feat(chalice): changed login

2022-12-12 12:30:13 +01:00 · 2022-12-12 12:30:13 +01:00 · de54e0cad7
commit de54e0cad7
parent 5738fd7bc7
6 changed files with 44 additions and 25 deletions
--- a/api/chalicelib/core/authorizers.py
+++ b/api/chalicelib/core/authorizers.py
@ -37,12 +37,16 @@ def jwt_context(context):
    }


+def get_jwt_exp(iat):
+    return iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000
+
+
 def generate_jwt(id, tenant_id, iat, aud):
    token = jwt.encode(
        payload={
            "userId": id,
            "tenantId": tenant_id,
-            "exp": iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000,
+            "exp": get_jwt_exp(iat),
            "iss": config("JWT_ISSUER"),
            "iat": iat // 1000,
            "aud": aud
--- a/api/chalicelib/core/users.py
+++ b/api/chalicelib/core/users.py
@ -648,9 +648,9 @@ def authenticate(email, password, for_change_password=False):
            return True
        r = helper.dict_to_camel_case(r)
        jwt_iat = change_jwt_iat(r['userId'])
+        iat = TimeUTC.datetime_to_timestamp(jwt_iat)
        return {
-            "jwt": authorizers.generate_jwt(r['userId'], r['tenantId'],
-                                            TimeUTC.datetime_to_timestamp(jwt_iat),
+            "jwt": authorizers.generate_jwt(r['userId'], r['tenantId'], iat=iat,
                                            aud=f"front:{helper.get_stage_name()}"),
            "email": email,
            **r
--- a/api/chalicelib/utils/helper.py
+++ b/api/chalicelib/utils/helper.py
@ -3,6 +3,7 @@ import random
 import re
 import string
 from typing import Union
+from urllib.parse import urlparse

 from decouple import config

@ -304,3 +305,7 @@ def __time_value(row):

 def is_saml2_available():
    return config("hastSAML2", default=False, cast=bool)
+
+
+def get_domain():
+    return urlparse(config("SITE_URL")).netloc
--- a/api/routers/core.py
+++ b/api/routers/core.py
@ -2,6 +2,7 @@ from typing import Union

 from decouple import config
 from fastapi import Depends, Body, HTTPException
+from fastapi.responses import JSONResponse
 from starlette import status

 import schemas
@ -40,13 +41,18 @@ def login(data: schemas.UserLoginSchema = Body(...)):
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=r["errors"][0]
        )
+
    r["smtp"] = helper.has_smtp()
-    return {
+    content = {
        'jwt': r.pop('jwt'),
        'data': {
            "user": r
        }
    }
+    response = JSONResponse(content=content)
+    response.set_cookie(key="jwt", value=content['jwt'], domain=helper.get_domain(),
+                        expires=config("JWT_EXPIRATION", cast=int))
+    return response


@app.post('/{projectId}/sessions/search', tags=["sessions"])
@ -973,6 +979,7 @@ def get_limits(context: schemas.CurrentContext = Depends(OR_context)):
        }
    }

+
@app.get('/integrations/msteams/channels', tags=["integrations"])
 def get_msteams_channels(context: schemas.CurrentContext = Depends(OR_context)):
    return {"data": webhook.get_by_type(tenant_id=context.tenant_id, webhook_type=schemas.WebhookType.msteams)}
--- a/ee/api/chalicelib/core/authorizers.py
+++ b/ee/api/chalicelib/core/authorizers.py
@ -38,13 +38,16 @@ def jwt_context(context):
    }


+def get_jwt_exp(iat):
+    return iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000
+
+
 def generate_jwt(id, tenant_id, iat, aud, exp=None):
    token = jwt.encode(
        payload={
            "userId": id,
            "tenantId": tenant_id,
-            "exp": exp + TimeUTC.get_utc_offset() // 1000 if exp is not None \
-                else iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000,
+            "exp": exp + TimeUTC.get_utc_offset() // 1000 if exp is not None else get_jwt_exp(iat),
            "iss": config("JWT_ISSUER"),
            "iat": iat // 1000,
            "aud": aud
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@ -742,9 +742,9 @@ def authenticate(email, password, for_change_password=False):
            return True
        r = helper.dict_to_camel_case(r)
        jwt_iat = change_jwt_iat(r['userId'])
+        iat = TimeUTC.datetime_to_timestamp(jwt_iat)
        return {
-            "jwt": authorizers.generate_jwt(r['userId'], r['tenantId'],
-                                            TimeUTC.datetime_to_timestamp(jwt_iat),
+            "jwt": authorizers.generate_jwt(r['userId'], r['tenantId'], iat=iat,
                                            aud=f"front:{helper.get_stage_name()}"),
            "email": email,
            **r
@ -776,7 +776,7 @@ def authenticate_sso(email, internal_id, exp=None):
        r = helper.dict_to_camel_case(r)
        jwt_iat = TimeUTC.datetime_to_timestamp(change_jwt_iat(r['userId']))
        return authorizers.generate_jwt(r['userId'], r['tenantId'],
-                                        jwt_iat, aud=f"front:{helper.get_stage_name()}",
+                                        iat=jwt_iat, aud=f"front:{helper.get_stage_name()}",
                                        exp=(exp + jwt_iat // 1000) if exp is not None else None)
    return None