Merge pull request #2890 from fractal-analytics-platform/2889-drop-self-registration-and-review-user-creation-procedure

Drop self-registration, drop UserSettings

Author: tcompa

.github/workflows/benchmarks.yaml

@@ -44,7 +44,7 @@ jobs:
         export JWT_EXPIRE_SECONDS=84600
         cd benchmarks/
         poetry run fractalctl set-db
-        poetry run fractalctl init-db-data --resource default --profile default --admin-email [email protected] --admin-pwd 1234
+        poetry run fractalctl init-db-data --resource default --profile default --admin-email [email protected] --admin-pwd 1234 --admin-project-dir "$(pwd)/project-dir"
         poetry run python populate_db/populate_db_script.py
         poetry run sh serve.sh
 

.github/workflows/oauth.yaml

@@ -75,9 +75,10 @@ jobs:
             FRACTAL_EMAIL_USE_STARTTLS: false
             FRACTAL_EMAIL_USE_LOGIN: true
             FRACTAL_EMAIL_PASSWORD: fakepassword
+            FRACTAL_HELP_URL: https://example.org/info
           run: |
             fractalctl set-db
-            fractalctl init-db-data --resource default --profile default --admin-email [email protected] --admin-pwd 1234
+            fractalctl init-db-data --resource default --profile default --admin-email [email protected] --admin-pwd 1234 --admin-project-dir /fake
             fractalctl start --port 8001 &
             sleep 2
 

CHANGELOG.md

@@ -14,6 +14,8 @@ TBD
 \#2895, \#2898 (remove email-password encryption)
 
 
+\#2890 (oauth self-registration)
+
 # 2.16.6
 
 * API:

benchmarks/populate_db/populate_db_script.py

@@ -37,12 +37,12 @@ def _create_user_client(
 ) -> FractalClient:
     email = f"{user_identifier}@example.org"
     password = f"{user_identifier}-pwd"
-    slurm_user = f"{user_identifier}-slurm"
+    project_dir = f"/fake/{user_identifier}"
     _user = _admin.add_user(
         UserCreate(
             email=email,
             password=password,
-            slurm_user=slurm_user,
+            project_dir=project_dir,
         )
     )
     _admin.associate_user_with_profile(user_id=_user.id)

example/run_fractal_server.sh

@@ -5,7 +5,7 @@ set -e
 # Create and init db
 createdb fractal-example-test
 poetry run fractalctl set-db
-poetry run fractalctl init-db-data --resource default --profile default --admin-email [email protected] --admin-pwd 1234
+poetry run fractalctl init-db-data --resource default --profile default --admin-email [email protected] --admin-pwd 1234 --project-dir "$(pwd)/project-dir"
 
 # Start the server
 poetry run gunicorn fractal_server.main:app \

fractal_server/__main__.py

@@ -74,13 +74,20 @@
 init_db_data_parser.add_argument(
     "--admin-email",
     type=str,
-    help="Email of the first admin user to create.",
+    help="Email of the first admin user.",
     required=False,
 )
 init_db_data_parser.add_argument(
     "--admin-pwd",
     type=str,
-    help="Password of the first admin user to create.",
+    help="Password for the first admin user.",
+    required=False,
+)
+
+init_db_data_parser.add_argument(
+    "--admin-project-dir",
+    type=str,
+    help="Project_dir for the first admin user.",
     required=False,
 )
 
@@ -127,10 +134,12 @@ def set_db():
 
 
 def init_db_data(
+    *,
     resource: str | None = None,
     profile: str | None = None,
     admin_email: str | None = None,
     admin_password: str | None = None,
+    admin_project_dir: str | None = None,
 ) -> None:
     from fractal_server.app.security import _create_first_user
     from fractal_server.app.security import _create_first_group
@@ -147,14 +156,22 @@ def init_db_data(
     print()
 
     # Create admin user if requested
-    if (admin_email is None) != (admin_password is None):
-        print("You must provide both --admin-email and --admin-pwd. Exit.")
+    if not (
+        (admin_email is None)
+        == (admin_password is None)
+        == (admin_project_dir is None)
+    ):
+        print(
+            "You must provide either or or none of `--admin-email`, "
+            "`--admin-pwd` and `--admin-project-dir`. Exit."
+        )
         sys.exit(1)
     if admin_password and admin_email:
         asyncio.run(
             _create_first_user(
                 email=admin_email,
                 password=admin_password,
+                project_dir=admin_project_dir,
                 is_superuser=True,
                 is_verified=True,
             )
@@ -329,6 +346,7 @@ def run():
             profile=args.profile,
             admin_email=args.admin_email,
             admin_password=args.admin_pwd,
+            admin_project_dir=args.admin_project_dir,
         )
     elif args.cmd == "update-db-data":
         update_db_data()

