Merge pull request #645 from bourque/fix-authentication

Fix authentication through auth.mast
spacetelescope · Oct 16, 2020 · a5309a1 · a5309a1
2 parents 0f49c08 + 2f100d7
commit a5309a1
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -177,7 +177,8 @@ Any questions about the `jwql` project or its software can be directed to `jwql@
 - Van Dixon (INS)
 - Tom Donaldson (DMD) [@tomdonaldson](https://github.com/tomdonaldson)
 - Kim DuPrie (DMD)
-- Jonathan Eisenhamer (DMD) [@stscieisenhamer](https://githublcom/stscieisenhamer)
+- Jonathan Eisenhamer (DMD) [@stscieisenhamer](https://github.com/stscieisenhamer)
+- Ben Falk (DMD) [@falkben](https://github.com/falkben)
 - Ann Feild (OPO)
 - Mike Fox (DSMO) [@mfox22](https://github.com/mfox22)
 - Scott Friedman (INS)

diff --git a/environment_python_3_6.yml b/environment_python_3_6.yml
@@ -3,6 +3,7 @@ channels:
 - http://ssb.stsci.edu/astroconda
 dependencies:
 - astroquery=0.4
+- authlib=0.15.1
 - bokeh>=1.0,<1.4
 - django=2.2.5
 - drizzle=1.13
@@ -31,9 +32,9 @@ dependencies:
 - pip:
   - asdf==2.7.1
   - astropy==4.0.1
-  - authlib==0.14.3
   - codecov==2.1.9
   - crds==10.0.0
+  - cryptography==3.1.1
   - jwedb>=0.0.3
   - jwst==0.17.1
   - pysqlite3==0.2.2

diff --git a/environment_python_3_7.yml b/environment_python_3_7.yml
@@ -3,6 +3,7 @@ channels:
 - http://ssb.stsci.edu/astroconda
 dependencies:
 - astroquery=0.4
+- authlib=0.15.1
 - bokeh>=1.0,<1.4
 - django=3.0.3
 - flake8=3.8.3
@@ -30,9 +31,9 @@ dependencies:
 - pip:
   - asdf==2.7.1
   - astropy==4.0.1.post1
-  - authlib==0.14.3
   - codecov==2.1.9
   - crds==10.0.0
+  - cryptography==3.1.1
   - jwedb==0.0.6
   - jwst==0.17.1
   - pysqlite3==0.4.3

diff --git a/environment_python_3_8.yml b/environment_python_3_8.yml
@@ -2,6 +2,7 @@ channels:
 - defaults
 - http://ssb.stsci.edu/astroconda
 dependencies:
+- authlib=0.15.1
 - django=3.0.3
 - flake8=3.8.3
 - inflection=0.3.1
@@ -27,10 +28,10 @@ dependencies:
   - asdf==2.7.1
   - astropy==4.0.1.post1
   - astroquery==0.4.1
-  - authlib==0.14.3
   - bokeh>=1.0,<1.4
   - codecov==2.1.9
   - crds==10.0.0
+  - cryptography==3.1.1
   - jwedb==0.0.6
   - jwst==0.17.1
   - pysiaf==0.9.0

diff --git a/jwql/website/apps/jwql/oauth.py b/jwql/website/apps/jwql/oauth.py
@@ -8,6 +8,7 @@
 
     - Matthew Bourque
     - Christian Mesh
+    - Ben Falk
 
 Use
 ---
@@ -41,8 +42,9 @@ def login(request):
 import os
 import requests
 
-from authlib.django.client import OAuth
+from authlib.integrations.django_client import OAuth
 from django.shortcuts import redirect, render
+from django.urls import reverse
 
 import jwql
 from jwql.utils.constants import MONITORS
@@ -71,14 +73,15 @@ def register_oauth():
 
     # Register with auth.mast
     oauth = OAuth()
-    client_kwargs = {'scope': 'mast:user:info'}
+    client_kwargs = {
+        'scope': 'mast:user:info',
+        'token_endpoint_auth_method': 'client_secret_basic',
+        'token_placement': 'header'}
     oauth.register(
         'mast_auth',
         client_id='{}'.format(client_id),
         client_secret='{}'.format(client_secret),
-        access_token_url='https://{}/oauth/access_token?client_secret={}'.format(
-            auth_mast, client_secret
-        ),
+        access_token_url='https://{}/oauth/token'.format(auth_mast),
         access_token_params=None,
         refresh_token_url=None,
         authorize_url='https://{}/oauth/authorize'.format(auth_mast),
@@ -109,9 +112,7 @@ def authorize(request):
     """
 
     # Get auth.mast token
-    token = JWQL_OAUTH.mast_auth.authorize_access_token(
-        request, headers={'Accept': 'application/json'}
-    )
+    token = JWQL_OAUTH.mast_auth.authorize_access_token(request)
 
     # Determine domain
     base_url = get_base_url()
@@ -259,7 +260,7 @@ def login(request, user):
     # Redirect to oauth login
     global PREV_PAGE
     PREV_PAGE = request.META.get('HTTP_REFERER')
-    redirect_uri = os.path.join(get_base_url(), 'authorize')
+    redirect_uri = f"{get_base_url()}{reverse('jwql:authorize')}"
 
     return JWQL_OAUTH.mast_auth.authorize_redirect(request, redirect_uri)
 

diff --git a/requirements.txt b/requirements.txt
@@ -1,17 +1,19 @@
 asdf==2.7.1
 astropy==4.0.1.post1
 astroquery==0.4.1
-authlib==0.14.3
+authlib==0.15.1
 bokeh==1.3.4
 codecov==2.1.9
 crds==10.0.0
+cryptography==3.1.1
 django==2.2.5
 flake8==3.8.3
 inflection==0.5.1
 ipython==7.18.1
 jinja2==2.11.2
 jsonschema==3.2.0
 jwedb>=0.0.6
+jwst==0.17.1
 matplotlib==3.3.2
 nodejs==10.13.0
 numpy==1.19.2
@@ -26,5 +28,4 @@ sphinx==3.2.1
 sqlalchemy==1.3.19
 stsci_rtd_theme==0.0.2
 twine==3.2.0
-git+https://github.com/spacetelescope/[email protected]
 git+https://github.com/spacetelescope/jwst_reffiles#egg=jwst_reffiles
diff --git a/setup.py b/setup.py
@@ -20,6 +20,7 @@
     'bokeh>=1.0,<1.4',
     'codecov',
     'crds',
+    'cryptography',
     'django>=2.0,<3.0',
     'flake8',
     'inflection',