From 64e30358aadcdc49658e76e37469fee4488782c9 Mon Sep 17 00:00:00 2001 From: Dan Date: Thu, 1 Dec 2022 14:40:59 -0500 Subject: [PATCH] fixing some typing issues. --- .../openid_blueprint/openid_blueprint.py | 22 ++++++++++--------- .../src/spiffworkflow_backend/routes/user.py | 2 +- .../services/authentication_service.py | 18 +++++++-------- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py index c0c55aec..e2be4cb0 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py @@ -5,6 +5,7 @@ This is just here to make local development, testing, and demonstration easier. """ import base64 import time +from typing import Any from urllib.parse import urlencode import jwt @@ -15,6 +16,7 @@ from flask import redirect from flask import render_template from flask import request from flask import url_for +from werkzeug.wrappers import Response openid_blueprint = Blueprint( "openid", __name__, template_folder="templates", static_folder="static" @@ -24,7 +26,7 @@ MY_SECRET_CODE = ":this_is_not_secure_do_not_use_in_production" @openid_blueprint.route("/.well-known/openid-configuration", methods=["GET"]) -def well_known(): +def well_known() -> dict: """OpenID Discovery endpoint -- as these urls can be very different from system to system, this is just a small subset.""" host_url = request.host_url.strip("/") @@ -37,7 +39,7 @@ def well_known(): @openid_blueprint.route("/auth", methods=["GET"]) -def auth(): +def auth() -> str: """Accepts a series of parameters""" return render_template( "login.html", @@ -51,7 +53,7 @@ def auth(): @openid_blueprint.route("/form_submit", methods=["POST"]) -def form_submit(): +def form_submit() -> Response | str: users = get_users() if ( request.values["Uname"] in users @@ -79,7 +81,7 @@ def form_submit(): @openid_blueprint.route("/token", methods=["POST"]) -def token(): +def token() -> dict: """Url that will return a valid token, given the super secret sauce""" request.values.get("grant_type") code = request.values.get("code") @@ -90,7 +92,7 @@ def token(): user_details = get_users()[user_name] """Get authentication from headers.""" - authorization = request.headers.get("Authorization") + authorization = request.headers.get("Authorization", "Basic ") authorization = authorization[6:] # Remove "Basic" authorization = base64.b64decode(authorization).decode("utf-8") client_id, client_secret = authorization.split(":") @@ -120,21 +122,21 @@ def token(): @openid_blueprint.route("/end_session", methods=["GET"]) -def end_session(): - redirect_url = request.args.get("post_logout_redirect_uri") +def end_session() -> Response: + redirect_url = request.args.get("post_logout_redirect_uri", "http://localhost") request.args.get("id_token_hint") return redirect(redirect_url) @openid_blueprint.route("/refresh", methods=["POST"]) -def refresh(): - pass +def refresh() -> str: + return "" permission_cache = None -def get_users(): +def get_users() -> Any: global permission_cache if not permission_cache: with open(current_app.config["PERMISSIONS_FILE_FULLPATH"]) as file: diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py index 24346771..92f032b7 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/user.py @@ -198,7 +198,7 @@ def login(redirect_url: str = "/") -> Response: return redirect(login_redirect_url) -def parse_id_token(token: str) -> dict: +def parse_id_token(token: str) -> Any: parts = token.split(".") if len(parts) != 3: raise Exception("Incorrect id token format") diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py index b17c1fa9..8087cc69 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py @@ -26,24 +26,24 @@ class AuthenticationProviderTypes(enum.Enum): class AuthenticationService: """AuthenticationService.""" - ENDPOINT_CACHE = ( + ENDPOINT_CACHE: dict = ( {} ) # We only need to find the openid endpoints once, then we can cache them. @staticmethod - def client_id(): - return current_app.config["OPEN_ID_CLIENT_ID"] + def client_id() -> str: + return current_app.config.get("OPEN_ID_CLIENT_ID", "") @staticmethod - def server_url(): - return current_app.config["OPEN_ID_SERVER_URL"] + def server_url() -> str: + return current_app.config.get("OPEN_ID_SERVER_URL","") @staticmethod - def secret_key(): - return current_app.config["OPEN_ID_CLIENT_SECRET_KEY"] + def secret_key() -> str: + return current_app.config.get("OPEN_ID_CLIENT_SECRET_KEY", "") @classmethod - def open_id_endpoint_for_name(cls, name: str) -> None: + def open_id_endpoint_for_name(cls, name: str) -> str: """All openid systems provide a mapping of static names to the full path of that endpoint.""" if name not in AuthenticationService.ENDPOINT_CACHE: request_url = f"{cls.server_url()}/.well-known/openid-configuration" @@ -51,7 +51,7 @@ class AuthenticationService: AuthenticationService.ENDPOINT_CACHE = response.json() if name not in AuthenticationService.ENDPOINT_CACHE: raise Exception(f"Unknown OpenID Endpoint: {name}") - return AuthenticationService.ENDPOINT_CACHE[name] + return AuthenticationService.ENDPOINT_CACHE.get(name, "") @staticmethod def get_backend_url() -> str: