Fix use of sub instead of prefered_name

DIRACGrid · Oct 15, 2024 · 2b410da · 2b410da
1 parent 107f387
commit 2b410da
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/diracx-routers/src/diracx/routers/auth/token.py b/diracx-routers/src/diracx/routers/auth/token.py
@@ -384,7 +384,7 @@ async def exchange_token(
             f"User is not a member of the requested group ({preferred_username}, {dirac_group})"
         )
 
-    allowed_user_properties = get_allowed_user_properties(config, user_info, vo)
+    allowed_user_properties = get_allowed_user_properties(config, sub, vo)
     if not set(properties).issubset(allowed_user_properties):
         raise ValueError(
             f"{set(properties) - allowed_user_properties} are not valid properties for user {preferred_username}, "

diff --git a/diracx-routers/src/diracx/routers/utils/users.py b/diracx-routers/src/diracx/routers/utils/users.py
@@ -8,7 +8,6 @@
 from pydantic import BaseModel, Field
 from pydantic_settings import SettingsConfigDict
 
-from diracx.core.config.schema import UserConfig
 from diracx.core.models import UserInfo
 from diracx.core.properties import SecurityProperty
 from diracx.core.settings import FernetKey, ServiceSettingsBase, TokenSigningKey
@@ -120,12 +119,10 @@ async def verify_dirac_access_token(
     )
 
 
-def get_allowed_user_properties(
-    config: Config, user_info: UserConfig, vo: str
-) -> set[SecurityProperty]:
+def get_allowed_user_properties(config: Config, sub, vo: str) -> set[SecurityProperty]:
     """Retrieve all properties of groups a user is registered in."""
     allowed_user_properties = set()
     for group in config.Registry[vo].Groups:
-        if user_info.PreferedUsername in config.Registry[vo].Groups[group].Users:
+        if sub in config.Registry[vo].Groups[group].Users:
             allowed_user_properties.update(config.Registry[vo].Groups[group].Properties)
     return allowed_user_properties