From 512230f22426592b302e6fdc5d49020ff5270b99 Mon Sep 17 00:00:00 2001 From: Kraiem Taha Yassine Date: Fri, 2 Aug 2024 11:13:31 +0200 Subject: [PATCH] Dev (#2457) * refactor(chalice): upgraded dependencies * refactor(chalice): upgraded dependencies feat(chalice): support heatmaps * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * refactor(chalice): upgraded dependencies * refactor(chalice): upgraded dependencies feat(chalice): support heatmaps * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * refactor(chalice): upgraded dependencies refactor(crons): upgraded dependencies refactor(alerts): upgraded dependencies * feat(chalice): get top 10 values for autocomplete CH * refactor(chalice): cleaned code refactor(chalice): upgraded dependencies refactor(alerts): upgraded dependencies refactor(crons): upgraded dependencies * feat(chalice): autocomplete return top 10 with stats * fix(chalice): fixed autocomplete top 10 meta-filters * fix(chalice): fixed JWT authorizer --- api/auth/auth_jwt.py | 161 +++++++++++++++++++++---------------------- 1 file changed, 80 insertions(+), 81 deletions(-) diff --git a/api/auth/auth_jwt.py b/api/auth/auth_jwt.py index 7989406ac..99e899478 100644 --- a/api/auth/auth_jwt.py +++ b/api/auth/auth_jwt.py @@ -27,95 +27,16 @@ def _get_current_auth_context(request: Request, jwt_payload: dict) -> schemas.Cu return request.state.currentContext -async def _process_refresh_call(request: Request) -> schemas.CurrentContext: - if "refreshToken" not in request.cookies: - logger.warning("Missing refreshToken cookie.") - jwt_payload = None - else: - jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=request.cookies["refreshToken"]) - - if jwt_payload is None or jwt_payload.get("jti") is None: - logger.warning("Null refreshToken's payload, or null JTI.") - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, - detail="Invalid refresh-token or expired refresh-token.") - auth_exists = users.refresh_auth_exists(user_id=jwt_payload.get("userId", -1), - jwt_jti=jwt_payload["jti"]) - if not auth_exists: - logger.warning("refreshToken's user not found.") - logger.warning(jwt_payload) - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, - detail="Invalid refresh-token or expired refresh-token.") - - credentials: HTTPAuthorizationCredentials = await super(JWTAuth, self).__call__(request) - if credentials: - if not credentials.scheme == "Bearer": - raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, - detail="Invalid authentication scheme.") - old_jwt_payload = authorizers.jwt_authorizer(scheme=credentials.scheme, token=credentials.credentials, - leeway=datetime.timedelta( - days=config("JWT_LEEWAY_DAYS", cast=int, default=3) - )) - if old_jwt_payload is None \ - or old_jwt_payload.get("userId") is None \ - or old_jwt_payload.get("userId") != jwt_payload.get("userId"): - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.") - - return _get_current_auth_context(request=request, jwt_payload=jwt_payload) - - logger.warning("Invalid authorization code (refresh logic).") - raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid authorization code for refresh.") - - -async def _process_spot_refresh_call(request: Request) -> schemas.CurrentContext: - if "refreshToken" not in request.cookies: - logger.warning("Missing sopt-refreshToken cookie.") - jwt_payload = None - else: - jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=request.cookies["refreshToken"]) - - if jwt_payload is None or jwt_payload.get("jti") is None: - logger.warning("Null spot-refreshToken's payload, or null JTI.") - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, - detail="Invalid spot-refresh-token or expired refresh-token.") - auth_exists = spot.refresh_auth_exists(user_id=jwt_payload.get("userId", -1), - jwt_jti=jwt_payload["jti"]) - if not auth_exists: - logger.warning("spot-refreshToken's user not found.") - logger.warning(jwt_payload) - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, - detail="Invalid spot-refresh-token or expired refresh-token.") - - credentials: HTTPAuthorizationCredentials = await super(JWTAuth, self).__call__(request) - if credentials: - if not credentials.scheme == "Bearer": - raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, - detail="Invalid spot-authentication scheme.") - old_jwt_payload = authorizers.jwt_authorizer(scheme=credentials.scheme, token=credentials.credentials, - leeway=datetime.timedelta( - days=config("JWT_LEEWAY_DAYS", cast=int, default=3) - )) - if old_jwt_payload is None \ - or old_jwt_payload.get("userId") is None \ - or old_jwt_payload.get("userId") != jwt_payload.get("userId"): - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, - detail="Invalid spot-token or expired token.") - - return _get_current_auth_context(request=request, jwt_payload=jwt_payload) - - logger.warning("Invalid authorization code (spot-refresh logic).") - raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid authorization code for spot-refresh.") - - class JWTAuth(HTTPBearer): def __init__(self, auto_error: bool = True): super(JWTAuth, self).