Skip to content

Commit

Permalink
Fix issues flagged by mypy
Browse files Browse the repository at this point in the history
  • Loading branch information
nuwang committed Nov 4, 2023
1 parent 42d8175 commit 4ed3131
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 6 deletions.
3 changes: 3 additions & 0 deletions lib/galaxy/authnz/custos_authnz.py
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ class CustosAuthnzConfiguration:
class OIDCAuthnzBase(IdentityProvider):
def __init__(self, provider, oidc_config, oidc_backend_config, idphint=None):
provider = provider.lower()
self.jwks_client: Optional[jwt.PyJWKClient]
self.config = CustosAuthnzConfiguration(
provider=provider,
verify_ssl=oidc_config["VERIFY_SSL"],
Expand Down Expand Up @@ -502,6 +503,8 @@ def _username_from_userinfo(trans, userinfo):
return username

def find_user_by_access_token(self, sa_session, access_token):
if not self.jwks_client:
return None
signing_key = self.jwks_client.get_signing_key_from_jwt(access_token)
decoded_jwt = jwt.decode(
access_token,
Expand Down
3 changes: 2 additions & 1 deletion lib/galaxy/webapps/galaxy/api/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
APIKeyCookie,
APIKeyHeader,
APIKeyQuery,
HTTPAuthorizationCredentials,
HTTPBearer,
)
from fastapi_utils.cbv import cbv
Expand Down Expand Up @@ -141,7 +142,7 @@ def get_api_user(
user_manager: UserManager = depends(UserManager),
key: str = Security(api_key_query),
x_api_key: str = Security(api_key_header),
bearer_token: str = Security(api_bearer_token),
bearer_token: HTTPAuthorizationCredentials = Security(api_bearer_token),
run_as: Optional[DecodedDatabaseIdField] = Header(
default=None,
title="Run as User",
Expand Down
12 changes: 7 additions & 5 deletions test/integration/oidc/test_auth_oidc.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,6 @@ def start_keycloak_docker(container_name, port=8443, image="keycloak/keycloak:22
"--https-certificate-file=/opt/keycloak/data/import/keycloak-server.crt.pem",
"--https-certificate-key-file=/opt/keycloak/data/import/keycloak-server.key.pem",
]
print(" ".join(START_SLURM_DOCKER))
subprocess.check_call(START_SLURM_DOCKER)
wait_till_keycloak_ready(port)

Expand All @@ -91,6 +90,8 @@ class AbstractTestCases:
@integration_util.skip_unless_docker()
class BaseKeycloakIntegrationTestCase(integration_util.IntegrationTestCase):
container_name: ClassVar[str]
backend_config_file: ClassVar[str]
saved_oauthlib_insecure_transport: ClassVar[bool]

@classmethod
def setUpClass(cls):
Expand Down Expand Up @@ -136,15 +137,15 @@ def tearDownClass(cls):
@classmethod
def disableOauthlibHttps(cls):
if "OAUTHLIB_INSECURE_TRANSPORT" in os.environ:
cls.saved_oauthlib_insecure_transport = os.environ["OAUTHLIB_INSECURE_TRANSPORT"]
cls.saved_oauthlib_insecure_transport = bool(os.environ["OAUTHLIB_INSECURE_TRANSPORT"])
os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "true"
os.environ["REQUESTS_CA_BUNDLE"] = os.path.dirname(__file__) + "/keycloak-server.crt.pem"
os.environ["SSL_CERT_FILE"] = os.path.dirname(__file__) + "/keycloak-server.crt.pem"

@classmethod
def restoreOauthlibHttps(cls):
if getattr(cls, "saved_oauthlib_insecure_transport", None):
os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = cls.saved_oauthlib_insecure_transport
os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = str(cls.saved_oauthlib_insecure_transport)
else:
del os.environ["OAUTHLIB_INSECURE_TRANSPORT"]

Expand Down Expand Up @@ -175,7 +176,8 @@ def _login_via_keycloak(
provider_url = response.json()["redirect_uri"]
response = session.get(provider_url, verify=False)
matches = self.REGEX_KEYCLOAK_LOGIN_ACTION.search(response.text)
auth_url = html.unescape(matches.groups(1)[0])
assert matches
auth_url = html.unescape(matches.groups(1)[0][0])
response = session.post(auth_url, data={"username": username, "password": password}, verify=False)
assert response.status_code in expected_codes, response
if save_cookies:
Expand Down Expand Up @@ -208,7 +210,7 @@ def test_oidc_login(self):

def test_oidc_logout(self):
# login
session, response = self._login_via_keycloak(KEYCLOAK_TEST_USERNAME, KEYCLOAK_TEST_PASSWORD, save_cookies=True)
session, _ = self._login_via_keycloak(KEYCLOAK_TEST_USERNAME, KEYCLOAK_TEST_PASSWORD, save_cookies=True)
# get the user
response = session.get(self._api_url("users/current"))
self._assert_status_code_is(response, 200)
Expand Down

0 comments on commit 4ed3131

Please sign in to comment.