diff options
author | Frederick Muriuki Muriithi | 2023-01-20 11:42:49 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2023-01-20 11:48:30 +0300 |
commit | c0db8ccf1be0d43c437fc9e5090e49329a6b2911 (patch) | |
tree | ecb600f941bc8bf3c6868a2a9f8e61940ce1e37e /gn3/auth/authentication/oauth2 | |
parent | c843e14249be425e20dcb8cbb6653e49c22298de (diff) | |
download | genenetwork3-c0db8ccf1be0d43c437fc9e5090e49329a6b2911.tar.gz |
auth: Setup the user correctly
* gn3/auth/authentication/oauth2/grants/password_grant.py: Return user rather
than boolean
* gn3/auth/authentication/oauth2/models/oauth2client.py: provide optional
`user` argument to allow flexibility in setting up the client's user
* gn3/auth/authentication/oauth2/models/oauth2token.py: Set token and client
user correctly
* gn3/auth/authentication/oauth2/server.py: Set token user from the request
Diffstat (limited to 'gn3/auth/authentication/oauth2')
4 files changed, 11 insertions, 9 deletions
diff --git a/gn3/auth/authentication/oauth2/grants/password_grant.py b/gn3/auth/authentication/oauth2/grants/password_grant.py index 91fdb7c..3ec7384 100644 --- a/gn3/auth/authentication/oauth2/grants/password_grant.py +++ b/gn3/auth/authentication/oauth2/grants/password_grant.py @@ -15,4 +15,4 @@ class PasswordGrant(grants.ResourceOwnerPasswordCredentialsGrant): with db.connection(app.config["AUTH_DB"]) as conn: return user_by_email(conn, username).maybe( None, - lambda user: valid_login(conn, user, password)) + lambda user: valid_login(conn, user, password) and user) diff --git a/gn3/auth/authentication/oauth2/models/oauth2client.py b/gn3/auth/authentication/oauth2/models/oauth2client.py index efaff54..ac3bdb1 100644 --- a/gn3/auth/authentication/oauth2/models/oauth2client.py +++ b/gn3/auth/authentication/oauth2/models/oauth2client.py @@ -2,7 +2,7 @@ import json import uuid import datetime -from typing import NamedTuple, Sequence +from typing import Sequence, Optional, NamedTuple from pymonad.maybe import Just, Maybe, Nothing @@ -127,12 +127,15 @@ class OAuth2Client(NamedTuple): """Return the default redirect uri""" return self.client_metadata.get("default_redirect_uri", "") -def client(conn: db.DbConnection, client_id: uuid.UUID) -> Maybe: +def client(conn: db.DbConnection, client_id: uuid.UUID, + user: Optional[User] = None) -> Maybe: """Retrieve a client by its ID""" with db.cursor(conn) as cursor: cursor.execute( "SELECT * FROM oauth2_clients WHERE client_id=?", (str(client_id),)) result = cursor.fetchone() + the_user = user or user_by_id(conn, result["user_id"]).maybe( + None, lambda usr: usr) if result: return Just( OAuth2Client(uuid.UUID(result["client_id"]), @@ -142,8 +145,6 @@ def client(conn: db.DbConnection, client_id: uuid.UUID) -> Maybe: datetime.datetime.fromtimestamp( result["client_secret_expires_at"]), json.loads(result["client_metadata"]), - user_by_id( # type: ignore[misc] - conn, uuid.UUID(result["user_id"])).maybe( - None, lambda usr: usr))) + the_user)) return Nothing diff --git a/gn3/auth/authentication/oauth2/models/oauth2token.py b/gn3/auth/authentication/oauth2/models/oauth2token.py index 70421b4..ce7caae 100644 --- a/gn3/auth/authentication/oauth2/models/oauth2token.py +++ b/gn3/auth/authentication/oauth2/models/oauth2token.py @@ -49,9 +49,10 @@ class OAuth2Token(NamedTuple): return self.revoked def __token_from_resultset__(conn: db.DbConnection, rset) -> Maybe: - the_client = client(conn, uuid.UUID(rset["client_id"])) - the_user = user_by_id(conn, uuid.UUID(rset["user_id"])) __identity__ = lambda val: val + the_user = user_by_id(conn, uuid.UUID(rset["user_id"])) + the_client = client(conn, uuid.UUID(rset["client_id"]), + the_user.maybe(None, __identity__)) if the_client.is_just() and the_user.is_just(): return Just(OAuth2Token(token_id=uuid.UUID(rset["token_id"]), diff --git a/gn3/auth/authentication/oauth2/server.py b/gn3/auth/authentication/oauth2/server.py index 960625d..73c9340 100644 --- a/gn3/auth/authentication/oauth2/server.py +++ b/gn3/auth/authentication/oauth2/server.py @@ -36,7 +36,7 @@ def create_save_token_func(token_model: type) -> Callable: save_token( conn, token_model( token_id=uuid.uuid4(), client=request.client, - user=request.client.user, + user=request.user, **{ "refresh_token": None, "revoked": False, "issued_at": datetime.datetime.now(), |