561e254315
Prevents non-admin users from editing each others' tasks. Fixes bug where test user uid was not being set from token. Moves complete form and get workflow API test utility methods into BaseTest.
2020-06-12 13:46:10 -04:00
768f14b3ac
Cleans up console logging
2020-06-11 13:42:44 -04:00
312eef4d40
Raises 403 error if no user found
2020-06-11 13:07:27 -04:00
cccff9b856
Fixes broken unit tests. But still broken.
2020-06-11 11:29:58 -04:00
87e2379871
Merge branch 'rrt/dev' into feature/swagger_admin_authentication
2020-06-08 10:30:16 -04:00
fed6e86f92
Trying to fix LDAP issues on production. Changing LDAP to static only methods, caching the connection and calling bind before all connection requests.
...
Also assuring we don't load the documents.xls file over and over again.
2020-06-04 14:59:36 -04:00
c7484267e1
For the main approval endpoints - we now group the approvals by study. So you get one record back for each study, but it may have other approvals along with it as "related_approvals".
...
We now cache the LDAP records - so we look in our own database for the record before calling out to ldap for the details when given a straight up computing id like dhf8r.
Added "date_approved" to the approval model.
And moved the approver and primary investigator into real associated models to make it easier to dump.
Fixed a problem with the validation that was causing it to throw incorrect errors on valid workflows. Getting it to behave a little more like the front end behaves, and respecting the read-only fields. But it was mainly to do with always returning all the data with each form submission.
2020-06-02 18:17:00 -04:00
c2a1b0175a
Tweaks to approvals
2020-06-01 21:49:30 -04:00
c4a84ac509
Work in progress: Trying to get Swagger to use verify_token_admin to protect admin endpoints. Not working for some reason, though.
2020-05-31 18:01:08 -04:00
be9b613bbb
Refactors user authentication endpoints so we can use the Swagger UI in production mode
2020-05-31 16:49:39 -04:00
afb6be7c60
re-working the way the redirects function, so we pass arguments as a get parameter. Just trying to get rid of the weird lag on production.
...
I noticed the validation sometimes looks ahead for files, so looking at all the tasks now, not just the ready tasks for the lookup field.
Ran into an issue with validation where a workflow model was required, so I create one and delete it. Another refactor for another day.
2020-05-29 04:42:48 -04:00
987790164e
use redirect, not redirect_url.
2020-05-26 15:09:57 -04:00
a14168362a
Merge branch 'feature/support_ui_dashboard' into dev
2020-05-25 21:31:16 -04:00
6cd4ef64d1
Fixing add_study api endpoint, so you can actually add a new "Study" with just some basic information.
...
Using the LDAP service for checking user details in development mode - even if you are using the back door.
Added a new Flask fucntion load-example-rrt-data that loads the rrt workflow, and not the CRC wrokflows.
Modified the "load-example-data" in the tests to use some test data, rather than loading up all the workflows[
in CRC each time, with a parameter to load crc data if that is required - which is enabled for just a handful of tests.
(Tests run in 1/4 the time now)
2020-05-25 12:29:05 -04:00
4eaee57076
Apparently, APPLICATION_ROOT does something.
2020-05-24 00:05:13 -04:00
68084a84cf
Adds base href environment variable. Sets base path for API and all routes from BASE_HREF environment variable.
2020-05-23 22:07:22 -04:00
6c14248ef9
Adds 'v1.0/' to login route
2020-05-23 14:49:02 -04:00
b490005af7
dropping the remaining config stuff for flask_sso.
...
updaing the user 'sso' endpoint to provide additional information for debugging.
Pulling information from ldap to stay super consistent on where we get our information.
2020-05-22 09:50:18 -04:00
4627318818
Dropping flask_sso library in favor of reading from the headers directly. Updating login to read from ldap once it has the user_id. Adding more information to the sso endpoint.
2020-05-22 07:55:58 -04:00
0265db7146
adding an /sso endpoint for testing.
2020-05-21 16:02:45 -04:00
4628834106
just a few more logging details.
2020-05-21 12:11:35 -04:00
f2c9fd5fc4
adding a default url. And some debugging information to see if we hit he endpoint in the logs.
2020-05-14 15:07:05 -04:00
f4342fc785
It became impossible to use the Swagger ui when we started adding authentication to all of the calls. I discovered Connexion and Swagger have a default way of handing JTW authentication and this cleans up our code quite a bit, moves the securing of endpoints into the API Definition, which is quite nice, and removes a whole library dependency (I never get to do that!) I added a SWAGGER_AUTH_KEY that can be used in non-production environments to allow users to quickly authenticate from the Swagger ui. I also removed all api calls to simple little happy api services, because that is just mean and pointless.
2020-03-24 14:15:21 -04:00
002207cbca
Adds redirect URL to login handler
2020-02-24 16:59:16 -05:00
eb6354db6e
Moves sso_backdoor parameters to query string. Prevents duplication of user on update.
2020-02-21 11:24:39 -05:00
a6e0809183
Adds SSO attributes. Prevents uid duplication errors.
2020-02-20 17:23:10 -05:00
581434b453
Adds SSO header attributes
2020-02-20 15:43:29 -05:00
a642593e3d
Adding support to handle Single Sign On (Shibboleth) authentication using Flask SSO and an attribute map that has worked in the past with UVA's implementation. Aside from the new user endpoint, nothing requires authentication, but soon everything will expect it. I'm setting up a backdoor we can use for development and staging that will cause a round-robin affair that should make this relatively painless. Dropped "RestException" as we had two ways or raising errors, and that was silly.
2020-02-18 16:38:56 -05:00
Aaron Louie
Dan Funk