Fix issues flagged by mypy

galaxyproject · Nov 4, 2023 · 273266d · 273266d
1 parent 42d8175
commit 273266d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py
@@ -76,6 +76,7 @@ class CustosAuthnzConfiguration:
 class OIDCAuthnzBase(IdentityProvider):
     def __init__(self, provider, oidc_config, oidc_backend_config, idphint=None):
         provider = provider.lower()
+        self.jwks_client: Optional[jwt.PyJWKClient]
         self.config = CustosAuthnzConfiguration(
             provider=provider,
             verify_ssl=oidc_config["VERIFY_SSL"],
@@ -502,6 +503,8 @@ def _username_from_userinfo(trans, userinfo):
             return username
 
     def find_user_by_access_token(self, sa_session, access_token):
+        if not self.jwks_client:
+            return None
         signing_key = self.jwks_client.get_signing_key_from_jwt(access_token)
         decoded_jwt = jwt.decode(
             access_token,

diff --git a/lib/galaxy/webapps/galaxy/api/__init__.py b/lib/galaxy/webapps/galaxy/api/__init__.py
@@ -36,6 +36,7 @@
     APIKeyCookie,
     APIKeyHeader,
     APIKeyQuery,
+    HTTPAuthorizationCredentials,
     HTTPBearer,
 )
 from fastapi_utils.cbv import cbv
@@ -141,7 +142,7 @@ def get_api_user(
     user_manager: UserManager = depends(UserManager),
     key: str = Security(api_key_query),
     x_api_key: str = Security(api_key_header),
-    bearer_token: str = Security(api_bearer_token),
+    bearer_token: HTTPAuthorizationCredentials = Security(api_bearer_token),
     run_as: Optional[DecodedDatabaseIdField] = Header(
         default=None,
         title="Run as User",

diff --git a/test/integration/oidc/test_auth_oidc.py b/test/integration/oidc/test_auth_oidc.py
@@ -78,7 +78,6 @@ def start_keycloak_docker(container_name, port=8443, image="keycloak/keycloak:22
         "--https-certificate-file=/opt/keycloak/data/import/keycloak-server.crt.pem",
         "--https-certificate-key-file=/opt/keycloak/data/import/keycloak-server.key.pem",
     ]
-    print(" ".join(START_SLURM_DOCKER))
     subprocess.check_call(START_SLURM_DOCKER)
     wait_till_keycloak_ready(port)
 
@@ -91,6 +90,8 @@ class AbstractTestCases:
     @integration_util.skip_unless_docker()
     class BaseKeycloakIntegrationTestCase(integration_util.IntegrationTestCase):
         container_name: ClassVar[str]
+        backend_config_file: ClassVar[str]
+        saved_oauthlib_insecure_transport: ClassVar[bool]
 
         @classmethod
         def setUpClass(cls):
@@ -136,15 +137,15 @@ def tearDownClass(cls):
         @classmethod
         def disableOauthlibHttps(cls):
             if "OAUTHLIB_INSECURE_TRANSPORT" in os.environ:
-                cls.saved_oauthlib_insecure_transport = os.environ["OAUTHLIB_INSECURE_TRANSPORT"]
+                cls.saved_oauthlib_insecure_transport = bool(os.environ["OAUTHLIB_INSECURE_TRANSPORT"])
             os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "true"
             os.environ["REQUESTS_CA_BUNDLE"] = os.path.dirname(__file__) + "/keycloak-server.crt.pem"
             os.environ["SSL_CERT_FILE"] = os.path.dirname(__file__) + "/keycloak-server.crt.pem"
 
         @classmethod
         def restoreOauthlibHttps(cls):
             if getattr(cls, "saved_oauthlib_insecure_transport", None):
-                os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = cls.saved_oauthlib_insecure_transport
+                os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = str(cls.saved_oauthlib_insecure_transport)
             else:
                 del os.environ["OAUTHLIB_INSECURE_TRANSPORT"]
 
@@ -175,7 +176,8 @@ def _login_via_keycloak(
         provider_url = response.json()["redirect_uri"]
         response = session.get(provider_url, verify=False)
         matches = self.REGEX_KEYCLOAK_LOGIN_ACTION.search(response.text)
-        auth_url = html.unescape(matches.groups(1)[0])
+        assert matches
+        auth_url = html.unescape(str(matches.groups(1)[0]))
         response = session.post(auth_url, data={"username": username, "password": password}, verify=False)
         assert response.status_code in expected_codes, response
         if save_cookies:
@@ -208,7 +210,7 @@ def test_oidc_login(self):
 
     def test_oidc_logout(self):
         # login
-        session, response = self._login_via_keycloak(KEYCLOAK_TEST_USERNAME, KEYCLOAK_TEST_PASSWORD, save_cookies=True)
+        session, _ = self._login_via_keycloak(KEYCLOAK_TEST_USERNAME, KEYCLOAK_TEST_PASSWORD, save_cookies=True)
         # get the user
         response = session.get(self._api_url("users/current"))
         self._assert_status_code_is(response, 200)