1 files changed, 29 insertions, 52 deletions

diff --git a/gn_auth/wsgi.py b/gn_auth/wsgi.py
index 811a0d5..e05ef0d 100644
--- a/gn_auth/wsgi.py
+++ b/gn_auth/wsgi.py
@@ -1,16 +1,12 @@
 """Main entry point for project"""
-import os
 import sys
 import uuid
 import json
-import logging
 from math import ceil
 from pathlib import Path
-from typing import Callable
 from datetime import datetime
 
 import click
-from flask import Flask
 from yoyo import get_backend, read_migrations
 
 from gn_auth import migrations
@@ -22,39 +18,9 @@ from gn_auth.auth.authentication.users import user_by_id, hash_password
 from gn_auth.auth.authorisation.users.admin.models import make_sys_admin
 
 from scripts import register_sys_admin as rsysadm# type: ignore[import]
-from scripts import migrate_existing_data as med# type: ignore[import]
 
 
-def dev_loggers(appl: Flask) -> None:
-    """Setup the logging handlers."""
-    stderr_handler = logging.StreamHandler(stream=sys.stderr)
-    appl.logger.addHandler(stderr_handler)
-
-    root_logger = logging.getLogger()
-    root_logger.addHandler(stderr_handler)
-    root_logger.setLevel(appl.config["LOGLEVEL"])
-
-
-def gunicorn_loggers(appl: Flask) -> None:
-    """Use gunicorn logging handlers for the application."""
-    logger = logging.getLogger("gunicorn.error")
-    appl.logger.handlers = logger.handlers
-    appl.logger.setLevel(logger.level)
-
-
-def setup_loggers() -> Callable[[Flask], None]:
-    """
-    Setup the loggers according to the WSGI server used to run the application.
-    """
-    # https://datatracker.ietf.org/doc/html/draft-coar-cgi-v11-03#section-4.1.17
-    # https://wsgi.readthedocs.io/en/latest/proposals-2.0.html#making-some-keys-required
-    # https://peps.python.org/pep-3333/#id4
-    software, *_version_and_comments = os.environ.get(
-        "SERVER_SOFTWARE", "").split('/')
-    return gunicorn_loggers if bool(software) else dev_loggers
-
-# app = create_app()
-app = create_app(setup_logging=setup_loggers())
+app = create_app()
 
 ##### BEGIN: CLI Commands #####
 
@@ -67,8 +33,14 @@ def apply_migrations():
 
 def __init_dev_users__():
     """Initialise dev users. Get's used in more than one place"""
-    dev_users_query = "INSERT INTO users VALUES (:user_id, :email, :name)"
-    dev_users_passwd = "INSERT INTO user_credentials VALUES (:user_id, :hash)"
+    dev_users_query = """
+    INSERT INTO users (user_id, email, name, verified)
+        VALUES (:user_id, :email, :name, 1)
+        ON CONFLICT(email) DO UPDATE SET
+            name=excluded.name,
+            verified=excluded.verified
+    """
+    dev_users_passwd = "INSERT OR REPLACE INTO user_credentials VALUES (:user_id, :hash)"
     dev_users = ({
         "user_id": "0ad1917c-57da-46dc-b79e-c81c91e5b928",
         "email": "test@development.user",
@@ -91,18 +63,26 @@ def init_dev_users():
     __init_dev_users__()
 
 @app.cli.command()
-def init_dev_clients():
+@click.option('--client-uri', default= "http://localhost:5033", type=str)
+def init_dev_clients(client_uri):
     """
     Initialise a development client for OAuth2 sessions.
 
     **NOTE**: You really should not run this in production/staging
     """
+    client_uri = client_uri.lstrip("/")
     __init_dev_users__()
-    dev_clients_query = (
-        "INSERT INTO oauth2_clients VALUES ("
-        ":client_id, :client_secret, :client_id_issued_at, "
-        ":client_secret_expires_at, :client_metadata, :user_id"
-        ")")
+    dev_clients_query = """
+        INSERT INTO oauth2_clients VALUES (
+        :client_id, :client_secret, :client_id_issued_at,
+        :client_secret_expires_at, :client_metadata, :user_id
+        )
+        ON CONFLICT(client_id) DO UPDATE SET
+            client_secret=excluded.client_secret,
+            client_secret_expires_at=excluded.client_secret_expires_at,
+            client_metadata=excluded.client_metadata,
+            user_id=excluded.user_id
+        """
     dev_clients = ({
         "client_id": "0bbfca82-d73f-4bd4-a140-5ae7abb4a64d",
         "client_secret": "yadabadaboo",
@@ -113,10 +93,12 @@ def init_dev_clients():
             "token_endpoint_auth_method": [
                 "client_secret_post", "client_secret_basic"],
             "client_type": "confidential",
-            "grant_types": ["password", "authorization_code", "refresh_token"],
-            "default_redirect_uri": "http://localhost:5033/oauth2/code",
-            "redirect_uris": ["http://localhost:5033/oauth2/code",
-                              "http://localhost:5033/oauth2/token"],
+            "grant_types": ["password", "authorization_code", "refresh_token",
+                            "urn:ietf:params:oauth:grant-type:jwt-bearer"],
+            "default_redirect_uri": f"{client_uri}/oauth2/code",
+            "redirect_uris": [f"{client_uri}/oauth2/code",
+                              f"{client_uri}/oauth2/token"],
+            "public-jwks-uri": f"{client_uri}/oauth2/public-jwks",
             "response_type": ["code", "token"],
             "scope": ["profile", "group", "role", "resource", "register-client",
                       "user", "masquerade", "migrate-data", "introspect"]
@@ -141,11 +123,6 @@ def assign_system_admin(user_id: uuid.UUID):
         sys.exit(1)
 
 @app.cli.command()
-def make_data_public():
-    """Make existing data that is not assigned to any group publicly visible."""
-    med.entry(app.config["AUTH_DB"], app.config["SQL_URI"])
-
-@app.cli.command()
 def register_admin():
     """Register the administrator."""
     rsysadm.register_admin(Path(app.config["AUTH_DB"]))