diff options
| author | John Nduli | 2024-08-12 12:15:27 +0300 |
|---|---|---|
| committer | Munyoki Kilyungi | 2024-08-14 10:51:43 +0300 |
| commit | 812d140c6b5a54f48e4f2af956257246a3837962 (patch) | |
| tree | 19fbbec209df519376886fdfc64f05bbbe6092d2 | |
| parent | 665a1edef6f90d60899fe185b7d978423b554761 (diff) | |
| download | gn-auth-812d140c6b5a54f48e4f2af956257246a3837962.tar.gz | |
refactor: move newest_jwk_with_rotation function to jwks.py
We have a similar jwk module in gn2 that does similar functionality.
Moving the newest_jwk_with_rotation function to the module ensures
that there's some consistency between both modules so that when we
ever want to remove the duplication (e.g. by creating some python pip
package) it's easier.
| -rw-r--r-- | gn_auth/auth/authentication/oauth2/server.py | 19 | ||||
| -rw-r--r-- | gn_auth/auth/jwks.py | 17 |
2 files changed, 18 insertions, 18 deletions
diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py index ba5abe8..7b65c8e 100644 --- a/gn_auth/auth/authentication/oauth2/server.py +++ b/gn_auth/auth/authentication/oauth2/server.py @@ -15,7 +15,7 @@ from authlib.integrations.flask_helpers import create_oauth_request from gn_auth.auth.db import sqlite3 as db from gn_auth.auth.jwks import ( - list_jwks, newest_jwk, jwks_directory, generate_and_save_private_key) + list_jwks, newest_jwk_with_rotation, jwks_directory, generate_and_save_private_key) from .models.oauth2client import client as fetch_client from .models.oauth2token import OAuth2Token, save_token @@ -96,23 +96,6 @@ def create_save_token_func(token_model: type, app: Flask) -> Callable: return __save_token__ -def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey: - """ - Retrieve the latests JWK, creating a new one if older than `keyage` days. - """ - def newer_than_days(jwkey): - filestat = os.stat(Path( - jwksdir, f"{jwkey.as_dict()['kid']}.private.pem")) - oldesttimeallowed = (datetime.now() - timedelta(days=keyage)) - if filestat.st_ctime < (oldesttimeallowed.timestamp()): - return Left("JWK is too old!") - return jwkey - - return newest_jwk(jwksdir).then(newer_than_days).either( - lambda _errmsg: generate_and_save_private_key(jwksdir), - lambda key: key) - - def make_jwt_token_generator(app): """Make token generator function.""" def __generator__(# pylint: disable=[too-many-arguments] diff --git a/gn_auth/auth/jwks.py b/gn_auth/auth/jwks.py index 1352b95..810a162 100644 --- a/gn_auth/auth/jwks.py +++ b/gn_auth/auth/jwks.py @@ -67,3 +67,20 @@ def newest_jwk(storagedir: Path) -> Either: if len(existingkeys) > 0: return Right(pem_to_jwk(existingkeys[-1][1])) return Left("No JWKs exist") + + +def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey: + """ + Retrieve the latests JWK, creating a new one if older than `keyage` days. + """ + def newer_than_days(jwkey): + filestat = os.stat(Path( + jwksdir, f"{jwkey.as_dict()['kid']}.private.pem")) + oldesttimeallowed = (datetime.now() - timedelta(days=keyage)) + if filestat.st_ctime < (oldesttimeallowed.timestamp()): + return Left("JWK is too old!") + return jwkey + + return newest_jwk(jwksdir).then(newer_than_days).either( + lambda _errmsg: generate_and_save_private_key(jwksdir), + lambda key: key) |