5936885816

Committed 22 Aug 2023 09:19AM UTC coverage: 85.145% (-0.4%) from 85.584%

Build # 5936885816

Build Type

push

gihub-action

Committed by

web-flow

Commit Message

feat: add gitlab auth to storage service (#16)

* add gitlab authenticator

* poetry lock

* remove unused code

* address comments

Run Details

70 of 70 new or added lines in 13 files covered. (100.0%)

1880 of 2208 relevant lines covered (85.14%)

0.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

30.77

/components/renku_data_services/users/gitlab.py

"""Gitlab authenticator."""
from dataclasses import dataclass

import gitlab
from sanic import Request

import renku_data_services.base_models as base_models
from renku_data_services import errors


@dataclass
class GitlabAuthenticator:
    """Authenticator for gitlab repos.

    Note:
        Once we have a project service, this should get information on what type of git provider is used from there
        and support different backends.
    """

    gitlab_url: str

    async def authenticate(self, access_token: str, request: Request | None = None) -> base_models.APIUser:
        """Checks the validity of the access token."""

        project_id: str | None = None

        if request is not None:
            if "project_id" in request.json:
                project_id = request.json["project_id"]
            elif project_id in request.query_args:
                project_id = request.query_args["project_id"]
            elif "project_id" in request.args:
                project_id = request.args["project_id"]

        if project_id is not None:
            result = await self._auth_with_repo(access_token, project_id)
        else:
            raise errors.ValidationError(message="project_id not found")

        return result

    async def _auth_with_repo(self, access_token: str, project_id: str) -> base_models.APIUser:
        """Check if a user has access to a repository on gitlab."""
        client = gitlab.Gitlab(self.gitlab_url, oauth_token=access_token)
        user = client.user
        if user is None:
            raise errors.Unauthorized(message="User not authorized")

        if user.state != "active":
            raise errors.Unauthorized(message="User isn't active")

        user_id = user.get_id()

        if user_id is None:
            raise errors.Unauthorized(message="Could not get user id")

        project = client.projects.get(id=project_id)
        member = project.members.get(id=user_id)

        is_admin = False

        if member.access_level >= 30:
            # Developer, Maintainer and Owner
            is_admin = True

        return base_models.APIUser(is_admin, str(user_id), access_token)

1	"""Gitlab authenticator."""	1✔
2	from dataclasses import dataclass	1✔
3
4	import gitlab	1✔
5	from sanic import Request	1✔
6
7	import renku_data_services.base_models as base_models	1✔
8	from renku_data_services import errors	1✔
9
10
11	@dataclass	1✔
12	class GitlabAuthenticator:	1✔
13	"""Authenticator for gitlab repos.	1✔
14
15	Note:
16	Once we have a project service, this should get information on what type of git provider is used from there
17	and support different backends.
18	"""
19
20	gitlab_url: str	1✔
21
22	async def authenticate(self, access_token: str, request: Request \| None = None) -> base_models.APIUser:	1✔
23	"""Checks the validity of the access token."""
24
25	project_id: str \| None = None	×
26
27	if request is not None:	×
28	if "project_id" in request.json:	×
29	project_id = request.json["project_id"]	×
30	elif project_id in request.query_args:	×
31	project_id = request.query_args["project_id"]	×
32	elif "project_id" in request.args:	×
33	project_id = request.args["project_id"]	×
34
35	if project_id is not None:	×
36	result = await self._auth_with_repo(access_token, project_id)	×
37	else:
38	raise errors.ValidationError(message="project_id not found")	×
39
40	return result	×
41
42	async def _auth_with_repo(self, access_token: str, project_id: str) -> base_models.APIUser:	1✔
43	"""Check if a user has access to a repository on gitlab."""
44	client = gitlab.Gitlab(self.gitlab_url, oauth_token=access_token)	×
45	user = client.user	×
46	if user is None:	×
47	raise errors.Unauthorized(message="User not authorized")	×
48
49	if user.state != "active":	×
50	raise errors.Unauthorized(message="User isn't active")	×
51
52	user_id = user.get_id()	×
53
54	if user_id is None:	×
55	raise errors.Unauthorized(message="Could not get user id")	×
56
57	project = client.projects.get(id=project_id)	×
58	member = project.members.get(id=user_id)	×
59
60	is_admin = False	×
61
62	if member.access_level >= 30:	×
63	# Developer, Maintainer and Owner
64	is_admin = True	×
65
66	return base_models.APIUser(is_admin, str(user_id), access_token)	×

SwissDataScienceCenter / renku-data-services / 5936885816

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous