set an authenticated attribute on g to check against instead of token w/ burnettk

2023-09-27 16:59:16 -04:00 · 2023-09-27 16:59:16 -04:00 · 08098dd54e
parent ff558388ec
commit 08098dd54e
2 changed files with 9 additions and 1 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py
@ -71,10 +71,18 @@ def verify_token(token: str | None = None, force_run: bool | None = False) -> No

    # If the user is valid, store the token for this session
    if hasattr(g, "user") and g.user:
+        # TODO: ensure we do not actually need g.token set and set g.authenticated instead.
+        # I am pretty sure g.token is only actually used in UserService.has_user to
+        # figure out if the if the user has logged in.
        if token_info["token"]:
            # This is an id token, so we don't have a refresh token yet
            g.token = token_info["token"]
+            g.authenticated = True
+            # we are getting the scope so it will decode the token and ensure it's valid.
+            # this may be a better way to do this.
            get_scope(token_info["token"])
+        elif token_info["api_key"]:
+            g.authenticated = True
        return None

    raise ApiError(error_code="invalid_token", message="Cannot validate token.", status_code=401)
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/user_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/user_service.py
@ -74,7 +74,7 @@ class UserService:
    # Returns true if the current user is logged in.
    @staticmethod
    def has_user() -> bool:
-        return "token" in g and bool(g.token) and "user" in g and bool(g.user)
+        return hasattr(g, "authenticated") and g.authenticated is True and "user" in g and bool(g.user)

    @staticmethod
    def current_user() -> Any: