nci-cidc-api-modules 1.0.16__tar.gz → 1.0.19__tar.gz

{nci_cidc_api_modules-1.0.16/nci_cidc_api_modules.egg-info → nci_cidc_api_modules-1.0.19}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: nci_cidc_api_modules
-Version: 1.0.16
+Version: 1.0.19
 Summary: SQLAlchemy data models and configuration tools used in the NCI CIDC API
 Home-page: https://github.com/NCI-CIDC/cidc-api-gae
 License: MIT license
@@ -14,11 +14,12 @@ Requires-Dist: flask-sqlalchemy==2.5.1
 Requires-Dist: sqlalchemy~=1.3.0
 Requires-Dist: marshmallow==3.19.0
 Requires-Dist: marshmallow-sqlalchemy==0.22.3
-Requires-Dist: google-cloud-storage==1.35.1
-Requires-Dist: google-cloud-secret-manager==2.16.2
-Requires-Dist: google-cloud-pubsub==0.43.0
+Requires-Dist: google-cloud-storage==2.18.0
+Requires-Dist: google-cloud-secret-manager==2.20.1
+Requires-Dist: google-cloud-pubsub==2.22.0
 Requires-Dist: google-cloud-bigquery==3.18.0
 Requires-Dist: google-api-python-client==2.64.0
+Requires-Dist: google-auth==2.32.0
 Requires-Dist: packaging>=20.0.0
 Requires-Dist: pyarrow==14.0.1
 Requires-Dist: numpy<2,>=1.16.5
@@ -26,6 +27,7 @@ Requires-Dist: pandas==1.5.3
 Requires-Dist: python-dotenv==0.10.3
 Requires-Dist: requests==2.32.3
 Requires-Dist: jinja2==3.1.4
+Requires-Dist: certifi==2024.7.4
 Requires-Dist: nci-cidc-schemas==0.26.35
 
 # NCI CIDC API <!-- omit in TOC -->

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/cidc_api/config/settings.py

@@ -62,7 +62,6 @@ DEV_CFUNCTIONS_SERVER = environ.get("DEV_CFUNCTIONS_SERVER")
 ### Configure Auth0 ###
 AUTH0_DOMAIN = environ.get("AUTH0_DOMAIN")
 AUTH0_CLIENT_ID = environ.get("AUTH0_CLIENT_ID")
-ALGORITHMS = ["RS256"]
 
 ### Configure GCP ###
 GOOGLE_CLOUD_PROJECT = environ["GOOGLE_CLOUD_PROJECT"]

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/cidc_api/models/files/details.py

@@ -957,24 +957,14 @@ details_dict = {
         "TSV-formatted table containing metadata about the run",
         "",
     ),
-    "/mibi/multichannel_image.ome.tiff": FileDetails(
-        "miscellaneous",
+    "/mibi/.ome.tiff": FileDetails(
+        "source",
         "Analysis-ready multilayer OME-TIFF image file",
         "",
     ),
-    "/mibi/cluster_labels.tif": FileDetails(
-        "miscellaneous",
-        "TIF-formatted whole cell segmentation masks for each multiplexed image",
-        "",
-    ),
-    "/mibi/channel_names.csv": FileDetails(
-        "miscellaneous",
-        "CSV-formatted table of each channel and the corresponding mass",
-        "",
-    ),
-    "/mibi/single_cell_table.csv": FileDetails(
-        "miscellaneous",
-        "Single cell data table containing eg integrated expression values, XY location",
+    "/mibi/he_file.": FileDetails(
+        "source",
+        "H and E file from MIBI analysis",
         "",
     ),
 }

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/cidc_api/models/files/facets.py

@@ -340,20 +340,12 @@ assay_facets: Facets = {
             "TSV-formatted table containing metadata about the run",
         ),
         "Multichannel OME TIFFs": FacetConfig(
-            ["/mibi/multichannel_image.ome.tiff"],
+            ["/mibi/.ome.tiff"],
             "Analysis-ready multilayer OME-TIFF image file",
         ),
-        "Segmentation Masks": FacetConfig(
-            ["/mibi/cluster_labels.tif"],
-            "TIF-formatted whole cell segmentation masks for each multiplexed image",
-        ),
-        "Channel Names": FacetConfig(
-            ["/mibi/channel_names.csv"],
-            "CSV-formatted table of each channel and the corresponding mass",
-        ),
-        "Single-cell Data": FacetConfig(
-            ["/mibi/single_cell_table.csv"],
-            "Single cell data table containing eg integrated expression values, XY location",
+        "H&E File": FacetConfig(
+            ["/mibi/he_file."],
+            "H and E file from MIBI analysis",
         ),
     },
     "mIF": {

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/cidc_api/models/models.py

@@ -2194,6 +2194,12 @@ class UploadJobs(CommonColumns):
             return None
         return upload
 
+    @classmethod
+    @with_default_session
+    def find_by_trial_id(cls, trial_id: str, session):
+        uploads = session.query(UploadJobs).filter_by(trial_id=trial_id)
+        return uploads
+
     @with_default_session
     def ingestion_success(
         self, trial, session: Session, commit: bool = False, send_email: bool = False
@@ -2803,6 +2809,30 @@ class DownloadableFiles(CommonColumns):
                 )
         return results
 
+    @classmethod
+    @with_default_session
+    def remove_participants_and_samples_info_files(
+        cls, trial_id: str, session: Session
+    ):
+        """
+        Remove participants info and samples info downloadable files
+        """
+        files_to_delete = (
+            session.query(cls)
+            .filter(cls.trial_id == trial_id)
+            .filter(
+                or_(
+                    cls.upload_type == "participants info",
+                    cls.upload_type == "samples info",
+                )
+            )
+            .all()
+        )
+
+        for file in files_to_delete:
+            file.delete(commit=True)
+        session.execute("REFRESH MATERIALIZED VIEW CONCURRENTLY trial_summaries_mv")
+
     @classmethod
     @with_default_session
     def get_trial_facets_with_permissions(

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/cidc_api/shared/auth.py

@@ -1,19 +1,18 @@
 from functools import wraps
 from typing import List
 
-import requests
 from packaging import version
-from jose import jwt
+
 from flask import g, request, current_app as app, Flask
 from werkzeug.exceptions import Unauthorized, BadRequest, PreconditionFailed
 
 from ..models import Users, UserSchema
-from ..config.settings import AUTH0_DOMAIN, ALGORITHMS, AUTH0_CLIENT_ID
+
 from ..config.logging import get_logger
 
-logger = get_logger(__name__)
+from ..shared.jose import decode_id_token
 
-TIMEOUT_IN_SECONDS = 20
+logger = get_logger(__name__)
 
 
 ### Main auth utility functions ###
@@ -147,8 +146,7 @@ _user_schema = UserSchema()
 
 def authenticate() -> Users:
     id_token = _extract_token()
-    public_key = _get_issuer_public_key(id_token)
-    token_payload = _decode_id_token(id_token, public_key)
+    token_payload = decode_id_token(id_token)
     profile = {"email": token_payload["email"]}
     return _user_schema.load(profile)
 
@@ -173,87 +171,6 @@ def _extract_token() -> str:
     return id_token
 
 
-def _get_issuer_public_key(token: str) -> dict:
-    """
-    Get the appropriate public key to check this token for authenticity.
-
-    Args:
-        token: an encoded JWT.
-
-    Raises:
-        Unauthorized: if no public key can be found.
-
-    Returns:
-        str: the public key.
-    """
-    try:
-        header = jwt.get_unverified_header(token)
-    except jwt.JWTError as e:
-        raise Unauthorized(str(e)) from e
-
-    # Get public keys from our Auth0 domain
-    jwks_url = f"https://{AUTH0_DOMAIN}/.well-known/jwks.json"
-    jwks = requests.get(jwks_url, timeout=TIMEOUT_IN_SECONDS).json()
-
-    # Obtain the public key used to sign this token
-    public_key = None
-    for key in jwks["keys"]:
-        if key["kid"] == header["kid"]:
-            public_key = key
-
-    # If no matching public key was found, we can't validate the token
-    if not public_key:
-        raise Unauthorized(f"Found no public key with id {header['kid']}")
-
-    return public_key
-
-
-def _decode_id_token(token: str, public_key: dict) -> dict:
-    """
-    Decodes the token and checks it for validity.
-
-    Args:
-        token: the JWT to validate and decode
-        public_key: public_key
-
-    Raises:
-        Unauthorized:
-            - if token is expired
-            - if token has invalid claims
-            - if token signature is invalid in any way
-            - if no `.email` field on token
-
-    Returns:
-        dict: the decoded token as a dictionary.
-    """
-    try:
-        payload = jwt.decode(
-            token,
-            public_key,
-            algorithms=ALGORITHMS,
-            audience=AUTH0_CLIENT_ID,
-            issuer=f"https://{AUTH0_DOMAIN}/",
-            options={"verify_at_hash": False},
-        )
-    except jwt.ExpiredSignatureError as e:
-        raise Unauthorized(
-            f"{e} Token expired. Obtain a new login token from the CIDC Portal, then try logging in again."
-        ) from e
-    except jwt.JWTClaimsError as e:
-        raise Unauthorized(str(e)) from e
-    except jwt.JWTError as e:
-        raise Unauthorized(str(e)) from e
-
-    # Currently, only id_tokens are accepted for authentication.
-    # Going forward, we could also accept access tokens that we
-    # use to query the userinfo endpoint.
-    if "email" not in payload:
-        msg = "An id_token with an 'email' field is required to authenticate"
-        raise Unauthorized(msg)
-
-    return payload
-
-
 ### Authorization logic ###
 def authorize(
     user: Users, allowed_roles: List[str], resource: str, method: str

