[auth] WIP tokens

zou/app/__init__.py

@@ -5,7 +5,7 @@
 from flask import Flask, jsonify, current_app
 from flasgger import Swagger
 from flask_jwt_extended import JWTManager
-from flask_principal import Principal, identity_changed, Identity
+from flask_principal import Principal
 from flask_sqlalchemy import SQLAlchemy
 from flask_migrate import Migrate
 from flask_mail import Mail
@@ -21,7 +21,7 @@
 from zou.app.stores import auth_tokens_store
 from zou.app.services.exception import (
     ModelWithRelationsDeletionException,
-    PersonNotFoundException,
+    IdentityNotFoundException,
     WrongIdFormatException,
     WrongParameterException,
     WrongTaskTypeForEntityException,
@@ -140,24 +140,21 @@ def server_error(error):
 
 
 def configure_auth():
-    from zou.app.services import persons_service
+    from zou.app.services import identities_service
 
     @jwt.token_in_blocklist_loader
     def check_if_token_is_revoked(_, payload):
-        return auth_tokens_store.is_revoked(payload)
+        return auth_tokens_store.is_revoked(
+            payload["jti"]
+        )  # and ApiToken.get_by(jti=payload["jti"]) is None
 
     @jwt.user_lookup_loader
-    def add_permissions(_, payload):
+    def user_lookup_callback(_, payload):
         try:
-            user = persons_service.get_person(payload["user_id"])
-            if user is not None:
-                identity_changed.send(
-                    current_app._get_current_object(),
-                    identity=Identity(user["id"]),
-                )
-            return user
-        except PersonNotFoundException:
+            identity = identities_service.get_identity_raw(payload["sub"])
+        except IdentityNotFoundException:
             return None
+        return identity
 
 
 def load_api():

zou/app/blueprints/assets/resources.py

@@ -11,6 +11,7 @@
     shots_service,
     tasks_service,
     user_service,
+    identities_service,
 )
 
 
@@ -100,9 +101,9 @@ def get(self):
         criterions = query.get_query_criterions_from_request(request)
         check_criterion_access(criterions)
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)
 
 
@@ -133,12 +134,12 @@ def get(self):
         page = self.get_page()
         check_criterion_access(criterions)
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
             criterions["vendor_departments"] = [
                 str(department.id)
-                for department in persons_service.get_current_user_raw().departments
+                for department in identities_service.get_current_identity_raw().departments
             ]
         return assets_service.get_assets_and_tasks(criterions, page)
 
@@ -271,9 +272,9 @@ def get(self, project_id):
         criterions = query.get_query_criterions_from_request(request)
         criterions["project_id"] = project_id
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)
 
 
@@ -311,9 +312,9 @@ def get(self, project_id, asset_type_id):
         criterions["project_id"] = project_id
         criterions["entity_type_id"] = asset_type_id
         if permissions.has_vendor_permissions():
-            criterions["assigned_to"] = persons_service.get_current_user()[
-                "id"
-            ]
+            criterions[
+                "assigned_to"
+            ] = identities_service.get_current_identity()["id"]
         return assets_service.get_assets(criterions)