unique_list("new_group_ids")
+    )
+
+
 class UserCreate(schemas.BaseUserCreate):
     """
     Schema for `User` creation.

fractal_server/app/schemas/user_group.py

@@ -0,0 +1,65 @@
+from datetime import datetime
+from typing import Optional
+
+from pydantic import BaseModel
+from pydantic import Extra
+from pydantic import Field
+from pydantic import validator
+
+from ._validators import val_unique_list
+
+
+__all__ = (
+    "UserGroupRead",
+    "UserGroupUpdate",
+    "UserGroupCreate",
+)
+
+
+class UserGroupRead(BaseModel):
+    """
+    Schema for `UserGroup` read
+
+    NOTE: `user_ids` does not correspond to a column of the `UserGroup` table,
+    but it is rather computed dynamically in relevant endpoints.
+
+    Attributes:
+        id: Group ID
+        name: Group name
+        timestamp_created: Creation timestamp
+        user_ids: IDs of users of this group
+    """
+
+    id: int
+    name: str
+    timestamp_created: datetime
+    user_ids: Optional[list[int]] = None
+
+
+class UserGroupCreate(BaseModel, extra=Extra.forbid):
+    """
+    Schema for `UserGroup` creation
+
+    Attributes:
+        name: Group name
+    """
+
+    name: str
+
+
+class UserGroupUpdate(BaseModel, extra=Extra.forbid):
+    """
+    Schema for `UserGroup` update
+
+    NOTE: `new_user_ids` does not correspond to a column of the `UserGroup`
+    table, but it is rather used to create new `LinkUserGroup` rows.
+
+    Attributes:
+        new_user_ids: IDs of groups to be associated to user.
+    """
+
+    new_user_ids: list[int] = Field(default_factory=list)
+
+    _val_unique = validator("new_user_ids", allow_reuse=True)(
+        val_unique_list("new_user_ids")
+    )