diff options
| author | Claude Sonnet 4.6 | 2026-06-03 00:00:00 +0000 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2026-06-03 14:40:38 -0500 |
| commit | a42f2e1e64ca82ea30a4ce217c6e22f6bae3973c (patch) | |
| tree | 7567d212a0f7c7f32d71645ca85750909e5b8245 | |
| parent | 7c44220d2a2683c17369dcf4d6b24d8dd2df62ab (diff) | |
| download | gn-auth-a42f2e1e64ca82ea30a4ce217c6e22f6bae3973c.tar.gz | |
wsgi: add create-test-oauth2-client command
Add create-test-oauth2-client which reads the users-file produced by create-test-users to find the client owner, auto-generates the client name with the session timestamp, and delegates to __create_one_client__.
| -rw-r--r-- | gn_auth/wsgi.py | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/gn_auth/wsgi.py b/gn_auth/wsgi.py index 0feb69a..7fa544c 100644 --- a/gn_auth/wsgi.py +++ b/gn_auth/wsgi.py @@ -387,6 +387,52 @@ def create_oauth2_client(client_name, owner_id, redirect_uris, scopes, __write_output__({"client": record}, output_path) + +@app.cli.command() +@click.option("--session-timestamp", required=True, + help="Compact ISO 8601 UTC timestamp (e.g. 20260602T122700Z)") +@click.option("--users-file", required=True, type=click.Path(exists=True), + help="Credentials file produced by create-test-users") +@click.option("--owner-role", default="system-admin", show_default=True, + help="Role of the user in users-file to assign as client owner") +@click.option("--output", "output_path", required=True, type=click.Path(), + help="Write credentials as JSON to this file (0600 permissions)") +def create_test_oauth2_client(session_timestamp, users_file, owner_role, + output_path): + """Create an ephemeral OAuth2 client for a test session. + + Reads the credentials file produced by create-test-users to find the + owner. Client name and secret are auto-generated using the session + timestamp. Output is written with 0600 permissions. + """ + with open(users_file) as f: + users_data = json.load(f) + + owner_record = next( + (u for u in users_data.get("users", []) if u["role"] == owner_role), + None) + if owner_record is None: + print( + f"No user with role {owner_role!r} found in {users_file}", + file=sys.stderr) + sys.exit(1) + + client_name = f"gn-test-client-{session_timestamp}" + + with db.connection(app.config["AUTH_DB"]) as conn: + try: + owner = user_by_id(conn, uuid.UUID(owner_record["user_id"])) + except NotFoundError: + print( + f"Owner user {owner_record['user_id']!r} not found in DB", + file=sys.stderr) + sys.exit(1) + record = __create_one_client__(conn, client_name, owner, tuple()) + + __write_output__( + {"session_timestamp": session_timestamp, "client": record}, + output_path) + ##### END: CLI Commands ##### if __name__ == '__main__': |