PyPI - nci-cidc-api-modules - Versions diffs - 1.0.17__py3-none-any.whl → 1.0.19__py3-none-any.whl - Mend

nci-cidc-api-modules 1.0.17py3-none-any.whl → 1.0.19py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

cidc_api/config/settings.py CHANGED Viewed

@@ -62,7 +62,6 @@ DEV_CFUNCTIONS_SERVER = environ.get("DEV_CFUNCTIONS_SERVER")
 ### Configure Auth0 ###
 AUTH0_DOMAIN = environ.get("AUTH0_DOMAIN")
 AUTH0_CLIENT_ID = environ.get("AUTH0_CLIENT_ID")
-ALGORITHMS = ["RS256"]
 ### Configure GCP ###
 GOOGLE_CLOUD_PROJECT = environ["GOOGLE_CLOUD_PROJECT"]

cidc_api/models/files/details.py CHANGED Viewed

@@ -957,24 +957,14 @@ details_dict = {
         "TSV-formatted table containing metadata about the run",
         "",
     ),
-    "/mibi/multichannel_image.ome.tiff": FileDetails(
-        "miscellaneous",
+    "/mibi/.ome.tiff": FileDetails(
+        "source",
         "Analysis-ready multilayer OME-TIFF image file",
         "",
     ),
-    "/mibi/cluster_labels.tif": FileDetails(
-        "miscellaneous",
-        "TIF-formatted whole cell segmentation masks for each multiplexed image",
-        "",
-    ),
-    "/mibi/channel_names.csv": FileDetails(
-        "miscellaneous",
-        "CSV-formatted table of each channel and the corresponding mass",
-        "",
-    ),
-    "/mibi/single_cell_table.csv": FileDetails(
-        "miscellaneous",
-        "Single cell data table containing eg integrated expression values, XY location",
+    "/mibi/he_file.": FileDetails(
+        "source",
+        "H and E file from MIBI analysis",
         "",
     ),
 }

cidc_api/models/files/facets.py CHANGED Viewed

@@ -340,20 +340,12 @@ assay_facets: Facets = {
             "TSV-formatted table containing metadata about the run",
         ),
         "Multichannel OME TIFFs": FacetConfig(
-            ["/mibi/multichannel_image.ome.tiff"],
+            ["/mibi/.ome.tiff"],
             "Analysis-ready multilayer OME-TIFF image file",
         ),
-        "Segmentation Masks": FacetConfig(
-            ["/mibi/cluster_labels.tif"],
-            "TIF-formatted whole cell segmentation masks for each multiplexed image",
-        ),
-        "Channel Names": FacetConfig(
-            ["/mibi/channel_names.csv"],
-            "CSV-formatted table of each channel and the corresponding mass",
-        ),
-        "Single-cell Data": FacetConfig(
-            ["/mibi/single_cell_table.csv"],
-            "Single cell data table containing eg integrated expression values, XY location",
+        "H&E File": FacetConfig(
+            ["/mibi/he_file."],
+            "H and E file from MIBI analysis",
         ),
     },
     "mIF": {

cidc_api/models/models.py CHANGED Viewed

@@ -2194,6 +2194,12 @@ class UploadJobs(CommonColumns):
             return None
         return upload
+    @classmethod
+    @with_default_session
+    def find_by_trial_id(cls, trial_id: str, session):
+        uploads = session.query(UploadJobs).filter_by(trial_id=trial_id)
+        return uploads
     @with_default_session
     def ingestion_success(
         self, trial, session: Session, commit: bool = False, send_email: bool = False
@@ -2803,6 +2809,30 @@ class DownloadableFiles(CommonColumns):
                 )
         return results
+    @classmethod
+    @with_default_session
+    def remove_participants_and_samples_info_files(
+        cls, trial_id: str, session: Session
+    ):
+        """
+        Remove participants info and samples info downloadable files
+        """
+        files_to_delete = (
+            session.query(cls)
+            .filter(cls.trial_id == trial_id)
+            .filter(
+                or_(
+                    cls.upload_type == "participants info",
+                    cls.upload_type == "samples info",
+                )
+            )
+            .all()
+        )
+        for file in files_to_delete:
+            file.delete(commit=True)
+        session.execute("REFRESH MATERIALIZED VIEW CONCURRENTLY trial_summaries_mv")
     @classmethod
     @with_default_session
     def get_trial_facets_with_permissions(

cidc_api/shared/auth.py CHANGED Viewed

@@ -1,19 +1,18 @@
 from functools import wraps
 from typing import List
-import requests
 from packaging import version
-from jose import jwt
 from flask import g, request, current_app as app, Flask
 from werkzeug.exceptions import Unauthorized, BadRequest, PreconditionFailed
 from ..models import Users, UserSchema
-from ..config.settings import AUTH0_DOMAIN, ALGORITHMS, AUTH0_CLIENT_ID
 from ..config.logging import get_logger
-logger = get_logger(__name__)
+from ..shared.jose import decode_id_token
-TIMEOUT_IN_SECONDS = 20
+logger = get_logger(__name__)
 ### Main auth utility functions ###
@@ -147,8 +146,7 @@ _user_schema = UserSchema()
 def authenticate() -> Users:
     id_token = _extract_token()
-    public_key = _get_issuer_public_key(id_token)
-    token_payload = _decode_id_token(id_token, public_key)
+    token_payload = decode_id_token(id_token)
     profile = {"email": token_payload["email"]}
     return _user_schema.load(profile)
@@ -173,87 +171,6 @@ def _extract_token() -> str:
     return id_token
-def _get_issuer_public_key(token: str) -> dict:
-    """
-    Get the appropriate public key to check this token for authenticity.
-    Args:
-        token: an encoded JWT.
-    Raises:
-        Unauthorized: if no public key can be found.
-    Returns:
-        str: the public key.
-    """
-    try:
-        header = jwt.get_unverified_header(token)
-    except jwt.JWTError as e:
-        raise Unauthorized(str(e)) from e
-    # Get public keys from our Auth0 domain
-    jwks_url = f"https://{AUTH0_DOMAIN}/.well-known/jwks.json"
-    jwks = requests.get(jwks_url, timeout=TIMEOUT_IN_SECONDS).json()
-    # Obtain the public key used to sign this token
-    public_key = None
-    for key in jwks["keys"]:
-        if key["kid"] == header["kid"]:
-            public_key = key
-    # If no matching public key was found, we can't validate the token
-    if not public_key:
-        raise Unauthorized(f"Found no public key with id {header['kid']}")
-    return public_key
-def _decode_id_token(token: str, public_key: dict) -> dict:
-    """
-    Decodes the token and checks it for validity.
-    Args:
-        token: the JWT to validate and decode
-        public_key: public_key
-    Raises:
-        Unauthorized:
-            - if token is expired
-            - if token has invalid claims
-            - if token signature is invalid in any way
-            - if no `.email` field on token
-    Returns:
-        dict: the decoded token as a dictionary.
-    """
-    try:
-        payload = jwt.decode(
-            token,
-            public_key,
-            algorithms=ALGORITHMS,
-            audience=AUTH0_CLIENT_ID,
-            issuer=f"https://{AUTH0_DOMAIN}/",
-            options={"verify_at_hash": False},
-        )
-    except jwt.ExpiredSignatureError as e:
-        raise Unauthorized(
-            f"{e} Token expired. Obtain a new login token from the CIDC Portal, then try logging in again."
-        ) from e
-    except jwt.JWTClaimsError as e:
-        raise Unauthorized(str(e)) from e
-    except jwt.JWTError as e:
-        raise Unauthorized(str(e)) from e
-    # Currently, only id_tokens are accepted for authentication.
-    # Going forward, we could also accept access tokens that we
-    # use to query the userinfo endpoint.
-    if "email" not in payload:
-        msg = "An id_token with an 'email' field is required to authenticate"
-        raise Unauthorized(msg)
-    return payload
 ### Authorization logic ###
 def authorize(
     user: Users, allowed_roles: List[str], resource: str, method: str

cidc_api/shared/jose.py ADDED Viewed

@@ -0,0 +1,72 @@
+# external modules
+import requests
+from joserfc import jwt
+from joserfc.jwk import RSAKey
+from werkzeug.exceptions import Unauthorized
+from cachetools import cached, TTLCache
+# loacal modules
+from ..config.settings import AUTH0_DOMAIN, AUTH0_CLIENT_ID
+ALGORITHMS = ["RS256"]
+TIMEOUT_IN_SECONDS = 20
+PUBLIC_KEYS_CACHE = TTLCache(maxsize=3600, ttl=1024)  # 1 hour, 1 MB
+@cached(cache=PUBLIC_KEYS_CACHE)
+def get_jwks() -> list:
+    # get jwks from our Auth0 domain
+    return requests.get(
+        f"https://{AUTH0_DOMAIN}/.well-known/jwks.json", timeout=TIMEOUT_IN_SECONDS
+    ).json()
+def decode_id_token(token: str) -> dict:
+    """
+    Decodes the token and checks it for validity.
+    Args:
+        token: the JWT to validate and decode
+    Raises:
+        Unauthorized:
+            - if token is expired
+            - if token has invalid claims (email, aud and iss)
+            - if token signature is invalid
+    Returns:
+        dict: claims as a dictionary.
+    """
+    jwks = get_jwks()["keys"]
+    if not jwks:
+        raise Unauthorized("No public keys found")
+    decoded_token = False
+    for jwk in jwks:
+        if decoded_token:
+            continue
+        try:
+            key = RSAKey.import_key(jwk)
+            decoded_token = jwt.decode(token, key, ALGORITHMS)
+        except Exception as e:
+            pass
+    if decoded_token:
+        claims = decoded_token.claims
+    else:
+        raise Unauthorized("No valid public key found")
+    try:
+        claims_requests = jwt.JWTClaimsRegistry(
+            iss={"essential": True, "value": f"https://{AUTH0_DOMAIN}/"},
+            aud={"essential": True, "value": AUTH0_CLIENT_ID},
+            email={"essential": True},
+        )
+        claims_requests.validate(claims)
+    except Exception as e:
+        raise Unauthorized(str(e)) from e
+    return claims

{nci_cidc_api_modules-1.0.17.dist-info → nci_cidc_api_modules-1.0.19.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: nci_cidc_api_modules
-Version: 1.0.17
+Version: 1.0.19
 Summary: SQLAlchemy data models and configuration tools used in the NCI CIDC API
 Home-page: https://github.com/NCI-CIDC/cidc-api-gae
 License: MIT license

{nci_cidc_api_modules-1.0.17.dist-info → nci_cidc_api_modules-1.0.19.dist-info}/RECORD RENAMED Viewed

@@ -2,24 +2,25 @@ cidc_api/config/__init__.py,sha256=5mX8GAPxUKV84iS-aGOoE-4m68LsOCGCDptXNdlgvj0,1
 cidc_api/config/db.py,sha256=ayeeNV-sV20hGoFyMMTMncI2V-FI9lVN3JV-Lmpr3xI,1981
 cidc_api/config/logging.py,sha256=gJ2TGgQVREng4Hv0phlCCkQai7HhumKYjJxubpxS6Q0,1090
 cidc_api/config/secrets.py,sha256=2DXeew1Pm0lnf2SLuo8wW5c5kOJp2WrhjflxZGsY_Ng,1505
-cidc_api/config/settings.py,sha256=Ua6UpiQu9l1ZD-YlmpaWuQOv9tPyYLxWFLC2DEJdAyQ,4044
+cidc_api/config/settings.py,sha256=2VHOVWdN4yUCNYMob2gaWgH2-1_4sbuo46JEIVT_PCY,4021
 cidc_api/csms/__init__.py,sha256=eJkY6rWNOAUBmSd4G1_U6h7i472druKEtBdVmgFZVPg,20
 cidc_api/csms/auth.py,sha256=25Yma2Kz3KLENAPSeBYacFuSZXng-EDgmgInKBsRyP0,3191
 cidc_api/models/__init__.py,sha256=bl445G8Zic9YbhZ8ZBni07wtBMhLJRMBA-JqjLxx2bw,66
 cidc_api/models/csms_api.py,sha256=Wp4b53vwOqSlOIaoAYGlI1p8ZfXRXmVJ6MLcsvzq0LA,31664
 cidc_api/models/migrations.py,sha256=gp9vtkYbA9FFy2s-7woelAmsvQbJ41LO2_DY-YkFIrQ,11464
-cidc_api/models/models.py,sha256=Hjp9sieGdldNbUzneFi-7vRYyo9wwr0D-0m_UbxsDEk,124106
+cidc_api/models/models.py,sha256=SBVbIUbkeUSAA2jl-3IL93HDdR8tRrTHYQ80nH_8gq0,125025
 cidc_api/models/schemas.py,sha256=7tDYtmULuzTt2kg7RorWhte06ffalgpQKrFiDRGcPEQ,2711
 cidc_api/models/files/__init__.py,sha256=8BMTnUSHzUbz0lBeEQY6NvApxDD3GMWMduoVMos2g4Y,213
-cidc_api/models/files/details.py,sha256=DimrGmyL216j9eB47ZlX19b5GANf2nrD_crl79RPgqg,62699
-cidc_api/models/files/facets.py,sha256=n2Xi4zaC2pcJQw31gOLFxnF0nwtUBIkvw-5Th21-5uQ,29403
+cidc_api/models/files/details.py,sha256=h6R0p_hi-ukHsO7HV-3Wukccp0zRLJ1Oie_JNA_7Pl0,62274
+cidc_api/models/files/facets.py,sha256=0owlp-is2QJ7DemcsJ4VdlnN255NkkV1Cimg0VaXHpY,28967
 cidc_api/shared/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cidc_api/shared/auth.py,sha256=VMd_3QJE2iG16QxuGzHBV9MzJJItOZNn9gcw0_iUBLI,11647
+cidc_api/shared/auth.py,sha256=EzMpYAR_gN5x985hgFAXTd24xygyctqZ80Yp05Ph_HQ,9104
 cidc_api/shared/emails.py,sha256=5dyuKlpcg1M4P_RrAt0ss2hiCqb-Y7p2XXR1d9uBXg8,4868
 cidc_api/shared/gcloud_client.py,sha256=7dDs0crLMJKdIp4IDSfrZBMB3h-zvWNieB81azoeLO4,33746
+cidc_api/shared/jose.py,sha256=QO30uIhbYDwzPEWWJXz0PfyV7E1AZHReEZJUVT70UJY,1844
 cidc_api/shared/rest_utils.py,sha256=LMfBpvJRjkfQjCzVXuhTTe4Foz4wlvaKg6QntyR-Hkc,6648
-nci_cidc_api_modules-1.0.17.dist-info/LICENSE,sha256=pNYWVTHaYonnmJyplmeAp7tQAjosmDpAWjb34jjv7Xs,1102
-nci_cidc_api_modules-1.0.17.dist-info/METADATA,sha256=s-VGHMZCidyAeiQWFl4IP7XjZPgpDZzK2ESu3TmwPUc,40673
-nci_cidc_api_modules-1.0.17.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
-nci_cidc_api_modules-1.0.17.dist-info/top_level.txt,sha256=rNiRzL0lJGi5Q9tY9uSoMdTbJ-7u5c_D2E86KA94yRA,9
-nci_cidc_api_modules-1.0.17.dist-info/RECORD,,
+nci_cidc_api_modules-1.0.19.dist-info/LICENSE,sha256=pNYWVTHaYonnmJyplmeAp7tQAjosmDpAWjb34jjv7Xs,1102
+nci_cidc_api_modules-1.0.19.dist-info/METADATA,sha256=cYPVMMJcy0KeUbdFLmchOSZc4EM16gjepAAgxPtQAXc,40673
+nci_cidc_api_modules-1.0.19.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+nci_cidc_api_modules-1.0.19.dist-info/top_level.txt,sha256=rNiRzL0lJGi5Q9tY9uSoMdTbJ-7u5c_D2E86KA94yRA,9
+nci_cidc_api_modules-1.0.19.dist-info/RECORD,,

{nci_cidc_api_modules-1.0.17.dist-info → nci_cidc_api_modules-1.0.19.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (71.1.0)
+Generator: setuptools (72.1.0)
 Root-Is-Purelib: true
 Tag: py3-none-any

{nci_cidc_api_modules-1.0.17.dist-info → nci_cidc_api_modules-1.0.19.dist-info}/LICENSE RENAMED Viewed

File without changes

{nci_cidc_api_modules-1.0.17.dist-info → nci_cidc_api_modules-1.0.19.dist-info}/top_level.txt RENAMED Viewed

File without changes

nci-cidc-api-modules 1.0.17__py3-none-any.whl → 1.0.19__py3-none-any.whl

nci-cidc-api-modules 1.0.17py3-none-any.whl → 1.0.19py3-none-any.whl