fixes from pyl

2022-10-10 16:11:48 -04:00 · 2022-10-10 16:11:48 -04:00 · eb46fb7d28
parent 7865bc9c64
commit eb46fb7d28
3 changed files with 53 additions and 30 deletions
--- a/src/spiffworkflow_backend/api.yml
+++ b/src/spiffworkflow_backend/api.yml
@ -8,8 +8,9 @@ servers:
  - url: http://localhost:5000/v1.0
 security:
  - jwt: ["secret"]
-#  - oAuth2AuthCode:
-#      - read_email
+  - oAuth2AuthCode:
+      - read_email
+      - uid

 paths:
  /login:
@ -86,15 +87,15 @@ paths:
          description: Logout Authenticated User

  /login_api:
-      get:
-        security: []
-        operationId: spiffworkflow_backend.routes.user.login_api
-        summary: Authenticate user for API access
-        tags:
-          - Authentication
-        responses:
-          "200":
-            description: Redirects to authentication server
+    get:
+      security: []
+      operationId: spiffworkflow_backend.routes.user.login_api
+      summary: Authenticate user for API access
+      tags:
+        - Authentication
+      responses:
+        "200":
+          description: Redirects to authentication server
  /login_api_return:
    parameters:
      - name: code
@ -1248,6 +1249,16 @@ components:
          scopes:
            read_email: read email
      x-tokenInfoFunc: spiffworkflow_backend.routes.user.get_scope
+  #    oAuth2AuthCode:
+  #      type: oauth2
+  #      description: authenticate with openid server
+  #      flows:
+  #        implicit:
+  #          authorizationUrl: /v1.0/login_api
+  #          scopes:
+  #            uid: uid
+  #      x-tokenInfoUrl: localhost:7000/v1.0/login_api_return
+  #      x-tokenInfoFunc: spiffworkflow_backend.routes.user.get_scope

  schemas:
    OkTrue:
--- a/src/spiffworkflow_backend/routes/user.py
+++ b/src/spiffworkflow_backend/routes/user.py
@ -10,7 +10,6 @@ import jwt
 from flask import current_app
 from flask import g
 from flask import redirect
-from flask import request
 from flask_bpmn.api.api_error import ApiError
 from werkzeug.wrappers.response import Response

@ -259,33 +258,42 @@ def login_return(code: str, state: str, session_state: str) -> Optional[Response
                return redirect(redirect_url)

        raise ApiError(
-            code="invalid_login", message="Login failed. Please try again", status_code=401
+            code="invalid_login",
+            message="Login failed. Please try again",
+            status_code=401,
        )

    else:
        raise ApiError(
-            code="invalid_token", message="Login failed. Please try again", status_code=401
+            code="invalid_token",
+            message="Login failed. Please try again",
+            status_code=401,
        )


-def login_api():
-    if "SWAGGER_URL" in current_app.config:
-        redirect_url = "/v1.0/login_api_return"
-        state = PublicAuthenticationService.generate_state(redirect_url)
-        login_redirect_url = PublicAuthenticationService().get_login_redirect_url(
-            state.decode("UTF-8"),
-            redirect_url
-        )
-        return redirect(login_redirect_url)
+def login_api() -> Response:
+    """Login_api."""
+    redirect_url = "/v1.0/login_api_return"
+    state = PublicAuthenticationService.generate_state(redirect_url)
+    login_redirect_url = PublicAuthenticationService().get_login_redirect_url(
+        state.decode("UTF-8"), redirect_url
+    )
+    return redirect(login_redirect_url)


-def login_api_return(code: str, state: str, session_state: str):
+def login_api_return(code: str, state: str, session_state: str) -> str:
+    """Login_api_return."""
    state_dict = ast.literal_eval(base64.b64decode(state).decode("utf-8"))
-    state_redirect_url = state_dict["redirect_url"]
+    state_dict["redirect_url"]

-    id_token_object = PublicAuthenticationService().get_id_token_object(code, "/v1.0/login_api_return")
-    return id_token_object['access_token']
-    print("login_api_return")
+    id_token_object = PublicAuthenticationService().get_id_token_object(
+        code, "/v1.0/login_api_return"
+    )
+    access_token: str = id_token_object["access_token"]
+    assert access_token  # noqa: S101
+    return access_token
+    # return redirect("localhost:7000/v1.0/ui")
+    # return {'uid': 'user_1'}


 def logout(id_token: str, redirect_url: Optional[str]) -> Response:
--- a/src/spiffworkflow_backend/services/authentication_service.py
+++ b/src/spiffworkflow_backend/services/authentication_service.py
@ -114,7 +114,9 @@ class PublicAuthenticationService:
        state = base64.b64encode(bytes(str({"redirect_url": redirect_url}), "UTF-8"))
        return state

-    def get_login_redirect_url(self, state: str, redirect_url: str = "/v1.0/login_return") -> str:
+    def get_login_redirect_url(
+        self, state: str, redirect_url: str = "/v1.0/login_return"
+    ) -> str:
        """Get_login_redirect_url."""
        (
            open_id_server_url,
@ -133,7 +135,9 @@ class PublicAuthenticationService:
        )
        return login_redirect_url

-    def get_id_token_object(self, code: str, redirect_url: str = "/v1.0/login_return") -> dict:
+    def get_id_token_object(
+        self, code: str, redirect_url: str = "/v1.0/login_return"
+    ) -> dict:
        """Get_id_token_object."""
        (
            open_id_server_url,