nci_cidc_api_modules-1.0.19/cidc_api/shared/jose.py

@@ -0,0 +1,72 @@
+# external modules
+import requests
+from joserfc import jwt
+from joserfc.jwk import RSAKey
+from werkzeug.exceptions import Unauthorized
+from cachetools import cached, TTLCache
+
+# loacal modules
+from ..config.settings import AUTH0_DOMAIN, AUTH0_CLIENT_ID
+
+
+ALGORITHMS = ["RS256"]
+TIMEOUT_IN_SECONDS = 20
+PUBLIC_KEYS_CACHE = TTLCache(maxsize=3600, ttl=1024)  # 1 hour, 1 MB
+
+
+@cached(cache=PUBLIC_KEYS_CACHE)
+def get_jwks() -> list:
+    # get jwks from our Auth0 domain
+    return requests.get(
+        f"https://{AUTH0_DOMAIN}/.well-known/jwks.json", timeout=TIMEOUT_IN_SECONDS
+    ).json()
+
+
+def decode_id_token(token: str) -> dict:
+    """
+    Decodes the token and checks it for validity.
+
+    Args:
+        token: the JWT to validate and decode
+
+    Raises:
+        Unauthorized:
+            - if token is expired
+            - if token has invalid claims (email, aud and iss)
+            - if token signature is invalid
+
+    Returns:
+        dict: claims as a dictionary.
+    """
+
+    jwks = get_jwks()["keys"]
+    if not jwks:
+        raise Unauthorized("No public keys found")
+
+    decoded_token = False
+
+    for jwk in jwks:
+        if decoded_token:
+            continue
+        try:
+            key = RSAKey.import_key(jwk)
+            decoded_token = jwt.decode(token, key, ALGORITHMS)
+        except Exception as e:
+            pass
+
+    if decoded_token:
+        claims = decoded_token.claims
+    else:
+        raise Unauthorized("No valid public key found")
+
+    try:
+        claims_requests = jwt.JWTClaimsRegistry(
+            iss={"essential": True, "value": f"https://{AUTH0_DOMAIN}/"},
+            aud={"essential": True, "value": AUTH0_CLIENT_ID},
+            email={"essential": True},
+        )
+        claims_requests.validate(claims)
+    except Exception as e:
+        raise Unauthorized(str(e)) from e
+
+    return claims

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19/nci_cidc_api_modules.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: nci_cidc_api_modules
-Version: 1.0.16
+Version: 1.0.19
 Summary: SQLAlchemy data models and configuration tools used in the NCI CIDC API
 Home-page: https://github.com/NCI-CIDC/cidc-api-gae
 License: MIT license
@@ -14,11 +14,12 @@ Requires-Dist: flask-sqlalchemy==2.5.1
 Requires-Dist: sqlalchemy~=1.3.0
 Requires-Dist: marshmallow==3.19.0
 Requires-Dist: marshmallow-sqlalchemy==0.22.3
-Requires-Dist: google-cloud-storage==1.35.1
-Requires-Dist: google-cloud-secret-manager==2.16.2
-Requires-Dist: google-cloud-pubsub==0.43.0
+Requires-Dist: google-cloud-storage==2.18.0
+Requires-Dist: google-cloud-secret-manager==2.20.1
+Requires-Dist: google-cloud-pubsub==2.22.0
 Requires-Dist: google-cloud-bigquery==3.18.0
 Requires-Dist: google-api-python-client==2.64.0
+Requires-Dist: google-auth==2.32.0
 Requires-Dist: packaging>=20.0.0
 Requires-Dist: pyarrow==14.0.1
 Requires-Dist: numpy<2,>=1.16.5
@@ -26,6 +27,7 @@ Requires-Dist: pandas==1.5.3
 Requires-Dist: python-dotenv==0.10.3
 Requires-Dist: requests==2.32.3
 Requires-Dist: jinja2==3.1.4
+Requires-Dist: certifi==2024.7.4
 Requires-Dist: nci-cidc-schemas==0.26.35
 
 # NCI CIDC API <!-- omit in TOC -->

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/nci_cidc_api_modules.egg-info/SOURCES.txt

@@ -23,6 +23,7 @@ cidc_api/shared/__init__.py
 cidc_api/shared/auth.py
 cidc_api/shared/emails.py
 cidc_api/shared/gcloud_client.py
+cidc_api/shared/jose.py
 cidc_api/shared/rest_utils.py
 nci_cidc_api_modules.egg-info/PKG-INFO
 nci_cidc_api_modules.egg-info/SOURCES.txt

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/nci_cidc_api_modules.egg-info/requires.txt

@@ -5,11 +5,12 @@ flask-sqlalchemy==2.5.1
 sqlalchemy~=1.3.0
 marshmallow==3.19.0
 marshmallow-sqlalchemy==0.22.3
-google-cloud-storage==1.35.1
-google-cloud-secret-manager==2.16.2
-google-cloud-pubsub==0.43.0
+google-cloud-storage==2.18.0
+google-cloud-secret-manager==2.20.1
+google-cloud-pubsub==2.22.0
 google-cloud-bigquery==3.18.0
 google-api-python-client==2.64.0
+google-auth==2.32.0
 packaging>=20.0.0
 pyarrow==14.0.1
 numpy<2,>=1.16.5
@@ -17,4 +18,5 @@ pandas==1.5.3
 python-dotenv==0.10.3
 requests==2.32.3
 jinja2==3.1.4
+certifi==2024.7.4
 nci-cidc-schemas==0.26.35

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/pyproject.toml

@@ -19,7 +19,7 @@ python = ">=3.9,<3.10"
 flask-cors = "4.0.1"
 flask-cachecontrol = "0.3.0"
 six = "1.13.0"
-python-jose = "3.0.1"
+joserfc = "1.0.0"
 psycopg2-binary = ">=2,<3"
 packaging = ">=20.0.0"
 protobuf = "3.20.3"
@@ -30,6 +30,7 @@ webargs = "6.0.0"
 dash = "2.15.0"
 markupsafe = "2.1.5"
 pyarrow="14.0.1"
+certifi="2024.7.4"
 
 [tool.poetry.group.dev.dependencies]
 pytest = ">=8.0.1,<8.1.0"
@@ -51,9 +52,9 @@ flask-sqlalchemy = "2.5.1"
 sqlalchemy = ">=1.3.0,<1.4.0"
 marshmallow = "3.19.0"
 marshmallow-sqlalchemy = "0.22.3"
-google-cloud-storage = "1.35.1"
-google-cloud-secret-manager = "2.16.2"
-google-cloud-pubsub = "0.43.0"
+google-cloud-storage = "2.18.0"
+google-cloud-secret-manager = "2.20.1"
+google-cloud-pubsub = "2.22.0"
 google-cloud-bigquery = "3.18.0"
 google-api-python-client = "2.64.0"
 pandas = ">=1,<2"

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/requirements.modules.txt

@@ -5,11 +5,12 @@ flask-sqlalchemy==2.5.1
 sqlalchemy~=1.3.0
 marshmallow==3.19.0
 marshmallow-sqlalchemy==0.22.3
-google-cloud-storage==1.35.1
-google-cloud-secret-manager==2.16.2
-google-cloud-pubsub==0.43.0
+google-cloud-storage==2.18.0
+google-cloud-secret-manager==2.20.1
+google-cloud-pubsub==2.22.0
 google-cloud-bigquery==3.18.0
 google-api-python-client==2.64.0
+google-auth==2.32.0
 packaging>=20.0.0
 pyarrow==14.0.1
 numpy>=1.16.5,<2
@@ -17,4 +18,5 @@ pandas==1.5.3
 python-dotenv==0.10.3
 requests==2.32.3
 jinja2==3.1.4
+certifi==2024.7.4
 nci-cidc-schemas==0.26.35

{nci_cidc_api_modules-1.0.16 → nci_cidc_api_modules-1.0.19}/tests/test_api.py

@@ -447,6 +447,7 @@ def test_endpoint_urls(cidc_api):
         "/trial_metadata/new_manifest",
         "/trial_metadata/summaries",
         "/trial_metadata/<string:trial>",
+        "/trial_metadata/<string:trial>/refresh_trial",
         "/upload_jobs/",
         "/upload_jobs/<int:upload_job>",
         "/users/",