merge

Author: mattiagiupponi

geonode/harvesting/harvesters/wms.py

@@ -32,7 +32,7 @@
 from django.conf import settings
 from django.contrib.gis import geos
 from django.template.defaultfilters import slugify
-
+from requests.auth import HTTPBasicAuth
 from geonode.layers.models import Dataset
 from geonode.base.models import ResourceBase
 from geonode.layers.enumerations import GXP_PTYPES
@@ -201,14 +201,23 @@ def wms_call(self, kind="GetCapabilities", override_version=None, additional_par
                 params[_param[0]] = _param[1]
         # updating default params with custom ones
         params = {**params, **additional_params}
-        
-        # adding basic auth if required
-        harvester = models.Harvester.objects.get(pk=self.harvester_id).first()
-        if harvester and harvester._service:
-            _service = harvester._service
-        
+
+        # checking if the services is under basic auth
+        # getting the service
+        from geonode.services.models import Service
+
+        # check if the connected service has username and password
+        has_basic_auth = Service.objects.filter(
+            harvester__pk=self.harvester_id, username__isnull=False, password__isnull=False
+        )
+        basic_auth = None
+        if has_basic_auth.exists():
+            # if the username and password are set, we can prepare the basic auth for the request
+            service = has_basic_auth.first()
+            basic_auth = HTTPBasicAuth(service.username, service.get_password())
+
         get_capabilities_response = self.http_session.get(
-            self.get_ogc_wms_url(wms_url, version=_version), params=params
+            self.get_ogc_wms_url(wms_url, version=_version), params=params, auth=basic_auth
         )
         get_capabilities_response.raise_for_status()
         return get_capabilities_response

geonode/services/forms.py

@@ -33,16 +33,12 @@
 
 
 class CreateServiceForm(forms.Form):
+
     url = forms.CharField(
         label=_("Service URL"),
         max_length=512,
         widget=forms.TextInput(
-            attrs={
-                "size": "65",
-                "class": "inputText",
-                "required": "",
-                "type": "url",
-            }
+            attrs={"size": "65", "class": "inputText", "required": "", "type": "url", "autocomplete": "off"}
         ),
     )
     type = forms.ChoiceField(
@@ -51,6 +47,22 @@ class CreateServiceForm(forms.Form):
         initial="AUTO",
     )
 
+    username = forms.CharField(
+        required=False,
+        initial=None,
+        label=_("Username (optional)"),
+        max_length=200,
+        widget=forms.TextInput(attrs={"autocomplete": "off"}),
+    )
+
+    password = forms.CharField(
+        required=False,
+        initial=None,
+        label=_("password (optional)"),
+        max_length=200,
+        widget=forms.PasswordInput(attrs={"autocomplete": "off"}),
+    )
+
     def clean_url(self):
         proposed_url = self.cleaned_data["url"]
         existing = Service.objects.filter(base_url=proposed_url).exists()
@@ -65,7 +77,12 @@ def clean(self):
         service_type = self.cleaned_data.get("type")
         if url is not None and service_type is not None:
             try:
-                service_handler = get_service_handler(base_url=url, service_type=service_type)
+                service_handler = get_service_handler(
+                    base_url=url,
+                    service_type=service_type,
+                    username=self.cleaned_data.get("username", None),
+                    password=self.cleaned_data.get("password", None),
+                )
             except Exception as e:
                 logger.error(f"CreateServiceForm cleaning error: {e}")
                 raise ValidationError(_("Could not connect to the service at %(url)s"), params={"url": url})
@@ -80,6 +97,14 @@ def clean(self):
             self.cleaned_data["service_handler"] = service_handler
             self.cleaned_data["type"] = service_handler.service_type
 
