From a119e442db958277e19d66c732321eedf3d8e91e Mon Sep 17 00:00:00 2001 From: Kraiem Taha Yassine Date: Fri, 2 Aug 2024 17:12:21 +0200 Subject: [PATCH] Dev (#2460) * refactor(chalice): upgraded dependencies * refactor(chalice): upgraded dependencies feat(chalice): support heatmaps * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * refactor(chalice): upgraded dependencies * refactor(chalice): upgraded dependencies feat(chalice): support heatmaps * fix(chalice): fixed Math-operators validation refactor(chalice): search for sessions that have events for heatmaps * refactor(chalice): search for sessions that have at least 1 location event for heatmaps * refactor(chalice): upgraded dependencies refactor(crons): upgraded dependencies refactor(alerts): upgraded dependencies * feat(chalice): get top 10 values for autocomplete CH * refactor(chalice): cleaned code refactor(chalice): upgraded dependencies refactor(alerts): upgraded dependencies refactor(crons): upgraded dependencies * feat(chalice): autocomplete return top 10 with stats * fix(chalice): fixed autocomplete top 10 meta-filters * refactor(chalice): refactored and cleaned Spot code refactor(chalice): refactored and cleaned login code --- api/routers/core_dynamic.py | 10 ++++++---- api/routers/subs/spot.py | 35 +--------------------------------- ee/api/routers/core_dynamic.py | 10 ++++++---- 3 files changed, 13 insertions(+), 42 deletions(-) diff --git a/api/routers/core_dynamic.py b/api/routers/core_dynamic.py index 920c74799..0fc8f11d7 100644 --- a/api/routers/core_dynamic.py +++ b/api/routers/core_dynamic.py @@ -20,6 +20,8 @@ from routers.base import get_routers public_app, app, app_apikey = get_routers() +COOKIE_PATH = "/api/refresh" + @public_app.get('/signup', tags=['signup']) async def get_all_signup(): @@ -39,7 +41,7 @@ if not tenants.tenants_exists_sync(use_pool=False): return content refresh_token = content.pop("refreshToken") refresh_token_max_age = content.pop("refreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) return content @@ -78,7 +80,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem spot_refresh_token = r.pop("spotRefreshToken") spot_refresh_token_max_age = r.pop("spotRefreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) if spot: response.set_cookie(key="spotRefreshToken", value=spot_refresh_token, path="/api/spot/refresh", @@ -89,7 +91,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem @app.get('/logout', tags=["login"]) def logout_user(response: Response, context: schemas.CurrentContext = Depends(OR_context)): users.logout(user_id=context.user_id) - response.delete_cookie(key="refreshToken", path="/api/refresh") + response.delete_cookie(key="refreshToken", path=COOKIE_PATH) response.delete_cookie(key="spotRefreshToken", path="/api/spot/refresh") return {"data": "success"} @@ -98,7 +100,7 @@ def logout_user(response: Response, context: schemas.CurrentContext = Depends(OR def refresh_login(response: JSONResponse, context: schemas.CurrentContext = Depends(OR_context)): r = users.refresh(user_id=context.user_id) content = {"jwt": r.get("jwt")} - response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path="/api/refresh", + response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path=COOKIE_PATH, max_age=r.pop("refreshTokenMaxAge"), secure=True, httponly=True) return content diff --git a/api/routers/subs/spot.py b/api/routers/subs/spot.py index d0c967dc6..5ec404af7 100644 --- a/api/routers/subs/spot.py +++ b/api/routers/subs/spot.py @@ -14,43 +14,10 @@ public_app, app, app_apikey = get_routers(prefix="/spot", tags=["spot"]) COOKIE_PATH = "/api/spot/refresh" -@public_app.post('/login') -def login_spot(response: JSONResponse, data: schemas.UserLoginSchema = Body(...)): - if helper.allow_captcha() and not captcha.is_valid(data.g_recaptcha_response): - raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail="Invalid captcha." - ) - - r = spot.authenticate(data.email, data.password.get_secret_value()) - if r is None: - raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail="You've entered invalid Email or Password." - ) - if "errors" in r: - raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail=r["errors"][0] - ) - - refresh_token = r.pop("refreshToken") - refresh_token_max_age = r.pop("refreshTokenMaxAge") - content = { - 'jwt': r.pop('jwt'), - 'data': { - "user": r - } - } - response.set_cookie(key="spotRefreshToken", value=refresh_token, path=COOKIE_PATH, - max_age=refresh_token_max_age, secure=True, httponly=True) - return content - - @app.get('/logout') def logout_spot(response: Response, context: schemas.CurrentContext = Depends(OR_context)): spot.logout(user_id=context.user_id) - response.delete_cookie(key="spotRefreshToken", path="/api/refresh") + response.delete_cookie(key="spotRefreshToken", path=COOKIE_PATH) return {"data": "success"} diff --git a/ee/api/routers/core_dynamic.py b/ee/api/routers/core_dynamic.py index 02b4c626e..e71665393 100644 --- a/ee/api/routers/core_dynamic.py +++ b/ee/api/routers/core_dynamic.py @@ -26,6 +26,8 @@ if config("ENABLE_SSO", cast=bool, default=True): public_app, app, app_apikey = get_routers() +COOKIE_PATH = "/api/refresh" + @public_app.get('/signup', tags=['signup']) async def get_all_signup(): @@ -45,7 +47,7 @@ if config("MULTI_TENANTS", cast=bool, default=False) or not tenants.tenants_exis return content refresh_token = content.pop("refreshToken") refresh_token_max_age = content.pop("refreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) return content @@ -84,7 +86,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem spot_refresh_token = r.pop("spotRefreshToken") spot_refresh_token_max_age = r.pop("spotRefreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) if spot: response.set_cookie(key="spotRefreshToken", value=spot_refresh_token, path="/api/spot/refresh", @@ -95,7 +97,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem @app.get('/logout', tags=["login"]) def logout_user(response: Response, context: schemas.CurrentContext = Depends(OR_context)): users.logout(user_id=context.user_id) - response.delete_cookie(key="refreshToken", path="/api/refresh") + response.delete_cookie(key="refreshToken", path=COOKIE_PATH) response.delete_cookie(key="spotRefreshToken", path="/api/spot/refresh") return {"data": "success"} @@ -105,7 +107,7 @@ def refresh_login(context: schemas.CurrentContext = Depends(OR_context)): r = users.refresh(user_id=context.user_id, tenant_id=context.tenant_id) content = {"jwt": r.get("jwt")} response = JSONResponse(content=content) - response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path="/api/refresh", + response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path=COOKIE_PATH, max_age=r.pop("refreshTokenMaxAge"), secure=True, httponly=True) return response