From 99ebe582fe8ff2b852fc1fa13d84885cbc895bb5 Mon Sep 17 00:00:00 2001
From: Matthias Saimpert <matthias.saimpert@cern.ch>
Date: Thu, 21 Dec 2023 14:56:50 +0100
Subject: [PATCH 1/3] attemps to fix ITkPD authentification issues

---
 viewer/functions/common.py  | 33 +++++++++++++++++++++++++++++++++
 viewer/functions/imports.py | 30 ++++++------------------------
 viewer/pages/qc.py          |  9 ++++++++-
 viewer/pages/toppage.py     |  7 ++++++-
 4 files changed, 53 insertions(+), 26 deletions(-)

diff --git a/viewer/functions/common.py b/viewer/functions/common.py
index 608b1f2e..00421f6e 100755
--- a/viewer/functions/common.py
+++ b/viewer/functions/common.py
@@ -440,6 +440,39 @@ def get_pd_user():
     global pd_user
     return pd_user
 
+def check_and_process(code1, code2):
+    global pd_client
+
+    if not get_pd_client():
+        process_request( code1, code2 )
+
+    pd_client = get_pd_client()
+
+    if not pd_client:
+        logger.error('Failed in ITkPD authentication!')
+        return False
+
+    user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
+
+    if session["institution"] is not None and
+       not ( any(element["name"] == session["institution"] for element in user["institutions"]) ):
+        logger.warning('Originally authenticated in ITkPD with user from different institute than in localDB! Updating this now with latest entered user codes.')
+        process_request(code1, code2)
+
+        pd_client = get_pd_client()
+
+        if not get_pd_client():
+            logger.error('Failed in ITkPD authentication!')
+            return False
+
+        user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
+
+        if not (session["institution"] in user["institutions"]):
+            logger.error( 'Failed in ITkPD authentication! ITkPD user institute still different than localDB!' )
+            return False
+
+    return True
+
 #############################################################################
 # Scan
 
diff --git a/viewer/functions/imports.py b/viewer/functions/imports.py
index 3798ed81..bae7f594 100755
--- a/viewer/functions/imports.py
+++ b/viewer/functions/imports.py
@@ -121,15 +121,9 @@ from module_qc_database_tools.utils import (
 def download_worker( serialNumber, code1 = None, code2 = None, resetStage = None, skip_attachments = False, skip_synched = True, debug_mode = False ):
     
     global logger
-    
-    if not get_pd_client():
-        process_request( code1, code2 )
-        
-    pd_client = get_pd_client()
 
-    if not pd_client:
-        logger.error( 'Failed in ITkPD authentication!' )
-        return
+    if not check_and_process(code1, code2): return
+    pd_client = get_pd_client()
         
     logger.info( f'download_worker(): serialNumber = {serialNumber}' )
     logger.info( f'download_worker(): resetStage = {resetStage}' )
@@ -155,15 +149,9 @@ def upload_worker( serialNumber, code1 = None, code2 = None ):
     
     global logger
     
-    if not get_pd_client():
-        process_request( code1, code2 )
-
+    if not check_and_process(code1, code2): return
     pd_client = get_pd_client()
 
-    if not pd_client:
-        logger.error( 'Failed in ITkPD authentication!' )
-        return
-        
     logger.info( 'upload_worker(): serialNumber = {}'.format( serialNumber ) )
     
     logger.info( 'upload_worker(): RecursiveUploader' )
@@ -174,7 +162,7 @@ def upload_worker( serialNumber, code1 = None, code2 = None ):
         RecursiveUploader( pd_client ).exec( serialNumber )
 
         # step 2: sync FE configs
-        download_configs( serialNumber )
+        download_configs( serialNumber, code1, code2 )
         
     except Exception as e:
         logger.warning( traceback.format_exc() )
@@ -185,19 +173,13 @@ def upload_worker( serialNumber, code1 = None, code2 = None ):
     return
 
 
-def download_configs( serialNumber ):
+def download_configs( serialNumber, code1, code2 ):
     
     global logger
 
-    if not get_pd_client():
-        process_request( code1, code2 )
-
+    if not check_and_process(code1, code2): return
     pd_client = get_pd_client()
 
-    if not pd_client:
-        logger.error( 'Failed in ITkPD authentication!' )
-        return
-        
     try:
         cpt_doc = localdb.component.find_one( { 'serialNumber': serialNumber } )
 
diff --git a/viewer/pages/qc.py b/viewer/pages/qc.py
index 01035eba..cbf9a9f4 100644
--- a/viewer/pages/qc.py
+++ b/viewer/pages/qc.py
@@ -154,7 +154,14 @@ def create_configs():
         session['url'] = url_for( 'qc_api.create_configs', componentId = componentId )
         logger.info( f'create_configs(): redirecting to itkdb_authenticate:' + url_for( 'user_api.itkdb_authenticate' ) )
         return redirect( url_for( 'user_api.itkdb_authenticate' ) )
-    
+
+    user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
+    if session["institution"] is not None and
+       not ( any(element["name"] == session["institution"] for element in user["institutions"]) ):
+        session['url'] = url_for( 'qc_api.create_configs', componentId = componentId )
+        logger.info( f'create_configs(): redirecting to itkdb_authenticate:' + url_for( 'user_api.itkdb_authenticate' ) )
+        return redirect( url_for('user_api.itkdb_authenticate') )
+
     # Call config generation alg
     try:
         module = Module(pd_client, serialNumber)
diff --git a/viewer/pages/toppage.py b/viewer/pages/toppage.py
index 11041be4..25debf7b 100644
--- a/viewer/pages/toppage.py
+++ b/viewer/pages/toppage.py
@@ -499,7 +499,12 @@ def assemble_module():
         return redirect( url_for('user_api.itkdb_authenticate') )
 
     pd_client = get_pd_client()
-    userinfo = request.form.get("userinfo", type=itkdb.core.User)
+
+    user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
+    if session["institution"] is not None and
+       not ( any(element["name"] == session["institution"] for element in user["institutions"]) ):
+        session['url'] = url_for('toppage_api.assemble_module')
+        return redirect( url_for('user_api.itkdb_authenticate') )
 
     userdb = client.localdbtools
 
-- 
GitLab


From 670d7fcb8fde587dc19e9830d8e1519e642fadff Mon Sep 17 00:00:00 2001
From: Matthias Saimpert <matthias.saimpert@cern.ch>
Date: Thu, 21 Dec 2023 15:10:36 +0100
Subject: [PATCH 2/3] fix typo

---
 viewer/functions/common.py | 4 ++--
 viewer/pages/qc.py         | 4 ++--
 viewer/pages/toppage.py    | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/viewer/functions/common.py b/viewer/functions/common.py
index 00421f6e..6b18aa4e 100755
--- a/viewer/functions/common.py
+++ b/viewer/functions/common.py
@@ -454,8 +454,8 @@ def check_and_process(code1, code2):
 
     user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
 
-    if session["institution"] is not None and
-       not ( any(element["name"] == session["institution"] for element in user["institutions"]) ):
+    if ( session["institution"] is not None and
+         not (any(element["name"] == session["institution"] for element in user["institutions"])) ):
         logger.warning('Originally authenticated in ITkPD with user from different institute than in localDB! Updating this now with latest entered user codes.')
         process_request(code1, code2)
 
diff --git a/viewer/pages/qc.py b/viewer/pages/qc.py
index cbf9a9f4..22b40890 100644
--- a/viewer/pages/qc.py
+++ b/viewer/pages/qc.py
@@ -156,8 +156,8 @@ def create_configs():
         return redirect( url_for( 'user_api.itkdb_authenticate' ) )
 
     user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
-    if session["institution"] is not None and
-       not ( any(element["name"] == session["institution"] for element in user["institutions"]) ):
+    if ( session["institution"] is not None and
+         not (any(element["name"] == session["institution"] for element in user["institutions"])) ):
         session['url'] = url_for( 'qc_api.create_configs', componentId = componentId )
         logger.info( f'create_configs(): redirecting to itkdb_authenticate:' + url_for( 'user_api.itkdb_authenticate' ) )
         return redirect( url_for('user_api.itkdb_authenticate') )
diff --git a/viewer/pages/toppage.py b/viewer/pages/toppage.py
index 25debf7b..d7bb44c4 100644
--- a/viewer/pages/toppage.py
+++ b/viewer/pages/toppage.py
@@ -501,8 +501,8 @@ def assemble_module():
     pd_client = get_pd_client()
 
     user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
-    if session["institution"] is not None and
-       not ( any(element["name"] == session["institution"] for element in user["institutions"]) ):
+    if ( session["institution"] is not None and
+         not (any(element["name"] == session["institution"] for element in user["institutions"])) ):
         session['url'] = url_for('toppage_api.assemble_module')
         return redirect( url_for('user_api.itkdb_authenticate') )
 
-- 
GitLab


From 39989d08e5a23fdd0e1effbe7e00828c7492f94f Mon Sep 17 00:00:00 2001
From: Matthias Saimpert <matthias.saimpert@cern.ch>
Date: Thu, 21 Dec 2023 16:04:52 +0100
Subject: [PATCH 3/3] fix to pass session info to threads

---
 viewer/functions/common.py  |  8 ++++----
 viewer/functions/imports.py | 14 +++++++-------
 viewer/pages/qc.py          |  3 ++-
 viewer/pages/user.py        |  4 +++-
 4 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/viewer/functions/common.py b/viewer/functions/common.py
index 6b18aa4e..9123f44c 100755
--- a/viewer/functions/common.py
+++ b/viewer/functions/common.py
@@ -440,7 +440,7 @@ def get_pd_user():
     global pd_user
     return pd_user
 
-def check_and_process(code1, code2):
+def check_and_process(code1, code2, institution):
     global pd_client
 
     if not get_pd_client():
@@ -454,8 +454,8 @@ def check_and_process(code1, code2):
 
     user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
 
-    if ( session["institution"] is not None and
-         not (any(element["name"] == session["institution"] for element in user["institutions"])) ):
+    if ( institution is not None and
+         not (any(element["name"] == institution for element in user["institutions"])) ):
         logger.warning('Originally authenticated in ITkPD with user from different institute than in localDB! Updating this now with latest entered user codes.')
         process_request(code1, code2)
 
@@ -467,7 +467,7 @@ def check_and_process(code1, code2):
 
         user = pd_client.get("getUser", json={"userIdentity": pd_client.user.identity})
 
-        if not (session["institution"] in user["institutions"]):
+        if ( not (any(element["name"] == institution for element in user["institutions"])) ):
             logger.error( 'Failed in ITkPD authentication! ITkPD user institute still different than localDB!' )
             return False
 
diff --git a/viewer/functions/imports.py b/viewer/functions/imports.py
index bae7f594..cbd72fea 100755
--- a/viewer/functions/imports.py
+++ b/viewer/functions/imports.py
@@ -118,11 +118,11 @@ from module_qc_database_tools.utils import (
 
 
 
-def download_worker( serialNumber, code1 = None, code2 = None, resetStage = None, skip_attachments = False, skip_synched = True, debug_mode = False ):
+def download_worker( serialNumber, code1 = None, code2 = None, resetStage = None, skip_attachments = False, skip_synched = True, debug_mode = False, institution = None ):
     
     global logger
 
-    if not check_and_process(code1, code2): return
+    if code1 is not None and code2 is not None and not check_and_process(code1, code2, institution): return
     pd_client = get_pd_client()
         
     logger.info( f'download_worker(): serialNumber = {serialNumber}' )
@@ -145,11 +145,11 @@ def download_worker( serialNumber, code1 = None, code2 = None, resetStage = None
     return
 
 
-def upload_worker( serialNumber, code1 = None, code2 = None ):
+def upload_worker( serialNumber, code1 = None, code2 = None, institution = None ):
     
     global logger
     
-    if not check_and_process(code1, code2): return
+    if code1 is not None and code2 is not None and not check_and_process(code1, code2, institution): return
     pd_client = get_pd_client()
 
     logger.info( 'upload_worker(): serialNumber = {}'.format( serialNumber ) )
@@ -162,7 +162,7 @@ def upload_worker( serialNumber, code1 = None, code2 = None ):
         RecursiveUploader( pd_client ).exec( serialNumber )
 
         # step 2: sync FE configs
-        download_configs( serialNumber, code1, code2 )
+        download_configs( serialNumber, code1, code2, institution )
         
     except Exception as e:
         logger.warning( traceback.format_exc() )
@@ -173,11 +173,11 @@ def upload_worker( serialNumber, code1 = None, code2 = None ):
     return
 
 
-def download_configs( serialNumber, code1, code2 ):
+def download_configs( serialNumber, code1, code2, institution ):
     
     global logger
 
-    if not check_and_process(code1, code2): return
+    if code1 is not None and code2 is not None and not check_and_process(code1, code2, institution): return
     pd_client = get_pd_client()
 
     try:
diff --git a/viewer/pages/qc.py b/viewer/pages/qc.py
index 22b40890..fc61d840 100644
--- a/viewer/pages/qc.py
+++ b/viewer/pages/qc.py
@@ -2409,8 +2409,9 @@ def result_transceiver():
 
         code1 = request.form.get('code1', None)
         code2 = request.form.get('code2', None)
+        institution = session["institution"]
 
-        thread = threading.Thread( target = upload_worker, args = ( module, code1, code2 ) )
+        thread = threading.Thread( target = upload_worker, args = ( module, code1, code2, institution ) )
         thread.start()
         return redirect( url_for('component_api.show_component', id=doc['_id'], collection='component') )
             
diff --git a/viewer/pages/user.py b/viewer/pages/user.py
index 2ba9c4c1..53d1fcdd 100755
--- a/viewer/pages/user.py
+++ b/viewer/pages/user.py
@@ -240,7 +240,9 @@ def download_component():
         elif stage == "submit":
             try:
 
-                thread = threading.Thread( target = download_worker, args = ( component_id, code1, code2, None, skip_attachments, skip_synched, debug_mode ) )
+                institution = session["institution"]
+
+                thread = threading.Thread( target = download_worker, args = ( component_id, code1, code2, None, skip_attachments, skip_synched, debug_mode, institution ) )
                 thread.start()
                 time.sleep(3)
 
-- 
GitLab