Merge pull request #8 from LabKey/fb_csrf

ServerContext, CSRF

Author: labkey-ians

labkey/experiment.py

@@ -16,40 +16,6 @@
 from __future__ import unicode_literals
 import json
 
-from requests.exceptions import SSLError, ConnectionError
-from labkey.utils import build_url, handle_response
-from labkey.exceptions import ServerContextError, ServerNotFoundError
-
-
-# EXAMPLE
-# -------
-
-# from utils import create_server_context
-# from experiment import load_batch, save_batch
-#
-# print("Create a server context")
-# server_context = create_server_context('localhost:8080', 'CDSTest Project', 'labkey', use_ssl=False)
-#
-# print("Load an Assay batch from the server")
-# assay_id = # provide one from your server
-# batch_id = # provide one from your server
-# run_group = load_batch(server_context, assay_id, batch_id)
-#
-# if run_group is not None:
-# 	print("Batch Id: " + str(run_group.id))
-# 	print("Created By: " + run_group.created_by)
-#
-# 	print("Modify a property")
-# 	batch_property_name = '' # provide one from your assay
-# 	batch_property_value = '' # provide one
-# 	run_group.properties[batch_property_name] = batch_property_value
-#
-# 	print("Save the batch")
-# 	save_batch(server_context, assay_id, run_group)
-
-# --------
-# /EXAMPLE
-
 
 # TODO Incorporate logging
 def load_batch(server_context, assay_id, batch_id):
@@ -60,8 +26,7 @@ def load_batch(server_context, assay_id, batch_id):
     :param batch_id:
     :return:
     """
-    load_batch_url = build_url(server_context, 'assay', 'getAssayBatch.api')
-    session = server_context['session']
+    load_batch_url = server_context.build_url('assay', 'getAssayBatch.api')
     loaded_batch = None
 
     payload = {
@@ -74,15 +39,9 @@ def load_batch(server_context, assay_id, batch_id):
         'Accept': 'text/plain'
     }
 
-    try:
-        response = session.post(load_batch_url, data=json.dumps(payload, sort_keys=True), headers=headers)
-        json_body = handle_response(response)
-        if json_body is not None:
-            loaded_batch = Batch.from_data(json_body['batch'])
-    except SSLError as e:
-        raise ServerContextError(e)
-    except ConnectionError as e:
-        raise ServerNotFoundError(e)
+    json_body = server_context.make_request(load_batch_url, json.dumps(payload, sort_keys=True), headers=headers)
+    if json_body is not None:
+        loaded_batch = Batch.from_data(json_body['batch'])
 
     return loaded_batch
 
@@ -110,11 +69,9 @@ def save_batches(server_context, assay_id, batches):
     :param batches: The Batch(es) to save.
     :return:
     """
-
-    save_batch_url = build_url(server_context, 'assay', 'saveAssayBatch.api')
-    session = server_context['session']
-
+    save_batch_url = server_context.build_url('assay', 'saveAssayBatch.api')
     json_batches = []
+
     if batches is None:
         return None  # Nothing to save
 
@@ -133,15 +90,10 @@ def save_batches(server_context, assay_id, batches):
         'Accept': 'text/plain'
     }
 
-    try:
-        # print(payload)
-        response = session.post(save_batch_url, data=json.dumps(payload, sort_keys=True), headers=headers)
-        json_body = handle_response(response)
-        if json_body is not None:
-            resp_batches = json_body['batches']
-            return [Batch.from_data(resp_batch) for resp_batch in resp_batches]
-    except SSLError as e:
-        raise ServerContextError(e)
+    json_body = server_context.make_request(save_batch_url, json.dumps(payload, sort_keys=True), headers=headers)
+    if json_body is not None:
+        resp_batches = json_body['batches']
+        return [Batch.from_data(resp_batch) for resp_batch in resp_batches]
 
     return None
 

labkey/query.py

@@ -47,9 +47,6 @@
 from __future__ import unicode_literals
 import json
 
-from labkey.utils import build_url, make_request
-
-
 _query_headers = {
     'Content-Type': 'application/json'
 }
@@ -79,17 +76,15 @@ def delete_rows(server_context, schema_name, query_name, rows, container_path=No
     :param timeout: timeout of request in seconds (defaults to 30s)
     :return:
     """
-    url = build_url(server_context, 'query', 'deleteRows.api', container_path=container_path)
+    url = server_context.build_url('query', 'deleteRows.api', container_path=container_path)
 
     payload = {
         'schemaName': schema_name,
         'queryName': query_name,
         'rows': rows
     }
 
