4937992855

Committed 10 May 2023 02:17PM UTC coverage: 87.262% (+9.7%) from 77.582%

Build Type

push

gihub-action

Committed by GitHub

Commit Message

chore: add docker build (#8)

Run Details

514 of 514 new or added lines in 13 files covered. (100.0%)

1007 of 1154 relevant lines covered (87.26%)

0.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.57

/src/users/credentials.py

"""Wrapper around JWT signature validation with JWK."""
from dataclasses import dataclass
from typing import Any, Dict, List

import jwt
from jwt import PyJWKClient

import models
from models import errors


@dataclass
class KeycloakAuthenticator:
    """Authenticator for JWT access tokens from Keycloak."""

    jwks: PyJWKClient
    algorithms: List[str]
    admin_role: str = "renku-admin"

    def __post_init__(self):
        if len(self.algorithms) == 0:
            raise errors.ConfigurationError(message="At least one algorithm for token validation has to be specified.")

    def _validate(self, token: str) -> Dict[str, Any]:
        sk = self.jwks.get_signing_key_from_jwt(token)
        return jwt.decode(token, key=sk.key, algorithms=self.algorithms, verify=True)

    async def authenticate(self, access_token: str) -> models.APIUser:
        """Checks the validity of the access token."""
        parsed = self._validate(access_token)
        is_admin = self.admin_role in parsed.get("realm_access", {}).get("roles", [])
        return models.APIUser(is_admin, parsed.get("sub"), access_token=access_token)

1	"""Wrapper around JWT signature validation with JWK."""	1✔
2	from dataclasses import dataclass	1✔
3	from typing import Any, Dict, List	1✔
4
5	import jwt	1✔
6	from jwt import PyJWKClient	1✔
7
8	import models	1✔
9	from models import errors	1✔
10
11
12	@dataclass	1✔
13	class KeycloakAuthenticator:	1✔
14	"""Authenticator for JWT access tokens from Keycloak."""	1✔
15
16	jwks: PyJWKClient	1✔
17	algorithms: List[str]	1✔
18	admin_role: str = "renku-admin"	1✔
19
20	def __post_init__(self):	1✔
21	if len(self.algorithms) == 0:	×
22	raise errors.ConfigurationError(message="At least one algorithm for token validation has to be specified.")	×
23
24	def _validate(self, token: str) -> Dict[str, Any]:	1✔
25	sk = self.jwks.get_signing_key_from_jwt(token)	×
26	return jwt.decode(token, key=sk.key, algorithms=self.algorithms, verify=True)	×
27
28	async def authenticate(self, access_token: str) -> models.APIUser:	1✔
29	"""Checks the validity of the access token."""
30	parsed = self._validate(access_token)	×
31	is_admin = self.admin_role in parsed.get("realm_access", {}).get("roles", [])	×
32	return models.APIUser(is_admin, parsed.get("sub"), access_token=access_token)	×

SwissDataScienceCenter / renku-data-services / 4937992855

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous