You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: api/core/security.py
+99-38Lines changed: 99 additions & 38 deletions
Original file line number
Diff line number
Diff line change
@@ -1,3 +1,4 @@
1
+
importsecrets
1
2
importtime
2
3
fromenumimportStrEnum
3
4
fromuuidimportUUID
@@ -20,8 +21,8 @@
20
21
# @test: Test that the methods on the UserInfo class return the correct values for a given set of project groups and workspace roles
21
22
# @test: Test that any failed network requests are handled gracefully
22
23
# @test: Test that the caching mechanism works correctly and evicts entries when roles change
23
-
# @test: Test that a validated token is mirrored into the OSM oauth_access_tokens table (with the user provisioned and expires_in from the JWT exp) when WS_OSM_OAUTH_APPLICATION_ID is set, and is a no-op otherwise
24
-
# @test: Test that re-presenting a token reactivates its OSM row (revoked_at cleared, expiry refreshed) and that a rotated (superseded) token is revoked, both gated on WS_OSM_OAUTH_APPLICATION_ID
24
+
# @test: Test that when WS_OSM_TOKEN_BRIDGE_ENABLED, a validated token is mirrored into oauth_access_tokens with the doorkeeper application + system-owner user + caller user auto-provisioned and expires_in from the JWT exp; and is a no-op when disabled
25
+
# @test: Test that re-presenting a token reactivates its OSM row (revoked_at cleared, expiry refreshed) and that a rotated (superseded) token is revoked, both gated on WS_OSM_TOKEN_BRIDGE_ENABLED
25
26
26
27
# Set up logger for this module
27
28
logger=get_logger(__name__)
@@ -338,6 +339,84 @@ async def validate_token(
338
339
returnuser_info
339
340
340
341
342
+
asyncdef_ensure_osm_user(
343
+
session: AsyncSession,
344
+
*,
345
+
auth_uid: str,
346
+
email: str|None,
347
+
display_name: str,
348
+
) ->int|None:
349
+
"""Idempotently provision an OSM ``users`` row (auth_provider ``TDEI``) and
350
+
return its id. ``email`` is synthesised when absent -- the column is UNIQUE
351
+
and NOT NULL."""
352
+
awaitsession.execute(
353
+
text(
354
+
"INSERT INTO users (auth_uid, email, display_name, auth_provider, "
0 commit comments