From 03c98f69e3c2069cde81a995f7591a35b7eda01c Mon Sep 17 00:00:00 2001 From: John Nduli Date: Thu, 15 Aug 2024 14:13:38 +0300 Subject: fix: bugs with generating auth tokens --- gn_auth/auth/authorisation/users/masquerade/models.py | 13 +++++++++++-- gn_auth/auth/authorisation/users/masquerade/views.py | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'gn_auth/auth/authorisation') diff --git a/gn_auth/auth/authorisation/users/masquerade/models.py b/gn_auth/auth/authorisation/users/masquerade/models.py index ae2abad..a55e462 100644 --- a/gn_auth/auth/authorisation/users/masquerade/models.py +++ b/gn_auth/auth/authorisation/users/masquerade/models.py @@ -1,13 +1,16 @@ """Functions for handling masquerade.""" -from uuid import uuid4 +import uuid from functools import wraps from datetime import datetime +from authlib.jose import jwt from flask import current_app as app from gn_auth.auth.errors import ForbiddenAccess +from gn_auth.auth.jwks import newest_jwk_with_rotation, jwks_directory + from ...roles.models import user_roles from ....db import sqlite3 as db from ....authentication.users import User @@ -55,8 +58,14 @@ def masquerade_as( user=masqueradee, expires_in=__FIVE_HOURS__, include_refresh_token=True) + + _jwt = jwt.decode( + original_token.access_token, + newest_jwk_with_rotation( + jwks_directory(app), + int(app.config["JWKS_ROTATION_AGE_DAYS"]))) new_token = OAuth2Token( - token_id=uuid4(), + token_id=uuid.UUID(_jwt["jti"]), client=original_token.client, token_type=token_details["token_type"], access_token=token_details["access_token"], diff --git a/gn_auth/auth/authorisation/users/masquerade/views.py b/gn_auth/auth/authorisation/users/masquerade/views.py index 71cf98d..68f19ee 100644 --- a/gn_auth/auth/authorisation/users/masquerade/views.py +++ b/gn_auth/auth/authorisation/users/masquerade/views.py @@ -33,7 +33,7 @@ def masquerade() -> Response: return new_token def __dump_token__(tok): return { - key: value for key, value in tok.items() + key: value for key, value in asdict(tok).items() if key in ("access_token", "refresh_token", "expires_in", "token_type") } -- cgit v1.2.3