diff options
| author | John Nduli | 2024-07-31 10:54:43 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-08-02 15:46:54 -0500 |
| commit | 9326efb5dcec9ba4f030cc8c87e207da6f3027c7 (patch) | |
| tree | 232548d1f885fc049d8c7f1cba207a93b8e418c1 | |
| parent | f540322213fc7949695283a82eb8513c4a8a7f3e (diff) | |
| download | gn-auth-9326efb5dcec9ba4f030cc8c87e207da6f3027c7.tar.gz | |
feat: improve local set up utility functions
Ensures running `init_dev_users` and `init_dev_clients` multiple times succeeds and updates the local database entry. Also provide a custom flag to set the gn2's client url and add jwt-bearer to list of accepted grants.
| -rw-r--r-- | gn_auth/wsgi.py | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/gn_auth/wsgi.py b/gn_auth/wsgi.py index 676d1fc..c91c564 100644 --- a/gn_auth/wsgi.py +++ b/gn_auth/wsgi.py @@ -52,7 +52,6 @@ def setup_loggers() -> Callable[[Flask], None]: "SERVER_SOFTWARE", "").split('/') return gunicorn_loggers if bool(software) else dev_loggers -# app = create_app() app = create_app(setup_logging=setup_loggers()) ##### BEGIN: CLI Commands ##### @@ -66,8 +65,14 @@ def apply_migrations(): def __init_dev_users__(): """Initialise dev users. Get's used in more than one place""" - dev_users_query = "INSERT INTO users VALUES (:user_id, :email, :name)" - dev_users_passwd = "INSERT INTO user_credentials VALUES (:user_id, :hash)" + dev_users_query = """ + INSERT INTO users (user_id, email, name, verified) + VALUES (:user_id, :email, :name, 1) + ON CONFLICT(email) DO UPDATE SET + name=excluded.name, + verified=excluded.verified + """ + dev_users_passwd = "INSERT OR REPLACE INTO user_credentials VALUES (:user_id, :hash)" dev_users = ({ "user_id": "0ad1917c-57da-46dc-b79e-c81c91e5b928", "email": "test@development.user", @@ -90,18 +95,26 @@ def init_dev_users(): __init_dev_users__() @app.cli.command() -def init_dev_clients(): +@click.option('--client-uri', default= "http://localhost:5033", type=str) +def init_dev_clients(client_uri): """ Initialise a development client for OAuth2 sessions. **NOTE**: You really should not run this in production/staging """ + client_uri = client_uri.lstrip("/") __init_dev_users__() - dev_clients_query = ( - "INSERT INTO oauth2_clients VALUES (" - ":client_id, :client_secret, :client_id_issued_at, " - ":client_secret_expires_at, :client_metadata, :user_id" - ")") + dev_clients_query = """ + INSERT INTO oauth2_clients VALUES ( + :client_id, :client_secret, :client_id_issued_at, + :client_secret_expires_at, :client_metadata, :user_id + ) + ON CONFLICT(client_id) DO UPDATE SET + client_secret=excluded.client_secret, + client_secret_expires_at=excluded.client_secret_expires_at, + client_metadata=excluded.client_metadata, + user_id=excluded.user_id + """ dev_clients = ({ "client_id": "0bbfca82-d73f-4bd4-a140-5ae7abb4a64d", "client_secret": "yadabadaboo", @@ -112,10 +125,11 @@ def init_dev_clients(): "token_endpoint_auth_method": [ "client_secret_post", "client_secret_basic"], "client_type": "confidential", - "grant_types": ["password", "authorization_code", "refresh_token"], - "default_redirect_uri": "http://localhost:5033/oauth2/code", - "redirect_uris": ["http://localhost:5033/oauth2/code", - "http://localhost:5033/oauth2/token"], + "grant_types": ["password", "authorization_code", "refresh_token", + "urn:ietf:params:oauth:grant-type:jwt-bearer"], + "default_redirect_uri": f"{client_uri}/oauth2/code", + "redirect_uris": [f"{client_uri}/oauth2/code", + f"{client_uri}/oauth2/token"], "response_type": ["code", "token"], "scope": ["profile", "group", "role", "resource", "register-client", "user", "masquerade", "migrate-data", "introspect"] |