merges and version update

deploy/k8s/base/ingress.yaml

@@ -1,7 +1,7 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name:  divdb-api-ingress
+  name:  geneweaver-api-ingress
   annotations:
     # NOTE: When deploying a new instance, make sure to use the staging issuer first
     # so that you don't hit the rate limit for the production issuer.

deploy/k8s/overlays/jax-cluster-dev-10--dev/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name:  geneweaver-api-ingress
+  annotations:
+    # NOTE: When deploying a new instance, make sure to use the staging issuer first
+    # so that you don't hit the rate limit for the production issuer.
+    # cert-manager.io/cluster-issuer: "letsencrypt-staging"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/auth-url: "https://auth.jax-cluster-dev-10.jax.org/oauth2/auth"
+    nginx.ingress.kubernetes.io/auth-signin: "https://auth.jax-cluster-dev-10.jax.org/oauth2/start?rd=https://$http_host$escaped_request_uri"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - "geneweaver-dev.jax.org"
+      secretName: geneweaver-dev-jax-org-tls
+  rules:
+  - host: "geneweaver-dev.jax.org"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/api"
+        backend:
+          service:
+            name: geneweaver-api
+            port:
+              number: 8000

deploy/k8s/overlays/jax-cluster-dev-10--dev/kustomization.yaml

@@ -6,6 +6,10 @@ namespace: dev
 bases:
 - ../../base
 
+# NOTE: When applying production ingress, replace this with a patch
+resources:
+  - ingress.yaml
+
 #patchesStrategicMerge:
 #  - configmap.yaml
 #  - ingress.yaml

deploy/k8s/overlays/jax-cluster-dev-10--sqa/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name:  geneweaver-api-ingress
+  annotations:
+    # NOTE: When deploying a new instance, make sure to use the staging issuer first
+    # so that you don't hit the rate limit for the production issuer.
+    # cert-manager.io/cluster-issuer: "letsencrypt-staging"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/auth-url: "https://auth.jax-cluster-dev-10.jax.org/oauth2/auth"
+    nginx.ingress.kubernetes.io/auth-signin: "https://auth.jax-cluster-dev-10.jax.org/oauth2/start?rd=https://$http_host$escaped_request_uri"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - "geneweaver-sqa.jax.org"
+      secretName: geneweaver-sqa-jax-org-tls
+  rules:
+  - host: "geneweaver-sqa.jax.org"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/api"
+        backend:
+          service:
+            name: geneweaver-api
+            port:
+              number: 8000

deploy/k8s/overlays/jax-cluster-dev-10--sqa/kustomization.yaml

@@ -6,6 +6,10 @@ namespace: sqa
 bases:
 - ../../base
 
+# NOTE: When applying production ingress, replace this with a patch
+resources:
+  - ingress.yaml
+
 #patchesStrategicMerge:
 #  - configmap.yaml
 #  - ingress.yaml

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "geneweaver-api"
-version = "0.0.1a3"
+version = "0.0.1a7"
 description = "description"
 authors = ["Jax Computational Sciences <cssc@jax.org>"]
 packages = [
@@ -10,10 +10,10 @@ packages = [
 [tool.poetry.dependencies]
 python = "^3.9"
 
-geneweaver-core = "^0.8.0a0"
+geneweaver-core = "^0.8.0a1"
 fastapi = {extras = ["all"], version = "^0.99.1"}
 uvicorn = {extras = ["standard"], version = "^0.24.0"}
-geneweaver-db = "^0.2.1a0"
+geneweaver-db = "^0.2.1a2"
 psycopg-pool = "^3.1.7"
 requests = "^2.31.0"
 python-jose = {extras = ["cryptography"], version = "^3.3.0"}

src/geneweaver/api/core/exceptions.py

@@ -10,6 +10,14 @@ def __init__(self, **kwargs) -> None:  # noqa: ANN003
         super().__init__(401, **kwargs)
 
 
+class AuthenticationMismatch(HTTPException):
+    """Exception for mismatched authentication."""
+
+    def __init__(self, **kwargs) -> None:  # noqa: ANN003
+        """Initialize the exception."""
+        super().__init__(401, **kwargs)
+
+
 class Auth0UnauthorizedException(HTTPException):
     """Exception for unauthorized requests."""
 

src/geneweaver/api/dependencies.py

@@ -6,8 +6,9 @@
 import psycopg
 from fastapi import Depends
 from geneweaver.api.core.config import settings
+from geneweaver.api.core.exceptions import AuthenticationMismatch
 from geneweaver.api.core.security import Auth0, UserInternal
-from geneweaver.db.user import by_sso_id
+from geneweaver.db import user as db_user
 from psycopg.rows import dict_row
 
 auth = Auth0(
@@ -41,7 +42,22 @@ async def full_user(
     @param cursor: DB cursor
     @param user: GW user.
     """
-    user.id = by_sso_id(cursor, user.sso_id)[0]["usr_id"]
+    try:
+        user.id = db_user.by_sso_id_and_email(cursor, user.sso_id, user.email)[0][
+            "usr_id"
+        ]
+    except IndexError as e:
+        if db_user.sso_id_exists(cursor, user.sso_id):
+            raise AuthenticationMismatch(
+                detail="Email and SSO ID Mismatch. Please contact and administrator."
+            ) from e
+        elif db_user.email_exists(cursor, user.email):
+            user.id = db_user.link_user_id_with_sso_id(cursor, user.id, user.sso_id)
+        else:
+            user.id = db_user.create_sso_user(
+                cursor, user.name, user.email, user.sso_id
+            )
+
     yield user