Skip to content

Implement Biocommons user registration endpoint #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
minh-biocommons merged 3 commits into from
Aug 20, 2025
Merged

Implement Biocommons user registration endpoint #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7b629e0
Implement Biocommons user registration endpoint and associated schemas
minh-biocommons Aug 18, 2025
fc36622
Refactor bundle configuration and improve group membership validation…
minh-biocommons Aug 20, 2025
492c50a
Update bundle configuration to auto-approve platform memberships and …
minh-biocommons Aug 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 48 additions & 12 deletions db/admin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
from db.models import (
Auth0Role,
BiocommonsGroup,
BiocommonsUser,
GroupMembership,
GroupMembershipHistory,
)
Expand All @@ -32,11 +33,11 @@ def setup_oauth():
api_base_url=f"https://{settings.auth0_domain}",
access_token_url=f"https://{settings.auth0_domain}/oauth/token",
authorize_url=f"https://{settings.auth0_domain}/authorize",
server_metadata_url=f'https://{settings.auth0_domain}/.well-known/openid-configuration',
server_metadata_url=f"https://{settings.auth0_domain}/.well-known/openid-configuration",
client_kwargs={
"scope": "openid profile email",
"audience": settings.auth0_audience
}
"audience": settings.auth0_audience,
},
)
return oauth.create_client("auth0")

Expand All @@ -63,14 +64,22 @@ async def authenticate(self, request: Request) -> Union[bool, RedirectResponse]:
roles = request.session.get("biocommons_roles")
if not roles:
print("Redirecting to Auth0 for login.")
redirect_uri = request.url_for('login_auth0')
redirect_uri = request.url_for("login_auth0")
return await self.auth0_client.authorize_redirect(request, redirect_uri)
for role in roles:
if role in settings.admin_roles:
return True
return False


class BiocommonsUserAdmin(ModelView, model=BiocommonsUser):
can_edit = False
can_create = False
can_delete = False
column_list = ["id", "username", "email", "created_at"]
column_default_sort = ("created_at", True)


class GroupAdmin(ModelView, model=BiocommonsGroup):
can_edit = False
can_create = False
Expand All @@ -88,26 +97,49 @@ class GroupMembershipAdmin(ModelView, model=GroupMembership):
can_edit = False
can_create = False
can_delete = False
column_list = ["name", "group_id", "user_email", "user_id", "approval_status", "updated_at", "updated_by_email"]
column_list = [
"name",
"group_id",
"user_email",
"user_id",
"approval_status",
"updated_at",
"updated_by_email",
]
column_filters = [
AllUniqueStringValuesFilter(GroupMembership.group_id),
AllUniqueStringValuesFilter(GroupMembership.approval_status)
AllUniqueStringValuesFilter(GroupMembership.approval_status),
]


class GroupMembershipHistoryAdmin(ModelView, model=GroupMembershipHistory):
can_edit = False
can_create = False
can_delete = False
column_list = ["name", "group_id", "user_email", "user_id", "approval_status", "updated_at", "updated_by_email"]
column_list = [
"name",
"group_id",
"user_email",
"user_id",
"approval_status",
"updated_at",
"updated_by_email",
]
column_default_sort = ("updated_at", True)


class DatabaseAdmin:
"""
Sets up the Admin app for the database.
"""
views = (GroupAdmin, Auth0RoleAdmin, GroupMembershipAdmin, GroupMembershipHistoryAdmin,)

views = (
BiocommonsUserAdmin,
GroupAdmin,
Auth0RoleAdmin,
GroupMembershipAdmin,
GroupMembershipHistoryAdmin,
)

def __init__(self, app: FastAPI, secret_key: str):
self.app = app
Expand All @@ -116,8 +148,10 @@ def __init__(self, app: FastAPI, secret_key: str):
app,
engine=get_engine(),
base_url="/db_admin",
authentication_backend=AdminAuth(secret_key=secret_key, auth0_client=self.auth0_client),
title="AAI Backend Admin"
authentication_backend=AdminAuth(
secret_key=secret_key, auth0_client=self.auth0_client
),
title="AAI Backend Admin",
)
self.admin.app.router.add_route("/auth/auth0", self.login_auth0)

Expand All @@ -138,6 +172,8 @@ async def login_auth0(self, request: Request) -> Response:
if not payload:
raise HTTPException(status_code=401, detail="Could not verify JWT.")
if not payload.has_admin_role(settings):
raise HTTPException(status_code=401, detail="User does not have admin role.")
request.session['biocommons_roles'] = payload.biocommons_roles
raise HTTPException(
status_code=401, detail="User does not have admin role."
)
request.session["biocommons_roles"] = payload.biocommons_roles
return RedirectResponse(request.url_for("admin:index"), status_code=302)
Loading