jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(chalice): stop SA from logout

Browse source
This commit is contained in:
Taha Yassine Kraiem 2024-07-19 12:17:43 +02:00
parent dd5ff6bad8
commit e5f6215d03
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
ee/api/auth/auth_jwt.py
View file

@ -29,6 +29,11 @@ def _get_current_auth_context(request: Request, jwt_payload: dict) -> schemas.Cu
return request.state.currentContext
def _allow_access_to_endpoint(request: Request, current_context: schemas.CurrentContext) -> bool:
return not current_context.service_account \
or request.url.path not in ["/logout", "/api/logout", "/refresh", "/api/refresh"]
class JWTAuth(HTTPBearer):
def __init__(self, auto_error: bool = True):
super(JWTAuth, self).__init__(auto_error=auto_error)
@ -68,7 +73,10 @@ class JWTAuth(HTTPBearer):
or old_jwt_payload.get("userId") != jwt_payload.get("userId"):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.")
return _get_current_auth_context(request=request, jwt_payload=jwt_payload)
ctx = _get_current_auth_context(request=request, jwt_payload=jwt_payload)
if not _allow_access_to_endpoint(request=request, current_context=ctx):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Unauthorized endpoint.")
return ctx
else:
credentials: HTTPAuthorizationCredentials = await super(JWTAuth, self).__call__(request)
@ -95,7 +103,10 @@ class JWTAuth(HTTPBearer):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.")
return _get_current_auth_context(request=request, jwt_payload=jwt_payload)
ctx = _get_current_auth_context(request=request, jwt_payload=jwt_payload)
if not _allow_access_to_endpoint(request=request, current_context=ctx):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Unauthorized endpoint.")
return ctx
logger.warning("Invalid authorization code.")
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid authorization code.")