Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated load_current_user in api to check user group in list #111

Merged
merged 1 commit into from
Feb 27, 2024
Merged

updated load_current_user in api to check user group in list #111

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions app/api/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
API_VERSION = "0.1.0"
MEDICAL = "medical"
SANCTUARY = "sanctuary"
USER_GROUPS = [MEDICAL, SANCTUARY]
20 changes: 12 additions & 8 deletions app/api/main/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,16 @@
from jose import JWTError, jwt
from sqlalchemy.orm import Session

from api.constants import MEDICAL, SANCTUARY
from api.constants import MEDICAL, SANCTUARY, USER_GROUPS
from api.main.database import db_functions
from api.models.user import get_user_by_email


security = HTTPBearer()

# The medical load user function

def load_current_user(
request: Request,
credentials: HTTPAuthorizationCredentials = Security(security)
request: Request, credentials: HTTPAuthorizationCredentials = Security(security)
) -> T.Any:
"""
Try and decrypt a JSON token and return the corresponding
Expand All @@ -31,22 +30,25 @@ def load_current_user(
try:
payload = jwt.decode(token, os.getenv("SECRET_KEY"), algorithms=["HS256"])
email: str = payload.get("sub")
user_group: str = payload.get("user_group") # Extract user group from the token
if email is None or user_group != MEDICAL:
user_group: str = payload.get("user_group")
if email is None or user_group not in USER_GROUPS:
raise get_credentials_exception()
critch646 marked this conversation as resolved.
Show resolved Hide resolved
except JWTError:
raise get_credentials_exception()

if user_group in db_functions:
db_generator = db_functions[user_group]()
db = next(db_generator)
else:
raise HTTPException(status_code=400, detail="Invalid user group.")

user = get_user_by_email(db, email)
if user is None:
raise get_credentials_exception()

return user


# get the user group. required for refreshing the token
def get_user_group(
request: Request, credentials: HTTPAuthorizationCredentials = Security(security)
Expand All @@ -59,7 +61,7 @@ def get_user_group(
user_group: str = payload.get("user_group") # Extract user group from the token
except JWTError:
raise get_credentials_exception()

return user_group


Expand Down Expand Up @@ -100,7 +102,9 @@ def verify_password(password_hash: str, password: str) -> bool:
return argon2.verify(password, password_hash)


def generate_auth_token(data: dict, user_group: str, expires_minutes: int = 60 * 24) -> str:
def generate_auth_token(
data: dict, user_group: str, expires_minutes: int = 60 * 24
) -> str:
to_encode = data.copy()
expire = datetime.utcnow() + timedelta(minutes=expires_minutes)
to_encode.update(
Expand Down
Loading