Merge pull request #1 from globusonline/sc-45485-add-basic-auth-mechs

m1yag1 · web-flow · commit 4b5027b0af3e · 2025-12-03T10:44:53.000-06:00
Add basic authentication mechanisms
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 /.coverage*
 poetry.lock
 __pycache__/
+.tox/
diff --git a/changelog.d/20251117_105026_8730430+m1yag1_sc_45485_add_basic_auth_mechs.rst b/changelog.d/20251117_105026_8730430+m1yag1_sc_45485_add_basic_auth_mechs.rst
@@ -0,0 +1,16 @@
+Added
+-----
+
+*   Add support for ``ClientApp`` and ``UserApp`` authentication. Use
+    ``ClientApp`` when ``GLOBUS_REGISTERED_API_CLIENT_ID``
+    and ``GLOBUS_REGISTERED_API_CLIENT_SECRET`` environment variables
+    are set, otherwise use ``UserApp`` with a registered native client.
+*   Add ``whoami`` command to display authenticated user information with
+    ``--format`` option for text or JSON output.
+*   Add ``logout`` command to revoke tokens for ``UserApp`` and ``ClientApp``
+    sessions.
+
+Removed
+-------
+
+*   Remove ``bogus`` command.
diff --git a/pyproject.toml b/pyproject.toml
@@ -20,14 +20,15 @@ classifiers = [
 
 dependencies = [
     "click >=8,<9",
+    "globus-sdk >=4",
 ]
 
 [project.urls]
 Source = "https://github.com/globusonline/globus-registered-api"
 
 [project.scripts]
-globus-registered-api = "globus_registered_api.cli:group"
-gra = "globus_registered_api.cli:group"
+globus-registered-api = "globus_registered_api.cli:cli"
+gra = "globus_registered_api.cli:cli"
 
 [build-system]
 requires = ["poetry-core>=2.0.0,<3.0.0"]
@@ -69,6 +70,7 @@ source = [
 [tool.coverage.report]
 skip_covered = true
 fail_under = 50
+show_missing = true
 
 
 # flake8
diff --git a/src/globus_registered_api/cli.py b/src/globus_registered_api/cli.py
@@ -2,14 +2,83 @@
 # https://github.com/globusonline/globus-registered-api
 # Copyright 2025 Globus <support@globus.org>
 # SPDX-License-Identifier: MIT
+import json
+import os
+
+from globus_sdk import AuthClient, ClientApp, UserApp
 
 import click
 
-group = click.Group()
+RAPI_NATIVE_CLIENT_ID = "9dc7dfff-cfe8-4339-927b-28d29e1b2f42"
+
+
+def _create_globus_app() -> UserApp | ClientApp:
+    """
+    Create and return a Globus app based on environment variables.
+
+    Checks for GLOBUS_CLIENT_ID and GLOBUS_CLIENT_SECRET environment variables.
+    If both are present, creates a ClientApp for client credentials authentication.
+    Otherwise, creates a UserApp with a registered native client.
+
+    :return: A ClientApp if both environment variables are set, otherwise a UserApp
+    :raises ValueError: If only one of the required environment variables is set
+    """
+    client_id = os.getenv("GLOBUS_REGISTERED_API_CLIENT_ID")
+    client_secret = os.getenv("GLOBUS_REGISTERED_API_CLIENT_SECRET")
+    app_name = "globus-registered-api-cli"
+
+    # Validate: both or neither
+    if bool(client_id) ^ bool(client_secret):
+        raise ValueError(
+            "Both GLOBUS_CLIENT_ID and GLOBUS_CLIENT_SECRET must be set, or neither."
+        )
+
+    if client_id and client_secret:
+        return ClientApp(app_name=app_name, client_id=client_id, client_secret=client_secret)
+    else:
+        return UserApp(app_name=app_name, client_id=RAPI_NATIVE_CLIENT_ID)
+
+
+def _create_auth_client(app: UserApp | ClientApp) -> AuthClient:
+    """
+    Create an AuthClient for the given app.
+
+    :param app: A Globus app instance to use for authentication
+    :return: An AuthClient configured with the provided app
+    """
+    return AuthClient(app=app)
+
+
+@click.group()
+@click.pass_context
+def cli(ctx: click.Context) -> None:
+    """Globus Registered API Command Line Interface."""
+    ctx.obj = _create_globus_app()
+
+
+@cli.command()
+@click.option("--format", type=click.Choice(["json", "text"]), default="text")
+@click.pass_context
+def whoami(ctx: click.Context, format: str) -> None:
+    """
+    Display information about the authenticated user.
+    """
+    app: UserApp | ClientApp = ctx.obj
+    auth_client = _create_auth_client(app)
+    res = auth_client.userinfo()
 
+    if format == "text":
+        click.echo(res["preferred_username"])
+    else:
+        click.echo(json.dumps(res.data, indent=2))
 
-@group.command()
-def bogus() -> None:
-    """Print 'bogus'."""
 
-    print("bogus")
+@cli.command()
+@click.pass_context
+def logout(ctx: click.Context) -> None:
+    """
+    Log out the current user by revoking all tokens.
+    """
+    app: UserApp | ClientApp = ctx.obj
+    app.logout()
+    click.echo("Logged out successfully.")
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -0,0 +1,17 @@
+import typing as t
+
+import pytest
+
+from click.testing import CliRunner
+
+
+@pytest.fixture
+def mock_client_env(monkeypatch):
+    monkeypatch.setenv("GLOBUS_REGISTERED_API_CLIENT_ID", "test-id")
+    monkeypatch.setenv("GLOBUS_REGISTERED_API_CLIENT_SECRET", "test-secret")
+
+
+@pytest.fixture
+def cli_runner() -> t.Generator[CliRunner, None, None]:
+    return CliRunner()
+
diff --git a/tests/test_bogus.py b/tests/test_bogus.py
diff --git a/tests/test_cli.py b/tests/test_cli.py
@@ -0,0 +1,40 @@
+import pytest
+from globus_sdk import ClientApp, UserApp
+
+from globus_registered_api.cli import _create_globus_app
+
+
+@pytest.mark.parametrize("env_var, value", [
+    ("GLOBUS_REGISTERED_API_CLIENT_ID", "test-id"),
+    ("GLOBUS_REGISTERED_API_CLIENT_SECRET", "test-secret")
+])
+def test_create_globus_app_without_required_env_vars_failure(monkeypatch, env_var, value):
+    # Arrange
+    monkeypatch.setenv(env_var, value)
+
+    # Act
+    with pytest.raises(ValueError) as excinfo:
+        _ = _create_globus_app()
+
+    # Assert
+    assert "Both GLOBUS_CLIENT_ID and GLOBUS_CLIENT_SECRET must be set, or neither." in str(excinfo.value)
+
+
+def test_create_globus_app_returns_client_app_when_env_vars_set(monkeypatch, mock_client_env):
+    # Act
+    app = _create_globus_app()
+
+    # Assert
+    assert isinstance(app, ClientApp)
+
+
+def test_create_globus_app_returns_user_app_when_env_vars_not_set(monkeypatch):
+    # Arrange
+    monkeypatch.delenv("GLOBUS_CLIENT_ID", raising=False)
+    monkeypatch.delenv("GLOBUS_CLIENT_SECRET", raising=False)
+
+    # Act
+    app = _create_globus_app()
+
+    # Assert
+    assert isinstance(app, UserApp)
diff --git a/tests/test_logout.py b/tests/test_logout.py
@@ -0,0 +1,18 @@
+from unittest.mock import MagicMock, patch
+
+import globus_registered_api.cli
+
+
+@patch("globus_registered_api.cli._create_globus_app")
+def test_logout(mock_create_app, cli_runner):
+    # Arrange
+    mock_app = MagicMock()
+    mock_create_app.return_value = mock_app
+
+    # Act
+    result = cli_runner.invoke(globus_registered_api.cli.cli, ["logout"])
+
+    # Assert
+    assert result.exit_code == 0
+    mock_app.logout.assert_called_once()
+    assert "Logged out successfully." in result.output
diff --git a/tests/test_whoami.py b/tests/test_whoami.py
@@ -0,0 +1,63 @@
+# This file is a part of globus-registered-api.
+# https://github.com/globusonline/globus-registered-api
+# Copyright 2025 Globus <support@globus.org>
+# SPDX-License-Identifier: MIT
+from unittest.mock import MagicMock, patch
+import uuid
+
+import pytest
+
+import globus_registered_api.cli
+
+
+class MockResponse:
+      def __init__(self, data):
+          self.data = data
+
+      def __getitem__(self, key):
+          return self.data[key]
+
+
+@patch("globus_registered_api.cli._create_auth_client", autospec=True)
+def test_whoami_with_user_app(mock_auth_client, cli_runner):
+    # Arrange
+    mock_auth = MagicMock()
+    mock_auth.userinfo.return_value = MockResponse({"preferred_username": "testuser", "email": "testuser@example.com"})
+    mock_auth_client.return_value = mock_auth
+
+    # Act
+    result = cli_runner.invoke(globus_registered_api.cli.cli, ["whoami"])
+
+    # Assert
+    assert result.exit_code == 0
+    assert "testuser" in result.output
+
+    # Act (json format)
+    result_json = cli_runner.invoke(globus_registered_api.cli.cli, ["whoami", "--format", "json"])
+
+    # Assert
+    assert result_json.exit_code == 0
+    assert '"preferred_username": "testuser"' in result_json.output
+
+
+@patch("globus_registered_api.cli._create_auth_client", autospec=True)
+def test_whoami_with_client_app(mock_client_env, cli_runner):
+    # Arrange
+    mock_auth = MagicMock()
+    client_id = str(uuid.uuid4())
+    mock_auth.userinfo.return_value = MockResponse({"preferred_username": f"{client_id}@clients.auth.globus.org", "email": None})
+    mock_client_env.return_value = mock_auth
+
+    # Act
+    result = cli_runner.invoke(globus_registered_api.cli.cli, ["whoami"])
+
+    # Assert
+    assert result.exit_code == 0
+    assert client_id in result.output
+
+    # Act (json format)
+    result_json = cli_runner.invoke(globus_registered_api.cli.cli, ["whoami", "--format", "json"])
+
+    # Assert
+    assert result_json.exit_code == 0
+    assert f'"preferred_username": "{client_id}@clients.auth.globus.org"' in result_json.output