+    def clean_username(self):
+        # the form return empty string, we want None if is not provided
+        return self.cleaned_data["username"] or None
+
+    def clean_password(self):
+        # the form return empty string, we want None if is not provided
+        return self.cleaned_data["password"] or None
+
 
 class ServiceForm(forms.ModelForm):
     title = forms.CharField(

geonode/services/migrations/0055_service_password_service_username.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.2.20 on 2025-03-28 10:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("services", "0054_alter_service_type"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="service",
+            name="password",
+            field=models.CharField(default=None, max_length=250, null=True, verbose_name="password"),
+        ),
+        migrations.AddField(
+            model_name="service",
+            name="username",
+            field=models.CharField(default=None, max_length=150, null=True),
+        ),
+    ]

geonode/services/models.py

@@ -17,6 +17,7 @@
 #
 #########################################################################
 import logging
+import base64
 
 from urllib.parse import urlparse, ParseResult
 
@@ -30,11 +31,16 @@
 from geonode.layers.enumerations import GXP_PTYPES
 from geonode.people.enumerations import ROLE_VALUES
 from geonode.services.serviceprocessors import get_available_service_types
-
+from cryptography.fernet import Fernet
 from . import enumerations
 
 service_type_as_tuple = [(k, v["label"]) for k, v in get_available_service_types().items()]
 
+SECRET_KEY = settings.SECRET_KEY  # Ensure it's unique per project
+ENCRYPTION_KEY = base64.urlsafe_b64encode(SECRET_KEY[:32].encode())
+
+cipher = Fernet(ENCRYPTION_KEY)
+
 logger = logging.getLogger("geonode.services")
 
 
@@ -61,6 +67,8 @@ class Service(ResourceBase):
     description = models.CharField(max_length=255, null=True, blank=True)
     extra_queryparams = models.TextField(null=True, blank=True)
     operations = models.JSONField(default=dict, null=True, blank=True)
+    username = models.CharField(max_length=150, null=True, default=None)
+    password = models.CharField(_("password"), max_length=250, null=True, default=None)
 
     # Foreign Keys
 
@@ -70,6 +78,12 @@ class Service(ResourceBase):
 
     # Supported Capabilities
 
+    def save(self, notify=False, *args, **kwargs):
+        if kwargs.get("force_insert", False) and self.needs_authentication:
+            # if is the first creation, we must encrypt the password
+            self.password = self.set_password(self.password)
+        return super().save(notify, *args, **kwargs)
+
     def __str__(self):
         return str(self.name)
 
@@ -79,6 +93,10 @@ def probe(self):
             return self.harvester.remote_available
         return False
 
+    @property
+    def needs_authentication(self):
+        return self.password and self.username
+
     def _get_service_url(self):
         parsed_url = urlparse(self.base_url)
         encoded_get_args = self.extra_queryparams
@@ -109,6 +127,12 @@ def service_type(self):
     def get_absolute_url(self):
         return "/services/%i" % self.id
 
+    def set_password(self, password):
+        return cipher.encrypt(password.encode()).decode()
+
+    def get_password(self):
+        return cipher.decrypt(self.password.encode()).decode()
+
     class Meta:
         # custom permissions,
         # change and delete are standard in django-guardian

geonode/services/serviceprocessors/__init__.py

@@ -57,16 +57,17 @@ def get_available_service_types():
     return OrderedDict({**default, **parse_services_types()})
 
 
-def get_service_handler(base_url, service_type=enumerations.AUTO, service_id=None):
+def get_service_handler(base_url, service_type=enumerations.AUTO, service_id=None, *args, **kwargs):
     """Return the appropriate remote service handler for the input URL.
     If the service type is not explicitly passed in it will be guessed from
     """
     handlers = get_available_service_types()
 
     handler = handlers.get(service_type, {}).get("handler")
     try:
-        service = handler(base_url, service_id)
-    except Exception:
+        service = handler(base_url, service_id, *args, **kwargs)
+    except Exception as e:
+        logger.exception(e)
         logger.exception(msg=f"Could not parse service {base_url}")
         raise
     return service

