Skip to content

Commit

Permalink
fix: avoid checking for vo membership in get_user_info
Browse files Browse the repository at this point in the history
  • Loading branch information
IgnacioHeredia committed Sep 23, 2024
1 parent 5954569 commit 9c0243f
Showing 1 changed file with 7 additions and 31 deletions.
38 changes: 7 additions & 31 deletions ai4papi/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,41 +51,17 @@ def get_user_info(token):
detail="Invalid token",
)

# Check scopes
# Scope can appear if non existent if user doesn't belong to any VO,
# even if scope was requested in token.
# VO do not need to be one of the project's (this is next check), but we can still
# add the project VOs in the project detail.
if user_infos.get('eduperson_entitlement') is None:
raise HTTPException(
status_code=401,
detail="Check that (1) you enabled the `eduperson_entitlement` scope for" \
"your token, and (2) you belong to at least one Virtual " \
f"Organization supported by the project: {MAIN_CONF['auth']['VO']}",
)

# Parse Virtual Organizations manually from URNs
# If more complexity is need in the future, check https://github.com/oarepo/urnparse
# Retrieve VOs the user belongs to
# VOs can be empty if the user does not belong to any VO, or the
# 'eduperson_entitlement wasn't correctly retrieved from the token
vos = []
for i in user_infos.get('eduperson_entitlement'):
for i in user_infos.get('eduperson_entitlement', []):
# Parse Virtual Organizations manually from URNs
# If more complexity is need in the future, check https://github.com/oarepo/urnparse
ent_i = re.search(r"group:(.+?):", i)
if ent_i: # your entitlement has indeed a group `tag`
vos.append(ent_i.group(1))

# Filter VOs to keep only the ones relevant to us
vos = set(vos).intersection(
set(MAIN_CONF['auth']['VO'])
)
vos = sorted(vos)

# Check if VOs is empty after filtering
if not vos:
raise HTTPException(
status_code=401,
detail="You should belong to at least one of the Virtual Organizations " \
f"supported by the project: {MAIN_CONF['auth']['VO']}.",
)

# Generate user info dict
for k in ['sub', 'iss', 'name', 'email']:
if user_infos.get(k) is None:
Expand Down Expand Up @@ -114,5 +90,5 @@ def check_vo_membership(
if requested_vo not in user_vos:
raise HTTPException(
status_code=401,
detail=f"The provided Virtual Organization does not match with any of your available VOs: {user_vos}."
detail=f"The requested Virtual Organization ({requested_vo}) does not match with any of your available VOs: {user_vos}."
)

0 comments on commit 9c0243f

Please sign in to comment.