pyl

spiffworkflow-backend/src/spiffworkflow_backend/__init__.py

@@ -23,7 +23,8 @@ from spiffworkflow_backend.routes.admin_blueprint.admin_blueprint import admin_b
 from spiffworkflow_backend.routes.openid_blueprint.openid_blueprint import (
     openid_blueprint,
 )
-from spiffworkflow_backend.routes.user import set_new_access_token_in_cookie, verify_token
+from spiffworkflow_backend.routes.user import set_new_access_token_in_cookie
+from spiffworkflow_backend.routes.user import verify_token
 from spiffworkflow_backend.routes.user_blueprint import user_blueprint
 from spiffworkflow_backend.services.authorization_service import AuthorizationService
 from spiffworkflow_backend.services.background_processing_service import (

spiffworkflow-backend/src/spiffworkflow_backend/config/default.py

@@ -29,7 +29,8 @@ CONNECTOR_PROXY_URL = environ.get(
 
 # Open ID server
 OPEN_ID_SERVER_URL = environ.get(
-    "OPEN_ID_SERVER_URL", default="http://localhost:7002/realms/spiffworkflow"
+    "OPEN_ID_SERVER_URL",
+    default="http://localhost:7002/realms/spiffworkflow"
     # "OPEN_ID_SERVER_URL", default="http://localhost:7000/openid"
 )
 
@@ -38,7 +39,8 @@ OPEN_ID_SERVER_URL = environ.get(
 OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend")
 OPEN_ID_CLIENT_SECRET_KEY = environ.get(
     # "OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
-    "OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
+    "OPEN_ID_CLIENT_SECRET_KEY",
+    default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
 )  # noqa: S105
 
 SPIFFWORKFLOW_BACKEND_LOG_TO_FILE = (

spiffworkflow-backend/src/spiffworkflow_backend/routes/health_controller.py

@@ -1,17 +1,15 @@
 """APIs for dealing with process groups, process models, and process instances."""
 import json
-from flask import current_app
 
-import flask.wrappers
 from flask.wrappers import Response
 
 from spiffworkflow_backend.models.process_instance import ProcessInstanceModel
 
 
-def status() -> flask.wrappers.Response:
+def status() -> Response:
     """Status."""
     ProcessInstanceModel.query.filter().first()
-    response = Response(json.dumps({"ok": True}), status=200, mimetype="application/json")
+    response = Response(
-    # print(f"current_app.config.get('SPIFFWORKFLOW_FRONTEND_URL').replace('http://', ''): {current_app.config.get('SPIFFWORKFLOW_FRONTEND_URL').replace('http://', '')}")
+        json.dumps({"ok": True}), status=200, mimetype="application/json"
-    response.set_cookie('TEST_COOKIE1', 'HEY', domain=None)
+    )
     return response

spiffworkflow-backend/src/spiffworkflow_backend/routes/process_groups_controller.py

@@ -1,10 +1,10 @@
 """APIs for dealing with process groups, process models, and process instances."""
 import json
-from flask import current_app
 from typing import Any
 from typing import Optional
 
 import flask.wrappers
+from flask import current_app
 from flask import g
 from flask import jsonify
 from flask import make_response
@@ -90,9 +90,11 @@ def process_group_list(
         },
     }
     # response = make_response(jsonify(response_json), 200)
-    response = Response(json.dumps(response_json), status=200, mimetype="application/json")
+    response = Response(
+        json.dumps(response_json), status=200, mimetype="application/json"
+    )
     current_app.logger.info("SETTING COOKIE")
-    response.set_cookie('TEST_COOKIE', 'HEY1')
+    response.set_cookie("TEST_COOKIE", "HEY1")
     return response
 
 

spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py

@@ -7,6 +7,7 @@ from typing import Dict
 from typing import Optional
 from typing import Union
 
+import flask
 import jwt
 from flask import current_app
 from flask import g
@@ -14,17 +15,18 @@ from flask import redirect
 from flask import request
 from flask_bpmn.api.api_error import ApiError
 from werkzeug.wrappers import Response
-# from flask.wrappers import Response
-import flask
 
 from spiffworkflow_backend.models.user import UserModel
-from spiffworkflow_backend.services.authentication_service import TokenExpiredError, AuthenticationService
+from spiffworkflow_backend.services.authentication_service import AuthenticationService
 from spiffworkflow_backend.services.authentication_service import (
     MissingAccessTokenError,
 )
+from spiffworkflow_backend.services.authentication_service import TokenExpiredError
 from spiffworkflow_backend.services.authorization_service import AuthorizationService
 from spiffworkflow_backend.services.user_service import UserService
 
+# from flask.wrappers import Response
+
 # from flask_jwt_extended import set_access_cookies
 
 """
@@ -60,7 +62,7 @@ def verify_token(
         token = request.headers["Authorization"].removeprefix("Bearer ")
 
     # This should never be set here but just in case
-    tld = current_app.config['THREAD_LOCAL_DATA']
+    tld = current_app.config["THREAD_LOCAL_DATA"]
     if hasattr(tld, "new_access_token"):
         tld.new_access_token = None
 
@@ -84,7 +86,7 @@ def verify_token(
                 try:
                     if AuthenticationService.validate_id_or_access_token(token):
                         user_info = decoded_token
-                except (TokenExpiredError) as token_expired_error:
+                except TokenExpiredError as token_expired_error:
                     # Try to refresh the token
                     user = UserService.get_user_by_service_and_service_id(
                         decoded_token["iss"], decoded_token["sub"]
@@ -100,10 +102,13 @@ def verify_token(
                             if auth_token and "error" not in auth_token:
                                 print("SETTING NEW TOKEN")
                                 print(f"auth_token: {auth_token}")
-                                tld.new_access_token = auth_token['access_token']
+                                tld.new_access_token = auth_token["access_token"]
                                 # We have the user, but this code is a bit convoluted, and will later demand
                                 # a user_info object so it can look up the user.  Sorry to leave this crap here.
-                                user_info = {"sub": user.service_id, "iss": user.service}
+                                user_info = {
+                                    "sub": user.service_id,
+                                    "iss": user.service,
+                                }
 
                     if user_info is None:
                         raise ApiError(
@@ -162,8 +167,6 @@ def verify_token(
             g.token = token
             get_scope(token)
             return None
-            # return {"uid": g.user.id, "sub": g.user.id, "scope": scope}
-            # return validate_scope(token, user_info, user_model)
         else:
             raise ApiError(error_code="no_user_id", message="Cannot get a user id")
 
@@ -172,26 +175,17 @@ def verify_token(
     )
 
 
-def set_new_access_token_in_cookie(response: flask.wrappers.Response) -> flask.wrappers.Response:
+def set_new_access_token_in_cookie(
-    print(f"response: {response.__class__}")
+    response: flask.wrappers.Response,
-    tld = current_app.config['THREAD_LOCAL_DATA']
+) -> flask.wrappers.Response:
+    """Set_new_access_token_in_cookie."""
+    tld = current_app.config["THREAD_LOCAL_DATA"]
     if hasattr(tld, "new_access_token") and tld.new_access_token:
-        response.set_cookie('access_token', tld.new_access_token)
+        response.set_cookie("access_token", tld.new_access_token)
+        tld.new_access_token = None
     return response
 
 
-def validate_scope(token: Any) -> bool:
-    """Validate_scope."""
-    print("validate_scope")
-    # token = AuthenticationService.refresh_token(token)
-    # user_info = AuthenticationService.get_user_info_from_public_access_token(token)
-    # bearer_token = AuthenticationService.get_bearer_token(token)
-    # permission = AuthenticationService.get_permission_by_basic_token(token)
-    # permissions = AuthenticationService.get_permissions_by_token_for_resource_and_scope(token)
-    # introspection = AuthenticationService.introspect_token(basic_token)
-    return True
-
-
 def encode_auth_token(sub: str, token_type: Optional[str] = None) -> str:
     """Generates the Auth Token.
 
@@ -235,6 +229,7 @@ def parse_id_token(token: str) -> Any:
     decoded = base64.b64decode(padded)
     return json.loads(decoded)
 
+
 def login_return(code: str, state: str, session_state: str) -> Optional[Response]:
     """Login_return."""
     state_dict = ast.literal_eval(base64.b64decode(state).decode("utf-8"))
@@ -258,8 +253,8 @@ def login_return(code: str, state: str, session_state: str) -> Optional[Response
                     + f"access_token={auth_token_object['access_token']}&"
                     + f"id_token={id_token}"
                 )
-                tld = current_app.config['THREAD_LOCAL_DATA']
+                tld = current_app.config["THREAD_LOCAL_DATA"]
-                tld.new_access_token = auth_token_object['access_token']
+                tld.new_access_token = auth_token_object["access_token"]
                 return redirect(redirect_url)
 
         raise ApiError(

spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py

@@ -22,11 +22,11 @@ class MissingAccessTokenError(Exception):
 
 # These could be either 'id' OR 'access' tokens and we can't always know which
 class TokenExpiredError(Exception):
-    pass
+    """TokenExpiredError."""
 
 
 class TokenInvalidError(Exception):
-    pass
+    """TokenInvalidError."""
 
 
 class AuthenticationProviderTypes(enum.Enum):
@@ -144,7 +144,7 @@ class AuthenticationService:
         try:
             decoded_token = jwt.decode(token, options={"verify_signature": False})
         except Exception as e:
-            raise TokenInvalidError('Cannot decode token') from e
+            raise TokenInvalidError("Cannot decode token") from e
 
         if decoded_token["iss"] != cls.server_url():
             valid = False