GithubHelp home page GithubHelp logo

microscopepony / omero-oauth Goto Github PK

View Code? Open in Web Editor NEW
0.0 2.0 3.0 187 KB

OMERO.web application to allow OAuth2 login to OMERO

Home Page: https://gitlab.com/openmicroscopy/incubator/omero-oauth/

License: GNU Affero General Public License v3.0

Python 76.75% CSS 6.28% HTML 16.97%
ome openmicroscopy omero omero-web omero-web-app oauth2

omero-oauth's Introduction

https://travis-ci.com/manics/omero-oauth.svg?branch=master

OMERO.oauth

πŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”Ά

This a fork of https://gitlab.com/openmicroscopy/incubator/omero-oauth

Please use the above GitLab repository for all issues.

πŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”ΆπŸ”Ά

OMERO.web application to allow OAuth2 login to OMERO.

This application works by using an OMERO administrative account to implement an alternative authentication method to the standard username and password. Ensure you review the code and understand the consequences before using this application.

./docs/screenshot-login.png

Requirements

  • OMERO.web 5.4 or newer.

Installation

This section assumes that an OMERO.web is already installed.

$ python setup.py install
$ omero config append omero.web.apps '"omero_oauth"'

OMERO.web 5.4.* contains a bug that prevents login using this app. You will need to apply the patch omeroweb-5.4.10-webgateway-marshal-py.patch to your copy of OMERO.web:

$ cd OMERO.py-5.4.10-ice36-b105
$ patch -p1 < ../omeroweb-5.4.10-webgateway-marshal-py.patch

This bug is fixed in 5.5.0: ome/openmicroscopy#5890

Configuration settings:

  • omero.web.oauth.display.name: Name of the login page, default OAuth Client
  • omero.web.oauth.host: OMERO.server hostname
  • omero.web.oauth.port: OMERO.server port, optional, default 4064
  • omero.web.oauth.admin.user: OMERO admin username, must have permission to create groups, users, and user sessions using sudo
  • omero.web.oauth.admin.password: Password for OMERO admin username
  • omero.web.oauth.user.timeout: Maximum session length in seconds, default 86400
  • omero.web.oauth.group.name: Default group for new users, will be created if it doesn't exist
  • omero.web.oauth.group.templatetime: If True expand omero.web.oauth.group.name using strftime to enable time-based groups, default disabled
  • omero.web.oauth.group.perms: Permissions on default group for new users if it doesn't exist
  • omero.web.oauth.sessiontoken.enable: Allow new session tokens to be generated that can be used to login to an OMERO client, disabled by default

OAuth2 provider settings:

  • omero.web.oauth.providers: Either a JSON object containing the full OAuth provider configuration { "providers:" [ ...] }, or a file-path to the configuration file in either JSON or YAML format. See the schema for details on each field.

Restart OMERO.web in the usual way.

$ omero web restart

Users will be able to sign-in using OAuth at https://omero.web.host/oauth.

It is not possible to login to other OMERO clients in the usual way since no password is set. If you set omero.web.oauth.sessiontoken.enable=true users can go to https://omero.web.host/oauth/sessiontoken to obtain a new session token.

Configuration Examples

An example provider configuration with three providers is provided, along with an example OMERO.web configuration file. Be sure to read the comments in the files before using them.

After editing the example files you can copy the provider configuration and apply the example omero-web configuration:

$ cp multi-example.yaml /opt/omero/web/config/oauth-providers.yaml
$ omero load config-example.omero

Development

OAuth2 requires https to be used throughout. During development you can disable this by setting an environment variable OAUTHLIB_INSECURE_TRANSPORT=1.

Release process

Use bumpversion to increment the version, commit and tag the repo.

$ bumpversion patch
$ git push origin master
$ git push --tags

License

OMERO.oauth is released under the AGPL.

Copyright

2019, The Open Microscopy Environment

omero-oauth's People

Contributors

manics avatar

Watchers

avatar avatar

Forkers

vishnumitraha labsyspharm

omero-oauth's Issues

QA 30087: KeyError: 'oauth_state'

Info:

  • Web Bug 5.8.1
  • Python 3.6

Sent from web 5.8.1 (running on AWS with Python 3.6.8):

Traceback (most recent call last):

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
response = get_response(request)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/utils/decorators.py", line 67, in _wrapper
return bound_func(*args, **kwargs)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
return view(request, *args, **kwargs)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/utils/decorators.py", line 63, in bound_func
return func.__get__(self, type(self))(*args2, **kwargs2)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webgateway/views.py", line 3098, in dispatch
return super(LoginView, self).dispatch(*args, **kwargs)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/views/generic/base.py", line 88, in dispatch
return handler(request, *args, **kwargs)

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero_oauth-0.0.2-py3.6.egg/omero_oauth/views.py", line 81, in get
state = request.session.pop('oauth_state')

File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/contrib/sessions/backends/base.py", line 73, in pop
return self._session.pop(key, *args)

KeyError: 'oauth_state'

QA: 31017: KeyError 'given_name'

Info:

  • Web Bug 5.8.1
  • Python 3.6
  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

User feedback:

I have logged into Synapse and am trying to connect to OMERO through it, but get server error 500. I've tried using Edge and Chrome, but neither work.

Error:

Traceback (most recent call last):

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
response = get_response(request)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/utils/decorators.py", line 67, in _wrapper
return bound_func(*args, **kwargs)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
return view(request, *args, **kwargs)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/utils/decorators.py", line 63, in bound_func
return func.__get__(self, type(self))(*args2, **kwargs2)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/omeroweb/webgateway/views.py", line 3098, in dispatch
return super(LoginView, self).dispatch(*args, **kwargs)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/django/views/generic/base.py", line 88, in dispatch
return handler(request, *args, **kwargs)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/omero_oauth/views.py", line 95, in get
userinfo = oauth.get_userinfo(token)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/omero_oauth/providers.py", line 125, in get_userinfo
userinfo = f(token, userinfo_url)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/omero_oauth/providers.py", line 145, in userinfo_synapse_idp
userinfo = list(self._expand_all(decoded))

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/omero_oauth/providers.py", line 117, in _expand_all
firstname = self._expand_template('firstname', args)

File "/opt/omero/OMERO.venv/lib/python3.6/site-packages/omero_oauth/providers.py", line 112, in _expand_template
return template.format(**args)

KeyError: 'given_name'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.