Merge pull request #364 from EGA-archive/develop

Some hotfixes for .env files

beacon/api_version.yml

@@ -1 +1 @@
-api_version: v2.0-39cc125
+api_version: v2.0-2e81a7e

beacon/db/get_descendants.py

@@ -99,7 +99,7 @@ def get_descendants_and_similarities():
             array_of_ontologies.append(ft_doc["id"])
     for ontology in array_of_ontologies:
         ontology_list = ontology.split(':')
-        #load_ontology(ontology_list[0])    
+        load_ontology(ontology_list[0])    
         url = "/beacon/beacon/db/ontologies/{}.obo".format(ontology_list[0].lower())
         list_of_cousins = []
         list_of_brothers = []

beacon/request/model.py

@@ -1,12 +1,18 @@
 import logging
 from typing_extensions import Self
-from pydantic import BaseModel
+from pydantic import (
+    BaseModel,
+    ValidationError,
+    field_validator,
+    Field,
+    PrivateAttr)
 from strenum import StrEnum
 from typing import List, Optional, Union
 from beacon import conf
 from humps.main import camelize
 from aiohttp.web_request import Request
 from aiohttp import web
+import html
 
 LOG = logging.getLogger(__name__)
 
@@ -83,25 +89,138 @@ class RequestQuery(CamelModel):
     scope: str = None
 
 
+class RequestParams(CamelModel):
+    meta: RequestMeta = RequestMeta()
+    query: RequestQuery = RequestQuery()
+
+class SequenceQuery(BaseModel):
+    referenceName: Union[str,int]
+    start: int
+    alternateBases:str
+    referenceBases: str
+    clinicalRelevance: Optional[str] =None
+    mateName: Optional[str] =None
+    assemblyId: Optional[str] =None
+
+class RangeQuery(BaseModel):
+    referenceName: Union[str,int]
+    start: int
+    end: int
+    variantType: Optional[str] =None
+    alternateBases: Optional[str] =None
+    aminoacidChange: Optional[str] =None
+    variantMinLength: Optional[int] =None
+    variantMaxLength: Optional[int] =None
+    clinicalRelevance: Optional[str] =None
+    mateName: Optional[str] =None
+    assemblyId: Optional[str] =None
+
+class GeneIdQuery(BaseModel):
+    geneId: str
+    variantType: Optional[str] =None
+    alternateBases: Optional[str] =None
+    aminoacidChange: Optional[str] =None
+    variantMinLength: Optional[int] =None
+    variantMaxLength: Optional[int] =None
+    assemblyId: Optional[str] =None
+
+class BracketQuery(BaseModel):
+    referenceName: Union[str,int]
+    start: list
+    end: list
+    variantType: Optional[str] =None
+    clinicalRelevance: Optional[str] =None
+    mateName: Optional[str] =None
+    assemblyId: Optional[str] =None
+    @field_validator('start')
+    @classmethod
+    def start_must_be_array_of_integers(cls, v: list) -> list:
+        for num in v:
+            if isinstance(num, int):
+                pass
+            else:
+                raise ValueError
+    @field_validator('end')
+    @classmethod
+    def end_must_be_array_of_integers(cls, v: list) -> list:
+        for num in v:
+            if isinstance(num, int):
+                pass
+            else:
+                raise ValueError
+
+class GenomicAlleleQuery(BaseModel):
+    genomicAlleleShortForm: str
+    assemblyId: Optional[str] =None
+
+class AminoacidChangeQuery(BaseModel):
+    aminoacidChange: str
+    geneId: str
+    assemblyId: Optional[str] =None
+
 class RequestParams(CamelModel):
     meta: RequestMeta = RequestMeta()
     query: RequestQuery = RequestQuery()
 
     def from_request(self, request: Request) -> Self:
-        if request.method != "POST" or not request.has_body or not request.can_read_body:
+        request_params={}
+        if request.method != "POST" or not request.has_body or not request.can_read_body:            
             for k, v in request.query.items():
                 if k == "requestedSchema":
-                    self.meta.requested_schemas = [v]
+                    self.meta.requested_schemas = [html.escape(v)] # comprovar si és la sanitització recomanada
                 elif k == "skip":
-                    self.query.pagination.skip = int(v)
+                    self.query.pagination.skip = int(html.escape(v))
                 elif k == "limit":
-                    self.query.pagination.limit = int(v)
+                    self.query.pagination.limit = int(html.escape(v))
                 elif k == "includeResultsetResponses":
-                    self.query.include_resultset_responses = IncludeResultsetResponses(v)
-                elif k == 'filters' or k in ["start", "end", "assemblyId", "referenceName", "referenceBases", "alternateBases", "variantType","variantMinLength","variantMaxLength","geneId","genomicAlleleShortForm","aminoacidChange","clinicalRelevance", "mateName"]:
-                    self.query.request_parameters[k] = v
+                    self.query.include_resultset_responses = IncludeResultsetResponses(html.escape(v))
+                elif k == 'filters':
+                    self.query.request_parameters[k] = html.escape(v)
+                elif k in ["start", "end", "assemblyId", "referenceName", "referenceBases", "alternateBases", "variantType","variantMinLength","variantMaxLength","geneId","genomicAlleleShortForm","aminoacidChange","clinicalRelevance", "mateName"]:
+                    try:
+                        if ',' in v:
+                            v_splitted = v.split(',')
+                            request_params[k]=[int(v) for v in v_splitted]
+                        else:
+                            request_params[k]=int(v)
+                    except Exception as e:
+                        request_params[k]=v
+                    self.query.request_parameters[k] = html.escape(v)
                 else:
                     raise web.HTTPBadRequest(text='request parameter introduced is not allowed')
+        if request_params != {}:
+            LOG.debug(request_params)
+            try:
+                RangeQuery(**request_params)
+                return self
+            except Exception as e:
+                pass
+            try:
+                SequenceQuery(**request_params)
+                return self
+            except Exception as e:
+                pass
+            try:
+                BracketQuery(**request_params)
+                return self
+            except Exception as e:
+                pass
+            try:
+                GeneIdQuery(**request_params)
+                return self
+            except Exception as e:
+                pass
+            try:
+                AminoacidChangeQuery(**request_params)
+                return self
+            except Exception as e:
+                pass
+            try:
+                GenomicAlleleQuery(**request_params)
+                return self
+            except Exception as e:
+                pass
+            raise web.HTTPBadRequest(text='set of parameters not allowed')
         return self
 
     def summary(self):

frontend/src/components/context/AuthContext.js

@@ -104,7 +104,7 @@ function AuthProviderWrapper (props) {
 
         const response = await fetch(
           configData.KEYCLOAK_URL +
-            '/auth/realms/Beacon/protocol/openid-connect/token',
+            '/auth/realms/' + process.env.REACT_APP_KEYCLOAK_CLIENT_REALM + '/protocol/openid-connect/token',
           {
             method: 'POST',
             headers: {

permissions/auth.py

@@ -73,7 +73,7 @@ async def get_user_info(access_token):
     user_info=''
     idp_issuer=None
     for env_filename in glob.glob("/beacon/permissions/idp_providers/*.env"):
-        load_dotenv(env_filename)
+        load_dotenv(env_filename, override=True)
         IDP_ISSUER = os.getenv('ISSUER')
         LOG.error(IDP_ISSUER)
         if issuer == IDP_ISSUER:

requirements.txt

@@ -17,7 +17,7 @@ dataclasses-json~=0.5.6
 StrEnum~=0.4.7 # Only until Python 3.11 is released (we can use the built-in StrEnum)
 owlready2~=0.36
 tqdm~=4.62.3
-pydantic~=1.9.0
+pydantic~=2.6.2
 pyhumps
 progressbar~=2.5
 #requests