From 82559c65ed5d419ad3822e3da399c3fdd88b386a Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 29 May 2024 09:09:31 -0500 Subject: Revert "jwt: add user roles to the jwt token." This reverts commit 0582565fa7db4b95e86fb0dde8d83e3170e566a7. Adding the user roles to the token makes the token ridiculously large. Rather than doing that, we'll use an endpoint on the auth server to get the user roles and privileges instead. --- .../oauth2/grants/jwt_bearer_grant.py | 24 +--------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py b/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py index b96febb..b9d1379 100644 --- a/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py +++ b/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py @@ -11,22 +11,6 @@ from authlib.oauth2.rfc7523.token import ( from gn_auth.auth.db.sqlite3 import with_db_connection from gn_auth.auth.authentication.users import user_by_id -from gn_auth.auth.authorisation.roles.models import user_roles - - -def convert_uuids_to_string(srcdict: dict) -> dict: - """ - Convert *ALL* UUID objects in a dict to strings. - - `json.dumps` does not encode UUID objects by default. - """ - def uuid2str(key, value): - if isinstance(value, dict): - return (key, convert_uuids_to_string(value)) - if isinstance(value, uuid.UUID): - return (key, str(value)) - return (key, value) - return dict(tuple(uuid2str(_key, _val) for _key, _val in srcdict.items())) class JWTBearerTokenGenerator(_JWTBearerTokenGenerator): @@ -48,13 +32,7 @@ class JWTBearerTokenGenerator(_JWTBearerTokenGenerator): for key, value in tokendata.items() }, "sub": str(tokendata["sub"]), - "jti": str(uuid.uuid4()), - "gn:auth:user:roles": tuple(convert_uuids_to_string({ - **item, - "roles": tuple(convert_uuids_to_string(asdict(role)) - for role in item["roles"]) - }) for item in with_db_connection( - lambda conn: user_roles(conn, user))) + "jti": str(uuid.uuid4()) } -- cgit v1.2.3