Adding api-keys handlers

pcrespov · pcrespov · commit 7385de9baebb · 2020-04-28T13:38:17.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/login/api_keys_handlers.py b/services/web/server/src/simcore_service_webserver/login/api_keys_handlers.py
@@ -0,0 +1,114 @@
+import logging
+import uuid as uuidlib
+from typing import Dict
+
+import sqlalchemy as sa
+from aiohttp import web
+
+import simcore_postgres_database.webserver_models as orm
+from servicelib.application_keys import APP_DB_ENGINE_KEY
+from servicelib.aiopg_utils import DatabaseError
+
+from .decorators import RQT_USERID_KEY, login_required
+from .utils import get_random_string
+
+log = logging.getLogger(__name__)
+
+
+def generate_api_credentials() -> Dict[str, str]:
+    credentials: Dict = dict.fromkeys(("api_key", "api_secret"), "")
+    for name in credentials:
+        value = get_random_string(20)
+        credentials[name] = str(uuidlib.uuid5(uuidlib.NAMESPACE_DNS, value))
+    return credentials
+
+
+class CRUD:
+    # pylint: disable=no-value-for-parameter
+
+    def __init__(self, request: web.Request):
+        self.engine = request.app.get(APP_DB_ENGINE_KEY)
+        self.userid: int = request.get(RQT_USERID_KEY, -1)
+
+    async def list_api_key_names(self):
+        async with self.engine.acquire() as conn:
+            stmt = orm.api_keys.select([orm.api_keys.c.display_name]).where(
+                orm.users.c.user_id == self.userid
+            )
+
+            res = await conn.execute(stmt)
+            rows = await res.fetchall()
+            return list(rows)
+
+    async def create(self, name: str, *, api_key: str, api_secret: str):
+        async with self.engine.acquire() as conn:
+            stmt = orm.api_keys.insert().values(
+                display_name=name,
+                user_id=self.userid,
+                api_key=api_key,
+                api_secret=api_secret,
+            )
+            await conn.execute(stmt)
+
+    async def delete_api_key(self, name: str):
+        async with self.engine.acquire() as conn:
+            stmt = orm.api_keys.delete().where(
+                sa.and_(
+                    orm.users.c.user_id == self.userid,
+                    orm.api_keys.c.display_name == name,
+                )
+            )
+            await conn.execute(stmt)
+
+
+@login_required
+async def list_api_keys(request: web.Request):
+    """
+        GET /auth/api-keys
+    """
+    crud = CRUD(request)
+    names = await crud.list_api_key_names()
+    return names
+
+
+@login_required
+async def create_api_key(request: web.Request):
+    """
+        POST /auth/api-keys
+    """
+    body = await request.json()
+    display_name = body.get("display_name")
+
+    credentials = generate_api_credentials()
+    try:
+        crud = CRUD(request)
+        await crud.create(display_name, **credentials)
+    except DatabaseError as err:
+        log.warning("Failed to create API key %d", display_name, exc_info=err)
+        raise web.HTTPBadRequest(reason="Invalid API key name: already exists")
+
+    return {
+        "display_name": display_name,
+        "api_key": credentials["api_key"],
+        "api_secret": credentials["api_secret"],
+    }
+
+
+@login_required
+async def delete_api_key(request: web.Request):
+    """
+        DELETE /auth/api-keys
+    """
+
+    body = await request.json()
+    display_name = body.get("display_name")
+
+    try:
+        crud = CRUD(request)
+        await crud.delete_api_key(display_name)
+    except DatabaseError as err:
+        log.warning(
+            "Failed to delete API key %d. Ignoring error", display_name, exc_info=err
+        )
+
+    raise web.HTTPNoContent
diff --git a/services/web/server/src/simcore_service_webserver/login/routes.py b/services/web/server/src/simcore_service_webserver/login/routes.py
@@ -13,6 +13,7 @@
 from servicelib.rest_routing import iter_path_operations, map_handlers_with_operations
 
 from . import handlers as login_handlers
+from . import api_keys_handlers
 
 log = logging.getLogger(__name__)
 
@@ -42,6 +43,9 @@ def include_path(tuple_object):
         "auth_change_email": login_handlers.change_email,
         "auth_change_password": login_handlers.change_password,
         "auth_confirmation": login_handlers.email_confirmation,
+        "create_api_key": api_keys_handlers.create_api_key,
+        "delete_api_key": api_keys_handlers.delete_api_key,
+        "list_api_keys": api_keys_handlers.list_api_keys,
     }
 
     routes = map_handlers_with_operations(
diff --git a/services/web/server/tests/unit/with_dbs/test_api_keys.py b/services/web/server/tests/unit/with_dbs/test_api_keys.py
@@ -0,0 +1,78 @@
+# pylint:disable=unused-variable
+# pylint:disable=unused-argument
+# pylint:disable=redefined-outer-name
+from aiohttp import web
+import pytest
+
+from pytest_simcore.helpers.utils_assert import assert_status
+from pytest_simcore.helpers.utils_login import LoggedUser
+from simcore_service_webserver.db_models import UserRole
+
+
+@pytest.fixture()
+async def logged_user(client, user_role: UserRole):
+    """ adds a user in db and logs in with client
+
+    NOTE: `user_role` fixture is defined as a parametrization below!!!
+    """
+    async with LoggedUser(
+        client,
+        {"role": user_role.name},
+        check_if_succeeds=user_role != UserRole.ANONYMOUS,
+    ) as user:
+        print("-----> logged in user", user_role)
+        yield user
+        print("<----- logged out user", user_role)
+
+
+@pytest.mark.parametrize(
+    "user_role,expected",
+    [
+        (UserRole.ANONYMOUS, web.HTTPUnauthorized),
+        (UserRole.GUEST, web.HTTPOk),
+        (UserRole.USER, web.HTTPOk),
+        (UserRole.TESTER, web.HTTPOk),
+    ],
+)
+async def test_create_api_keys(client, logged_user, user_role, expected):
+    resp = await client.post("/v0/auth/api-keys", json={"display_name": "foo"})
+
+    data, errors = await assert_status(resp, expected)
+
+    if not errors:
+        client.app
+
+
+@pytest.mark.parametrize(
+    "user_role,expected",
+    [
+        (UserRole.ANONYMOUS, web.HTTPUnauthorized),
+        (UserRole.GUEST, web.HTTPOk),
+        (UserRole.USER, web.HTTPOk),
+        (UserRole.TESTER, web.HTTPOk),
+    ],
+)
+async def test_list_api_keys(client, logged_user, user_role, expected):
+    resp = await client.get("/v0/auth/api-keys")
+    data, errors = await assert_status(resp, expected)
+
+    if not errors:
+        assert not data
+
+        with UserApiKeys(client.app, logged_user.user.user_id, ['foo', 'bar', 'beta']):
+            resp = await client.get("/v0/auth/api-keys")
+            data, _ = await assert_status(resp, expected)
+            assert data == ['foo', 'bar', 'beta']
+
+@pytest.mark.parametrize(
+    "user_role,expected",
+    [
+        (UserRole.ANONYMOUS, web.HTTPUnauthorized),
+        (UserRole.GUEST, web.HTTPNoContent),
+        (UserRole.USER, web.HTTPNoContent),
+        (UserRole.TESTER, web.HTTPNoContent),
+    ],
+)
+async def test_delete_api_keys(client, logged_user, user_role, expected):
+    resp = await client.delete("/v0/auth/api-keys", json={"display_name": "foo"})
+    data, errors = await assert_status(resp, expected)
