Merge pull request #17 from CSCfi/spring-cleaning-at-autumn

Spring cleaning at autumn

.coveragerc

@@ -19,5 +19,8 @@ exclude_lines =
     if __name__ == .__main__.:
     if not args:
 
+    # Dont test lines with this comment
+    pragma: no cover
+
 
 ignore_errors = True

.github/workflows/style.yml

@@ -0,0 +1,32 @@
+name: Python style check
+
+on: [push]
+
+jobs:
+  style_check:
+    strategy:
+      max-parallel: 4
+      matrix:
+        os: [ubuntu-latest]
+        python-version: [3.7]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v1
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Black formatting check
+      run: tox -e black
+    - name: Flake8 syntax check
+      run: tox -e flake8
+    - name: Test function types
+      run: tox -e mypy
+    - name: Static vulnerability check
+      run: tox -e bandit

.github/workflows/unit.yml

@@ -0,0 +1,36 @@
+name: Python Unit Tests
+
+on: [push]
+
+jobs:
+  unit_test:
+    strategy:
+      max-parallel: 4
+      matrix:
+        os: [ubuntu-latest]
+        python-version: [3.6, 3.7]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v1
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install libcurl-devel
+      run: |
+        sudo apt update
+        sudo apt-get install libcurl4-openssl-dev
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Run unit tests for python 3.6
+      if: ${{ matrix.python-version == '3.6' }}
+      run: tox -e unit_tests
+    - name: Run unit tests for python 3.7
+      if: ${{ matrix.python-version == '3.7' }}
+      env:
+        COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
+      run: tox -e unit_tests

README.md

@@ -1,11 +1,10 @@
 ## OIDC Client
 
-[![Build Status](https://travis-ci.org/CSCfi/oidc-client.svg?branch=master)](https://travis-ci.org/CSCfi/oidc-client)
+![Python Unit Tests](https://github.com/CSCfi/oidc-client/workflows/Python%20Unit%20Tests/badge.svg?branch=master)
 [![Coverage Status](https://coveralls.io/repos/github/CSCfi/oidc-client/badge.svg)](https://coveralls.io/github/CSCfi/oidc-client)
 [![Documentation Status](https://readthedocs.org/projects/csc-oidc-client/badge/?version=latest)](https://csc-oidc-client.readthedocs.io/en/latest/?badge=latest)
 
 CSC OIDC Client is a lightweight [aiohttp](https://aiohttp.readthedocs.io/en/stable/) web application used for interacting with OIDC servers.
-The source code is delivered with [ELIXIR AAI](https://elixir-europe.org/services/compute/aai) integration.
 
 ### Quick Start
 

docs/api.rst

@@ -1,7 +1,7 @@
 API Endpoints
 =============
 
-OIDC Client consists of four endpoints: ``/``, ``/login``, ``/logout``, ``/callback``.
+OIDC Client consists of five endpoints: ``/``, ``/login``, ``/logout``, ``/callback`` and ``/token``.
 
 .. _index:
 
@@ -30,21 +30,24 @@ Upon returning to the OIDC Client from the AAI server, OIDC Client extracts ``st
 and uses these values to request a token from the AAI server. Upon a successful retrieval of an access token, the access token
 is saved to the browser cookies.
 
-Some of the created cookies can be considered _unsafe_ (not `http_only`) for the purpose of displaying values in UI for logged in state and bona fide status.
+Some of the created cookies can be considered _unsafe_ (not `http_only`) for the purpose of displaying values in UI for logged in state.
+
+Token
+~~~~~
+
+Display token from encrypted session storage for easy retrieval. Alternate way to inspect the access token is to look at the browser cookies.
 