fractal_server/app/models/security.py

@@ -1,27 +1,17 @@
-# This is based on fastapi_users_db_sqlmodel
-# <https://github.com/fastapi-users/fastapi-users-db-sqlmodel>
-# Original Copyright
-# Copyright 2022 François Voron
-# License: MIT
-#
-# Modified by:
-# Tommaso Comparin <[email protected]>
-#
-# Copyright 2022 (C) Friedrich Miescher Institute for Biomedical Research and
-# University of Zurich
 from datetime import datetime
 from typing import Optional
 
 from pydantic import ConfigDict
 from pydantic import EmailStr
 from sqlalchemy import Column
+from sqlalchemy import String
+from sqlalchemy.dialects.postgresql import ARRAY
 from sqlalchemy.dialects.postgresql import JSONB
 from sqlalchemy.types import DateTime
 from sqlmodel import Field
 from sqlmodel import Relationship
 from sqlmodel import SQLModel
 
-from .user_settings import UserSettings
 from fractal_server.utils import get_timestamp
 
 
@@ -74,17 +64,20 @@ class UserOAuth(SQLModel, table=True):
         is_superuser:
         is_verified:
         oauth_accounts:
-        user_settings_id:
         profile_id:
-        settings:
+        project_dir:
+        slurm_accounts:
     """
 
+    model_config = ConfigDict(from_attributes=True)
+
     __tablename__ = "user_oauth"
 
     id: int | None = Field(default=None, primary_key=True)
 
     email: EmailStr = Field(
-        sa_column_kwargs={"unique": True, "index": True}, nullable=False
+        sa_column_kwargs={"unique": True, "index": True},
+        nullable=False,
     )
     hashed_password: str
     is_active: bool = Field(default=True, nullable=False)
@@ -96,18 +89,23 @@ class UserOAuth(SQLModel, table=True):
         sa_relationship_kwargs={"lazy": "joined", "cascade": "all, delete"},
     )
 
-    user_settings_id: int | None = Field(
-        foreign_key="user_settings.id", default=None
-    )
     profile_id: int | None = Field(
         foreign_key="profile.id",
         default=None,
         ondelete="SET NULL",
     )
-    settings: UserSettings | None = Relationship(
-        sa_relationship_kwargs=dict(lazy="selectin", cascade="all, delete")
+
+    # TODO-2.17.1: update to `project_dir: str`
+    project_dir: str = Field(
+        sa_column=Column(
+            String,
+            server_default="/PLACEHOLDER",
+            nullable=False,
+        )
+    )
+    slurm_accounts: list[str] = Field(
+        sa_column=Column(ARRAY(String), server_default="{}"),
     )
-    model_config = ConfigDict(from_attributes=True)
 
 
 class UserGroup(SQLModel, table=True):

fractal_server/app/models/user_settings.py

@@ -4,6 +4,7 @@
 from sqlmodel import SQLModel
 
 
+# TODO-2.17.1: Drop `UserSettings`
 class UserSettings(SQLModel, table=True):
     """
     Comprehensive list of user settings.

fractal_server/app/routes/admin/v2/accounting.py

@@ -13,7 +13,7 @@
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import AccountingRecord
 from fractal_server.app.models.v2 import AccountingRecordSlurm
-from fractal_server.app.routes.auth import current_active_superuser
+from fractal_server.app.routes.auth import current_superuser_act
 from fractal_server.app.routes.pagination import get_pagination_params
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
@@ -34,7 +34,7 @@ async def query_accounting(
     query: AccountingQuery,
     # Dependencies
     pagination: PaginationRequest = Depends(get_pagination_params),
-    superuser: UserOAuth = Depends(current_active_superuser),
+    superuser: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> PaginationResponse[AccountingRecordRead]:
     page = pagination.page
@@ -79,7 +79,7 @@ async def query_accounting(
 async def query_accounting_slurm(
     query: AccountingQuery,
     # dependencies
-    superuser: UserOAuth = Depends(current_active_superuser),
+    superuser: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     stm = select(AccountingRecordSlurm.slurm_job_ids)

fractal_server/app/routes/admin/v2/impersonate.py

@@ -6,7 +6,7 @@
 from fractal_server.app.db import AsyncSession
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.routes.auth import current_active_superuser
+from fractal_server.app.routes.auth import current_superuser_act
 from fractal_server.app.routes.auth._aux_auth import _user_or_404
 from fractal_server.config import get_settings
 from fractal_server.syringe import Inject
@@ -17,7 +17,7 @@
 @router.get("/{user_id}/")
 async def impersonate_user(
     user_id: int,
-    superuser: UserOAuth = Depends(current_active_superuser),
+    superuser: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     user = await _user_or_404(user_id, db)