__init__(auto_error=auto_error) async def __call__(self, request: Request) -> Optional[schemas.CurrentContext]: if request.url.path in ["/refresh", "/api/refresh"]: - return await _process_refresh_call(request) + return await self.__process_refresh_call(request) elif request.url.path in ["/spot/refresh", "/spot/api/refresh"]: - return await _process_refresh_call(request) + return await self.__process_refresh_call(request) else: credentials: HTTPAuthorizationCredentials = await super(JWTAuth, self).__call__(request) @@ -153,3 +74,81 @@ class JWTAuth(HTTPBearer): logger.warning("Invalid authorization code.") raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid authorization code.") + + async def __process_refresh_call(self, request: Request) -> schemas.CurrentContext: + if "refreshToken" not in request.cookies: + logger.warning("Missing refreshToken cookie.") + jwt_payload = None + else: + jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=request.cookies["refreshToken"]) + + if jwt_payload is None or jwt_payload.get("jti") is None: + logger.warning("Null refreshToken's payload, or null JTI.") + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, + detail="Invalid refresh-token or expired refresh-token.") + auth_exists = users.refresh_auth_exists(user_id=jwt_payload.get("userId", -1), + jwt_jti=jwt_payload["jti"]) + if not auth_exists: + logger.warning("refreshToken's user not found.") + logger.warning(jwt_payload) + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, + detail="Invalid refresh-token or expired refresh-token.") + + credentials: HTTPAuthorizationCredentials = await super(JWTAuth, self).__call__(request) + if credentials: + if not credentials.scheme == "Bearer": + raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, + detail="Invalid authentication scheme.") + old_jwt_payload = authorizers.jwt_authorizer(scheme=credentials.scheme, token=credentials.credentials, + leeway=datetime.timedelta( + days=config("JWT_LEEWAY_DAYS", cast=int, default=3) + )) + if old_jwt_payload is None \ + or old_jwt_payload.get("userId") is None \ + or old_jwt_payload.get("userId") != jwt_payload.get("userId"): + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.") + + return _get_current_auth_context(request=request, jwt_payload=jwt_payload) + + logger.warning("Invalid authorization code (refresh logic).") + raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid authorization code for refresh.") + + async def __process_spot_refresh_call(self, request: Request) -> schemas.CurrentContext: + if "refreshToken" not in request.cookies: + logger.warning("Missing sopt-refreshToken cookie.") + jwt_payload = None + else: + jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=request.cookies["refreshToken"]) + + if jwt_payload is None or jwt_payload.get("jti") is None: + logger.warning("Null spot-refreshToken's payload, or null JTI.") + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, + detail="Invalid spot-refresh-token or expired refresh-token.") + auth_exists = spot.refresh_auth_exists(user_id=jwt_payload.get("userId", -1), + jwt_jti=jwt_payload["jti"]) + if not auth_exists: + logger.warning("spot-refreshToken's user not found.") + logger.warning(jwt_payload) + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, + detail="Invalid spot-refresh-token or expired refresh-token.") + + credentials: HTTPAuthorizationCredentials = await super(JWTAuth, self).__call__(request) + if credentials: + if not credentials.scheme == "Bearer": + raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, + detail="Invalid spot-authentication scheme.") + old_jwt_payload = authorizers.jwt_authorizer(scheme=credentials.scheme, token=credentials.credentials, + leeway=datetime.timedelta( + days=config("JWT_LEEWAY_DAYS", cast=int, default=3) + )) + if old_jwt_payload is None \ + or old_jwt_payload.get("userId") is None \ + or old_jwt_payload.get("userId") != jwt_payload.get("userId"): + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, + detail="Invalid spot-token or expired token.") + + return _get_current_auth_context(request=request, jwt_payload=jwt_payload) + + logger.warning("Invalid authorization code (spot-refresh logic).") + raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, + detail="Invalid authorization code for spot-refresh.")