Migrate the OAuth2 Blueprint to an EndpointGroup [NHUB-571]

newsroom/auth_server/client.py

@@ -1,5 +1,5 @@
 from . import oauth2
+from superdesk.core.module import Module
 
 
-def init_app(app):
-    oauth2.config_oauth(app)
+module = Module(name="newsroom.auth_server.client", endpoints=[oauth2.blueprint], init=oauth2.config_oauth)

newsroom/auth_server/models.py

@@ -11,7 +11,8 @@
 from bson import ObjectId
 from bson.errors import InvalidId
 from authlib.oauth2.rfc6749 import ClientMixin
-import superdesk
+from newsroom.oauth_clients.clients_async import ClientService
+from newsroom.async_utils import run_async_to_sync
 
 logger = logging.getLogger(__name__)
 # client_id to OAuth2Client instance map
@@ -40,16 +41,15 @@ def get_allowed_scope(self, scope):
 
 
 def query_client(client_id):
-    clients_service = superdesk.get_resource_service("oauth_clients")
     try:
-        client_data = clients_service.find_one(req=None, _id=ObjectId(client_id))
+        client_data = run_async_to_sync(ClientService().find_by_id(ObjectId(client_id)))
     except InvalidId as e:
         logger.error("Invalid 'client_id' was provided. Exception: {}".format(e))
         return None
 
     if client_data is None:
         return None
-    return OAuth2Client(client_data)
+    return OAuth2Client(client_data.to_dict())
 
 
 def save_token(token, request):

newsroom/auth_server/oauth2.py

@@ -13,26 +13,27 @@
 from authlib.jose import jwt
 from bson import ObjectId
 
-from superdesk.flask import request, Blueprint
 from .models import query_client, save_token
-from newsroom.utils import get_cached_resource_by_id
-import superdesk
 from superdesk.utc import utcnow
 
+from superdesk.core.web import EndpointGroup
+from superdesk.core.types import Request
+from newsroom.oauth_clients.clients_async import ClientService
+
 logger = logging.getLogger(__name__)
 
 authorization = AuthorizationServer(query_client=query_client, save_token=save_token)
 
 
-blueprint = Blueprint("auth_server", __name__)
+blueprint = EndpointGroup("auth_server", __name__)
 
 TOKEN_ENDPOINT = "/api/auth_server/token"
 shared_secret = None
 expiration_delay = 0
 
 
-@blueprint.route(TOKEN_ENDPOINT, methods=["POST"])
-async def issue_token():
+@blueprint.endpoint(TOKEN_ENDPOINT, methods=["POST"])
+async def issue_token(request: Request):
     current_time = utcnow()
     try:
         token_response = authorization.create_token_response()
@@ -44,10 +45,8 @@ async def issue_token():
         raise
     else:
         if client_id:
-            client = get_cached_resource_by_id("oauth_clients", client_id)
-            superdesk.get_resource_service("oauth_clients").system_update(
-                ObjectId(client_id), {"last_active": current_time}, client
-            )
+            client = ClientService().find_by_id(client_id)
+            ClientService().system_update(ObjectId(client_id), {"last_active": current_time}, client)
         return token_response
 
 
@@ -64,20 +63,19 @@ def generate_jwt_token(client, grant_type, user, scope):
 
 def config_oauth(app):
     global expiration_delay
-    expiration_delay = app.config["AUTH_SERVER_EXPIRATION_DELAY"]
-
+    expiration_delay = app.wsgi.config["AUTH_SERVER_EXPIRATION_DELAY"]
     global shared_secret
-    shared_secret = app.config["AUTH_SERVER_SHARED_SECRET"]
+    shared_secret = app.wsgi.config["AUTH_SERVER_SHARED_SECRET"]
     if not shared_secret.strip():
         logger.warning(
             "No shared secret set, please set it using AUTH_SERVER_SHARED_SECRET "
             "environment variable or setting. Authorisation server can't be used"
         )
         return
 
-    app.config["OAUTH2_ACCESS_TOKEN_GENERATOR"] = generate_jwt_token
-    app.config["OAUTH2_TOKEN_EXPIRES_IN"] = {"client_credentials": expiration_delay}
-    authorization.init_app(app)
+    app.wsgi.config["OAUTH2_ACCESS_TOKEN_GENERATOR"] = generate_jwt_token
+    app.wsgi.config["OAUTH2_TOKEN_EXPIRES_IN"] = {"client_credentials": expiration_delay}
+    authorization.init_app(app.wsgi)
     authorization.register_grant(ClientCredentialsGrant)
 
 

newsroom/web/default_settings.py

@@ -122,7 +122,6 @@
     "newsroom.agenda",
     "newsroom.news_api.api_tokens",
     "newsroom.monitoring",
-    "newsroom.auth_server.oauth2",
 ]
 
 CORE_APPS = [
@@ -176,6 +175,7 @@
     "newsroom.history_async",
     "newsroom.company_admin",
     "newsroom.public",
+    "newsroom.auth_server.client",
 ]
 
 SITE_NAME = "Newshub"