Access directly with B2SAFE credentials

pdonorio commented 7 years ago

Can we store the irods prc session serialized/hashed in a database?

If yes we can allow login through an /auth/b2safe and use that token to reuse the session.

pdonorio commented 7 years ago

I may try to use pickle as a serializer of the prc session object.

pdonorio commented 7 years ago

If I try a pickle.dump of a working irods session I get the error:

TypeError: can't pickle lock objects

Looking around this problem is very common on complex python objects.

The most promising option is to create two new methods extending the class of the instance to serialize, in our case iRODSSession, to make modification when you store and when you get the object with pickle. I understood it by reading this post: http://sharats.me/serializing-python-requests-session-objects-for-fun-and-profit.html

pdonorio commented 7 years ago

This is the whole content of a session object:

>>> from beeprint import pp
>>> pp(session)

instance(iRODSPickleSession):
  collections: instance(CollectionManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  data_objects: instance(DataObjectManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  host: 'rodserver.dockerized.io',
  metadata: instance(MetadataManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  numThreads: 0,
  permissions: instance(AccessManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  pool: instance(Pool):
    _lock: <unlocked _thread.lock object at 0x7ffa88b5dee0>,
    account: instance(iRODSAccount):
      authentication_scheme: 'password',
      client_user: 'irods',
      client_zone: 'tempZone',
      host: 'rodserver.dockerized.io',
      password: 'chooseapasswordwisely',
      port: 1247,
      proxy_user: 'irods',
      proxy_zone: 'tempZone',
      server_dn: None,
    active: set(),
    idle: set(),
  port: 1247,
  resources: instance(ResourceManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  user_groups: instance(UserGroupManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  username: 'irods',
  users: instance(UserManager):
    sess: <Recursion on instance(iRODSPickleSession) with id=140714144776656>,
  zone: 'tempZone'

Now the interesting part is:

  pool: instance(Pool):
    _lock: <unlocked _thread.lock object at 0x7ffa88b5dee0>,

So the pool instance has a lock on a thread and that cannot be serialized. I must find a way to skip the pool object from being saved and recreate it when the pickle object is reloaded.

pdonorio commented 7 years ago

Things to do:

[x] create a class extending the irodssession
[x] add encode/decode methods for pickle
[x] add base64 encoding on the byte string
[x] create endpoint for login with irods (a b2safe proxy in /auth/b2safeproxy POST)
[x] save the string in postgres
[x] same endpoint but request authorization in GET
[x] better unittests

pdonorio commented 7 years ago

The basic concept of serializing an irods session and save it inside the database associated with a token, works.

I opened #88 for selecting what to do based on token received: B2ACCESS or B2SAFE

EUDAT-B2STAGE / http-api

Access directly with B2SAFE credentials #83