geonode/services/serviceprocessors/arcgis.py

@@ -65,7 +65,9 @@ class ArcMapServiceHandler(base.ServiceHandlerBase):
 
     service_type = enumerations.REST_MAP
 
-    def __init__(self, url, geonode_service_id=None):
+    def __init__(self, url, geonode_service_id=None, *args, **kwargs):
+        self.args = args
+        self.kwargs = kwargs
         base.ServiceHandlerBase.__init__(self, url, geonode_service_id)
         extent, srs = utils.get_esri_extent(self.parsed_service)
         try:
@@ -211,9 +213,11 @@ class ArcImageServiceHandler(ArcMapServiceHandler):
 
     service_type = enumerations.REST_IMG
 
-    def __init__(self, url, geonode_service_id=None):
+    def __init__(self, url, geonode_service_id=None, *args, **kwargs):
         ArcMapServiceHandler.__init__(self, url, geonode_service_id)
         self.url = url
+        self.args = args
+        self.kwargs = kwargs
         extent, srs = utils.get_esri_extent(self.parsed_service)
         try:
             _sname = utils.get_esri_service_name(self.url)

geonode/services/serviceprocessors/wms.py

@@ -56,8 +56,10 @@ class WmsServiceHandler(base.ServiceHandlerBase, base.CascadableServiceHandlerMi
 
     service_type = enumerations.WMS
 
-    def __init__(self, url, geonode_service_id=None):
+    def __init__(self, url, geonode_service_id=None, *args, **kwargs):
         base.ServiceHandlerBase.__init__(self, url, geonode_service_id)
+        self.args = args
+        self.kwargs = kwargs
         self._parsed_service = None
         self.indexing_method = INDEXED if self._offers_geonode_projection() else CASCADED
         self.name = slugify(self.url)[:255]
@@ -93,7 +95,12 @@ def get_cleaned_url_params(url):
     @property
     def parsed_service(self):
         cleaned_url, service, version, request = WmsServiceHandler.get_cleaned_url_params(self.url)
-        _url, _parsed_service = WebMapService(cleaned_url.geturl(), version=version)
+        _url, _parsed_service = WebMapService(
+            cleaned_url.geturl(),
+            version=version,
+            username=self.kwargs.get("username"),
+            password=self.kwargs.get("password"),
+        )
         return _parsed_service
 
     def probe(self):
@@ -122,43 +129,52 @@ def create_geonode_service(self, owner, parent=None):
         :type owner: geonode.people.models.Profile
 
