Skip to content

onconova.core.auth.controllers

AuthController

Bases: ControllerBase

API controller to handle authentication-related endpoints for user login and session management.

login(credentials)

Authenticates a user using the provided credentials.

Source code in onconova/core/auth/controllers.py 
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
@route.post(
    path="/session",
    response={
        200: scm.AuthenticationMeta,
        401: None,
        400: None,
        403: None,
        500: None,
    },
    operation_id="login",
    openapi_extra=dict(security=[]),
)
def login(self, credentials: scm.UserCredentials):
    """
    Authenticates a user using the provided credentials.
    """
    # The request is routed internally to the Django-Allauth `allauth/app/v1/auth/login` endpoint to actually handle the authentication.
    view = resolve("/api/allauth/app/v1/auth/login")
    assert self.context and self.context.request
    response = view.func(self.context.request)
    if response.status_code != 200:
        return response.status_code, None
    return 200, json.loads(response.content.decode())["meta"]

login_with_provider_token(credentials)

Authenticates a user using a provider token.

Source code in onconova/core/auth/controllers.py 
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
@route.post(
    path="/provider/session",
    response={200: scm.AuthenticationMeta, 400: None, 401: None, 500: None},
    operation_id="loginWithProviderToken",
    openapi_extra=dict(security=[]),
)
def login_with_provider_token(self, credentials: scm.UserProviderToken):
    """
    Authenticates a user using a provider token. 
    """
    # The request is routed internally to the Django-Allauth `allauth/app/v1/auth/provider/token` endpoint to actually handle the authentication.
    view = resolve("/api/allauth/app/v1/auth/provider/token")
    assert self.context and self.context.request
    response = view.func(self.context.request)
    if response.status_code != 200:
        return response.status_code, None
    return 200, json.loads(response.content.decode())["meta"]

UsersController

Bases: ControllerBase

Controller for managing user-related operations.

create_user(payload)

Creates a new user with the provided payload.

Source code in onconova/core/auth/controllers.py 
113
114
115
116
117
118
119
120
121
122
123
@route.post(
    path="",
    response={201: ModifiedResourceSchema, **COMMON_HTTP_ERRORS},
    permissions=[perms.CanManageUsers],
    operation_id="createUser",
)
def create_user(self, payload: scm.UserCreate):
    """
    Creates a new user with the provided payload.
    """
    return 201, payload.model_dump_django()

get_all_users_matching_the_query(query)

Retrieves all user objects that match the specified query filters.

Source code in onconova/core/auth/controllers.py 
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
@route.get(
    path="",
    response={200: Paginated[scm.User], **COMMON_HTTP_ERRORS},
    operation_id="getUsers",
)
@paginate()
@ordering()
def get_all_users_matching_the_query(self, query: Query[scm.UserFilters]):  # type: ignore
    """
    Retrieves all user objects that match the specified query filters.
    """
    queryset = get_user_model().objects.all()
    return query.filter(queryset)

get_user_by_id(userId)

Retrieve a user instance by its unique ID.

Source code in onconova/core/auth/controllers.py 
102
103
104
105
106
107
108
109
110
111
@route.get(
    path="/{userId}",
    response={200: scm.User, 404: None, **COMMON_HTTP_ERRORS},
    operation_id="getUserById",
)
def get_user_by_id(self, userId: str):
    """
    Retrieve a user instance by its unique ID.
    """
    return get_object_or_404(get_user_model(), id=userId)

get_user_events(userId)

Retrieves the event history for the specified user.

Source code in onconova/core/auth/controllers.py 
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
@route.get(
    path="/{userId}/events",
    response={200: Paginated[HistoryEvent], 404: None, **COMMON_HTTP_ERRORS},
    permissions=[perms.CanViewUsers],
    operation_id="getUserEvents",
)
@paginate()
def get_user_events(self, userId: str):
    """
    Retrieves the event history for the specified user.
    """
    user = get_object_or_404(orm.User, id=userId)
    return Events.objects.filter(pgh_context__username=user.username).order_by(
        "-pgh_created_at"
    )

reset_user_password(userId, password)

Resets the password for the specified user.

Source code in onconova/core/auth/controllers.py 
171
172
173
174
175
176
177
178
179
180
181
182
183
184
@route.post(
    path="/{userId}/password/reset",
    response={201: ModifiedResourceSchema, **COMMON_HTTP_ERRORS},
    permissions=[perms.CanManageUsers],
    operation_id="resetUserPassword",
)
def reset_user_password(self, userId: str, password: str):
    """
    Resets the password for the specified user.
    """
    user = get_object_or_404(orm.User, id=userId)
    user.set_password(password)
    user.save()
    return 201, user

update_user(userId, payload)

Updates the specified user's information using the provided payload.

Source code in onconova/core/auth/controllers.py 
125
126
127
128
129
130
131
132
133
134
135
136
@route.put(
    path="/{userId}",
    response={200: scm.User, 404: None, **COMMON_HTTP_ERRORS},
    permissions=[perms.CanManageUsers],
    operation_id="updateUser",
)
def update_user(self, userId: str, payload: scm.UserCreate):
    """
    Updates the specified user's information using the provided payload.
    """
    user = get_object_or_404(orm.User, id=userId)
    return payload.model_dump_django(instance=user)

update_user_password(userId, payload)

Updates the password for a specified user.

Source code in onconova/core/auth/controllers.py 
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
@route.put(
    path="/{userId}/password",
    response={201: ModifiedResourceSchema, 404: None, **COMMON_HTTP_ERRORS},
    operation_id="updateUserPassword",
)
def update_user_password(self, userId: str, payload: scm.UserPasswordReset):
    """
    Updates the password for a specified user.
    """
    user = get_object_or_404(orm.User, id=userId)
    assert self.context and self.context.request
    requesting_user: orm.User = self.context.request.user  # type: ignore
    authorized = user.id == requesting_user.id or requesting_user.can_manage_users
    if not authorized or not user.check_password(payload.oldPassword):
        return 403, None
    user.set_password(payload.newPassword)
    user.save()
    return 201, user

update_user_profile(userId, payload)

Updates the profile information of a user with the given user ID.

Source code in onconova/core/auth/controllers.py 
138
139
140
141
142
143
144
145
146
147
148
149
150
@route.put(
    path="/{userId}/profile",
    response={201: scm.User, 404: None, **COMMON_HTTP_ERRORS},
    permissions=[perms.CanManageUsers | perms.IsRequestingUser],
    operation_id="updateUserProfile",
)
def update_user_profile(self, userId: str, payload: scm.UserProfile):
    """
    Updates the profile information of a user with the given user ID.
    """
    user = get_object_or_404(orm.User, id=userId)
    orm.User.objects.filter(pk=user.id).update(**payload.model_dump(by_alias=True))
    return 201, get_object_or_404(orm.User, id=user.id)
runner