about summary refs log tree commit diff
path: root/uploader/oauth2/client.py
diff options
context:
space:
mode:
Diffstat (limited to 'uploader/oauth2/client.py')
-rw-r--r--uploader/oauth2/client.py37
1 files changed, 30 insertions, 7 deletions
diff --git a/uploader/oauth2/client.py b/uploader/oauth2/client.py
index 1efa299..e37816d 100644
--- a/uploader/oauth2/client.py
+++ b/uploader/oauth2/client.py
@@ -1,9 +1,10 @@
 """OAuth2 client utilities."""
 import json
 import time
+import uuid
 import random
 from datetime import datetime, timedelta
-from urllib.parse import urljoin, urlparse
+from urllib.parse import urljoin, urlparse, urlencode
 
 import requests
 from flask import request, current_app as app
@@ -17,6 +18,7 @@ from authlib.integrations.requests_client import OAuth2Session
 
 from uploader import session
 import uploader.monadic_requests as mrequests
+from uploader.flask_extensions import fetch_flags
 
 SCOPE = ("profile group role resource register-client user masquerade "
          "introspect migrate-data")
@@ -42,7 +44,8 @@ def __fetch_auth_server_jwks__() -> KeySet:
     return KeySet([
         JsonWebKey.import_key(key)
         for key in requests.get(
-                urljoin(authserver_uri(), "auth/public-jwks")
+                urljoin(authserver_uri(), "auth/public-jwks"),
+                timeout=(9.13, 20)
         ).json()["jwks"]])
 
 
@@ -146,9 +149,27 @@ def oauth2_client():
         __client__)
 
 
+def fetch_user_details() -> Either:
+    """Retrieve user details from the auth server"""
+    suser = session.session_info()["user"]
+    if suser["email"] == "anon@ymous.user":
+        udets = oauth2_get("auth/user/").then(
+            lambda usrdets: session.set_user_details({
+                "user_id": uuid.UUID(usrdets["user_id"]),
+                "name": usrdets["name"],
+                "email": usrdets["email"],
+                "token": session.user_token(),
+                "logged_in": session.user_token().either(
+                    lambda _e: False, lambda _t: True)
+            }))
+        return udets
+    return Right(suser)
+
+
 def user_logged_in():
     """Check whether the user has logged in."""
     suser = session.session_info()["user"]
+    fetch_user_details()
     return suser["logged_in"] and suser["token"].is_right()
 
 
@@ -156,11 +177,13 @@ def authserver_authorise_uri():
     """Build up the authorisation URI."""
     req_baseurl = urlparse(request.base_url, scheme=request.scheme)
     host_uri = f"{req_baseurl.scheme}://{req_baseurl.netloc}/"
-    return urljoin(
-        authserver_uri(),
-        "auth/authorise?response_type=code"
-        f"&client_id={oauth2_clientid()}"
-        f"&redirect_uri={urljoin(host_uri, 'oauth2/code')}")
+    args = {
+        "response_type": "code",
+        "client_id": oauth2_clientid(),
+        "redirect_uri": (
+            f"{urljoin(host_uri, 'oauth2/code')}?{urlencode(fetch_flags())}")
+    }
+    return f"{urljoin(authserver_uri(), 'auth/authorise')}?{urlencode(args)}"
 
 
 def __no_token__(_err) -> Left:
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-02-21 23:23:53 +0000