Skip to content

Commit

Permalink
[auth] WIP tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
EvanBldy committed Oct 6, 2023
1 parent ffc7583 commit 1625359
Show file tree
Hide file tree
Showing 50 changed files with 1,008 additions and 460 deletions.
6 changes: 6 additions & 0 deletions tests/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import orjson as json
import os
import ntpath
import fakeredis

from mixer.backend.flask import mixer

Expand Down Expand Up @@ -42,9 +43,14 @@
from zou.app.models.task_type import TaskType
from zou.app.models.software import Software
from zou.app.models.working_file import WorkingFile
from zou.app.stores import auth_tokens_store

TEST_FOLDER = os.path.join("tests", "tmp")

auth_tokens_store.revoked_tokens_store = fakeredis.FakeStrictRedis(
decode_responses=True
)


class ApiTestCase(unittest.TestCase):
"""
Expand Down
60 changes: 4 additions & 56 deletions tests/misc/test_commands.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import orjson as json
import datetime

from tests.base import ApiDBTestCase
Expand All @@ -20,68 +19,17 @@ class CommandsTestCase(ApiDBTestCase):
def setUp(self):
super(CommandsTestCase, self).setUp()
self.store = auth_tokens_store
for key in self.store.keys():
self.store.delete(key)
self.store.clear()

def test_clean_auth_tokens_revoked(self):
now = datetime.datetime.now()
self.store.add(
"testkey",
json.dumps(
{
"token": {
"exp": totimestamp(now + datetime.timedelta(days=8))
},
"revoked": False,
}
),
)
self.store.add(
"testkey2",
json.dumps(
{
"token": {
"exp": totimestamp(now + datetime.timedelta(days=8))
},
"revoked": True,
}
),
)
self.store.add("testkey", "false")
self.store.add("testkey2", "false")
self.assertEqual(len(self.store.keys()), 2)
self.store.add("testkey2", "true")
commands.clean_auth_tokens()
self.assertEqual(len(self.store.keys()), 1)
self.assertEqual(self.store.keys()[0], "testkey")

def test_clean_auth_tokens_expired(self):
now = datetime.datetime.now()
self.store.add(
"testkey",
json.dumps(
{
"token": {
"exp": totimestamp(now - datetime.timedelta(days=8))
},
"revoked": False,
}
),
)
self.store.add(
"testkey2",
json.dumps(
{
"token": {
"exp": totimestamp(now + datetime.timedelta(days=8))
},
"revoked": False,
}
),
)

self.assertEqual(len(self.store.keys()), 2)
commands.clean_auth_tokens()
self.assertEqual(len(self.store.keys()), 1)
self.assertEqual(self.store.keys()[0], "testkey2")

def test_init_data(self):
commands.init_data()
task_types = TaskType.get_all()
Expand Down
7 changes: 4 additions & 3 deletions tests/services/test_tasks_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
preview_files_service,
tasks_service,
persons_service,
identities_service,
)
from zou.app.utils import events, fields

Expand Down Expand Up @@ -454,11 +455,11 @@ def test_get_comments(self):
comments = tasks_service.get_comments(self.task_id, is_manager=False)
self.assertEqual(len(comments), 3)

old_get_current_user = persons_service.get_current_user
persons_service.get_current_user = self.get_current_user
old_get_current_user = identities_service.get_current_identity
identities_service.get_current_identity = self.get_current_user
comments = tasks_service.get_comments(self.task_id, is_client=True)
self.assertEqual(len(comments), 1)
persons_service.get_current_user = old_get_current_user
identities_service.get_current_identity = old_get_current_user

def test_new_comment(self):
comment = comments_service.new_comment(
Expand Down
20 changes: 12 additions & 8 deletions tests/services/test_user_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
from zou.app.models.person import Person
from zou.app.services import (
comments_service,
persons_service,
projects_service,
tasks_service,
user_service,
identities_service,
)

from zou.app.utils import permissions
Expand Down Expand Up @@ -45,15 +45,19 @@ def setUp(self):
self.wip_status_id = self.task_status_wip.id
self.to_review_status_id = self.task_status_to_review.id

self.old_get_current_user = persons_service.get_current_user
persons_service.get_current_user = self.get_current_user
self.old_get_current_user_raw = persons_service.get_current_user_raw
persons_service.get_current_user_raw = self.get_current_user_raw
self.old_get_current_user = identities_service.get_current_identity
identities_service.get_current_identity = self.get_current_user
self.old_get_current_user_raw = (
identities_service.get_current_identity_raw
)
identities_service.get_current_identity_raw = self.get_current_user_raw

def tearDown(self):
super(UserServiceTestCase, self).tearDown()
persons_service.get_current_user = self.old_get_current_user
persons_service.get_current_user_raw = self.old_get_current_user_raw
identities_service.get_current_identity = self.old_get_current_user
identities_service.get_current_identity_raw = (
self.old_get_current_user_raw
)

def get_current_user(self):
return self.user
Expand Down Expand Up @@ -101,7 +105,7 @@ def test_check_entity_access(self):
self.assertTrue(user_service.check_entity_access(str(self.asset_id)))

def test_get_last_notifications(self):
persons_service.get_current_user = self.get_current_user_artist
identities_service.get_current_identity = self.get_current_user_artist
self.generate_fixture_user_cg_artist()
self.log_in_cg_artist()
person_id = self.user_cg_artist["id"]
Expand Down
17 changes: 14 additions & 3 deletions tests/stores/test_auth_tokens_store.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import time
from tests.base import ApiTestCase


from zou.app.stores import auth_tokens_store


Expand All @@ -23,14 +25,23 @@ def test_delete(self):
self.assertIsNone(self.store.get("key-1"))

def test_is_revoked(self):
self.assertTrue(self.store.is_revoked({"jti": "key-1"}))
self.assertTrue(self.store.is_revoked("key-1"))
self.store.add("key-1", "true")
self.assertTrue(self.store.is_revoked({"jti": "key-1"}))
self.assertTrue(self.store.is_revoked("key-1"))
self.store.add("key-1", "false")
self.assertFalse(self.store.is_revoked({"jti": "key-1"}))
self.assertFalse(self.store.is_revoked("key-1"))

def test_keys(self):
self.store.add("key-1", "true")
self.store.add("key-2", "true")
self.assertTrue("key-1" in self.store.keys())
self.assertTrue("key-2" in self.store.keys())

def test_ttl(self):
self.store.add("key-1", "true", ttl=10)
self.assertEqual(self.store.get("key-1"), "true")
self.store.add("key-2", "true", ttl=1)
self.assertEqual(self.store.get("key-2"), "true")
self.store.add("key-3", "true", ttl=1)
time.sleep(1)
self.assertIsNone(self.store.get("key-3"))
23 changes: 10 additions & 13 deletions zou/app/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from flask import Flask, jsonify, current_app
from flasgger import Swagger
from flask_jwt_extended import JWTManager
from flask_principal import Principal, identity_changed, Identity
from flask_principal import Principal
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_mail import Mail
Expand All @@ -21,7 +21,7 @@
from zou.app.stores import auth_tokens_store
from zou.app.services.exception import (
ModelWithRelationsDeletionException,
PersonNotFoundException,
IdentityNotFoundException,
WrongIdFormatException,
WrongParameterException,
WrongTaskTypeForEntityException,
Expand Down Expand Up @@ -140,24 +140,21 @@ def server_error(error):


def configure_auth():
from zou.app.services import persons_service
from zou.app.services import identities_service

@jwt.token_in_blocklist_loader
def check_if_token_is_revoked(_, payload):
return auth_tokens_store.is_revoked(payload)
return auth_tokens_store.is_revoked(
payload["jti"]
) # and ApiToken.get_by(jti=payload["jti"]) is None

@jwt.user_lookup_loader
def add_permissions(_, payload):
def user_lookup_callback(_, payload):
try:
user = persons_service.get_person(payload["user_id"])
if user is not None:
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user["id"]),
)
return user
except PersonNotFoundException:
identity = identities_service.get_identity_raw(payload["sub"])
except IdentityNotFoundException:
return None
return identity


def load_api():
Expand Down
27 changes: 14 additions & 13 deletions zou/app/blueprints/assets/resources.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
shots_service,
tasks_service,
user_service,
identities_service,
)


Expand Down Expand Up @@ -100,9 +101,9 @@ def get(self):
criterions = query.get_query_criterions_from_request(request)
check_criterion_access(criterions)
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
return assets_service.get_assets(criterions)


Expand Down Expand Up @@ -133,12 +134,12 @@ def get(self):
page = self.get_page()
check_criterion_access(criterions)
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
criterions["vendor_departments"] = [
str(department.id)
for department in persons_service.get_current_user_raw().departments
for department in identities_service.get_current_identity_raw().departments
]
return assets_service.get_assets_and_tasks(criterions, page)

Expand Down Expand Up @@ -271,9 +272,9 @@ def get(self, project_id):
criterions = query.get_query_criterions_from_request(request)
criterions["project_id"] = project_id
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
return assets_service.get_assets(criterions)


Expand Down Expand Up @@ -311,9 +312,9 @@ def get(self, project_id, asset_type_id):
criterions["project_id"] = project_id
criterions["entity_type_id"] = asset_type_id
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
return assets_service.get_assets(criterions)


Expand Down
Loading

0 comments on commit 1625359

Please sign in to comment.