diff --git a/openeo_fastapi/client/auth.py b/openeo_fastapi/client/auth.py index e3ea6c5..ef8f179 100644 --- a/openeo_fastapi/client/auth.py +++ b/openeo_fastapi/client/auth.py @@ -72,8 +72,6 @@ def validate(authorization: str = Header()): policies = None if settings.OIDC_POLICIES: policies = settings.OIDC_POLICIES - - assert policies issuer = IssuerHandler(issuer_uri=settings.OIDC_URL, policies=policies) user_info = issuer.validate_token(authorization) @@ -102,17 +100,10 @@ class AuthMethod(Enum): class AuthToken(BaseModel): """The AuthToken breaks down the OpenEO token into its consituent parts to be used for validation.""" - bearer: bool method: AuthMethod provider: str token: str - @validator("bearer", pre=True) - def passwords_match(cls, v, values, **kwargs): - if v != "Bearer ": - return ValueError("Token not formatted correctly") - return True - @validator("provider", pre=True) def check_provider(cls, v, values, **kwargs): if v == "": @@ -128,9 +119,11 @@ def check_token(cls, v, values, **kwargs): @classmethod def from_token(cls, token: str): """Takes the openeo format token, splits it into the component parts, and returns an Auth token.""" - return cls( - **dict(zip(["bearer", "method", "provider", "token"], token.split("/"))) - ) + + if "Bearer " in token: + token = token.removeprefix("Bearer ") + + return cls(**dict(zip(["method", "provider", "token"], token.split("/")))) class IssuerHandler(BaseModel): @@ -268,8 +261,6 @@ def _authenticate_oidc_user(self, token: str): userinfo = resp.json() - assert self.policies - # If policies have been set for this provider, only allow users who match. if self.policies: for policy in self.policies: diff --git a/openeo_fastapi/client/settings.py b/openeo_fastapi/client/settings.py index d1454da..77f91dd 100644 --- a/openeo_fastapi/client/settings.py +++ b/openeo_fastapi/client/settings.py @@ -89,6 +89,5 @@ def parse_env_var(cls, field_name: str, raw_val: str) -> Any: elif field_name == "OIDC_ROLES": return [str(x) for x in raw_val.split(",")] elif field_name == "OIDC_POLICIES": - print("LIST CLEANING", [str(x) for x in raw_val.split("&&")]) return [str(x) for x in raw_val.split("&&")] return cls.json_loads(raw_val) diff --git a/pyproject.toml b/pyproject.toml index d9525c0..aeb5520 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "openeo-fastapi" -version = "2024.9.1" +version = "2024.9.2" description = "FastApi implementation conforming to the OpenEO Api specification." authors = ["Sean Hoyal "] readme = "README.md" diff --git a/tests/api/test_api.py b/tests/api/test_api.py index 4d36794..b75e680 100644 --- a/tests/api/test_api.py +++ b/tests/api/test_api.py @@ -90,7 +90,7 @@ def test_get_userinfo( response = test_app.get( f"{app_settings.OPENEO_PREFIX}/me", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 200 @@ -222,7 +222,7 @@ def list_files( test_client = test_client = TestClient(api.app) response = test_client.get( f"{app_settings.OPENEO_PREFIX}/files", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 200 @@ -324,7 +324,7 @@ def get_file_headers( test_client = test_client = TestClient(api.app) response = test_client.head( f"{app_settings.OPENEO_PREFIX}/files/somefile.txt", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 200 diff --git a/tests/api/test_files.py b/tests/api/test_files.py index 903c739..aba8527 100644 --- a/tests/api/test_files.py +++ b/tests/api/test_files.py @@ -35,7 +35,7 @@ def assert_not(response): assert_not( test_app.get( get, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) ) @@ -45,7 +45,7 @@ def assert_not(response): assert_not( test_app.put( post, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) ) @@ -55,6 +55,6 @@ def assert_not(response): assert_not( test_app.delete( delete, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) ) diff --git a/tests/api/test_jobs.py b/tests/api/test_jobs.py index f340adf..e3bd73e 100644 --- a/tests/api/test_jobs.py +++ b/tests/api/test_jobs.py @@ -27,7 +27,7 @@ def test_list_jobs( response = test_app.get( f"{app_settings.OPENEO_PREFIX}/jobs", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 200 @@ -88,7 +88,7 @@ def test_update_job( response = test_app.get( f"{app_settings.OPENEO_PREFIX}/jobs/{job_id}", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.json()["process"]["id"] == new_pg_id @@ -116,7 +116,7 @@ def test_get_job( response = test_app.get( f"{app_settings.OPENEO_PREFIX}/jobs/{job_id}", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 200 @@ -160,7 +160,7 @@ def assert_not(response): assert_not( test_app.get( get, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) ) @@ -173,7 +173,7 @@ def assert_not(response): assert_not( test_app.post( post, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) ) @@ -186,6 +186,6 @@ def assert_not(response): assert_not( test_app.delete( delete, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) ) diff --git a/tests/api/test_processes.py b/tests/api/test_processes.py index 4f48403..4326861 100644 --- a/tests/api/test_processes.py +++ b/tests/api/test_processes.py @@ -37,7 +37,7 @@ def test_list_user_process_graphs( response = test_app.get( f"{app_settings.OPENEO_PREFIX}/process_graphs", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) _json = response.json() @@ -68,7 +68,7 @@ def test_get_user_process_graph( response = test_app.get( f"{app_settings.OPENEO_PREFIX}/process_graphs/{process_graph['id']}", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 200 @@ -131,14 +131,14 @@ def test_delete_user_process_graph( response = test_app.delete( f"{app_settings.OPENEO_PREFIX}/process_graphs/{process_graph['id']}", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 204 response = test_app.delete( f"{app_settings.OPENEO_PREFIX}/process_graphs/doesntexist", - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, ) assert response.status_code == 404 diff --git a/tests/client/test_auth.py b/tests/client/test_auth.py index 09e775c..3efd5b1 100644 --- a/tests/client/test_auth.py +++ b/tests/client/test_auth.py @@ -6,14 +6,15 @@ from openeo_fastapi.client import auth -BASIC_TOKEN_EXAMPLE = "Bearer /basic/openeo/rubbish.not.a.token" -OIDC_TOKEN_EXAMPLE = "Bearer /oidc/issuer/rubbish.not.a.token" +BASIC_TOKEN_EXAMPLE = "Bearer basic/openeo/rubbish.not.a.token" +OIDC_TOKEN_EXAMPLE = "Bearer oidc/issuer/rubbish.not.a.token" INVALID_TOKEN_EXAMPLE_1 = "bearer /basic/openeo/rubbish.not.a.token" INVALID_TOKEN_EXAMPLE_2 = "Bearer /basicopeneorubbish.not.a.token" INVALID_TOKEN_EXAMPLE_3 = "Bearer //openeo/rubbish.not.a.token" INVALID_TOKEN_EXAMPLE_4 = "Bearer /basic//rubbish.not.a.token" INVALID_TOKEN_EXAMPLE_5 = "Bearer /basic/openeo/" +INVALID_TOKEN_EXAMPLE_6 = "Bearer /basic/openeo/rubbish.not.a.token" def test_auth_method(): @@ -32,7 +33,6 @@ def test_auth_method(): def test_auth_token(): def token_checks(token: auth.AuthToken, method: str, provider: str): - assert token.bearer assert token.method.value == method assert token.provider == provider @@ -58,6 +58,9 @@ def token_checks(token: auth.AuthToken, method: str, provider: str): with pytest.raises(ValidationError): auth.AuthToken.from_token(INVALID_TOKEN_EXAMPLE_5) + with pytest.raises(ValidationError): + auth.AuthToken.from_token(INVALID_TOKEN_EXAMPLE_6) + def test_issuer_handler_init(): test_issuer = auth.IssuerHandler( diff --git a/tests/utils.py b/tests/utils.py index 924f276..d639093 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -11,7 +11,7 @@ def post_request(app: TestClient, path: str, data: dict): response = app.post( path, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, data=payload, ) @@ -26,7 +26,7 @@ def patch_request(app: TestClient, path: str, data: dict): response = app.patch( path, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, data=payload, ) @@ -41,7 +41,7 @@ def put_request(app: TestClient, path: str, data: dict): response = app.put( path, - headers={"Authorization": "Bearer /oidc/egi/not-real"}, + headers={"Authorization": "Bearer oidc/egi/not-real"}, data=payload, )