aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth
diff options
context:
space:
mode:
authorJohn Nduli2024-08-12 12:15:27 +0300
committerMunyoki Kilyungi2024-08-14 10:51:43 +0300
commit812d140c6b5a54f48e4f2af956257246a3837962 (patch)
tree19fbbec209df519376886fdfc64f05bbbe6092d2 /gn_auth/auth
parent665a1edef6f90d60899fe185b7d978423b554761 (diff)
downloadgn-auth-812d140c6b5a54f48e4f2af956257246a3837962.tar.gz
refactor: move newest_jwk_with_rotation function to jwks.py
We have a similar jwk module in gn2 that does similar functionality. Moving the newest_jwk_with_rotation function to the module ensures that there's some consistency between both modules so that when we ever want to remove the duplication (e.g. by creating some python pip package) it's easier.
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authentication/oauth2/server.py19
-rw-r--r--gn_auth/auth/jwks.py17
2 files changed, 18 insertions, 18 deletions
diff --git a/gn_auth/auth/authentication/oauth2/server.py b/gn_auth/auth/authentication/oauth2/server.py
index ba5abe8..7b65c8e 100644
--- a/gn_auth/auth/authentication/oauth2/server.py
+++ b/gn_auth/auth/authentication/oauth2/server.py
@@ -15,7 +15,7 @@ from authlib.integrations.flask_helpers import create_oauth_request
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.jwks import (
- list_jwks, newest_jwk, jwks_directory, generate_and_save_private_key)
+ list_jwks, newest_jwk_with_rotation, jwks_directory, generate_and_save_private_key)
from .models.oauth2client import client as fetch_client
from .models.oauth2token import OAuth2Token, save_token
@@ -96,23 +96,6 @@ def create_save_token_func(token_model: type, app: Flask) -> Callable:
return __save_token__
-def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey:
- """
- Retrieve the latests JWK, creating a new one if older than `keyage` days.
- """
- def newer_than_days(jwkey):
- filestat = os.stat(Path(
- jwksdir, f"{jwkey.as_dict()['kid']}.private.pem"))
- oldesttimeallowed = (datetime.now() - timedelta(days=keyage))
- if filestat.st_ctime < (oldesttimeallowed.timestamp()):
- return Left("JWK is too old!")
- return jwkey
-
- return newest_jwk(jwksdir).then(newer_than_days).either(
- lambda _errmsg: generate_and_save_private_key(jwksdir),
- lambda key: key)
-
-
def make_jwt_token_generator(app):
"""Make token generator function."""
def __generator__(# pylint: disable=[too-many-arguments]
diff --git a/gn_auth/auth/jwks.py b/gn_auth/auth/jwks.py
index 1352b95..810a162 100644
--- a/gn_auth/auth/jwks.py
+++ b/gn_auth/auth/jwks.py
@@ -67,3 +67,20 @@ def newest_jwk(storagedir: Path) -> Either:
if len(existingkeys) > 0:
return Right(pem_to_jwk(existingkeys[-1][1]))
return Left("No JWKs exist")
+
+
+def newest_jwk_with_rotation(jwksdir: Path, keyage: int) -> JsonWebKey:
+ """
+ Retrieve the latests JWK, creating a new one if older than `keyage` days.
+ """
+ def newer_than_days(jwkey):
+ filestat = os.stat(Path(
+ jwksdir, f"{jwkey.as_dict()['kid']}.private.pem"))
+ oldesttimeallowed = (datetime.now() - timedelta(days=keyage))
+ if filestat.st_ctime < (oldesttimeallowed.timestamp()):
+ return Left("JWK is too old!")
+ return jwkey
+
+ return newest_jwk(jwksdir).then(newer_than_days).either(
+ lambda _errmsg: generate_and_save_private_key(jwksdir),
+ lambda key: key)