         """
-        cleaned_url, service, version, request = WmsServiceHandler.get_cleaned_url_params(self.url)
-        with transaction.atomic():
-            instance = models.Service.objects.create(
-                uuid=str(uuid4()),
-                base_url=f"{cleaned_url.scheme}://{cleaned_url.netloc}{cleaned_url.path}".encode(
-                    "utf-8", "ignore"
-                ).decode("utf-8"),
-                extra_queryparams=cleaned_url.query,
-                type=self.service_type,
-                method=self.indexing_method,
-                owner=owner,
-                metadata_only=True,
-                version=str(self.parsed_service.identification.version).encode("utf-8", "ignore").decode("utf-8"),
-                name=self.name,
-                title=str(self.parsed_service.identification.title).encode("utf-8", "ignore").decode("utf-8")
-                or self.name,
-                abstract=str(self.parsed_service.identification.abstract).encode("utf-8", "ignore").decode("utf-8")
-                or _("Not provided"),
-                operations=OgcWmsHarvester.get_wms_operations(self.parsed_service.url, version=version),
-            )
-            service_harvester = Harvester.objects.create(
-                name=self.name,
-                default_owner=owner,
-                scheduling_enabled=False,
-                remote_url=instance.service_url,
-                delete_orphan_resources_automatically=True,
-                harvester_type=enumerations.HARVESTER_TYPES[self.service_type],
-                harvester_type_specific_configuration=self.get_harvester_configuration_options(),
-            )
-            if service_harvester.update_availability():
-                service_harvester.initiate_update_harvestable_resources()
-            else:
-                logger.exception(GeoNodeException("Could not reach remote endpoint."))
-            instance.harvester = service_harvester
-
-        self.geonode_service_id = instance.id
-        return instance
+        service = None
+        try:
+            cleaned_url, service, version, request = WmsServiceHandler.get_cleaned_url_params(self.url)
+            with transaction.atomic():
+                service = models.Service.objects.create(
+                    uuid=str(uuid4()),
+                    base_url=f"{cleaned_url.scheme}://{cleaned_url.netloc}{cleaned_url.path}".encode(
+                        "utf-8", "ignore"
+                    ).decode("utf-8"),
+                    extra_queryparams=cleaned_url.query,
+                    type=self.service_type,
+                    method=self.indexing_method,
+                    owner=owner,
+                    metadata_only=True,
+                    version=str(self.parsed_service.identification.version).encode("utf-8", "ignore").decode("utf-8"),
+                    name=self.name,
+                    title=str(self.parsed_service.identification.title).encode("utf-8", "ignore").decode("utf-8")
+                    or self.name,
+                    abstract=str(self.parsed_service.identification.abstract).encode("utf-8", "ignore").decode("utf-8")
+                    or _("Not provided"),
+                    operations=OgcWmsHarvester.get_wms_operations(self.parsed_service.url, version=version),
+                    username=self.kwargs.get("username", None),
+                    password=self.kwargs.get("password", None),
+                )
+                service_harvester = Harvester.objects.create(
+                    name=self.name,
+                    default_owner=owner,
+                    scheduling_enabled=False,
+                    remote_url=service.service_url,
+                    delete_orphan_resources_automatically=True,
+                    harvester_type=enumerations.HARVESTER_TYPES[self.service_type],
+                    harvester_type_specific_configuration=self.get_harvester_configuration_options(),
+                )
+                service.harvester = service_harvester
+                service.save()
+                if service_harvester.update_availability():
+                    service_harvester.initiate_update_harvestable_resources()
+                else:
+                    logger.exception(GeoNodeException("Could not reach remote endpoint."))
+
+            self.geonode_service_id = service.id
+        except Exception as e:
+            logger.exception(e)
+            if service:
+                service.delete()
+        return service
 
     def get_keywords(self):
         return self.parsed_service.identification.keywords
@@ -261,8 +277,11 @@ class GeoNodeServiceHandler(WmsServiceHandler):
 
     service_type = enumerations.GN_WMS
 
-    def __init__(self, url, geonode_service_id=None):
+    def __init__(self, url, geonode_service_id=None, *args, **kwargs):
         base.ServiceHandlerBase.__init__(self, url, geonode_service_id)
+        self.args = args
+        self.kwargs = kwargs
+
         self.indexing_method = INDEXED
         self.name = slugify(self.url)[:255]
 

geonode/services/templates/services/service_detail.html

@@ -10,7 +10,9 @@ <h3><strong>{{service.title|default:service.name}}</strong></h3>
       <p><strong>{% trans "Abstract" %}:</strong> {{service.abstract}}</p>
       <p><strong>{% trans "Keywords" %}:</strong> {{ service.keywords.all|join:", " }}</p>
       <p><strong>{% trans "Contact" %}:</strong> <a href="{% url "profile_detail" service.owner.username %}">{{ service.owner }}</a></p>
-
+      {% if service.type == 'WMS' and service.needs_authentication %}
+        <p><strong>SERVICE NOTES:</strong> The service is accessed by Basic auth via the user <strong>{{service.username}}</strong></p>
+      {% endif %}
     {% autoescape off %}
         <h3>{% trans "Service Resources" %} <span class="badge">{{ total_resources }}</span></h3>
         {% if service.harvester %}