From 4e38e8901c1e72e796797259f75ddf31a4465d32 Mon Sep 17 00:00:00 2001 From: Jennifer Tran Date: Mon, 29 Apr 2024 09:38:33 -0700 Subject: [PATCH 1/4] fix: update get_username and add logging --- ingest_api/runtime/src/auth.py | 8 ++++++-- ingest_api/runtime/src/main.py | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ingest_api/runtime/src/auth.py b/ingest_api/runtime/src/auth.py index 57111485..1a0d2b90 100644 --- a/ingest_api/runtime/src/auth.py +++ b/ingest_api/runtime/src/auth.py @@ -26,12 +26,14 @@ def validated_token( required_scopes: security.SecurityScopes, ) -> Dict: # Parse & validate token + logger.info(f"\nToken String {token_str}") try: token = jwt.decode( token_str, jwks_client.get_signing_key_from_jwt(token_str).key, algorithms=["RS256"], ) + logger.info(f"\Decoded token {token}") except jwt.exceptions.InvalidTokenError as e: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, @@ -53,8 +55,10 @@ def validated_token( return token -def get_username(token: Annotated[Dict[Any, Any], Depends(validated_token)]): - return token["username"] +def get_username(token: Annotated[Dict[Any, Any], Depends(validated_token)]) -> str: + logger.info(f"\nToken {token}") + result = token["username"] if "username" in token else token.get("sub", None) + return result def _get_secret_hash(username: str, client_id: str, client_secret: str) -> str: diff --git a/ingest_api/runtime/src/main.py b/ingest_api/runtime/src/main.py index 3f429801..e9ac102b 100644 --- a/ingest_api/runtime/src/main.py +++ b/ingest_api/runtime/src/main.py @@ -69,6 +69,8 @@ async def enqueue_ingestion( """ Queues a STAC item for ingestion. """ + + logger.info(f"\nUsername {username}") return schemas.Ingestion( id=item.id, created_by=username, From 5466404af0ccceafd832593b07829abcff96f7f8 Mon Sep 17 00:00:00 2001 From: Jennifer Tran Date: Mon, 29 Apr 2024 09:40:14 -0700 Subject: [PATCH 2/4] fix: add correct escape sequence to logging --- ingest_api/runtime/src/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ingest_api/runtime/src/auth.py b/ingest_api/runtime/src/auth.py index 1a0d2b90..0e342ba6 100644 --- a/ingest_api/runtime/src/auth.py +++ b/ingest_api/runtime/src/auth.py @@ -33,7 +33,7 @@ def validated_token( jwks_client.get_signing_key_from_jwt(token_str).key, algorithms=["RS256"], ) - logger.info(f"\Decoded token {token}") + logger.info(f"\nDecoded token {token}") except jwt.exceptions.InvalidTokenError as e: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, From dbb62fbc15ce309ef5d12abe8bbee600c66a48ac Mon Sep 17 00:00:00 2001 From: Jennifer Tran Date: Mon, 29 Apr 2024 10:58:05 -0700 Subject: [PATCH 3/4] fix: update to throw is username or sub are not found in token --- ingest_api/runtime/src/auth.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ingest_api/runtime/src/auth.py b/ingest_api/runtime/src/auth.py index 0e342ba6..8b4d4e87 100644 --- a/ingest_api/runtime/src/auth.py +++ b/ingest_api/runtime/src/auth.py @@ -58,6 +58,8 @@ def validated_token( def get_username(token: Annotated[Dict[Any, Any], Depends(validated_token)]) -> str: logger.info(f"\nToken {token}") result = token["username"] if "username" in token else token.get("sub", None) + if result is None: + raise KeyError(f"Neither 'username' nor 'sub' found in the token: {token}.") return result From f640fdf537e8d56cfd4e8321be0e25e97e029df1 Mon Sep 17 00:00:00 2001 From: Jennifer Tran Date: Mon, 29 Apr 2024 11:05:54 -0700 Subject: [PATCH 4/4] fix: revert to use default value in get_username --- ingest_api/runtime/src/auth.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ingest_api/runtime/src/auth.py b/ingest_api/runtime/src/auth.py index 8b4d4e87..0e342ba6 100644 --- a/ingest_api/runtime/src/auth.py +++ b/ingest_api/runtime/src/auth.py @@ -58,8 +58,6 @@ def validated_token( def get_username(token: Annotated[Dict[Any, Any], Depends(validated_token)]) -> str: logger.info(f"\nToken {token}") result = token["username"] if "username" in token else token.get("sub", None) - if result is None: - raise KeyError(f"Neither 'username' nor 'sub' found in the token: {token}.") return result