 Cookies
 ~~~~~~~
 
 Cookies created and used by the OIDC Client and their default settings.
 
-+---------------+-----------+----------------------------------------------------+----------+--------+-----------+
-| Cookie        | Origin    | Purpose                                            | Lifetime | Secure | Http Only |
-+===============+===========+====================================================+==========+========+===========+
-| oidc_state    | /login    | Store state at login to be checked upon callback   | 5 min    | True   | True      |
-+---------------+-----------+----------------------------------------------------+----------+--------+-----------+
-| access_token  | /callback | Sent along requests for authorizing access to data | 1 hour   | True   | True      |
-+---------------+-----------+----------------------------------------------------+----------+--------+-----------+
-| logged_in     | /callback | Used to display logged in state in UI              | 1 hour   | True   | False     |
-+---------------+-----------+----------------------------------------------------+----------+--------+-----------+
-| bona_fide     | /callback | Used to display bona fide status in UI             | 1 hour   | True   | False     |
-+---------------+-----------+----------------------------------------------------+----------+--------+-----------+
++-----------------+-----------+---------------------------------------------------------------------------------------------------------------------+----------+--------+-----------+
+| Cookie          | Origin    | Purpose                                                                                                             | Lifetime | Secure | Http Only |
++-----------------+-----------+---------------------------------------------------------------------------------------------------------------------+----------+--------+-----------+
+| AIOHTTP_SESSION | /login    | Store state at login to be checked upon callback. Store access token at callback to be displayed at token endpoint. | Session  | True   | True      |
++-----------------+-----------+---------------------------------------------------------------------------------------------------------------------+----------+--------+-----------+
+| access_token    | /callback | Sent along same-domain requests for authorizing access to data                                                      | 1 hour   | True   | True      |
++-----------------+-----------+---------------------------------------------------------------------------------------------------------------------+----------+--------+-----------+
+| logged_in       | /callback | Used to display logged in state in UI                                                                               | 1 hour   | True   | False     |
++-----------------+-----------+---------------------------------------------------------------------------------------------------------------------+----------+--------+-----------+

docs/conf.py

@@ -1,16 +1,15 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-import os
 import sys
 import datetime
 
 import oidc_client
 from unittest.mock import MagicMock
-
+from pathlib import Path
 
 # Get the project root dir, which is the parent dir of this
-sys.path.insert(0, os.path.abspath('../oidc_client'))
+sys.path.insert(0, Path(__file__).resolve().parent.joinpath("oidc_client/"))
 
 # -- General configuration ------------------------------------------------
 
@@ -25,7 +24,7 @@ def __getattr__(cls, name):
 
 
 # List modules need to be mocked
-MOCK_MODULES = ['aiohttp']
+MOCK_MODULES = ["aiohttp"]
 sys.modules.update((mod_name, Mock()) for mod_name in MOCK_MODULES)
 
 # If your documentation needs a oidc_client Sphinx version, state it here.
@@ -35,32 +34,34 @@ def __getattr__(cls, name):
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
-extensions = ['sphinx.ext.autodoc',
-              'sphinx.ext.autosummary',
-              'sphinx.ext.coverage',
-              'sphinx.ext.ifconfig',
-              'sphinx.ext.viewcode',
-              'sphinx.ext.githubpages',
-              'sphinx.ext.todo']
+extensions = [
+    "sphinx.ext.autodoc",
+    "sphinx.ext.autosummary",
+    "sphinx.ext.coverage",
+    "sphinx.ext.ifconfig",
+    "sphinx.ext.viewcode",
+    "sphinx.ext.githubpages",
+    "sphinx.ext.todo",
+]
 
 # Add any paths that contain templates here, relative to this directory.
-templates_path = ['templates']
+templates_path = ["templates"]
 
 # The suffix(es) of source filenames.
 # You can specify multiple suffix as a list of string:
 #
 # source_suffix = ['.rst', '.md']
-source_suffix = '.rst'
+source_suffix = ".rst"
 
 # The master toctree document.
-master_doc = 'index'
+master_doc = "index"
 
 # Get current year
 current_year = str(datetime.date.today().year)
 
 # General information about the project.
-project = 'oidc_client'
-copyright = f'{current_year}, {oidc_client.__copyright__} |'
+project = "oidc_client"
+copyright = f"{current_year}, {oidc_client.__copyright__} |"
 author = oidc_client.__author__
 
 # The version info for the project you're documenting, acts as replacement for
@@ -82,10 +83,10 @@ def __getattr__(cls, name):
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
 # This patterns also affecst html_static_path and html_extra_path
-exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+exclude_patterns = ["_build", "Thumbs.db", ".DS_Store"]
 
 # The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
+pygments_style = "sphinx"
 
 # If true, `todo` and `todoList` produce output, else they produce nothing.
 todo_include_todos = False
@@ -95,30 +96,26 @@ def __getattr__(cls, name):
 
 # -- Options for HTML output ----------------------------------------------
 
-html_title = 'OIDC Client'
+html_title = "OIDC Client"
 
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 
-html_theme = 'sphinx_rtd_theme'
-html_theme_options = {
-    'collapse_navigation': True,
-    'sticky_navigation': True,
-    'display_version': True,
-    'prev_next_buttons_location': 'bottom'}
+html_theme = "sphinx_rtd_theme"
+html_theme_options = {"collapse_navigation": True, "sticky_navigation": True, "display_version": True, "prev_next_buttons_location": "bottom"}
 
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['static']
+html_static_path = ["static"]
 
 # Custom sidebar templates, must be a dictionary that maps document names
 # to template names.
 #
 # This is required for the alabaster theme
 # refs: http://alabaster.readthedocs.io/en/latest/installation.html#sidebars
 html_sidebars = {
-    '**': [
+    "**": [
         # 'about.html',
         # 'navigation.html',
         # 'relations.html',  # needs 'show_related': True theme option to display
@@ -127,15 +124,15 @@ def __getattr__(cls, name):
     ]
 }
 
-today_fmt = '%B %d, %Y'
+today_fmt = "%B %d, %Y"
 
 
 def setup(app):
     """Add custom stylesheet."""
-    app.add_stylesheet('custom.css')
+    app.add_stylesheet("custom.css")
 
 
 # -- Other stuff ----------------------------------------------------------
-htmlhelp_basename = 'oidc_client'
-man_pages = [(master_doc, 'oidc_client', [author], 1)]
-texinfo_documents = [(master_doc, 'oidc_client', author, 'Miscellaneous')]
+htmlhelp_basename = "oidc_client"
+man_pages = [(master_doc, "oidc_client", [author], 1)]
+texinfo_documents = [(master_doc, "oidc_client", author, "Miscellaneous")]

docs/configuration.rst

@@ -11,7 +11,7 @@ Default values can be seen in the configuration file parser, they are the right-
 
 .. literalinclude:: /../oidc_client/config/__init__.py
    :language: python
-   :lines: 15-45
+   :lines: 15-42
 
 The default values can be overwritten and saved to file in the ``config.ini`` configuration file.
 The configuration file has three basic sections: ``app`` for application configuration, ``cookie`` for cookie
@@ -25,7 +25,7 @@ Application Configuration
 
 .. literalinclude:: /../oidc_client/config/config.ini
    :language: python
-   :lines: 18-35
+   :lines: 18-29
 
 .. _cookie-conf:
 
@@ -34,7 +34,7 @@ Cookie Settings
 
 .. literalinclude:: /../oidc_client/config/config.ini
    :language: python
-   :lines: 37-54
+   :lines: 31-48
 
 .. _aai-conf:
 
@@ -43,16 +43,7 @@ AAI Server Configuration
 
 .. literalinclude:: /../oidc_client/config/config.ini
    :language: python
-   :lines: 56-97
-
-.. _elixir-conf:
-
-ELIXIR Configuration
-~~~~~~~~~~~~~~~~~~~~
-
-.. literalinclude:: /../oidc_client/config/config.ini
-   :language: python
-   :lines: 99-104
+   :lines: 50-88
 
 .. _env:
 

docs/index.rst

@@ -2,7 +2,6 @@ OIDC Client
 ===========
 
 CSC OIDC Client is a lightweight `aiohttp <https://aiohttp.readthedocs.io/en/stable/>`_ web application used for interacting with OIDC servers.
-The source code is delivered with `ELIXIR AAI <https://elixir-europe.org/services/compute/aai>`_ integration.
 
 Table of Contents
 -----------------

docs/instructions.rst

@@ -74,13 +74,6 @@ To build OIDC Client into an image using ``s2i``:
 
     s2i build . centos/python-36-centos7 cscfi/oidc-client
 
-To build OIDC Client into an image using ``docker`` (NOT YET IMPLEMENTED)
-
-.. code-block:: console
-
-    # Dockerfile not yet written, this feature is not yet implemented!!
-    docker build -t cscfi/oidc-client .
-
 To run the built image with docker:
 
 .. code-block:: console