update docs, fix token handling (#58)

openeo_fastapi/client/auth.py

@@ -72,8 +72,6 @@ def validate(authorization: str = Header()):
         policies = None
         if settings.OIDC_POLICIES:
             policies = settings.OIDC_POLICIES
-
-        assert policies
         issuer = IssuerHandler(issuer_uri=settings.OIDC_URL, policies=policies)
 
         user_info = issuer.validate_token(authorization)
@@ -102,17 +100,10 @@ class AuthMethod(Enum):
 class AuthToken(BaseModel):
     """The AuthToken breaks down the OpenEO token into its consituent parts to be used for validation."""
 
-    bearer: bool
     method: AuthMethod
     provider: str
     token: str
 
-    @validator("bearer", pre=True)
-    def passwords_match(cls, v, values, **kwargs):
-        if v != "Bearer ":
-            return ValueError("Token not formatted correctly")
-        return True
-
     @validator("provider", pre=True)
     def check_provider(cls, v, values, **kwargs):
         if v == "":
@@ -128,9 +119,11 @@ def check_token(cls, v, values, **kwargs):
     @classmethod
     def from_token(cls, token: str):
         """Takes the openeo format token, splits it into the component parts, and returns an Auth token."""
-        return cls(
-            **dict(zip(["bearer", "method", "provider", "token"], token.split("/")))
-        )
+
+        if "Bearer " in token:
+            token = token.removeprefix("Bearer ")
+
+        return cls(**dict(zip(["method", "provider", "token"], token.split("/"))))
 
 
 class IssuerHandler(BaseModel):
@@ -268,8 +261,6 @@ def _authenticate_oidc_user(self, token: str):
 
             userinfo = resp.json()
 
-            assert self.policies
-
             # If policies have been set for this provider, only allow users who match.
             if self.policies:
                 for policy in self.policies:

openeo_fastapi/client/settings.py

@@ -89,6 +89,5 @@ def parse_env_var(cls, field_name: str, raw_val: str) -> Any:
             elif field_name == "OIDC_ROLES":
                 return [str(x) for x in raw_val.split(",")]
             elif field_name == "OIDC_POLICIES":
-                print("LIST CLEANING", [str(x) for x in raw_val.split("&&")])
                 return [str(x) for x in raw_val.split("&&")]
             return cls.json_loads(raw_val)

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "openeo-fastapi"
-version = "2024.9.1"
+version = "2024.9.2"
 description = "FastApi implementation conforming to the OpenEO Api specification."
 authors = ["Sean Hoyal <sean.hoyal@external.eodc.eu>"]
 readme = "README.md"

tests/api/test_api.py

@@ -90,7 +90,7 @@ def test_get_userinfo(
 
     response = test_app.get(
         f"{app_settings.OPENEO_PREFIX}/me",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 200
@@ -222,7 +222,7 @@ def list_files(
     test_client = test_client = TestClient(api.app)
     response = test_client.get(
         f"{app_settings.OPENEO_PREFIX}/files",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 200
@@ -324,7 +324,7 @@ def get_file_headers(
     test_client = test_client = TestClient(api.app)
     response = test_client.head(
         f"{app_settings.OPENEO_PREFIX}/files/somefile.txt",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 200

tests/api/test_files.py

@@ -35,7 +35,7 @@ def assert_not(response):
         assert_not(
             test_app.get(
                 get,
-                headers={"Authorization": "Bearer /oidc/egi/not-real"},
+                headers={"Authorization": "Bearer oidc/egi/not-real"},
             )
         )
 
@@ -45,7 +45,7 @@ def assert_not(response):
         assert_not(
             test_app.put(
                 post,
-                headers={"Authorization": "Bearer /oidc/egi/not-real"},
+                headers={"Authorization": "Bearer oidc/egi/not-real"},
             )
         )
 
@@ -55,6 +55,6 @@ def assert_not(response):
         assert_not(
             test_app.delete(
                 delete,
-                headers={"Authorization": "Bearer /oidc/egi/not-real"},
+                headers={"Authorization": "Bearer oidc/egi/not-real"},
             )
         )

tests/api/test_jobs.py

@@ -27,7 +27,7 @@ def test_list_jobs(
 
     response = test_app.get(
         f"{app_settings.OPENEO_PREFIX}/jobs",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 200
@@ -88,7 +88,7 @@ def test_update_job(
 
     response = test_app.get(
         f"{app_settings.OPENEO_PREFIX}/jobs/{job_id}",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.json()["process"]["id"] == new_pg_id
@@ -116,7 +116,7 @@ def test_get_job(
 
     response = test_app.get(
         f"{app_settings.OPENEO_PREFIX}/jobs/{job_id}",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 200
@@ -160,7 +160,7 @@ def assert_not(response):
         assert_not(
             test_app.get(
                 get,
-                headers={"Authorization": "Bearer /oidc/egi/not-real"},
+                headers={"Authorization": "Bearer oidc/egi/not-real"},
             )
         )
 
@@ -173,7 +173,7 @@ def assert_not(response):
         assert_not(
             test_app.post(
                 post,
-                headers={"Authorization": "Bearer /oidc/egi/not-real"},
+                headers={"Authorization": "Bearer oidc/egi/not-real"},
             )
         )
 
@@ -186,6 +186,6 @@ def assert_not(response):
         assert_not(
             test_app.delete(
                 delete,
-                headers={"Authorization": "Bearer /oidc/egi/not-real"},
+                headers={"Authorization": "Bearer oidc/egi/not-real"},
             )
         )

tests/api/test_processes.py

@@ -37,7 +37,7 @@ def test_list_user_process_graphs(
 
     response = test_app.get(
         f"{app_settings.OPENEO_PREFIX}/process_graphs",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     _json = response.json()
@@ -68,7 +68,7 @@ def test_get_user_process_graph(
 
     response = test_app.get(
         f"{app_settings.OPENEO_PREFIX}/process_graphs/{process_graph['id']}",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 200
@@ -131,14 +131,14 @@ def test_delete_user_process_graph(
 
     response = test_app.delete(
         f"{app_settings.OPENEO_PREFIX}/process_graphs/{process_graph['id']}",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 204
 
     response = test_app.delete(
         f"{app_settings.OPENEO_PREFIX}/process_graphs/doesntexist",
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
     )
 
     assert response.status_code == 404

tests/client/test_auth.py

@@ -6,14 +6,15 @@
 
 from openeo_fastapi.client import auth
 
-BASIC_TOKEN_EXAMPLE = "Bearer /basic/openeo/rubbish.not.a.token"
-OIDC_TOKEN_EXAMPLE = "Bearer /oidc/issuer/rubbish.not.a.token"
+BASIC_TOKEN_EXAMPLE = "Bearer basic/openeo/rubbish.not.a.token"
+OIDC_TOKEN_EXAMPLE = "Bearer oidc/issuer/rubbish.not.a.token"
 
 INVALID_TOKEN_EXAMPLE_1 = "bearer /basic/openeo/rubbish.not.a.token"
 INVALID_TOKEN_EXAMPLE_2 = "Bearer /basicopeneorubbish.not.a.token"
 INVALID_TOKEN_EXAMPLE_3 = "Bearer //openeo/rubbish.not.a.token"
 INVALID_TOKEN_EXAMPLE_4 = "Bearer /basic//rubbish.not.a.token"
 INVALID_TOKEN_EXAMPLE_5 = "Bearer /basic/openeo/"
+INVALID_TOKEN_EXAMPLE_6 = "Bearer /basic/openeo/rubbish.not.a.token"
 
 
 def test_auth_method():
@@ -32,7 +33,6 @@ def test_auth_method():
 
 def test_auth_token():
     def token_checks(token: auth.AuthToken, method: str, provider: str):
-        assert token.bearer
         assert token.method.value == method
         assert token.provider == provider
 
@@ -58,6 +58,9 @@ def token_checks(token: auth.AuthToken, method: str, provider: str):
     with pytest.raises(ValidationError):
         auth.AuthToken.from_token(INVALID_TOKEN_EXAMPLE_5)
 
+    with pytest.raises(ValidationError):
+        auth.AuthToken.from_token(INVALID_TOKEN_EXAMPLE_6)
+
 
 def test_issuer_handler_init():
     test_issuer = auth.IssuerHandler(

tests/utils.py

@@ -11,7 +11,7 @@ def post_request(app: TestClient, path: str, data: dict):
 
     response = app.post(
         path,
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
         data=payload,
     )
 
@@ -26,7 +26,7 @@ def patch_request(app: TestClient, path: str, data: dict):
 
     response = app.patch(
         path,
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
         data=payload,
     )
 
@@ -41,7 +41,7 @@ def put_request(app: TestClient, path: str, data: dict):
 
     response = app.put(
         path,
-        headers={"Authorization": "Bearer /oidc/egi/not-real"},
+        headers={"Authorization": "Bearer oidc/egi/not-real"},
         data=payload,
     )