feat: jsonschema validation for backend

apis/authentication.py

@@ -9,8 +9,10 @@
 from typing import Any, Union
 
 import jwt
+from email_validator import EmailNotValidError, validate_email
 from flask import g, make_response, request
 from flask_restx import Namespace, Resource, fields
+from jsonschema import FormatChecker, ValidationError, validate
 
 import model
 
@@ -46,10 +48,71 @@ class SignUpUser(Resource):
     def post(self):
         """signs up the new users and saves data in DB"""
         data: Union[Any, dict] = request.json
-        # TODO data[email doesnt exist then raise error; json validation library
-        pattern = r"^[\w\.-]+@[\w\.-]+\.\w+$"
-        if not data["email_address"] or not re.match(pattern, data["email_address"]):
-            return "Email address is invalid", 422
+
+        def validate_is_valid_email(instance):
+            # Turn on check_deliverability
+            # for first-time validations like on account creation pages (but not
+            # login pages).
+            email_address = instance
+            try:
+                validate_email(email_address, check_deliverability=False)
+                return True
+            except EmailNotValidError as e:
+                raise ValidationError("Invalid email address format") from e
+
+        def validate_password(instance):
+            password = instance
+            # Check if password is at least 8 characters long
+            if len(password) < 8:
+                raise ValidationError("Password must be at least 8 characters long")
+
+            # Check if password contains at least one lowercase letter
+            if not re.search(r"[a-z]", password):
+                raise ValidationError(
+                    "Password must contain at least one lowercase letter"
+                )
+
+            # Check if password contains at least one uppercase letter
+            if not re.search(r"[A-Z]", password):
+                raise ValidationError(
+                    "Password must contain at least one uppercase letter"
+                )
+
+            # Check if password contains at least one digit
+            if not re.search(r"[0-9]", password):
+                raise ValidationError("Password must contain at least one digit")
+
+            # Check if password contains at least one special character
+            if not re.search(r"[~`!@#$%^&*()_+\-={[}\]|:;\"'<,>.?/]", password):
+                raise ValidationError(
+                    "Password must contain at least one special character"
+                )
+
+            return True
+
+        # Schema validation
+        schema = {
+            "type": "object",
+            "required": ["email_address", "password"],
+            "additionalProperties": False,
+            "properties": {
+                "email_address": {"type": "string", "format": "valid_email"},
+                "password": {
+                    "type": "string",
+                    "format": "password",
+                },
+            },
+        }
+
+        format_checker = FormatChecker()
+        format_checker.checks("valid_email")(validate_is_valid_email)
+        format_checker.checks("password")(validate_password)
+
+        try:
+            validate(instance=data, schema=schema, format_checker=format_checker)
+        except ValidationError as e:
+            return e.message, 400
+
         user = model.User.query.filter_by(
             email_address=data["email_address"]
         ).one_or_none()
@@ -80,8 +143,40 @@ def post(self):
 
         email_address = data["email_address"]
 
-        user = model.User.query.filter_by(email_address=email_address).one_or_none()
+        def validate_is_valid_email(instance):
+            print("within is_valid_email")
+            email_address = instance
+            print(email_address)
+            try:
+                validate_email(email_address)
+                return True
+            except EmailNotValidError as e:
+                raise ValidationError("Invalid email address format") from e
+
+        # Schema validation
+        schema = {
+            "type": "object",
+            "required": ["email_address", "password"],
+            "additionalProperties": False,
+            "properties": {
+                "email_address": {
+                    "type": "string",
+                    "format": "valid email",
+                    "error_message": "Invalid email address",
+                },
+                "password": {"type": "string", "minLength": 8},
+            },
+        }
+
+        format_checker = FormatChecker()
+        format_checker.checks("valid email")(validate_is_valid_email)
+
+        try:
+            validate(instance=data, schema=schema, format_checker=format_checker)
+        except ValidationError as e:
+            return e.message, 400
 
+        user = model.User.query.filter_by(email_address=email_address).one_or_none()
         if not user:
             return "Invalid credentials", 401
 

apis/dataset.py

@@ -79,7 +79,7 @@ def put(self, study_id: int, dataset_id: int):
         study = model.Study.query.get(study_id)
         if not is_granted("update_dataset", study):
             return "Access denied, you can not modify", 403
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         data_obj = model.Dataset.query.get(dataset_id)
         data_obj.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_consent.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -31,7 +33,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in dataset_consent_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         dataset_consent_ = dataset_.dataset_consent.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_date.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -27,7 +29,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in dataset_date_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         dataset_date_ = dataset_.dataset_date.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_de_ident_level.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -31,7 +33,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in de_ident_level_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         de_ident_level_ = dataset_.dataset_de_ident_level.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_managing_organization.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -26,7 +28,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in managing_organization_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         managing_organization_ = dataset_.dataset_managing_organization.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_other.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -30,7 +32,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in dataset_other_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         dataset_other_ = dataset_.dataset_other.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_readme.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -22,7 +24,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in dataset_readme_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         dataset_readme_ = dataset_.dataset_readme.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_record_keys.py

@@ -1,3 +1,5 @@
+import typing
+
 from flask import request
 from flask_restx import Resource, fields
 
@@ -26,7 +28,7 @@ def get(self, study_id: int, dataset_id: int):
         return [d.to_dict() for d in dataset_record_keys_]
 
     def put(self, study_id: int, dataset_id: int):
-        data = request.json
+        data: typing.Union[dict, typing.Any] = request.json
         dataset_ = model.Dataset.query.get(dataset_id)
         dataset_record_keys_ = dataset_.dataset_de_ident_level.update(data)
         model.db.session.commit()

apis/dataset_metadata/dataset_related_item.py

@@ -40,7 +40,7 @@ def post(self, study_id: int, dataset_id: int):
     )
     class DatasetRelatedItemUpdate(Resource):
         def put(self, study_id: int, dataset_id: int, related_item_id: int):
-            data = request.json
+            data: Union[Any, dict] = request.json
             dataset_related_item_ = model.DatasetRelatedItem.query.get(related_item_id)
             dataset_related_item_.update(data)
             model.db.session.commit()

apis/study.py

@@ -2,6 +2,7 @@
 
 from flask import g, request
 from flask_restx import Namespace, Resource, fields, reqparse
+from jsonschema import ValidationError, validate
 
 import model
 
@@ -55,7 +56,25 @@ def get(self):
     @api.response(200, "Success")
     @api.response(400, "Validation Error")
     def post(self):
+        """Create a new study"""
+        # Schema validation
+        schema = {
+            "type": "object",
+            "required": ["title", "image"],
+            "additionalProperties": False,
+            "properties": {
+                "title": {"type": "string", "minLength": 1},
+                "image": {"type": "string", "minLength": 1},
+            },
+        }
+
+        try:
+            validate(request.json, schema)
+        except ValidationError as e:
+            return e.message, 400
+
         data: Union[Any, dict] = request.json
+
         add_study = model.Study.from_data(data)
         model.db.session.add(add_study)
         study_id = add_study.id
@@ -81,6 +100,23 @@ def get(self, study_id: int):
     @api.response(400, "Validation Error")
     @api.doc(description="Update a study's details")
     def put(self, study_id: int):
+        """Update a study"""
+        # Schema validation
+        schema = {
+            "type": "object",
+            "required": ["title", "image"],
+            "additionalProperties": False,
+            "properties": {
+                "title": {"type": "string", "minLength": 1},
+                "image": {"type": "string", "minLength": 1},
+            },
+        }
+
+        try:
+            validate(request.json, schema)
+        except ValidationError as e:
+            return e.message, 400
+
         update_study = model.Study.query.get(study_id)
         if not is_granted("update_study", update_study):
             return "Access denied, you can not modify", 403

apis/study_metadata/study_arm.py

@@ -3,6 +3,7 @@
 
 from flask import request
 from flask_restx import Resource, fields
+from jsonschema import ValidationError, validate
 
 import model
 from apis.study_metadata_namespace import api
@@ -46,6 +47,43 @@ def get(self, study_id):
 
     def post(self, study_id):
         """Create study arm metadata"""
+        # Schema validation
+        schema = {
+            "type": "array",
+            "items": {
+                "type": "object",
+                "additionalProperties": False,
+                "properties": {
+                    "label": {"type": "string", "minLength": 1},
+                    "type": {
+                        "type": "string",
+                        "enum": [
+                            "Experimental",
+                            "Active Comparator",
+                            "Placebo Comparator",
+                            "Sham Comparator",
+                            "No Intervention",
+                            "Other",
+                        ],
+                    },
+                    "description": {"type": "string", "minLength": 1},
+                    "intervention_list": {
+                        "type": "array",
+                        "items": {"type": "string", "minLength": 1},
+                        "minItems": 1,
+                        "uniqueItems": True,
+                    },
+                },
+                "required": ["label", "type", "description", "intervention_list"],
+            },
+            "uniqueItems": True,
+        }
+
+        try:
+            validate(request.json, schema)
+        except ValidationError as e:
+            return e.message, 400
+
         study: model.Study = model.Study.query.get(study_id)
         if not is_granted("study_metadata", study):
             return "Access denied, you can not delete study", 403