[auth] WIP tokens

EvanBldy · Oct 6, 2023 · 041914e · 041914e
1 parent ffc7583
commit 041914e
Show file tree

Hide file tree

Showing 49 changed files with 993 additions and 404 deletions.
diff --git a/tests/base.py b/tests/base.py
@@ -3,6 +3,7 @@
 import orjson as json
 import os
 import ntpath
+import fakeredis
 
 from mixer.backend.flask import mixer
 
@@ -42,9 +43,14 @@
 from zou.app.models.task_type import TaskType
 from zou.app.models.software import Software
 from zou.app.models.working_file import WorkingFile
+from zou.app.stores import auth_tokens_store
 
 TEST_FOLDER = os.path.join("tests", "tmp")
 
+auth_tokens_store.revoked_tokens_store = fakeredis.FakeStrictRedis(
+    decode_responses=True
+)
+
 
 class ApiTestCase(unittest.TestCase):
     """

diff --git a/tests/services/test_tasks_service.py b/tests/services/test_tasks_service.py
@@ -13,6 +13,7 @@
     preview_files_service,
     tasks_service,
     persons_service,
+    identities_service,
 )
 from zou.app.utils import events, fields
 
@@ -454,11 +455,11 @@ def test_get_comments(self):
         comments = tasks_service.get_comments(self.task_id, is_manager=False)
         self.assertEqual(len(comments), 3)
 
-        old_get_current_user = persons_service.get_current_user
-        persons_service.get_current_user = self.get_current_user
+        old_get_current_user = identities_service.get_current_identity
+        identities_service.get_current_identity = self.get_current_user
         comments = tasks_service.get_comments(self.task_id, is_client=True)
         self.assertEqual(len(comments), 1)
-        persons_service.get_current_user = old_get_current_user
+        identities_service.get_current_identity = old_get_current_user
 
     def test_new_comment(self):
         comment = comments_service.new_comment(

diff --git a/tests/services/test_user_service.py b/tests/services/test_user_service.py
@@ -4,10 +4,10 @@
 from zou.app.models.person import Person
 from zou.app.services import (
     comments_service,
-    persons_service,
     projects_service,
     tasks_service,
     user_service,
+    identities_service,
 )
 
 from zou.app.utils import permissions
@@ -45,15 +45,19 @@ def setUp(self):
         self.wip_status_id = self.task_status_wip.id
         self.to_review_status_id = self.task_status_to_review.id
 
-        self.old_get_current_user = persons_service.get_current_user
-        persons_service.get_current_user = self.get_current_user
-        self.old_get_current_user_raw = persons_service.get_current_user_raw
-        persons_service.get_current_user_raw = self.get_current_user_raw
+        self.old_get_current_user = identities_service.get_current_identity
+        identities_service.get_current_identity = self.get_current_user
+        self.old_get_current_user_raw = (
+            identities_service.get_current_identity_raw
+        )
+        identities_service.get_current_identity_raw = self.get_current_user_raw
 
     def tearDown(self):
         super(UserServiceTestCase, self).tearDown()
-        persons_service.get_current_user = self.old_get_current_user
-        persons_service.get_current_user_raw = self.old_get_current_user_raw
+        identities_service.get_current_identity = self.old_get_current_user
+        identities_service.get_current_identity_raw = (
+            self.old_get_current_user_raw
+        )
 
     def get_current_user(self):
         return self.user
@@ -101,7 +105,7 @@ def test_check_entity_access(self):
         self.assertTrue(user_service.check_entity_access(str(self.asset_id)))
 
     def test_get_last_notifications(self):
-        persons_service.get_current_user = self.get_current_user_artist
+        identities_service.get_current_identity = self.get_current_user_artist
         self.generate_fixture_user_cg_artist()
         self.log_in_cg_artist()
         person_id = self.user_cg_artist["id"]

diff --git a/tests/stores/test_auth_tokens_store.py b/tests/stores/test_auth_tokens_store.py
@@ -23,11 +23,11 @@ def test_delete(self):
         self.assertIsNone(self.store.get("key-1"))
 
     def test_is_revoked(self):
-        self.assertTrue(self.store.is_revoked({"jti": "key-1"}))
+        self.assertTrue(self.store.is_revoked("key-1"))
         self.store.add("key-1", "true")
-        self.assertTrue(self.store.is_revoked({"jti": "key-1"}))
+        self.assertTrue(self.store.is_revoked("key-1"))
         self.store.add("key-1", "false")
-        self.assertFalse(self.store.is_revoked({"jti": "key-1"}))
+        self.assertFalse(self.store.is_revoked("key-1"))
 
     def test_keys(self):
         self.store.add("key-1", "true")

diff --git a/zou/app/__init__.py b/zou/app/__init__.py
@@ -5,7 +5,7 @@
 from flask import Flask, jsonify, current_app
 from flasgger import Swagger
 from flask_jwt_extended import JWTManager
-from flask_principal import Principal, identity_changed, Identity
+from flask_principal import Principal
 from flask_sqlalchemy import SQLAlchemy
 from flask_migrate import Migrate
 from flask_mail import Mail
@@ -21,7 +21,7 @@
 from zou.app.stores import auth_tokens_store
 from zou.app.services.exception import (
     ModelWithRelationsDeletionException,
-    PersonNotFoundException,
+    IdentityNotFoundException,
     WrongIdFormatException,
     WrongParameterException,
     WrongTaskTypeForEntityException,
@@ -140,24 +140,21 @@ def server_error(error):
 
 
 def configure_auth():
-    from zou.app.services import persons_service
+    from zou.app.services import identities_service
 
     @jwt.token_in_blocklist_loader
     def check_if_token_is_revoked(_, payload):
-        return auth_tokens_store.is_revoked(payload)
+        return auth_tokens_store.is_revoked(
+            payload["jti"]
+        )  # and ApiToken.get_by(jti=payload["jti"]) is None
 
     @jwt.user_lookup_loader
-    def add_permissions(_, payload):
+    def user_lookup_callback(_, payload):
         try:
-            user = persons_service.get_person(payload["user_id"])
-            if user is not None:
-                identity_changed.send(
-                    current_app._get_current_object(),
-                    identity=Identity(user["id"]),
-                )
-            return user
-        except PersonNotFoundException:
+            identity = identities_service.get_identity_raw(payload["sub"])
+        except IdentityNotFoundException:
             return None
+        return identity
 
 
 def load_api():

diff --git a/zou/app/blueprints/assets/resources.py b/zou/app/blueprints/assets/resources.py
@@ -11,6 +11,7 @@
     shots_service,
     tasks_service,
     user_service,
+    identities_service,
 )
 
 
@@ -100,9 +101,9 @@ def get(self):
         criterions = query.get_query_criterions_from_request(request)
         check_criterion_access(criterions)
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)
 
 
@@ -133,12 +134,12 @@ def get(self):
         page = self.get_page()
         check_criterion_access(criterions)
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
             criterions["vendor_departments"] = [
                 str(department.id)
-                for department in persons_service.get_current_user_raw().departments
+                for department in identities_service.get_current_identity_raw().departments
             ]
         return assets_service.get_assets_and_tasks(criterions, page)
 
@@ -271,9 +272,9 @@ def get(self, project_id):
         criterions = query.get_query_criterions_from_request(request)
         criterions["project_id"] = project_id
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)
 
 
@@ -311,9 +312,9 @@ def get(self, project_id, asset_type_id):
         criterions["project_id"] = project_id
         criterions["entity_type_id"] = asset_type_id
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)