From 0ebf108a946c1acddc35190f3037feaf8274d00d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20Rafael=20Siqueira?= Date: Thu, 18 Sep 2025 00:39:36 -0300 Subject: [PATCH] update focus --- .../apigateway_oauth2/authorization_server.py | 27 ++++++++++------ .../integrations/apigateway_oauth2/client.py | 31 +++++++++++++++---- id.saladeaula.digital/app/oauth2.py | 10 +++--- .../client/app/routes/index.tsx | 2 +- 4 files changed, 48 insertions(+), 22 deletions(-) diff --git a/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py b/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py index ac81d76..af81e45 100644 --- a/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py +++ b/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py @@ -28,6 +28,12 @@ GRANT_TYPES_EXPIRES_IN = { logger = Logger(__name__) +def expires_in(client, grant_type: str) -> int: + return GRANT_TYPES_EXPIRES_IN.get( + grant_type, BearerTokenGenerator.DEFAULT_EXPIRES_IN + ) + + class AuthorizationServer(oauth2.AuthorizationServer): def __init__( self, @@ -36,15 +42,9 @@ class AuthorizationServer(oauth2.AuthorizationServer): ) -> None: self._persistence_layer = persistence_layer - super().__init__( - scopes_supported=( - set(OAUTH2_SCOPES_SUPPORTED.split()) if OAUTH2_SCOPES_SUPPORTED else [] - ) - ) - - def expires_in(client, grant_type: str) -> int: - return GRANT_TYPES_EXPIRES_IN.get( - grant_type, BearerTokenGenerator.DEFAULT_EXPIRES_IN + if OAUTH2_SCOPES_SUPPORTED: + super().__init__( + scopes_supported=set(OAUTH2_SCOPES_SUPPORTED.split()), ) self.register_token_generator( @@ -61,6 +61,7 @@ class AuthorizationServer(oauth2.AuthorizationServer): token: dict, request: requests.OAuth2Request, ) -> None: + """Define function to save the generated token into database.""" if not request.payload: raise ValueError('Missing request payload') @@ -88,6 +89,7 @@ class AuthorizationServer(oauth2.AuthorizationServer): item={ 'id': user_id, 'sk': f'SESSION#ACCESS_TOKEN#{access_token}', + 'client_id': client_id, 'ttl': access_token_ttl, 'created_at': now_, } @@ -112,6 +114,7 @@ class AuthorizationServer(oauth2.AuthorizationServer): item={ 'id': user_id, 'sk': f'SESSION#REFRESH_TOKEN#{refresh_token}', + 'client_id': client_id, 'ttl': access_token_ttl, 'created_at': now_, } @@ -133,7 +136,11 @@ class AuthorizationServer(oauth2.AuthorizationServer): return None - def query_client(self, client_id: str): + def query_client( + self, + client_id: str, + ): + """Query OAuth client by client_id.""" client = self._persistence_layer.collection.get_item( KeyPair( pk='OAUTH2', diff --git a/id.saladeaula.digital/app/integrations/apigateway_oauth2/client.py b/id.saladeaula.digital/app/integrations/apigateway_oauth2/client.py index dec62f9..1af856e 100644 --- a/id.saladeaula.digital/app/integrations/apigateway_oauth2/client.py +++ b/id.saladeaula.digital/app/integrations/apigateway_oauth2/client.py @@ -30,7 +30,10 @@ class OAuth2Client(ClientMixin): def get_client_id(self): return self.client_id - def get_allowed_scope(self, scope: Collection[str]) -> str: + def get_allowed_scope( + self, + scope: Collection[str], + ) -> str: if not scope: return '' @@ -44,20 +47,36 @@ class OAuth2Client(ClientMixin): raise ValueError('Missing redirect_uris') - def check_response_type(self, response_type: str) -> bool: + def check_response_type( + self, + response_type: str, + ) -> bool: return response_type in self.response_types - def check_redirect_uri(self, redirect_uri: str) -> bool: + def check_redirect_uri( + self, + redirect_uri: str, + ) -> bool: return redirect_uri in self.redirect_uris - def check_endpoint_auth_method(self, method: str, endpoint: str) -> bool: + def check_endpoint_auth_method( + self, + method: str, + endpoint: str, + ) -> bool: if endpoint == 'token': return self.token_endpoint_auth_method == method return True - def check_grant_type(self, grant_type: str) -> bool: + def check_grant_type( + self, + grant_type: str, + ) -> bool: return grant_type in self.grant_types - def check_client_secret(self, client_secret: str) -> bool: + def check_client_secret( + self, + client_secret: str, + ) -> bool: return secrets.compare_digest(self.client_secret, client_secret) diff --git a/id.saladeaula.digital/app/oauth2.py b/id.saladeaula.digital/app/oauth2.py index 8e839c8..65b7c2a 100644 --- a/id.saladeaula.digital/app/oauth2.py +++ b/id.saladeaula.digital/app/oauth2.py @@ -225,24 +225,24 @@ class RevocationEndpoint(rfc7009.RevocationEndpoint): token_string: str, token_type_hint: str | None = None, ): - result = dyn.collection.get_items( + t = dyn.collection.get_items( TransactKey('OAUTH2#TOKEN') + SortKey(sk=f'REFRESH_TOKEN#{token_string}', rename_key='refresh_token') + SortKey(sk=f'ACCESS_TOKEN#{token_string}', rename_key='access_token'), flatten_top=False, ) - if not result: + if not t: return None - logger.debug('Tokens retrieved', result=result) + logger.debug('Tokens retrieved', result=t) if not token_type_hint: token_type_hint = ( - 'refresh_token' if 'refresh_token' in result else 'access_token' + 'refresh_token' if 'refresh_token' in t else 'access_token' ) - token = result[token_type_hint] + token = t[token_type_hint] return OAuth2Token( expires_in=int(token['expires_in']), diff --git a/id.saladeaula.digital/client/app/routes/index.tsx b/id.saladeaula.digital/client/app/routes/index.tsx index af0839e..3fac14d 100644 --- a/id.saladeaula.digital/client/app/routes/index.tsx +++ b/id.saladeaula.digital/client/app/routes/index.tsx @@ -144,7 +144,7 @@ export default function Index({}: Route.ComponentProps) { Email ou CPF - +