pyl
This commit is contained in:
jasquat
parent
6260af4b6c
commit
0ee732842b
|
|
@ -23,7 +23,8 @@ from spiffworkflow_backend.routes.admin_blueprint.admin_blueprint import admin_b
|
|||
from spiffworkflow_backend.routes.openid_blueprint.openid_blueprint import (
|
||||
openid_blueprint,
|
||||
)
|
||||
from spiffworkflow_backend.routes.user import set_new_access_token_in_cookie, verify_token
|
||||
from spiffworkflow_backend.routes.user import set_new_access_token_in_cookie
|
||||
from spiffworkflow_backend.routes.user import verify_token
|
||||
from spiffworkflow_backend.routes.user_blueprint import user_blueprint
|
||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||
from spiffworkflow_backend.services.background_processing_service import (
|
||||
|
|
|
|||
|
|
@ -29,7 +29,8 @@ CONNECTOR_PROXY_URL = environ.get(
|
|||
|
||||
# Open ID server
|
||||
OPEN_ID_SERVER_URL = environ.get(
|
||||
"OPEN_ID_SERVER_URL", default="http://localhost:7002/realms/spiffworkflow"
|
||||
"OPEN_ID_SERVER_URL",
|
||||
default="http://localhost:7002/realms/spiffworkflow"
|
||||
# "OPEN_ID_SERVER_URL", default="http://localhost:7000/openid"
|
||||
)
|
||||
|
||||
|
|
@ -38,7 +39,8 @@ OPEN_ID_SERVER_URL = environ.get(
|
|||
OPEN_ID_CLIENT_ID = environ.get("OPEN_ID_CLIENT_ID", default="spiffworkflow-backend")
|
||||
OPEN_ID_CLIENT_SECRET_KEY = environ.get(
|
||||
# "OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
|
||||
"OPEN_ID_CLIENT_SECRET_KEY", default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q"
|
||||
"OPEN_ID_CLIENT_SECRET_KEY",
|
||||
default="JXeQExm0JhQPLumgHtIIqf52bDalHz0q",
|
||||
) # noqa: S105
|
||||
|
||||
SPIFFWORKFLOW_BACKEND_LOG_TO_FILE = (
|
||||
|
|
|
|||
|
|
@ -1,17 +1,15 @@
|
|||
"""APIs for dealing with process groups, process models, and process instances."""
|
||||
import json
|
||||
from flask import current_app
|
||||
|
||||
import flask.wrappers
|
||||
from flask.wrappers import Response
|
||||
|
||||
from spiffworkflow_backend.models.process_instance import ProcessInstanceModel
|
||||
|
||||
|
||||
def status() -> flask.wrappers.Response:
|
||||
def status() -> Response:
|
||||
"""Status."""
|
||||
ProcessInstanceModel.query.filter().first()
|
||||
response = Response(json.dumps({"ok": True}), status=200, mimetype="application/json")
|
||||
# print(f"current_app.config.get('SPIFFWORKFLOW_FRONTEND_URL').replace('http://', ''): {current_app.config.get('SPIFFWORKFLOW_FRONTEND_URL').replace('http://', '')}")
|
||||
response.set_cookie('TEST_COOKIE1', 'HEY', domain=None)
|
||||
response = Response(
|
||||
json.dumps({"ok": True}), status=200, mimetype="application/json"
|
||||
)
|
||||
return response
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
"""APIs for dealing with process groups, process models, and process instances."""
|
||||
import json
|
||||
from flask import current_app
|
||||
from typing import Any
|
||||
from typing import Optional
|
||||
|
||||
import flask.wrappers
|
||||
from flask import current_app
|
||||
from flask import g
|
||||
from flask import jsonify
|
||||
from flask import make_response
|
||||
|
|
@ -90,9 +90,11 @@ def process_group_list(
|
|||
},
|
||||
}
|
||||
# response = make_response(jsonify(response_json), 200)
|
||||
response = Response(json.dumps(response_json), status=200, mimetype="application/json")
|
||||
response = Response(
|
||||
json.dumps(response_json), status=200, mimetype="application/json"
|
||||
)
|
||||
current_app.logger.info("SETTING COOKIE")
|
||||
response.set_cookie('TEST_COOKIE', 'HEY1')
|
||||
response.set_cookie("TEST_COOKIE", "HEY1")
|
||||
return response
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ from typing import Dict
|
|||
from typing import Optional
|
||||
from typing import Union
|
||||
|
||||
import flask
|
||||
import jwt
|
||||
from flask import current_app
|
||||
from flask import g
|
||||
|
|
@ -14,17 +15,18 @@ from flask import redirect
|
|||
from flask import request
|
||||
from flask_bpmn.api.api_error import ApiError
|
||||
from werkzeug.wrappers import Response
|
||||
# from flask.wrappers import Response
|
||||
import flask
|
||||
|
||||
from spiffworkflow_backend.models.user import UserModel
|
||||
from spiffworkflow_backend.services.authentication_service import TokenExpiredError, AuthenticationService
|
||||
from spiffworkflow_backend.services.authentication_service import AuthenticationService
|
||||
from spiffworkflow_backend.services.authentication_service import (
|
||||
MissingAccessTokenError,
|
||||
)
|
||||
from spiffworkflow_backend.services.authentication_service import TokenExpiredError
|
||||
from spiffworkflow_backend.services.authorization_service import AuthorizationService
|
||||
from spiffworkflow_backend.services.user_service import UserService
|
||||
|
||||
# from flask.wrappers import Response
|
||||
|
||||
# from flask_jwt_extended import set_access_cookies
|
||||
|
||||
"""
|
||||
|
|
@ -60,7 +62,7 @@ def verify_token(
|
|||
token = request.headers["Authorization"].removeprefix("Bearer ")
|
||||
|
||||
# This should never be set here but just in case
|
||||
tld = current_app.config['THREAD_LOCAL_DATA']
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
if hasattr(tld, "new_access_token"):
|
||||
tld.new_access_token = None
|
||||
|
||||
|
|
@ -84,7 +86,7 @@ def verify_token(
|
|||
try:
|
||||
if AuthenticationService.validate_id_or_access_token(token):
|
||||
user_info = decoded_token
|
||||
except (TokenExpiredError) as token_expired_error:
|
||||
except TokenExpiredError as token_expired_error:
|
||||
# Try to refresh the token
|
||||
user = UserService.get_user_by_service_and_service_id(
|
||||
decoded_token["iss"], decoded_token["sub"]
|
||||
|
|
@ -100,10 +102,13 @@ def verify_token(
|
|||
if auth_token and "error" not in auth_token:
|
||||
print("SETTING NEW TOKEN")
|
||||
print(f"auth_token: {auth_token}")
|
||||
tld.new_access_token = auth_token['access_token']
|
||||
tld.new_access_token = auth_token["access_token"]
|
||||
# We have the user, but this code is a bit convoluted, and will later demand
|
||||
# a user_info object so it can look up the user. Sorry to leave this crap here.
|
||||
user_info = {"sub": user.service_id, "iss": user.service}
|
||||
user_info = {
|
||||
"sub": user.service_id,
|
||||
"iss": user.service,
|
||||
}
|
||||
|
||||
if user_info is None:
|
||||
raise ApiError(
|
||||
|
|
@ -162,8 +167,6 @@ def verify_token(
|
|||
g.token = token
|
||||
get_scope(token)
|
||||
return None
|
||||
# return {"uid": g.user.id, "sub": g.user.id, "scope": scope}
|
||||
# return validate_scope(token, user_info, user_model)
|
||||
else:
|
||||
raise ApiError(error_code="no_user_id", message="Cannot get a user id")
|
||||
|
||||
|
|
@ -172,26 +175,17 @@ def verify_token(
|
|||
)
|
||||
|
||||
|
||||
def set_new_access_token_in_cookie(response: flask.wrappers.Response) -> flask.wrappers.Response:
|
||||
print(f"response: {response.__class__}")
|
||||
tld = current_app.config['THREAD_LOCAL_DATA']
|
||||
def set_new_access_token_in_cookie(
|
||||
response: flask.wrappers.Response,
|
||||
) -> flask.wrappers.Response:
|
||||
"""Set_new_access_token_in_cookie."""
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
if hasattr(tld, "new_access_token") and tld.new_access_token:
|
||||
response.set_cookie('access_token', tld.new_access_token)
|
||||
response.set_cookie("access_token", tld.new_access_token)
|
||||
tld.new_access_token = None
|
||||
return response
|
||||
|
||||
|
||||
def validate_scope(token: Any) -> bool:
|
||||
"""Validate_scope."""
|
||||
print("validate_scope")
|
||||
# token = AuthenticationService.refresh_token(token)
|
||||
# user_info = AuthenticationService.get_user_info_from_public_access_token(token)
|
||||
# bearer_token = AuthenticationService.get_bearer_token(token)
|
||||
# permission = AuthenticationService.get_permission_by_basic_token(token)
|
||||
# permissions = AuthenticationService.get_permissions_by_token_for_resource_and_scope(token)
|
||||
# introspection = AuthenticationService.introspect_token(basic_token)
|
||||
return True
|
||||
|
||||
|
||||
def encode_auth_token(sub: str, token_type: Optional[str] = None) -> str:
|
||||
"""Generates the Auth Token.
|
||||
|
||||
|
|
@ -235,6 +229,7 @@ def parse_id_token(token: str) -> Any:
|
|||
decoded = base64.b64decode(padded)
|
||||
return json.loads(decoded)
|
||||
|
||||
|
||||
def login_return(code: str, state: str, session_state: str) -> Optional[Response]:
|
||||
"""Login_return."""
|
||||
state_dict = ast.literal_eval(base64.b64decode(state).decode("utf-8"))
|
||||
|
|
@ -258,8 +253,8 @@ def login_return(code: str, state: str, session_state: str) -> Optional[Response
|
|||
+ f"access_token={auth_token_object['access_token']}&"
|
||||
+ f"id_token={id_token}"
|
||||
)
|
||||
tld = current_app.config['THREAD_LOCAL_DATA']
|
||||
tld.new_access_token = auth_token_object['access_token']
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
tld.new_access_token = auth_token_object["access_token"]
|
||||
return redirect(redirect_url)
|
||||
|
||||
raise ApiError(
|
||||
|
|
|
|||
|
|
@ -22,11 +22,11 @@ class MissingAccessTokenError(Exception):
|
|||
|
||||
# These could be either 'id' OR 'access' tokens and we can't always know which
|
||||
class TokenExpiredError(Exception):
|
||||
pass
|
||||
"""TokenExpiredError."""
|
||||
|
||||
|
||||
class TokenInvalidError(Exception):
|
||||
pass
|
||||
"""TokenInvalidError."""
|
||||
|
||||
|
||||
class AuthenticationProviderTypes(enum.Enum):
|
||||
|
|
@ -144,7 +144,7 @@ class AuthenticationService:
|
|||
try:
|
||||
decoded_token = jwt.decode(token, options={"verify_signature": False})
|
||||
except Exception as e:
|
||||
raise TokenInvalidError('Cannot decode token') from e
|
||||
raise TokenInvalidError("Cannot decode token") from e
|
||||
|
||||
if decoded_token["iss"] != cls.server_url():
|
||||
valid = False
|
||||
|
|
|
|||
Loading…
Reference in New Issue