Remove unused oauth2 blueprint and its settings and dependencies (#402)

uc-cdis · Oct 9, 2023 · 6b96042 · 6b96042
1 parent 5b5c6b9
commit 6b96042
Show file tree

Hide file tree

Showing 9 changed files with 10 additions and 87 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -109,7 +109,7 @@
         "filename": "bin/settings.py",
         "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
         "is_verified": false,
-        "line_number": 44
+        "line_number": 43
       }
     ],
     "docs/local_dev_environment.md": [
@@ -327,5 +327,5 @@
       }
     ]
   },
-  "generated_at": "2023-05-10T15:28:32Z"
+  "generated_at": "2023-10-06T21:59:13Z"
 }
diff --git a/Dockerfile b/Dockerfile
@@ -11,9 +11,7 @@
 #   "db_database": "",
 #   "gdcapi_secret_key": "",
 #   "indexd_password": "",
-#   "hostname": "",
-#   "oauth2_client_id": "",
-#   "oauth2_client_secret": ""
+#   "hostname": ""
 # }
 # - Build the image: `docker build . -t sheepdog -f Dockerfile`
 # - Run: `docker run -v /full/path/to/creds.json:/var/www/sheepdog/creds.json -p 81:80 sheepdog`

diff --git a/bin/settings.py b/bin/settings.py
@@ -46,25 +46,8 @@ def load_json(file_name):
         for key in ["fence_username", "fence_password", "fence_host", "fence_database"]
     ]
 )
-config["OIDC_ISSUER"] = "https://%s/user" % conf_data["hostname"]
 
-config["OAUTH2"] = {
-    "client_id": conf_data.get("oauth2_client_id", "{{oauth2_client_id}}"),
-    "client_secret": conf_data.get("oauth2_client_secret", "{{oauth2_client_secret}}"),
-    "api_base_url": "https://%s/user/" % conf_data["hostname"],
-    "authorize_url": "https://%s/user/oauth2/authorize" % conf_data["hostname"],
-    "access_token_url": "https://%s/user/oauth2/token" % conf_data["hostname"],
-    "refresh_token_url": "https://%s/user/oauth2/token" % conf_data["hostname"],
-    "client_kwargs": {
-        "redirect_uri": "https://%s/api/v0/oauth2/authorize" % conf_data["hostname"],
-        "scope": "openid data user",
-    },
-    # deprecated key values, should be removed after all commons use new oidc
-    "internal_oauth_provider": "http://fence-service/oauth2/",
-    "oauth_provider": "https://%s/user/oauth2/" % conf_data["hostname"],
-    "redirect_uri": "https://%s/api/v0/oauth2/authorize" % conf_data["hostname"],
-}
-config["USER_API"] = config["OIDC_ISSUER"]  # for use by authutils
+config["USER_API"] = "https://%s/user" % conf_data["hostname"]  # for use by authutils
 # use the USER_API URL instead of the public issuer URL to accquire JWT keys
 config["FORCE_ISSUER"] = True
 config["DICTIONARY_URL"] = environ.get(

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sheepdog"
-version = "5.1.0"
+version = "5.1.1"
 description = "Gen3 Submission Service"
 authors = ["CTDS UChicago <[email protected]>"]
 license = "Apache-2.0"
@@ -50,7 +50,6 @@ pytest = ">=4.6.5"
 pytest-cov = ">=2.5.1"
 requests_mock = ">=1.4.0"
 coverage = ">=5.3.0"
-cdis_oauth2client = ">=1.1.0"
 mock = ">=1.0.1"
 pytest-flask = ">=1.2.0"
 moto = ">=0.4.5"

diff --git a/sheepdog/api.py b/sheepdog/api.py
@@ -6,8 +6,6 @@
 from flask import Flask, jsonify
 from psqlgraph import PsqlGraphDriver
 
-from authutils.oauth2 import client as oauth2_client
-from authutils.oauth2.client import blueprint as oauth2_blueprint
 from authutils import AuthError
 from cdispyutils.log import get_handler
 from cdispyutils.uwsgi import setup_user_harakiri
@@ -55,20 +53,13 @@ def app_register_blueprints(app):
     models.init(md)
     validators.init(vd)
 
-    # register each blueprint twice (at `/` and at `/v0/`). Flask requires the
-    # blueprint names to be unique, so rename them before registering the 2nd time
-    v0 = "/v0"
-
+    # register the blueprint twice (at `/` and at `/v0/`). Flask requires the
+    # blueprint names to be unique, so rename it before registering the 2nd time
     sheepdog_blueprint = sheepdog.create_blueprint("submission")
-    app.register_blueprint(sheepdog_blueprint, url_prefix=v0 + "/submission")
+    app.register_blueprint(sheepdog_blueprint, url_prefix="/v0/submission")
     sheepdog_blueprint.name += "_legacy"
     app.register_blueprint(sheepdog_blueprint, url_prefix="/submission")
 
-    # TODO we may be able to deprecate the oauth2 endpoints?
-    app.register_blueprint(oauth2_blueprint.blueprint, url_prefix=v0 + "/oauth2")
-    oauth2_blueprint.blueprint.name += "_legacy"
-    app.register_blueprint(oauth2_blueprint.blueprint, url_prefix="/oauth2")
-
 
 def db_init(app):
     app.logger.info("Initializing PsqlGraph driver")
@@ -89,8 +80,6 @@ def db_init(app):
     if app.config.get("AUTO_MIGRATE_DATABASE"):
         migrate_database(app)
 
-    app.oauth_client = oauth2_client.OAuthClient(**app.config["OAUTH2"])
-
     app.logger.info("Initializing index client")
     app.index_client = IndexClient(
         app.config["INDEX_CLIENT"]["host"],

diff --git a/sheepdog/dev_settings.py b/sheepdog/dev_settings.py
@@ -74,21 +74,6 @@
 )
 
 USER_API = "http://localhost/user/"
-OIDC_ISSUER = "http://localhost"
-OAUTH2 = {
-    "client_id": os.environ.get("CDIS_GDCAPI_CLIENT_ID"),
-    "client_secret": os.environ.get("CDIS_GDCAPI_CLIENT_SECRET"),
-    "api_base_url": USER_API,
-    "authorize_url": "http://localhost/user/oauth2/authorize",
-    "access_token_url": "http://localhost/user/oauth2/token",
-    "refresh_token_url": "http://localhost/user/oauth2/token",
-    "client_kwargs": {
-        "redirect_uri": os.environ.get(
-            "CDIS_GDCAPI_OAUTH_REDIRECT", "http://localhost/api/v0/oauth2/authorize"
-        ),
-        "scope": "openid data user",
-    },
-}
 
 SESSION_COOKIE_NAME = "sheepdog_session"
 # verify project existence in dbgap or not

diff --git a/sheepdog/test_settings.py b/sheepdog/test_settings.py
@@ -38,13 +38,6 @@
 
 FLASK_SECRET_KEY = "flask_test_key"  # nosec
 
-OAUTH2 = {
-    "client_id": "",
-    "client_secret": "",
-    "oauth_provider": "",
-    "redirect_uri": "",
-}
-
 USER_API = "localhost"
 BASE_URL = "localhost"
 

diff --git a/tests/integration/api.py b/tests/integration/api.py
@@ -8,8 +8,6 @@
 import sqlite3
 import sys
 
-import cdis_oauth2client
-from cdis_oauth2client import OAuth2Client, OAuth2Error
 from cdispyutils.log import get_handler
 from flask import Flask, jsonify
 from flask_sqlalchemy_session import flask_scoped_session
@@ -39,8 +37,6 @@ def db_init(app):
         set_flush_timestamps=True,
     )
 
-    app.oauth2 = OAuth2Client(**app.config["OAUTH2"])
-
     app.logger.info("Initializing Indexd driver")
     app.index_client = IndexClient(
         app.config["INDEX_CLIENT"]["host"],
@@ -108,8 +104,7 @@ def _log_and_jsonify_exception(e):
     """
     Log an exception and return the jsonified version along with the code.
 
-    This is the error handling mechanism for ``APIErrors`` and
-    ``OAuth2Errors``.
+    This is the error handling mechanism for ``APIErrors``.
     """
     app.logger.exception(e)
     if hasattr(e, "json") and e.json:
@@ -119,9 +114,6 @@ def _log_and_jsonify_exception(e):
 
 app.register_error_handler(APIError, _log_and_jsonify_exception)
 
-app.register_error_handler(APIError, _log_and_jsonify_exception)
-app.register_error_handler(OAuth2Error, _log_and_jsonify_exception)
-
 OLD_SQLITE = sqlite3.sqlite_version_info < (3, 7, 16)
 
 INDEX_HOST = "index.sq3"