Skip to content
Snippets Groups Projects
Commit 5b1664d0 authored by Daniel Göbel's avatar Daniel Göbel
Browse files

Merge branch 'feature/5-change-query-parameter-for-return-path-in-login-route' into 'main'

Resolve "Change query parameter for return path in login route"

Closes #5

See merge request !5
parents 70152f69 87ee49e8
No related branches found
No related tags found
1 merge request!5Resolve "Change query parameter for return path in login route"
Pipeline #53123 passed
......@@ -32,7 +32,7 @@ repos:
files: clowm
args: [ --config=pyproject.toml ]
additional_dependencies:
- types-aiobotocore-lite[s3]
- types-aiobotocore-lite[s3]>=2.12.0,<2.13.0
- sqlalchemy>=2.0.0,<2.1.0
- pydantic>=2.6.0,<2.8.0
- types-requests
......
......@@ -22,7 +22,7 @@ from ..dependencies import DBSession, OIDCClientDep, RGWService
router = APIRouter(prefix="/auth", tags=["Auth"])
tracer = trace.get_tracer_provider().get_tracer(__name__)
RETURN_PATH_KEY = "return_path"
NEXT_PATH_KEY = "NEXT"
def build_url(base_url: str, *path: str) -> AnyHttpUrl:
......@@ -44,11 +44,12 @@ async def login(
provider: Annotated[
OIDCClient.OIDCProvider, Query(description="The OIDC provider to use for login")
] = OIDCClient.OIDCProvider.lifescience,
return_path: Annotated[
next_: Annotated[
str | SkipJsonSchema[None],
Query(
alias="next",
max_length=128,
description="Will be appended to redirect response in the callback route as URL query parameter `return_path`",
description="Will be appended to redirect response in the callback route as URL query parameter `next_path`",
),
] = None,
) -> RedirectResponse:
......@@ -63,9 +64,9 @@ async def login(
The wrapper around the oidc client. Dependency Injection.
request : fastapi.requests.Request
Raw request object.
return_path : str | None
next_ : str | None
Query parameter that gets stored in the session cookie.
Will be appended to RedirectResponse in the callback route as URL query parameter 'return_path'
Will be appended to RedirectResponse in the callback route as URL query parameter 'next_path'
Returns
-------
......@@ -74,8 +75,8 @@ async def login(
"""
# Clear session to prevent an overflow
request.session.clear()
if return_path:
request.session[RETURN_PATH_KEY] = return_path
if next_:
request.session[NEXT_PATH_KEY] = next_
redirect_uri = build_url(str(settings.ui_uri), settings.api_prefix, router.prefix[1:], "callback", provider.name)
return await oidc_client.authorize_redirect(request, redirect_uri=redirect_uri, provider=provider)
......@@ -142,10 +143,10 @@ async def login_callback(
"""
redirect_path = "/"
current_span = trace.get_current_span()
return_path: str | None = request.session.get(RETURN_PATH_KEY, None) # get return path from session cookie
if return_path is not None:
current_span.set_attribute("return_path", return_path)
redirect_path += f"?return_path={urllib.parse.quote_plus(return_path)}"
next_path: str | None = request.session.get(NEXT_PATH_KEY, None) # get return path from session cookie
if next_path is not None:
current_span.set_attribute("next", next_path)
redirect_path += f"?next={urllib.parse.quote_plus(next_path)}"
try:
user_info = await oidc_client.verify_fetch_userinfo(request=request, provider=provider)
lifescience_id = user_info.sub if isinstance(user_info.sub, str) else user_info.sub[0]
......
......@@ -35,7 +35,7 @@ class TestLoginRoute:
"""
r = await client.get(
self.auth_path + "/login",
params={"return_path": "/dashboard", "provider": "lifescience"},
params={"next": "/dashboard", "provider": "lifescience"},
follow_redirects=False,
)
assert r.status_code == status.HTTP_302_FOUND
......@@ -78,7 +78,7 @@ class TestLoginRoute:
assert right_header
claim = decode_token(right_header.split("=")[1])
assert claim["sub"] == str(random_user.user.uid)
assert response.headers["location"].startswith(f"/?return_path={urllib.parse.quote_plus('/dashboard')}")
assert response.headers["location"].startswith(f"/?next={urllib.parse.quote_plus('/dashboard')}")
@pytest.mark.asyncio
async def test_successful_login_with_existing_user_and_different_email(
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment