otter-service-stdalone 0.1.16__py3-none-any.whl → 0.1.19__py3-none-any.whl

otter_service_stdalone/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.16"
+__version__ = "0.1.19"

otter_service_stdalone/access_sops_keys.py

@@ -14,10 +14,10 @@ def get(course_key, key_name, sops_path=None, secrets_file=None) -> str:
     :return: the secret
     """
     try:
-        secret = get_via_env(course_key, key_name)
-        if secret is None:
-            secret = get_via_sops(course_key, key_name, sops_path=sops_path, secrets_file=secrets_file)
-        return secret
+        sec = get_via_env(course_key, key_name)
+        if sec is None:
+            sec = get_via_sops(course_key, key_name, sops_path=sops_path, secrets_file=secrets_file)
+        return sec
     except Exception as ex:
         raise Exception(f"Key not decrypted: {key_name}; please configure: Error: {ex}") from ex
 
@@ -38,8 +38,8 @@ def get_via_sops(course_key, key, sops_path=None, secrets_file=None):
 
         secrets_file = secrets_file
 
-        sops_output = subprocess.check_output([sops_path, "-d", secrets_file], stderr=subprocess.STDOUT)
-        dct = yaml.safe_load(sops_output)
+        sops_ot = subprocess.check_output([sops_path, "-d", secrets_file], stderr=subprocess.STDOUT)
+        dct = yaml.safe_load(sops_ot)
         if course_key is None:
             return dct[key]
         return dct[course_key][key]

otter_service_stdalone/app.py

@@ -4,185 +4,130 @@ import tornado.web
 import tornado.auth
 import os
 import uuid
-from otter_service_stdalone import fs_logging as log, upload_handle as uh
+from otter_service_stdalone import fs_logging as log
+from otter_service_stdalone import user_auth as u_auth
+from otter_service_stdalone import grade_notebooks
 from zipfile import ZipFile, ZIP_DEFLATED
-import asyncio
-import async_timeout
-import urllib.parse
-from otter_service_stdalone import access_sops_keys
-import json
+
 
 __UPLOADS__ = "/tmp/uploads"
+log_debug = f'{os.environ.get("ENVIRONMENT")}-debug'
+log_error = f'{os.environ.get("ENVIRONMENT")}-logs'
+
+state = str(uuid.uuid4())  # used to protect against cross-site request forgery attacks.
 
 
-class GradeNotebooks():
-    """The class contains the async grade method for executing
-        otter grader
+class LoginHandler(tornado.web.RequestHandler):
+    """Initiaties login auth by authorizing access to github auth api
+
+    Args:
+        tornado (tornado.web.RequestHandler): The request handler
     """
-    async def grade(self, p, notebooks_path, results_id):
-        """Calls otter grade asynchronously and writes the various log files
-        and results of grading generating by otter-grader
+    async def get(self):
+        await u_auth.handle_authorization(self, state)
 
-        Args:
-            p (str): the path to autograder.zip -- the solutions
-            notebooks_path (str): the path to the folder of notebooks to be graded
-            results_id (str): used for identifying logs
 
-        Raises:
-            Exception: Timeout Exception is raised if async takes longer than 20 min
+class BaseHandler(tornado.web.RequestHandler):
+    """This is the super class for the handlers. get_current_user is called by
+    any handler that decorated with @tornado.web.authenticated
+
+    Args:
+        tornado (tornado.web.RequestHandler): The request handler
+    """
+    def get_current_user(self):
+        return self.get_secure_cookie("user")
+
+    def write_error(self, status_code, **kwargs):
+        log.write_logs("Http Error", f"{status_code} Error", "", "info", log_error)
+        if status_code == 403:
+            self.set_status(403)
+            self.render("static_templates/403.html")
+        else:
+            self.set_status(500)
+            self.render("static_templates/500.html")
 
-        Returns:
-            boolean: True is the process completes; otherwise an Exception is thrown
-        """
-        try:
-            notebook_folder = uh.handle_upload(notebooks_path, results_id)
-            log.write_logs(results_id, "Step 5: Notebook Folder configured for grader",
-                           f"Notebook Folder: {notebook_folder}",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
-            command = [
-                'otter', 'grade',
-                '-a', p,
-                '-p', notebook_folder,
-                "--ext", "ipynb",
-                "--containers", "10",
-                "-o", notebook_folder,
-                "-v"
-            ]
-            log.write_logs(results_id, f"Step 6: Grading Start: {notebook_folder}",
-                           " ".join(command),
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
-            process = await asyncio.create_subprocess_exec(
-                *command,
-                stdin=asyncio.subprocess.PIPE,
-                stdout=asyncio.subprocess.PIPE,
-                stderr=asyncio.subprocess.PIPE
-            )
-
-            # this is waiting for communication back from the process
-            # some images are quite big and take some time to build the first
-            # time through - like 20 min for otter-grader
-            async with async_timeout.timeout(2000):
-                stdout, stderr = await process.communicate()
-
-                with open(f"{notebook_folder}/grading-output.txt", "w") as f:
-                    for line in stdout.decode().splitlines():
-                        f.write(line + "\n")
-                log.write_logs(results_id, "Step 7: Grading: Finished: Write: grading-output.txt",
-                               f"{notebook_folder}/grading-output.txt",
-                               "debug",
-                               f'{os.environ.get("ENVIRONMENT")}-debug')
-                with open(f"{notebook_folder}/grading-logs.txt", "w") as f:
-                    for line in stderr.decode().splitlines():
-                        f.write(line + "\n")
-                log.write_logs(results_id, "Step 8: Grading: Finished: Write grading-logs.txt",
-                               f"{notebook_folder}/grading-logs.txt",
-                               "debug",
-                               f'{os.environ.get("ENVIRONMENT")}-debug')
-                log.write_logs(results_id, f"Step 9: Grading: Finished: {notebook_folder}",
-                               " ".join(command),
-                               "debug",
-                               f'{os.environ.get("ENVIRONMENT")}-debug')
-                log.write_logs(results_id, f"Grading: Finished: {notebook_folder}",
-                               " ".join(command),
-                               "info",
-                               f'{os.environ.get("ENVIRONMENT")}-logs')
-                return True
-        except asyncio.TimeoutError:
-            raise Exception(f'Grading timed out for {notebook_folder}')
-        except Exception as e:
-            raise e
-
-
-class Userform(tornado.web.RequestHandler):
-    """This is the initial landing page for application
+
+class GitHubOAuthHandler(BaseHandler):
+    """Handles GitHubOAuth
 
     Args:
         tornado (tornado.web.RequestHandler): The request handler
     """
     async def get(self):
-        # User will be redirected here by GitHub after authorization
         code = self.get_argument('code', False)
-        if code:
-            access_token = await self.get_authenticated_user(code)
-            self.write(f'Your GitHub access token is: {access_token}')
+        arg_state = self.get_argument('state', False)
+        access_token = await u_auth.get_acess_token(arg_state, state, code)
+        if access_token:
+            user = await u_auth.get_github_username(access_token)
+            is_org_member = await u_auth.handle_is_org_member(access_token, user)
+            if is_org_member:
+                self.set_secure_cookie("user", user, expires_days=7)
+                self.redirect("/")
+            else:
+                raise tornado.web.HTTPError(403)
         else:
-            self.render("index.html", message=None)
-  
-    async def get_authenticated_user(self, code):
-        secrets_file = os.path.join(os.path.dirname(__file__), "secrets/gh_key.yaml")
-        github_id = access_sops_keys.get(None, "github_access_id", secrets_file=secrets_file)
-        github_secret = access_sops_keys.get(None, "github_access_secret", secrets_file=secrets_file)
-
-        http_client = tornado.httpclient.AsyncHTTPClient()
-        params = {
-            'client_id': github_id,
-            'client_secret': github_secret,
-            'code': code,
-            'redirect_uri': "https://grader.datahub.berkeley.edu/oauth_callback"
-        }
-        response = await http_client.fetch(
-            'https://github.com/login/oauth/access_token',
-            method='POST',
-            headers={'Accept': 'application/json'},
-            body=urllib.parse.urlencode(params)
-        )
-        return json.loads(response.body.decode())['access_token']
-
-
-class Download(tornado.web.RequestHandler):
+            raise tornado.web.HTTPError(500)
+
+
+class MainHandler(BaseHandler):
+    """This is the initial landing page for application
+
+    Args:
+        BaseHandler (BaseHandler): super class
+    """
+    @tornado.web.authenticated
+    async def get(self):
+        self.render("index.html", message=None)
+
+
+class Download(BaseHandler):
     """The class handling a request to download results
 
     Args:
         tornado (tornado.web.RequestHandler): The download request handler
     """
+    @tornado.web.authenticated
+    def get(self):
+        # this just redirects to login and displays main page
+        self.render("index.html", message=None)
+
+    @tornado.web.authenticated
     async def post(self):
         """the post method that accepts the code used to locate the results
         the user wants to download
         """
-        code = self.get_argument('download')
-        directory = f"{__UPLOADS__}/{code}"
-        if code == "":
-            log.write_logs(code, "Download: Code Not Given!",
-                           f"{code}",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+        download_code = self.get_argument('download')
+        directory = f"{__UPLOADS__}/{download_code}"
+        if download_code == "":
+            m = "Download: Code Not Given!"
+            log.write_logs(download_code, m, f"{download_code}", "debug", log_debug)
             msg = "Please enter the download code to see your result."
             self.render("index.html",  download_message=msg)
         elif not os.path.exists(f"{directory}"):
-            log.write_logs(code, "Download: Directory for Code Not existing",
-                           f"{code}",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+            m = "Download: Directory for Code Not existing"
+            log.write_logs(download_code, m, f"{download_code}", "debug", log_debug)
             msg = "The download code appears to not be correct or expired "
-            msg += f"- results are deleted regularly: {code}."
+            msg += f"- results are deleted regularly: {download_code}."
             msg += "Please check the code or upload your notebooks "
             msg += "and autograder.zip for grading again."
             self.render("index.html",  download_message=msg)
         elif not os.path.exists(f"{directory}/grading-logs.txt"):
-            log.write_logs(code, "Download: Results Not Ready",
-                           f"{code}",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+            m = "Download: Results Not Ready"
+            log.write_logs(download_code, m, f"{download_code}", "debug", log_debug)
             msg = "The results of your download are not ready yet. "
             msg += "Please check back."
-            self.render("index.html",  download_message=msg, dcode=code)
+            self.render("index.html",  download_message=msg, dcode=download_code)
         else:
             if not os.path.isfile(f"{directory}/final_grades.csv"):
-                log.write_logs(code, "Download: final_grades.csv does not exist",
-                               "Problem grading notebooks see stack trace",
-                               "debug",
-                               f'{os.environ.get("ENVIRONMENT")}-debug')
+                m = "Download: final_grades.csv does not exist"
+                t = "Problem grading notebooks see stack trace"
+                log.write_logs(download_code, m, t, "debug", log_debug)
                 with open(f"{directory}/final_grades.csv", "a") as f:
                     m = "There was a problem grading your notebooks. Please see grading-logs.txt"
                     f.write(m)
                     f.close()
-
-            log.write_logs(code, "Download Success: Creating results.zip",
-                           "",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+            m = "Download Success: Creating results.zip"
+            log.write_logs(download_code, m, "", "debug", log_debug)
             with ZipFile(f"{directory}/results.zip", 'w') as zipF:
                 for file in ["final_grades.csv", "grading-logs.txt"]:
                     if os.path.isfile(f"{directory}/{file}"):
@@ -190,7 +135,8 @@ class Download(tornado.web.RequestHandler):
 
             self.set_header('Content-Type', 'application/octet-stream')
             self.set_header("Content-Description", "File Transfer")
-            self.set_header('Content-Disposition', f"attachment; filename=results-{code}.zip")
+            m = f"attachment; filename=results-{download_code}.zip"
+            self.set_header('Content-Disposition', m)
             with open(f"{directory}/results.zip", 'rb') as f:
                 try:
                     while True:
@@ -203,24 +149,27 @@ class Download(tornado.web.RequestHandler):
                     self.write(exc)
 
 
-class Upload(tornado.web.RequestHandler):
+class Upload(BaseHandler):
     """This is the upload handler for users to upload autograder.zip and notebooks
 
     Args:
         tornado (tornado.web.RequestHandler): The upload request handler
     """
+    @tornado.web.authenticated
+    def get(self):
+        # this just redirects to login and displays main page
+        self.render("index.html", message=None)
+
+    @tornado.web.authenticated
     async def post(self):
         """this handles the post request and asynchronously launches the grader
         """
-        g = GradeNotebooks()
+        g = grade_notebooks.GradeNotebooks()
         files = self.request.files
         results_path = str(uuid.uuid4())
         autograder = self.request.files['autograder'][0] if "autograder" in files else None
         notebooks = self.request.files['notebooks'][0] if "notebooks" in files else None
-        log.write_logs(results_path, "Step 1: Upload accepted",
-                       "",
-                       "debug",
-                       f'{os.environ.get("ENVIRONMENT")}-debug')
+        log.write_logs(results_path, "Step 1: Upload accepted", "", "debug", log_debug)
         if autograder is not None and notebooks is not None:
             notebooks_fname = notebooks['filename']
             notebooks_extn = os.path.splitext(notebooks_fname)[1]
@@ -232,49 +181,42 @@ class Upload(tornado.web.RequestHandler):
                 os.mkdir(__UPLOADS__)
             auto_p = f"{__UPLOADS__}/{autograder_name}"
             notebooks_path = f"{__UPLOADS__}/{notebooks_name}"
-            log.write_logs(results_path, "Step 2a: Uploaded File Names Determined",
-                           f"notebooks path: {notebooks_path}",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+            m = "Step 2a: Uploaded File Names Determined"
+            log.write_logs(results_path, m, f"notebooks path: {notebooks_path}", "debug", log_debug)
             fh = open(auto_p, 'wb')
             fh.write(autograder['body'])
 
             fh = open(notebooks_path, 'wb')
             fh.write(notebooks['body'])
-            log.write_logs(results_path, "Step 3: Uploaded Files Written to Disk",
-                           f"Results Code: {results_path}",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+            m = "Step 3: Uploaded Files Written to Disk"
+            log.write_logs(results_path, m, f"Results Code: {results_path}", "debug", log_debug)
             m = "Please save this code. You can retrieve your files by submitting this code "
             m += f"in the \"Results\" section to the right: {results_path}"
             self.render("index.html", message=m)
             try:
                 await g.grade(auto_p, notebooks_path, results_path)
             except Exception as e:
-                log.write_logs(results_path, "Grading Problem",
-                               str(e),
-                               "error",
-                               f'{os.environ.get("ENVIRONMENT")}-logs')
+                log.write_logs(results_path, "Grading Problem", str(e), "error", log_error)
         else:
-            log.write_logs(results_path, "Step 2b: Uploaded Files not given",
-                           "",
-                           "debug",
-                           f'{os.environ.get("ENVIRONMENT")}-debug')
+            m = "Step 2b: Uploaded Files not given"
+            log.write_logs(results_path, m, "", "debug", log_debug)
             m = "It looks like you did not set the notebooks or autograder.zip or both!"
             self.render("index.html", message=m)
 
 
 settings = {
     "cookie_secret": str(uuid.uuid4()),
-    "xsrf_cookies": True
+    "xsrf_cookies": True,
+    "login_url": "/login"
 }
 
 application = tornado.web.Application([
-        (r"/", Userform),
+        (r"/", MainHandler),
+        (r"/login", LoginHandler),
         (r"/upload", Upload),
         (r"/download", Download),
-        (r"/auth/github", Userform),
-        ], **settings, debug=True)
+        (r"/oauth_callback", GitHubOAuthHandler),
+        ], **settings, debug=False)
 
 
 def main():
@@ -282,14 +224,11 @@ def main():
     """
     try:
         application.listen(80)
-        msg = f'{os.environ.get("ENVIRONMENT")}-debug'
-        log.write_logs("Server Start", "Starting Server", "", "info", msg)
+        log.write_logs("Server Start", "Starting Server", "", "info", log_debug)
         tornado.ioloop.IOLoop.instance().start()
     except Exception as e:
-        log.write_logs("Server Start Error", "Server Starting error",
-                       str(e),
-                       "error",
-                       f'{os.environ.get("ENVIRONMENT")}-debug')
+        m = "Server Starting error"
+        log.write_logs("Server Start Error", m, str(e), "error", log_debug)
 
 
 if __name__ == "__main__":

otter_service_stdalone/fs_logging.py

@@ -50,7 +50,7 @@ def write_logs(id, msg, trace, type, collection):
         try:
             db = firestore.client()
             # this redirects FireStore to local emulator when local testing!
-            if os.getenv("ENVIRONMENT") == "otter-stdalone-docker-local-test":
+            if "local" in os.getenv("ENVIRONMENT"):
                 channel = grpc.insecure_channel("host.docker.internal:8080")
                 transport = firestore_grpc_transport.FirestoreGrpcTransport(channel=channel)
                 db._firestore_api_internal = firestore_client.FirestoreClient(transport=transport)

otter_service_stdalone/grade_notebooks.py

@@ -0,0 +1,103 @@
+import asyncio
+import async_timeout
+from otter_service_stdalone import fs_logging as log, upload_handle as uh
+import os
+
+log_debug = f'{os.environ.get("ENVIRONMENT")}-debug'
+log_count = f'{os.environ.get("ENVIRONMENT")}-count'
+log_error = f'{os.environ.get("ENVIRONMENT")}-logs'
+
+
+class GradeNotebooks():
+    """The class contains the async grade method for executing
+        otter grader as well as a function for logging the number of 
+        notebooks to be graded
+    """
+
+    def count_ipynb_files(self, directory, extension):
+        """this count the files for logging purposes"""
+        count = 0
+        for filename in os.listdir(directory):
+            if filename.endswith(extension):
+                count += 1
+        return count
+
+    async def grade(self, p, notebooks_path, results_id):
+        """Calls otter grade asynchronously and writes the various log files
+        and results of grading generating by otter-grader
+
+        Args:
+            p (str): the path to autograder.zip -- the solutions
+            notebooks_path (str): the path to the folder of notebooks to be graded
+            results_id (str): used for identifying logs
+
+        Raises:
+            Exception: Timeout Exception is raised if async takes longer than 20 min
+
+        Returns:
+            boolean: True is the process completes; otherwise an Exception is thrown
+        """
+        try:
+            notebook_folder = uh.handle_upload(notebooks_path, results_id)
+            notebook_count = self.count_ipynb_files(notebook_folder, ".ipynb")
+            log.write_logs(results_id, f"{notebook_count}",
+                           "",
+                           "info",
+                           f'{os.environ.get("ENVIRONMENT")}-count')
+            log.write_logs(results_id, "Step 5: Notebook Folder configured for grader",
+                           f"Notebook Folder: {notebook_folder}",
+                           "debug",
+                           log_debug)
+            command = [
+                'otter', 'grade',
+                '-a', p,
+                '-p', notebook_folder,
+                "--ext", "ipynb",
+                "--containers", "10",
+                "-o", notebook_folder,
+                "-v"
+            ]
+            log.write_logs(results_id, f"Step 6: Grading Start: {notebook_folder}",
+                           " ".join(command),
+                           "debug",
+                           log_debug)
+            process = await asyncio.create_subprocess_exec(
+                *command,
+                stdin=asyncio.subprocess.PIPE,
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.PIPE
+            )
+
+            # this is waiting for communication back from the process
+            # some images are quite big and take some time to build the first
+            # time through - like 20 min for otter-grader
+            async with async_timeout.timeout(2000):
+                stdout, stderr = await process.communicate()
+
+                with open(f"{notebook_folder}/grading-output.txt", "w") as f:
+                    for line in stdout.decode().splitlines():
+                        f.write(line + "\n")
+                log.write_logs(results_id, "Step 7: Grading: Finished: Write: grading-output.txt",
+                               f"{notebook_folder}/grading-output.txt",
+                               "debug",
+                               log_debug)
+                with open(f"{notebook_folder}/grading-logs.txt", "w") as f:
+                    for line in stderr.decode().splitlines():
+                        f.write(line + "\n")
+                log.write_logs(results_id, "Step 8: Grading: Finished: Write grading-logs.txt",
+                               f"{notebook_folder}/grading-logs.txt",
+                               "debug",
+                               log_debug)
+                log.write_logs(results_id, f"Step 9: Grading: Finished: {notebook_folder}",
+                               " ".join(command),
+                               "debug",
+                               log_debug)
+                log.write_logs(results_id, f"Grading: Finished: {notebook_folder}",
+                               " ".join(command),
+                               "info",
+                               log_error)
+                return True
+        except asyncio.TimeoutError:
+            raise Exception(f'Grading timed out for {notebook_folder}')
+        except Exception as e:
+            raise e

otter_service_stdalone/secrets/gh_key.dev.yaml

@@ -0,0 +1,16 @@
+github_access_id: ENC[AES256_GCM,data:6othw4MyjLk/gvYAbmGn7cS0xis=,iv:CJcaUgdPanPrNHOsR9pdEl5RippYUqREuI489FLc6l4=,tag:dxCzrJ1L0KXS9B+Gc6yCAg==,type:str]
+github_access_secret: ENC[AES256_GCM,data:QCxHQpy+0hptRZIp6OXxdPGfwb3FaY0be1/TjKJG5BTK06NzWlma2A==,iv:kP6JPkvz1FKoiYSgO0GEw6zTgmRhxIkK2IIaDiUt0rM=,tag:5GOZVUXQMNblwD33A344Ng==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/data8x-scratch/locations/global/keyRings/data8x-sops/cryptoKeys/otter-service
+          created_at: "2024-04-03T20:55:56Z"
+          enc: CiQA+mtdjxpP5gJHTfXLOO3LGHaXfPniExMUlgbOPe3j0kTWNZ4SSQB/DdDBy/MSy9vA/EBaN0NtT2d3qz815c1SWt0VNetH6OgfHR4cHAOJURgBOBXiPPg/jCSJNNPAn1vOoa1axWpET9taglLA1g8=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-04-03T20:55:57Z"
+    mac: ENC[AES256_GCM,data:dRddLm5uPG7mpTfQuIa5tN5DE9C+Bmxjt5K02/fI/9tor/Ee41Gvmgxda3tjdD4bLUaPsInXAcdBjVXQ0FxvsHp/VIh41WSPAJfb811E0U1yI6OX+EpwJBnnwFVlHkcy+1HrcJZ8bVtXyinm4g+5kjiqRaN4j3dlhpWNzG6/CTw=,iv:R/cR3B/erkBmQTwsmO8zY4WztHUY5VxjsT5AHkwuYPQ=,tag:OhRdDOiEGvyqLSVnY9IcoA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1

otter_service_stdalone/secrets/gh_key.local.yaml

@@ -0,0 +1,16 @@
+github_access_id: ENC[AES256_GCM,data:vGx6zpYlPo38qR4QNuWwqfa6E1g=,iv:S7B8SUmSaHHjWwHtzK+4CIUxmmMHWCIU1eSubh3BG1w=,tag:JdxhwhkEb6Y+NUA23X14zg==,type:str]
+github_access_secret: ENC[AES256_GCM,data:XDOjdPt5SkXNQRLALAeNS20CeFWwTCVHlOqDoDiDz6DYHKBq8VJMHQ==,iv:SAm7tj0YwNXnxCQx8b6DVXbevxumdqd6piiDxMTLOLM=,tag:60wtxm7n1iJ8SCU17F2FDQ==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/data8x-scratch/locations/global/keyRings/data8x-sops/cryptoKeys/otter-service
+          created_at: "2024-04-03T20:55:51Z"
+          enc: CiQA+mtdj7+426Te3zwawNSQpo18+vkZXnEq23JYHBFSWqzHSkkSSQB/DdDBlBfvc3Ek/8T3or9nzq//ADi3xMBdQ4U9VKnqaQOgmX2aPbwd+or29xIIr4Q8k8SyhdDrcSmF/Yat+hVbUVvtzI4P71Y=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-04-03T20:55:52Z"
+    mac: ENC[AES256_GCM,data:LVLldWnSDQ6I09N6+rCIaD+nno5xGs4/eorTY7La+z5dGgpzsW+N8k7xUV+XvL9CB6+1n5YIC/rzpUKD/DtfiijXNbA/kUuSF3OyZ3nrQEzvX0vOBT3qik8vFbhp91OmJqK5r5PpxjET5Okp6enjihdkzpAgSoQjyqjXWsv5npA=,iv:8A062Olw5SYp/odZ8dZcL0tPOWhbJxTj0vbJgbQX+vM=,tag:jLS7Fu/J+i/+mFRifIzsFQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1

otter_service_stdalone/secrets/gh_key.prod.yaml

@@ -0,0 +1,16 @@
+github_access_id: ENC[AES256_GCM,data:2IqN4IC3eyM1qxJ7uy6xAEGce5w=,iv:btm2Q/5TOoOnwih2l0Q3QkjGUfx4Biz5XTM1SoGUbOw=,tag:sSpLAnYv/TIXMK4yB/pMPg==,type:str]
+github_access_secret: ENC[AES256_GCM,data:OhQUwHi4tBcMf/GPFohYbdSSD3hWfTODIYh883mSaxDifP72uchHYA==,iv:o7GpOxEJGnD8/ClPEx9XZh07mg3ty91u5wzkiEC0xKk=,tag:oaEFun8sbl2g77oKaTl+kA==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/data8x-scratch/locations/global/keyRings/data8x-sops/cryptoKeys/otter-service
+          created_at: "2024-04-03T20:55:39Z"
+          enc: CiQA+mtdj0RKYxCmqihxBuK/BLHCESM8jh8P/7cEn+z2skGDeL0SSQB/DdDBvPjBiL88kvhLS08s4DV0yWvFtpoKLCO3+v2C/dtDO8ojGVUeOtZh0W4L+x9PM+uffXA6ezOsdzO8+k2nmtTYTIacDMU=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-04-03T20:55:40Z"
+    mac: ENC[AES256_GCM,data:cszrryu3Ya5TrYJtZZzj8bDW9exvT7zOc3cUmzSSDQAlocz4ayOvJzU7tb7SODrWSA07usLqdzWpAzJ0/DVqw7Psp+Q+e7AzegbWOuoSPTYrFx0iy2p68cJcw3yujSaMyHv4E37wWiPUqvl8XUN+EGbYpnWBRSTaM1F/zXXG3Ko=,iv:LCMDdd007JghnzSHeQgXpsCfqdriZn4BcI3THqTWOIg=,tag:kSu9wzHliVG5QXIA1z0aoQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1

otter_service_stdalone/secrets/gh_key.staging.yaml

@@ -0,0 +1,16 @@
+github_access_id: ENC[AES256_GCM,data:kSFOqwFCOEBzp3aA+xztYZna+DQ=,iv:/ZMoKSWI/KeMQZe6PDQe4MF6XIo1cpRc2spt3HAelpY=,tag:a28+3LzpVadaXC4P+S8EVQ==,type:str]
+github_access_secret: ENC[AES256_GCM,data:RzYBaHSYuqDvEJ4CMMdtIpOb90ObcrnRSAOhin/fLVM+Xf2DDvxxkA==,iv:thm1AlQjjUtm5gmeliAeIlbY3kWhdHnx8d5cWLMhSSs=,tag:Dl8ZjC8j4w8HkJ5rOP5phg==,type:str]
+sops:
+    kms: []
+    gcp_kms:
+        - resource_id: projects/data8x-scratch/locations/global/keyRings/data8x-sops/cryptoKeys/otter-service
+          created_at: "2024-04-03T20:56:00Z"
+          enc: CiQA+mtdj6rYoGKDso+uJhKHBwVaeG452KHDn7K0Wz2QgFBF/G8SSQB/DdDB7uXjR3oYouuiC1pVprd7vqGbWrA4Nmg6kdrjUYCZ8cHHrbTSlTvzJ9C+2dTRwAWmSvSsFn2L7Yj31Vnujxf8Ong9LOM=
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-04-03T20:56:01Z"
+    mac: ENC[AES256_GCM,data:r66eFRpcST3IYgQ86Qy4YYXA/BjWCQIDz+iK1L9BSMtHDW6t8GphIj2kRBjpFK7bQWt7CKExXwTgv/2JjedcYiulGUEANqeZuRZjpfUuas9yA9mibklzg2+b5O++s/URl7wcAceFbg7PD6ddn2cb8t8nzqDw7cQPjblmS50H5aA=,iv:gdqHI0kGj5AAd47VTZrE6OabMjeFMxfX7KiJV1gjbGo=,tag:G+79+A6d4SL9iA/LxjAhrA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1

otter_service_stdalone/static_templates/403.html

@@ -0,0 +1,24 @@
+<html>
+<head> 
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 
+    <title>403 Forbidden</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css">
+    <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
+</head>
+<body>
+    <section class="container">
+        <div class="hero is-info welcome is-small">
+            <div class="hero-body">
+                <div class="container">
+                    <h1 class="title">403 Forbidden</h1>
+                    <p class="subtitle colored is-3">
+                        You do not have permission to access this resource or your authentication needs to be renewed. 
+                        Please <a style='color:#005b96' href="/login">login</a> to try again or 
+                        email sean.smorris@berkeley.edu for help.
+                    </p>
+                </div>
+            </div>
+        </div>
+    </section>
+</body>
+</html>

otter_service_stdalone/static_templates/500.html

@@ -0,0 +1,24 @@
+<html>
+<head> 
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 
+    <title>Access Problem</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css">
+    <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
+</head>
+<body>
+    <section class="container">
+        <div class="hero is-info welcome is-small">
+            <div class="hero-body">
+                <div class="container">
+                    <h1 class="title">500 Forbidden - Access Problem</h1>
+                    <p class="subtitle colored is-3">
+                        We are unable to establish access for you.
+                        Please email: sean.smorris@berkeley.edu or try 
+                        <a style='color:#005b96' href="/login">logging</a> in again.
+                    </p>
+                </div>
+            </div>
+        </div>
+    </section>
+</body>
+</html>

otter_service_stdalone/user_auth.py

@@ -0,0 +1,120 @@
+import json
+import os
+from otter_service_stdalone import fs_logging as log, access_sops_keys
+import requests
+import tornado
+import urllib.parse
+
+
+log_coll = f'{os.environ.get("ENVIRONMENT")}-debug'
+environment_name = os.environ.get("ENVIRONMENT").split("-")[-1]
+gh_key_path = os.path.join(os.path.dirname(__file__), f"secrets/gh_key.{environment_name}.yaml")
+github_id = access_sops_keys.get(None, "github_access_id", secrets_file=gh_key_path)
+github_secret = access_sops_keys.get(None, "github_access_secret", secrets_file=gh_key_path)
+
+
+async def handle_authorization(form, state):
+    """authorizes via oauth app token access github auth api
+
+    Parameters:
+        - form (tornado.web.RequestHandler): The request handler used to re-direct for
+          authorization. The redirect url is configured at the github endpoint for the app
+        - state (int): random uuid4 number generated to ensure communication between endpoints is
+          not compromised
+    """
+    log.write_logs("Auth Workflow", "UserAuth: Get: Authorizing", "", "info", log_coll)
+    q_params = f"client_id={github_id}&state={state}&scope=read:org"
+    form.redirect(f'https://github.com/login/oauth/authorize?{q_params}')
+
+
+async def get_acess_token(arg_state, state, code):
+    """requests and returns the access token or None
+
+    Parameters:
+        - arg_state (int): the state argument being passed on the url string; this will be compared
+          to the state value generated in this file to ensure they are the same!
+        - state (int): random uuid4 number generated to ensure communication between endpoints is
+          not compromised
+        - code (str): the code that is returned from the authorization request
+
+    Returns:
+        - str: the access token used for subsequent calls to the api; or None
+    """
+    http_client = tornado.httpclient.AsyncHTTPClient()
+    params = {
+        'client_id': github_id,
+        'client_secret': github_secret,
+        'code': code,
+        'redirect_uri': f"{os.environ.get('GRADER_DNS')}/oauth_callback"
+    }
+    m = "UserAuth: GitHubOAuthHandler: Getting Access Token"
+    log.write_logs("Auth Workflow", m, "", "info", log_coll)
+    response = await http_client.fetch(
+        'https://github.com/login/oauth/access_token',
+        method='POST',
+        headers={'Accept': 'application/json'},
+        body=urllib.parse.urlencode(params)
+    )
+    resp = json.loads(response.body.decode())
+    access_token = resp['access_token']
+    if arg_state != state:
+        access_token = None
+        m = "UserAuth: GitHubOAuthHandler: Cross-Site Forgery possible - aborting"
+        log.write_logs("Auth Workflow", m, "", "info", log_coll)
+    else:
+        m = "UserAuth: GitHubOAuthHandler: Access Token Granted"
+        log.write_logs("Auth Workflow", m, "", "info", log_coll)
+    return access_token
+
+
+async def handle_is_org_member(access_token, user):
+    """the final authorization is to make sure the member has access to the application by being
+    a part of the correct organizaton
+
+    Parameters:
+        - access_token (str): The OAuth access token.
+        - user (str): the authenticated GitHub user name
+
+    Returns:
+        - boolean: True user is in the GH org, False otherwise
+    """
+    log.write_logs("Auth Workflow", "UserAuth: Get: Check Membership", "", "info", log_coll)
+    if user:
+        org_name = os.environ.get("AUTH_ORG")
+        url = f'https://api.github.com/orgs/{org_name}/members/{user}'
+        headers = {
+            'Authorization': f'token {access_token}',
+            'Accept': 'application/vnd.github.v3+json',
+        }
+        response = requests.get(url, headers=headers)
+        return response.status_code == 204
+    else:
+        return False
+
+
+async def get_github_username(access_token):
+    """
+    Retrieve the GitHub username of the authenticated user.
+
+    Parameters:
+    - access_token (str): The OAuth access token.
+
+    Returns:
+    - str: The username of the authenticated user, or None if not found.
+    """
+    url = 'https://api.github.com/user'
+    headers = {
+        'Authorization': f'token {access_token}',
+        'Accept': 'application/vnd.github.v3+json',
+    }
+
+    response = requests.get(url, headers=headers)
+    if response.status_code == 200:
+        m = "UserAuth: Get: UserName - Success"
+        log.write_logs("Auth Workflow", m, "", "info", log_coll)
+        user_info = response.json()
+        return user_info.get('login')
+    else:
+        m = f"UserAuth: Get: UserName - Fail:{response.status_code}"
+        log.write_logs("Auth Workflow", m, "", "info", log_coll)
+        return None

{otter_service_stdalone-0.1.16.dist-info → otter_service_stdalone-0.1.19.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: otter_service_stdalone
-Version: 0.1.16
+Version: 0.1.19
 Summary: Grading Service for Instructors using Otter Grader
 Home-page: https://github.com/sean-morris/otter-service-stdalone
 Author: Sean Morris

otter_service_stdalone-0.1.19.dist-info/RECORD

@@ -0,0 +1,19 @@
+otter_service_stdalone/__init__.py,sha256=cAJAbAh288a9AL-3yxwFzEM1L26izSJ6wma5aiml_9Y,23
+otter_service_stdalone/access_sops_keys.py,sha256=nboU5aZ84Elrm5vO0dMgpIF5LLcnecpNAwpxKvj6DvU,2129
+otter_service_stdalone/app.py,sha256=JrjykDRx1VlxLwZQ_svsM9Pabwr5H8x6AHTI-LUJ_BA,9462
+otter_service_stdalone/fs_logging.py,sha256=IKFZkc5TmpI6G3vTYFAU9jDjQ-GT5aRxk8kdZ0h0kJE,2390
+otter_service_stdalone/grade_notebooks.py,sha256=DiIW7oIwq2TROHFiR0A9qqVCoFzd3QhZXxqgWZtCDk8,4498
+otter_service_stdalone/index.html,sha256=QbSQs31OZhWlCQFE5vvJOlNh-JHEJ3PZPgR4GukzrCA,6032
+otter_service_stdalone/upload_handle.py,sha256=NB6isuLrLkUCPetUA3ugUlKKpAYw4nvDBVmxpzvgcE8,5157
+otter_service_stdalone/user_auth.py,sha256=O25EekGSnodWlO6RFftK0_QObbJ4MOQupGJZ4XOeHb0,4616
+otter_service_stdalone/secrets/gh_key.dev.yaml,sha256=ORUVDu8SDcv0OE2ThwROppeg7y8oLkJJbPTCMn0s5l0,1138
+otter_service_stdalone/secrets/gh_key.local.yaml,sha256=NtPXXyGf1iSgJ9Oa2ahvIEf_fcmflB3dwd3LWyCgxis,1138
+otter_service_stdalone/secrets/gh_key.prod.yaml,sha256=6vgLqHzDp8cVAOJlpSXGDTUjSI6EyCb6f1-SSVG2rqw,1138
+otter_service_stdalone/secrets/gh_key.staging.yaml,sha256=cKVqj4dcwuz2LhXwMNQy_1skF8XCVQOX2diXNjAFJXg,1138
+otter_service_stdalone/static_templates/403.html,sha256=K7Jc85v6K8ieRtzBo3JBX__oJCcZ8MEiZcIrhITD5I0,985
+otter_service_stdalone/static_templates/500.html,sha256=2D0YF8-ocJ9I-hM3P3KdflhggKH52L4bTHhKzd79B9o,944
+otter_service_stdalone-0.1.19.dist-info/METADATA,sha256=DmAEzyj4My9WP-U4Zs1bM-14CMpuzXt1sslkfblLBlc,1345
+otter_service_stdalone-0.1.19.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+otter_service_stdalone-0.1.19.dist-info/entry_points.txt,sha256=cx447chuIEl8ly9jEoF5-2xNhaKsWcIMDdhUMH_00qQ,75
+otter_service_stdalone-0.1.19.dist-info/top_level.txt,sha256=6UP22fD4OhbLt23E01v8Kvjn44vPRbyTIg_GqMYL-Ng,23
+otter_service_stdalone-0.1.19.dist-info/RECORD,,

otter_service_stdalone-0.1.16.dist-info/RECORD

@@ -1,11 +0,0 @@
-otter_service_stdalone/__init__.py,sha256=yF88-8vL8keLe6gCTumymw0UoMkWkSrJnzLru4zBCLQ,23
-otter_service_stdalone/access_sops_keys.py,sha256=2f3vszsF6LojCmt3AmInyZvIoGrWnjNlu9mVOXmWvcY,2149
-otter_service_stdalone/app.py,sha256=do03zXIU_1xeBpiMuC0JhbToNA7zuwSgWc0z4i7UtKc,13011
-otter_service_stdalone/fs_logging.py,sha256=LTrgadyjQyZ204sS5B1HtchnBV49SKCpfrJdcfuvApo,2417
-otter_service_stdalone/index.html,sha256=QbSQs31OZhWlCQFE5vvJOlNh-JHEJ3PZPgR4GukzrCA,6032
-otter_service_stdalone/upload_handle.py,sha256=NB6isuLrLkUCPetUA3ugUlKKpAYw4nvDBVmxpzvgcE8,5157
-otter_service_stdalone-0.1.16.dist-info/METADATA,sha256=MTcibeq-t56l0XGNF4d_QhptZ_fO2Ys6n8ki_SDSDgM,1345
-otter_service_stdalone-0.1.16.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-otter_service_stdalone-0.1.16.dist-info/entry_points.txt,sha256=cx447chuIEl8ly9jEoF5-2xNhaKsWcIMDdhUMH_00qQ,75
-otter_service_stdalone-0.1.16.dist-info/top_level.txt,sha256=6UP22fD4OhbLt23E01v8Kvjn44vPRbyTIg_GqMYL-Ng,23
-otter_service_stdalone-0.1.16.dist-info/RECORD,,