-    # explicit json payload and headers required for form generation
-    return make_request(server_context, url, json.dumps(payload, sort_keys=True), headers=_query_headers,
-                        timeout=timeout)
+    return server_context.make_request(url, json.dumps(payload, sort_keys=True), headers=_query_headers, timeout=timeout)
 
 
 def execute_sql(server_context, schema_name, sql, container_path=None,
@@ -119,7 +114,7 @@ def execute_sql(server_context, schema_name, sql, container_path=None,
     :param timeout: timeout of request in seconds (defaults to 30s)
     :return:
     """
-    url = build_url(server_context, 'query', 'executeSql.api', container_path=container_path)
+    url = server_context.build_url('query', 'executeSql.api', container_path=container_path)
 
     payload = {
         'schemaName': schema_name,
@@ -148,7 +143,7 @@ def execute_sql(server_context, schema_name, sql, container_path=None,
     if required_version is not None:
         payload['apiVersion'] = required_version
 
-    return make_request(server_context, url, payload, timeout=timeout)
+    return server_context.make_request(url, payload, timeout=timeout)
 
 
 def insert_rows(server_context, schema_name, query_name, rows, container_path=None, timeout=_default_timeout):
@@ -162,17 +157,16 @@ def insert_rows(server_context, schema_name, query_name, rows, container_path=No
     :param timeout: timeout of request in seconds (defaults to 30s)
     :return:
     """
-    url = build_url(server_context, 'query', 'insertRows.api', container_path=container_path)
+    url = server_context.build_url('query', 'insertRows.api', container_path=container_path)
 
     payload = {
         'schemaName': schema_name,
         'queryName': query_name,
         'rows': rows
     }
 
-    # explicit json payload and headers required for form generation
-    return make_request(server_context, url, json.dumps(payload, sort_keys=True), headers=_query_headers,
-                        timeout=timeout)
+    return server_context.make_request(url, json.dumps(payload, sort_keys=True), headers=_query_headers,
+                                       timeout=timeout)
 
 
 def select_rows(server_context, schema_name, query_name, view_name=None,
@@ -216,7 +210,7 @@ def select_rows(server_context, schema_name, query_name, view_name=None,
     :param timeout: Request timeout in seconds (defaults to 30s)
     :return:
     """
-    url = build_url(server_context, 'query', 'getQuery.api', container_path=container_path)
+    url = server_context.build_url('query', 'getQuery.api', container_path=container_path)
 
     payload = {
         'schemaName': schema_name,
@@ -268,7 +262,7 @@ def select_rows(server_context, schema_name, query_name, view_name=None,
     if required_version is not None:
         payload['apiVersion'] = required_version
 
-    return make_request(server_context, url, payload, timeout=timeout)
+    return server_context.make_request(url, payload, timeout=timeout)
 
 
 def update_rows(server_context, schema_name, query_name, rows, container_path=None, timeout=_default_timeout):
@@ -283,17 +277,16 @@ def update_rows(server_context, schema_name, query_name, rows, container_path=No
     :param timeout: timeout of request in seconds (defaults to 30s)
     :return:
     """
-    url = build_url(server_context, 'query', 'updateRows.api', container_path=container_path)
+    url = server_context.build_url('query', 'updateRows.api', container_path=container_path)
 
     payload = {
         'schemaName': schema_name,
         'queryName': query_name,
         'rows': rows
     }
 
-    # explicit json payload and headers required for form generation
-    return make_request(server_context, url, json.dumps(payload, sort_keys=True), headers=_query_headers,
-                        timeout=timeout)
+    return server_context.make_request(url, json.dumps(payload, sort_keys=True), headers=_query_headers,
+                                       timeout=timeout)
 
 
 # TODO: Provide filter generators.

labkey/security.py

@@ -15,8 +15,6 @@
 #
 from __future__ import unicode_literals
 
-from labkey.utils import build_url, make_request
-
 security_controller = 'security'
 user_controller = 'user'
 
@@ -68,13 +66,13 @@ def create_user(server_context, email, container_path=None, send_email=False):
     :param send_email: true to send email notification to user
     :return:
     """
-    url = build_url(server_context, security_controller, 'createNewUser.api', container_path)
+    url = server_context.build_url(security_controller, 'createNewUser.api', container_path)
     payload = {
         'email': email,
         'sendEmail': send_email
     }
 
-    return make_request(server_context, url, payload)
+    return server_context.make_request(url, payload)
 
 
 def deactivate_users(server_context, target_ids, container_path=None):
@@ -118,8 +116,8 @@ def get_roles(server_context, container_path=None):
     :param container_path:
     :return:
     """
-    url = build_url(server_context, security_controller, 'getRoles.api', container_path=container_path)
-    return make_request(server_context, url, None)
+    url = server_context.build_url(security_controller, 'getRoles.api', container_path=container_path)
+    return server_context.make_request(url, None)
 
 
 def get_user_by_email(server_context, email):
@@ -129,9 +127,9 @@ def get_user_by_email(server_context, email):
     :param email:
     :return:
     """
-    url = build_url(server_context, user_controller, 'getUsers.api')
+    url = server_context.build_url(user_controller, 'getUsers.api')
     payload = dict(includeDeactivatedAccounts=True)
-    result = make_request(server_context, url, payload)
+    result = server_context.make_request(url, payload)
 
     if result is None or result['users'] is None:
         raise ValueError("No Users in container" + email)
@@ -144,13 +142,11 @@ def get_user_by_email(server_context, email):
 
 
 def list_groups(server_context, include_site_groups=False, container_path=None):
-    url = build_url(server_context, security_controller, 'listProjectGroups.api', container_path)
+    url = server_context.build_url(security_controller, 'listProjectGroups.api', container_path)
 
-    payload = {
+    return server_context.make_request(url, {
         'includeSiteGroups': include_site_groups
-    }
-
-    return make_request(server_context, url, payload)
+    })
 
 
 def remove_from_group(server_context, user_ids, group_id, container_path=None):
@@ -188,13 +184,11 @@ def reset_password(server_context, email, container_path=None):
     :param container_path:
     :return:
     """
-    url = build_url(server_context, security_controller, 'adminRotatePassword.api', container_path)
+    url = server_context.build_url(security_controller, 'adminRotatePassword.api', container_path)
 
-    payload = {
+    return server_context.make_request(url, {
         'email': email
-    }
-
-    return make_request(server_context, url, payload)
+    })
 
 
 def __make_security_group_api_request(server_context, api, user_ids, group_id, container_path):
@@ -207,18 +201,16 @@ def __make_security_group_api_request(server_context, api, user_ids, group_id, c
     :param container_path: Additional container context path
     :return: Request json object
     """
-    url = build_url(server_context, security_controller, api, container_path)
+    url = server_context.build_url(security_controller, api, container_path)
 
     # if user_ids is only a single scalar make it an array
     if not hasattr(user_ids, "__iter__"):
         user_ids = [user_ids]
 
-    payload = {
+    return server_context.make_request(url, {
         'groupId': group_id,
         'principalIds': user_ids
-    }
-
-    return make_request(server_context, url, payload)
+    })
 
 
 def __make_security_role_api_request(server_context, api, role, email=None, user_id=None, container_path=None):
@@ -234,15 +226,13 @@ def __make_security_role_api_request(server_context, api, role, email=None, user
     if email is None and user_id is None:
         raise ValueError("Must supply either/both [email] or [user_id]")
 
-    url = build_url(server_context, security_controller, api, container_path)
+    url = server_context.build_url(security_controller, api, container_path)
 
-    payload = {
+    return server_context.make_request(url, {
         'roleClassName': role['uniqueName'],
         'principalId': user_id,
         'email': email
-    }
-
-    return make_request(server_context, url, payload)
+    })
 
 
 def __make_user_api_request(server_context, target_ids, api, container_path=None):
@@ -254,9 +244,8 @@ def __make_user_api_request(server_context, target_ids, api, container_path=None
     :param container_path: container context
     :return: response json
     """
-    url = build_url(server_context, user_controller, api, container_path)
-    payload = {
-        'userId': target_ids
-    }
+    url = server_context.build_url(user_controller, api, container_path)
 
-    return make_request(server_context, url, payload)
+    return server_context.make_request(url, {
+        'userId': target_ids
+    })

labkey/unsupported/messageboard.py

@@ -23,7 +23,6 @@
 """
 from __future__ import unicode_literals
 from requests.exceptions import SSLError
-from labkey.utils import build_url
 
 
 def post_message(server_context, message_title, message_body, render_as, container_path=None):
@@ -36,19 +35,16 @@ def post_message(server_context, message_title, message_body, render_as, contain
     :param container_path: Optional container path that can be used to override the server_context container path
     :return: Returns 1 if successful, 0 is post failed.
     """
-    # Build the URL for querying LabKey Server
-    message_url = build_url(server_context, 'announcements', 'insert.api', container_path=container_path)
+    message_url = server_context.build_url('announcements', 'insert.api', container_path=container_path)
 
     message_data = {
         'title': message_title,
         'body': message_body,
         'rendererType': render_as
     }
 
-    session = server_context['session']
-
     try:
-        message_response = session.post(message_url, message_data)
+        server_context.make_request(message_url, message_data)
     except SSLError as e:
         print("There was problem while attempting to submit the message to " + str(e.geturl()) + ". The HTTP response code was " + str(e.getcode()))
         print("The HTTP client error was: " + format(e))