Merge pull request #85 from uc-cdis/fix/dep

PPS-928 update authutils
uc-cdis · Jul 19, 2024 · 2f972f5 · 2f972f5
2 parents 4caf40f + 54b2e22
commit 2f972f5
Show file tree

Hide file tree

Showing 8 changed files with 178 additions and 161 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -8,8 +8,7 @@ license = "Apache-2.0"
 [tool.poetry.dependencies]
 python = "^3.9"
 alembic = "^1.4.1"
-Authlib = "^0.14.3"
-authutils = "^5.0.5"
+authutils = "^6.0.0"
 cdiserrors = "^1.0.0"
 cdislogging = "^1.0.0"
 cryptography = ">=42.0.0"

diff --git a/tests/app_test.py b/tests/app_test.py
@@ -100,11 +100,25 @@ def test_authorize_endpoint(client, test_user, db_session, auth_header):
         # decoded id_token for IdP "default":
         {"context": {"user": {"name": test_user.username}}},
         # decoded refresh_token for IdP "default":
-        {"jti": str(uuid.uuid4()), "exp": now + 100, "sub": test_user.userid},
+        {
+            "jti": str(uuid.uuid4()),
+            "exp": now + 100,
+            "sub": test_user.userid,
+            "scope": ["openid", "access", "user", "test_aud"],
+            "aud": "https://localhost/user",
+            "iss": "https://localhost/user",
+        },
         # decoded id_token for IdP "idp_a":
         {"context": {"user": {"name": test_user.username}}},
         # decoded refresh_token for IdP "idp_a":
-        {"jti": str(uuid.uuid4()), "exp": now + 100, "sub": test_user.userid},
+        {
+            "jti": str(uuid.uuid4()),
+            "exp": now + 100,
+            "sub": test_user.userid,
+            "scope": ["openid", "access", "user", "test_aud"],
+            "aud": "https://localhost/user",
+            "iss": "https://localhost/user",
+        },
     ]
     patched_jwt_decode = mock.patch("jose.jwt.decode", mocked_jwt_response)
     patched_jwt_decode.start()

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -112,22 +112,22 @@ def auth_header(test_user, rsa_private_key, default_kid):
         List[Tuple[str, str]]: the authorization header
     """
     now = int(time.time())
-    default_audiences = ["openid", "access", "user", "test_aud"]
+    default_scopes = ["openid", "access", "user", "test_aud"]
     claims = {
         "pur": "access",
-        "aud": default_audiences,
+        "aud": "https://localhost/user",
         "sub": test_user.userid,
         "iss": "https://localhost/user",
         "iat": now,
         "exp": now + 600,
         "jti": str(uuid.uuid4()),
+        "scope": default_scopes,
         "context": {"user": {"name": test_user.username, "projects": []}},
     }
     token_headers = {"kid": default_kid}
     encoded_jwt = jwt.encode(
         claims, headers=token_headers, key=rsa_private_key, algorithm="RS256"
     )
-    encoded_jwt = encoded_jwt.decode("utf-8")
     return [("Authorization", "Bearer {}".format(encoded_jwt))]
 
 

diff --git a/wts/auth_plugins/base.py b/wts/auth_plugins/base.py
@@ -26,6 +26,9 @@ def find_user(self):
         flask.current_app.config["OIDC_ISSUER"] = default_oauth_client.metadata[
             "api_base_url"
         ].rstrip("/")
+        flask.current_app.config["USER_API"] = default_oauth_client.metadata[
+            "api_base_url"
+        ].rstrip("/")
 
         user = current_user
         return User(userid=user.id, username=user.username)
diff --git a/wts/blueprints/external_oidc.py b/wts/blueprints/external_oidc.py
@@ -64,6 +64,7 @@ def get_external_oidc():
     # to know the issuer
     client = get_oauth_client(idp="default")
     flask.current_app.config["OIDC_ISSUER"] = client.metadata["api_base_url"].strip("/")
+    flask.current_app.config["USER_API"] = client.metadata["api_base_url"].rstrip("/")
     username = None
     try:
         user = current_user

diff --git a/wts/blueprints/oauth2.py b/wts/blueprints/oauth2.py
@@ -23,6 +23,7 @@ def connected():
     # to know the issuer
     client = get_oauth_client(idp=requested_idp)
     flask.current_app.config["OIDC_ISSUER"] = client.metadata["api_base_url"].strip("/")
+    flask.current_app.config["USER_API"] = client.metadata["api_base_url"].rstrip("/")
 
     try:
         user = current_user

diff --git a/wts/resources/oauth2.py b/wts/resources/oauth2.py
@@ -88,6 +88,7 @@ def refresh_refresh_token(tokens, idp, username_field):
     # to know the issuer
     client = get_oauth_client(idp="default")
     flask.current_app.config["OIDC_ISSUER"] = client.metadata["api_base_url"].strip("/")
+    flask.current_app.config["USER_API"] = client.metadata["api_base_url"].rstrip("/")
     user = current_user
     username = user.username