5388199646

Committed 27 Jun 2023 09:35AM UTC coverage: 88.917% (+0.4%) from 88.567%

Build # 5388199646

Build Type

push

gihub-action

Committed by

web-flow

Commit Message

chore: changes for Postgres and Helm (#9)

Co-authored-by: Johann-Michael Thiebaut <johann.thiebaut@gmail.com>
Co-authored-by: Alessandro Degano <40891147+aledegano@users.noreply.github.com>
Co-authored-by: Ralf Grubenmann <ralf.grubenmann@protonmail.com>

Run Details

654 of 654 new or added lines in 15 files covered. (100.0%)

1428 of 1606 relevant lines covered (88.92%)

0.89 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.57

/src/users/credentials.py

"""Wrapper around JWT signature validation with JWK."""
from dataclasses import dataclass
from typing import Any, Dict, List

import jwt
from jwt import PyJWKClient

import models
from models import errors


@dataclass
class KeycloakAuthenticator:
    """Authenticator for JWT access tokens from Keycloak."""

    jwks: PyJWKClient
    algorithms: List[str]
    admin_role: str = "renku-admin"

    def __post_init__(self):
        if len(self.algorithms) == 0:
            raise errors.ConfigurationError(message="At least one algorithm for token validation has to be specified.")

    def _validate(self, token: str) -> Dict[str, Any]:
        sk = self.jwks.get_signing_key_from_jwt(token)
        return jwt.decode(
            token,
            key=sk.key,
            algorithms=self.algorithms,
            audience=["renku", "renku-ui", "renku-cli", "swagger"],
            verify=True,
        )

    async def authenticate(self, access_token: str) -> models.APIUser:
        """Checks the validity of the access token."""
        parsed = self._validate(access_token)
        is_admin = self.admin_role in parsed.get("realm_access", {}).get("roles", [])
        return models.APIUser(is_admin, parsed.get("sub"), access_token=access_token)

1	"""Wrapper around JWT signature validation with JWK."""	1✔
2	from dataclasses import dataclass	1✔
3	from typing import Any, Dict, List	1✔
4
5	import jwt	1✔
6	from jwt import PyJWKClient	1✔
7
8	import models	1✔
9	from models import errors	1✔
10
11
12	@dataclass	1✔
13	class KeycloakAuthenticator:	1✔
14	"""Authenticator for JWT access tokens from Keycloak."""	1✔
15
16	jwks: PyJWKClient	1✔
17	algorithms: List[str]	1✔
18	admin_role: str = "renku-admin"	1✔
19
20	def __post_init__(self):	1✔
21	if len(self.algorithms) == 0:	×
22	raise errors.ConfigurationError(message="At least one algorithm for token validation has to be specified.")	×
23
24	def _validate(self, token: str) -> Dict[str, Any]:	1✔
25	sk = self.jwks.get_signing_key_from_jwt(token)	×
26	return jwt.decode(	×
27	token,
28	key=sk.key,
29	algorithms=self.algorithms,
30	audience=["renku", "renku-ui", "renku-cli", "swagger"],
31	verify=True,
32	)
33
34	async def authenticate(self, access_token: str) -> models.APIUser:	1✔
35	"""Checks the validity of the access token."""
36	parsed = self._validate(access_token)	×
37	is_admin = self.admin_role in parsed.get("realm_access", {}).get("roles", [])	×
38	return models.APIUser(is_admin, parsed.get("sub"), access_token=access_token)	×

SwissDataScienceCenter / renku-data-services / 5388199646

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous