changes from self review

2026-02-18 00:27:41 +01:00 · 2024-12-13 11:33:39 -05:00
parent 1ca4d894dd
commit 34d49e6494
4 changed files with 25 additions and 21 deletions
--- a/backend/endpoints/auth.py
+++ b/backend/endpoints/auth.py
@@ -8,7 +8,7 @@ from endpoints.responses import MessageResponse
 from endpoints.responses.oauth import TokenResponse
 from exceptions.auth_exceptions import (
    AuthCredentialsException,
-    OIDCDisableException,
+    OIDCDisabledException,
    OIDCNotConfiguredException,
    UserDisabledException,
 )
@@ -208,7 +208,7 @@ async def login_via_openid(request: Request):
        request (Request): Fastapi Request object

    Raises:
-        OIDCDisableException: OAuth is disabled
+        OIDCDisabledException: OAuth is disabled
        OIDCNotConfiguredException: OAuth not configured

    Returns:
@@ -216,7 +216,7 @@ async def login_via_openid(request: Request):
    """

    if not OIDC_ENABLED:
-        raise OIDCDisableException
+        raise OIDCDisabledException

    if not oauth.openid:
        raise OIDCNotConfiguredException
@@ -232,7 +232,7 @@ async def auth_openid(request: Request):
        request (Request): Fastapi Request object

    Raises:
-        OIDCDisableException: OAuth is disabled
+        OIDCDisabledException: OAuth is disabled
        OIDCNotConfiguredException: OAuth not configured
        AuthCredentialsException: Invalid credentials
        UserDisabledException: Auth is disabled
@@ -242,28 +242,30 @@ async def auth_openid(request: Request):
    """

    if not OIDC_ENABLED:
-        raise OIDCDisableException
+        raise OIDCDisabledException

    if not oauth.openid:
        raise OIDCNotConfiguredException

    token = await oauth.openid.authorize_access_token(request)
-    potential_user = await oidc_handler.get_current_active_user_from_openid_token(token)
+    potential_user, _claims = (
+        await oidc_handler.get_current_active_user_from_openid_token(token)
+    )
    if not potential_user:
        raise AuthCredentialsException

-    user, _claims = potential_user
-
-    if not user:
+    if not potential_user:
        raise AuthCredentialsException

-    if not user.enabled:
+    if not potential_user.enabled:
        raise UserDisabledException

-    request.session.update({"iss": "romm:auth", "sub": user.username})
+    request.session.update({"iss": "romm:auth", "sub": potential_user.username})

    # Update last login and active times
    now = datetime.now(timezone.utc)
-    db_user_handler.update_user(user.id, {"last_login": now, "last_active": now})
+    db_user_handler.update_user(
+        potential_user.id, {"last_login": now, "last_active": now}
+    )

    return RedirectResponse(url="/")
--- a/backend/endpoints/user.py
+++ b/backend/endpoints/user.py
@@ -51,8 +51,8 @@ def add_user(
            detail="Forbidden",
        )

-    existing_username = db_user_handler.get_user_by_username(username.lower())
-    if existing_username:
+    existing_user_by_username = db_user_handler.get_user_by_username(username.lower())
+    if existing_user_by_username:
        msg = f"Username {username.lower()} already exists"
        log.error(msg)
        raise HTTPException(
@@ -60,8 +60,8 @@ def add_user(
            detail=msg,
        )

-    existing_email = db_user_handler.get_user_by_email(email.lower())
-    if existing_email:
+    existing_user_by_email = db_user_handler.get_user_by_email(email.lower())
+    if existing_user_by_email:
        msg = f"Uesr with email {email.lower()} already exists"
        log.error(msg)
        raise HTTPException(
@@ -76,7 +76,7 @@ def add_user(
        role=Role[role.upper()],
    )

-    return UserSchema.model_validate(db_user_handler.add_user(user))
+    return db_user_handler.add_user(user)


@protected_route(router.get, "/users", [Scope.USERS_READ])
@@ -90,7 +90,7 @@ def get_users(request: Request) -> list[UserSchema]:
        list[UserSchema]: All users stored in the RomM's database
    """

-    return [UserSchema.model_validate(u) for u in db_user_handler.get_users()]
+    return [u for u in db_user_handler.get_users()]


@protected_route(router.get, "/users/me", [Scope.ME_READ])
@@ -122,7 +122,7 @@ def get_user(request: Request, id: int) -> UserSchema:
    if not user:
        raise HTTPException(status_code=404, detail="User not found")

-    return UserSchema.model_validate(user)
+    return user


@protected_route(router.put, "/users/{id}", [Scope.ME_WRITE])
@@ -215,7 +215,7 @@ async def update_user(
        if request.user.id == id and creds_updated:
            request.session.clear()

-    return UserSchema.model_validate(db_user_handler.get_user(id))
+    return db_user_handler.get_user(id)


@protected_route(router.delete, "/users/{id}", [Scope.USERS_WRITE])
--- a/backend/exceptions/auth_exceptions.py
+++ b/backend/exceptions/auth_exceptions.py
@@ -21,7 +21,7 @@ OAuthCredentialsException = HTTPException(
    headers={"WWW-Authenticate": "Bearer"},
 )

-OIDCDisableException = HTTPException(
+OIDCDisabledException = HTTPException(
    status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
    detail="OAuth disabled",
 )
--- a/backend/handler/auth/base_handler.py
+++ b/backend/handler/auth/base_handler.py
@@ -163,6 +163,8 @@ class OpenIDHandler:
        if not OIDC_ENABLED:
            return

+        # Fetch the public key from the OIDC server
+        # JWKS (JSON Web Key Sets) response is a JSON object with a keys array
        jwks_url = f"{OIDC_SERVER_APPLICATION_URL}/jwks/"
        with httpx.Client() as httpx_client:
            try: