Skip to content
Snippets Groups Projects
Commit f40113b3 authored by Mohammad Torkashvand's avatar Mohammad Torkashvand
Browse files

resolve review notes

parent a78575d7
Branches
Tags
1 merge request!138Implement OIDC-based authentication and authorization module with OPA integration
Pipeline #85365 passed
......@@ -63,3 +63,6 @@ Glossary of terms
WFO
`Workflow Orchestrator <https://workfloworchestrator.org/>`_
AAI
Authentication and Authorisation Infrastructure
``gso.products``
================
.. automodule:: gso.auth
:members:
:show-inheritance:
Subpackages
-----------
.. toctree::
:maxdepth: 1
oidc_policy_helper
security
settings
``gso.auth.oidc_policy_helper``
====================================
.. automodule:: gso.auth.oidc_policy_helper
:members:
:show-inheritance:
``gso.auth.security``
====================================
.. automodule:: gso.auth.security
:members:
:show-inheritance:
``gso.auth.settings``
====================================
.. automodule:: gso.auth.settings
:members:
:show-inheritance:
......@@ -13,3 +13,4 @@ Dark_fiber
[A|a]llocate
PHASE 1
[Mm]odify
AAI
......@@ -167,7 +167,7 @@ class OIDCUser(HTTPBearer):
"""OIDCUser class extends the :term:`HTTPBearer` class to do extra verification.
The class will act as follows:
1. Validate the Credentials at AAI proxy by calling the UserInfo endpoint
1. Validate the Credentials at :term: `AAI` proxy by calling the UserInfo endpoint
"""
openid_config: OIDCConfig | None = None
......@@ -245,14 +245,9 @@ class OIDCUser(HTTPBearer):
async def userinfo(self, async_request: AsyncClient, token: str) -> OIDCUserModel:
"""Get the userinfo from the openid server.
Args:
----
async_request: The async request
token: the access_token
Returns:
-------
OIDCUserModel from openid server
:param AsyncClient async_request: The async request
:param str token: the access_token
:return: OIDCUserModel: OIDC user model from openid server
"""
await self.check_openid_config(async_request)
......@@ -289,15 +284,9 @@ class OIDCUser(HTTPBearer):
async def introspect_token(self, async_request: AsyncClient, token: str) -> dict:
"""Introspect the access token to see if it is a valid token.
Args:
----
async_request: The async request
token: the access_token
Returns:
-------
dict from openid server
:param async_request: The async request
:param token: the access_token
:return: dict from openid server
"""
await self.check_openid_config(async_request)
assert self.openid_config, "OpenID config should be loaded" # noqa: S101
......
......@@ -3,10 +3,7 @@
authentication and authorization, including token validation and user authentication. Integrates
with external authentication providers for enhanced security management.
Todo:
----
Remove token and sensitive data from OPA console and API.
Todo: Remove token and sensitive data from OPA console and API.
"""
from pydantic import BaseSettings, Field
......
......@@ -39,7 +39,6 @@ ignore = [
"PLR0913",
"PLR0904",
"PLW1514",
"S106",
]
line-length = 120
select = [
......
......@@ -54,7 +54,7 @@ def oidc_user(mock_openid_config):
user = OIDCUser(
openid_url="https://example.proxy.aai.geant.org",
resource_server_id="resource_server",
resource_server_secret="secret",
resource_server_secret="secret", # noqa: S106
)
user.openid_config = OIDCConfig.parse_obj(mock_openid_config)
return user
......@@ -75,7 +75,10 @@ def mock_request():
@pytest.fixture()
def mock_oidc_user():
oidc_user = AsyncMock(
OIDCUser, openid_url="https://example.com", resource_server_id="test", resource_server_secret="secret"
OIDCUser,
openid_url="https://example.com",
resource_server_id="test",
resource_server_secret="secret", # noqa: S106
)
oidc_user.__call__ = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
return oidc_user
......@@ -236,7 +239,7 @@ async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_cli
oidc_user.introspect_token = AsyncMock(return_value={"active": True})
oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
result = await oidc_user.__call__(mock_request, token="test_token")
result = await oidc_user.__call__(mock_request, token="test_token") # noqa: S106
assert isinstance(result, OIDCUserModel)
assert result["sub"] == "123"
......@@ -248,7 +251,7 @@ async def test_oidc_user_call_inactive_token(oidc_user, mock_request, mock_async
oidc_user.introspect_token = AsyncMock(return_value={"active": False})
with pytest.raises(HTTPException) as exc_info:
await oidc_user.__call__(mock_request, token="test_token")
await oidc_user.__call__(mock_request, token="test_token") # noqa: S106
assert exc_info.value.status_code == HTTPStatus.UNAUTHORIZED
assert "User is not active" in str(exc_info.value.detail)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment