Possibility for no authentication (#464)

* add a no-auth user
* tests running with right config
* Apply suggestions from code review

Co-authored-by: Carmen Tawalika <mmacata@users.noreply.github.com>

Author: anikaweinmann

.dockerignore

@@ -5,6 +5,7 @@ docker
 !docker/actinia-core-dev/actinia.cfg
 !docker/actinia-core-dev/endpoints.csv
 !docker/actinia-core-tests/actinia-test.cfg
+!docker/actinia-core-tests/actinia-test-noauth.cfg
 .github
 .travis
 .travis.yml

.flake8

@@ -3,6 +3,7 @@
 # E402 module level import not at top of file
 # E501 line too long (80 > 79 characters)
 # F401 '.health_check.health_check' imported but unused
+# F811 redefinition of unused 'verify_password' from line 55
 # F821 undefined name 'QFile'
 # W605 invalid escape sequence '\<'
 
@@ -30,6 +31,7 @@ per-file-ignores =
     ./src/actinia_core/core/interim_results.py: W605
     ./src/actinia_core/core/list_grass_modules.py: F821
     ./src/actinia_core/testsuite.py: F401
+    ./src/actinia_core/rest/base/user_auth.py: F811
     ./src/actinia_core/rest/ephemeral_processing.py: W605
     ./src/actinia_core/processing/actinia_processing/ephemeral_renderer_base/*: E501
     ./src/actinia_core/processing/actinia_processing/ephemeral_with_export/raster_export.py: E501

.gitignore

@@ -52,3 +52,4 @@ docker/redis_queue_data/dump.rdb
 !docker/actinia-core-dev/actinia.cfg
 !docker/actinia-core-dev/endpoints.csv
 !docker/actinia-core-tests/actinia-test.cfg
+!docker/actinia-core-tests/actinia-test-noauth.cfg

Makefile

@@ -18,5 +18,8 @@ unittest:
 devtest:
 	sh ./tests_with_redis.sh dev
 
+noauthtest:
+		sh ./tests_with_redis.sh noauth
+
 integrationtest:
 	sh ./tests_with_redis.sh integrationtest

docker/actinia-core-tests/Dockerfile

@@ -40,6 +40,7 @@ RUN grass --tmp-location EPSG:4326 --exec g.extension -s \
 # copy needed files and configs for test
 COPY docker/actinia-core-alpine/actinia.cfg /etc/default/actinia
 COPY docker/actinia-core-tests/actinia-test.cfg /etc/default/actinia_test
+COPY docker/actinia-core-tests/actinia-test-noauth.cfg /etc/default/actinia_test_noauth
 
 RUN pip3 install pytest pytest-cov
 

docker/actinia-core-tests/actinia-test-noauth.cfg

@@ -0,0 +1,26 @@
+[GRASS]
+grass_database = /actinia_core/grassdb
+grass_user_database = /actinia_core/userdata
+grass_tmp_database = /actinia_core/workspace/temp_db
+grass_resource_dir = /actinia_core/resources
+
+[API]
+force_https_urls = True
+authentication = False
+
+[LIMITS]
+max_cell_limit = 22500000
+process_time_limt = 60
+process_num_limit = 20
+
+[REDIS]
+worker_logfile = /actinia_core/workspace/tmp/actinia_worker_test.log
+redis_server_url = localhost
+redis_server_port = 6379
+
+[LOGGING]
+log_level = 1
+
+[MISC]
+tmp_workdir = /actinia_core/workspace/tmp
+download_cache = /actinia_core/workspace/download_cache

docker/actinia-core-tests/actinia-test.cfg

@@ -1,43 +1,25 @@
 [GRASS]
-grass_gis_start_script = /usr/local/bin/grass
 grass_database = /actinia_core/grassdb
 grass_user_database = /actinia_core/userdata
 grass_tmp_database = /actinia_core/workspace/temp_db
 grass_resource_dir = /actinia_core/resources
-grass_addon_path = /root/.grass8/addons/
-grass_gis_base = /usr/local/grass
-grass_modules_xml_path = /usr/local/grass/gui/wxpython/xml/module_items.xml
-grass_default_location = nc_spm_08
 
 [API]
-plugins = []
 force_https_urls = True
 
 [LIMITS]
 max_cell_limit = 22500000
 process_time_limt = 60
 process_num_limit = 20
-number_of_workers = 3
 
 [REDIS]
+worker_logfile = /actinia_core/workspace/tmp/actinia_worker_test.log
 redis_server_url = localhost
 redis_server_port = 6379
-redis_queue_server_url = localhost
-redis_queue_server_port = 6379
-worker_queue_name = actinia_job
-worker_logfile = /actinia_core/workspace/tmp/actinia_worker_test.log
 
 [LOGGING]
-log_interface = fluentd
-log_fluent_host = fluentd
-log_fluent_port = 24224
 log_level = 1
 
 [MISC]
 tmp_workdir = /actinia_core/workspace/tmp
 download_cache = /actinia_core/workspace/download_cache
-secret_key = token_signing_key_changeme
-
-[MANAGEMENT]
-default_user = user
-default_user_group = group

pyproject.toml

@@ -98,11 +98,12 @@ API_Docs = "https://redocly.github.io/redoc/?url=https://actinia.mundialis.de/la
 
 [tool.pytest.ini_options]
 minversion = "6.0"
-addopts = "--cov actinia_core --cov-report term-missing --verbose --tb=line -x"
+addopts = "--cov actinia_core --cov-report term-missing --verbose --tb=line -x -s"
 testpaths = [
     "tests",
 ]
 markers = [
     "dev: test current in development",
     "unittest: completely independent test",
+    "noauth: tests for actinia without authentication",
 ]

src/actinia_core/core/common/app.py

@@ -4,7 +4,7 @@
 # performance processing of geographical data that uses GRASS GIS for
 # computational tasks. For details, see https://actinia.mundialis.de/
 #
-# Copyright (c) 2016-2018 Sören Gebbert and mundialis GmbH & Co. KG
+# Copyright (c) 2016-2023 Sören Gebbert and mundialis GmbH & Co. KG
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -116,9 +116,9 @@
 from actinia_api import API_VERSION, URL_PREFIX
 
 __license__ = "GPLv3"
-__author__ = "Sören Gebbert, Julia Haas"
+__author__ = "Sören Gebbert, Julia Haas, Anika Weinmann"
 __copyright__ = (
-    "Copyright 2016-2021, Sören Gebbert and mundialis GmbH & Co. KG"
+    "Copyright 2016-2023, Sören Gebbert and mundialis GmbH & Co. KG"
 )
 __maintainer__ = "mundialis"
 
@@ -165,11 +165,14 @@
             }
         }
     ]
-else:
+elif global_config.AUTHENTICATION:
     # Set the security definition in an unconventional way
     flask_api._swagger_object["securityDefinitions"] = {
         "basicAuth": {"type": "basic"}
     }
     flask_api._swagger_object["security"] = [{"basicAuth": []}]
 
     auth = HTTPBasicAuth()
+else:
+    # No authentication
+    auth = HTTPBasicAuth()

src/actinia_core/core/common/config.py

@@ -4,7 +4,7 @@
 # performance processing of geographical data that uses GRASS GIS for
 # computational tasks. For details, see https://actinia.mundialis.de/
 #
-# Copyright (c) 2016-2018 Sören Gebbert and mundialis GmbH & Co. KG
+# Copyright (c) 2016-2023 Sören Gebbert and mundialis GmbH & Co. KG
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -34,7 +34,7 @@
 __license__ = "GPLv3"
 __author__ = "Sören Gebbert, Anika Weinmann"
 __copyright__ = (
-    "Copyright 2016-2022, Sören Gebbert and mundialis GmbH & Co. KG"
+    "Copyright 2016-2023, Sören Gebbert and mundialis GmbH & Co. KG"
 )
 __maintainer__ = "mundialis GmbH & Co. KG"
 
@@ -320,6 +320,8 @@ def __init__(self):
         self.PLUGINS = []
         # ENDPOINTS_CONFIG: configuration csv file for endpoints
         self.ENDPOINTS_CONFIG = None
+        # AUTHENTICATION: If set False no authentication is needed
+        self.AUTHENTICATION = True
 
         """
         KEYCLOAK: has only to be set if keycloak server is configured with
@@ -560,6 +562,7 @@ def write(self, path=DEFAULT_CONFIG_PATH):
         config.set("API", "FORCE_HTTPS_URLS", str(self.FORCE_HTTPS_URLS))
         config.set("API", "PLUGINS", str(self.PLUGINS))
         config.set("API", "ENDPOINTS_CONFIG", str(self.ENDPOINTS_CONFIG))
+        config.set("API", "AUTHENTICATION", str(self.AUTHENTICATION))
 
         config.add_section("KEYCLOAK")
         config.set(
@@ -810,6 +813,10 @@ def read(self, path=DEFAULT_CONFIG_PATH):
                     self.ENDPOINTS_CONFIG = config.get(
                         "API", "ENDPOINTS_CONFIG"
                     )
+                if config.has_option("API", "AUTHENTICATION"):
+                    self.AUTHENTICATION = config.getboolean(
+                        "API", "AUTHENTICATION"
+                    )
 
             if config.has_section("KEYCLOAK"):
                 if config.has_option("KEYCLOAK", "CONFIG_PATH"):