Commits

Joel Rivera committed 419cdd7

Add support for the goauth token at the transfer level, currently tested only in From Globus

Comments (0)

Files changed (4)

lib/galaxy/tools/actions/globus.py

 
 class GlobusTransfer(actions.DefaultToolAction):
     """This tool basically just works like a globus online client."""
+    GOAUTH_TOKEN_KEY = 'X-GLOBUS-TOKEN'
+    REMOTE_USER_KEY = 'X-GLOBUS-USER'
 
     def _get_transfer_info(self, incoming, config, from_go=False):
         msg = ['Globus transfer summary:', ]
             log.debug('Unable to find globus_gtouch configuration.' )
         username = trans.user.username
         home = os.path.join(trans.app.config.home_root, username)
-        incoming["username"] = username
-        incoming["userkey"] = os.path.join(home, trans.app.config.globus_userkey)
-        incoming["usercert"] = os.path.join(home, trans.app.config.globus_usercert)
         incoming["globuscert"] = trans.app.config.globus_rootcert
-
+        if self.REMOTE_USER_KEY in trans.environ:
+            incoming['username'] = trans.environ[self.REMOTE_USER_KEY]
+            log.debug('Using remote user %s' % incoming['username'])
+        else:
+            incoming["username"] = username
+        if self.GOAUTH_TOKEN_KEY in trans.environ: # give preference to the goauth token.
+            incoming['goauth'] = trans.environ[self.GOAUTH_TOKEN_KEY]
+        else:
+            incoming["userkey"] = os.path.join(home, trans.app.config.globus_userkey)
+            incoming["usercert"] = os.path.join(home, trans.app.config.globus_usercert)
         # Setup for "From Go" case
         if not incoming["to_path"]:
             to_path = incoming["from_path"].lstrip("/~")    

lib/galaxy/web/framework/ext/globus/middleware.py

 log = logging.getLogger(__name__)
 
 class UserAuthentication(object):
-    use_https = False
     default_nexus_server = 'nexus.api.globusonline.org'
     auth_page = """\
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                 if 'user' in qs:
                     user_not_allowed = qs['user'][0]
                 return self.NOT_ALLOWED, (user_not_allowed,)
-        user = self._user_in_session(session)
-        if user is not None:
-            return self.AUTHENTICATED, (user, )
+        user_n_token = self._user_in_session(session)
+        if user_n_token is not None:
+            return self.AUTHENTICATED, user_n_token
         if 'code' in qs:
             code = qs['code'][0]
             return self.LOGIN, (code,)
         return self.auth_page % {'url': self.globus_url(environ),
                                  'message': ''}
 
-    def _authenticate(self, session, start_response, environ, user):
-        environ['HTTP_REMOTE_USER'] = user['username']
+    def _authenticate(self, session, start_response, environ, user, atoken):
+        environ['HTTP_REMOTE_USER'] = user['username'] # this will be modified by galaxy
+        environ['X-GLOBUS-USER'] = user['username']
+        environ['X-GLOBUS-TOKEN'] = atoken
         return self.app(environ, start_response)
         
     def _do_logout(self, session, start_response, *args):
         if session is not None and \
                session in self.active_users:
             user, tokens = self.active_users[session]
-            log.debug('Loged in user %s with tokens %s' % (user, tokens))
-            return user
+            log.debug('Logged in user %s with tokens %s' % (user, tokens))
+            return user, tokens['access']
         return None
 
     def _fetch_access_tokens(self, code):
                 .format(self._host(env), self.nexus_client.client))
 
     def _host(self, env):
-        if self.use_https:
-            prefx = 'https'
-        else:
-            prefx = 'http'
+        scheme = env['wsgi.url_scheme']
         host = env['HTTP_HOST']
-        return '%s://%s' % (prefx, host)
+        return '%s://%s' % (scheme, host)
         
         

tools/globus/from_go.xml

     -c $usercert
     -C $globuscert
     -o transfer.log
+    --goauth-token "$goauth"
     --source-ep=$from_endpoint
     --source-path=$from_path
     --destination-ep=$to_endpoint
     --deadline=$deadline
   </command>
   <inputs>
+    <param name="goauth" type="hidden" size="100" label="Globus Auth Token">
+      <sanitizer>
+	<valid>
+	  <add value="|"/>
+	</valid>
+      </sanitizer>
+    </param>
     <param name="username" type="hidden" size="100" label="Globus Username"/>
     <param name="userkey" type="hidden" size="100" label="Globus User Key"/>
     <param name="usercert" type="hidden" size="100" label="Globus User Certificate"/>

tools/globus/transfer.py

                       help="Deadline for transfer in minutes.")
     parser.add_option("-g", "--galaxy-dataset-id", dest="galaxy_dataset_id",
                       help="Galaxy Dataset Id For This Transfer")
+    parser.add_option('-a', '--goauth-token', dest="goauth_token",
+                      help="Use the Globus Access Token as the authentication" \
+                      " method for this transfer")
     parser.set_defaults(base_url=transfer_api.DEFAULT_BASE_URL)
     parser.set_defaults(output=sys.stdout)
     options, args = parser.parse_args(args)
 
 if __name__ == '__main__':
     options, args = process_args()
-    api = transfer_api.TransferAPIClient(args[0],
-                                         server_ca_file=options.server_ca_file,
-                                         cert_file=options.cert_file,
-                                         key_file=options.key_file,
-                                         base_url=options.base_url)
+    apikwargs = {'base_url':  options.base_url,
+                 'server_ca_file': options.server_ca_file}
+    if options.goauth_token is None:
+        apikwargs['cert_file'] = options.cert_file,
+        apikwargs['key_file'] = options.key_file
+    else:
+        apikwargs['goauth'] = options.goauth_token.strip()
+    api = transfer_api.TransferAPIClient(args[0], **apikwargs)
     output = options.output
     display_endpoints()
     transfer(options.source_ep, options.source_path,