[auth] WIP tokens

zou/app/__init__.py

@@ -25,6 +25,7 @@
     WrongIdFormatException,
     WrongParameterException,
     WrongTaskTypeForEntityException,
+    ApiTokenNotFoundException,
 )
 
 from zou.app.utils import cache, fs, logs
@@ -140,24 +141,25 @@ def server_error(error):
 
 
 def configure_auth():
-    from zou.app.services import persons_service
+    from zou.app.services import persons_service, api_tokens_service
+    from zou.app.models.api_token import ApiToken
 
     @jwt.token_in_blocklist_loader
     def check_if_token_is_revoked(_, payload):
-        return auth_tokens_store.is_revoked(payload)
+        return auth_tokens_store.is_revoked(
+            payload["jti"]
+        )  # and ApiToken.get_by(jti=payload["jti"]) is None
 
     @jwt.user_lookup_loader
-    def add_permissions(_, payload):
+    def user_lookup_callback(_, payload):
         try:
-            user = persons_service.get_person(payload["user_id"])
-            if user is not None:
-                identity_changed.send(
-                    current_app._get_current_object(),
-                    identity=Identity(user["id"]),
-                )
-            return user
+            identity = persons_service.get_person_raw(payload["sub"])
         except PersonNotFoundException:
-            return None
+            try:
+                identity = api_tokens_service.get_api_token_raw(payload["sub"])
+            except ApiTokenNotFoundException:
+                return None
+        return identity
 
 
 def load_api():

zou/app/blueprints/assets/resources.py

@@ -11,6 +11,7 @@
     shots_service,
     tasks_service,
     user_service,
+    identities_service,
 )
 
 
@@ -100,9 +101,9 @@ def get(self):
         criterions = query.get_query_criterions_from_request(request)
         check_criterion_access(criterions)
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)
 
 
@@ -133,12 +134,12 @@ def get(self):
         page = self.get_page()
         check_criterion_access(criterions)
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
             criterions["vendor_departments"] = [
                 str(department.id)
-                for department in persons_service.get_current_user_raw().departments
+                for department in identities_service.get_current_identity_raw().departments
             ]
         return assets_service.get_assets_and_tasks(criterions, page)
 
@@ -271,9 +272,9 @@ def get(self, project_id):
         criterions = query.get_query_criterions_from_request(request)
         criterions["project_id"] = project_id
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)
 
 
@@ -311,9 +312,9 @@ def get(self, project_id, asset_type_id):
         criterions["project_id"] = project_id
         criterions["entity_type_id"] = asset_type_id
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)