diff --git a/newsroom/auth_server/client.py b/newsroom/auth_server/client.py index 2b41bbd5c..5830f106c 100644 --- a/newsroom/auth_server/client.py +++ b/newsroom/auth_server/client.py @@ -1,5 +1,5 @@ from . import oauth2 +from superdesk.core.module import Module -def init_app(app): - oauth2.config_oauth(app) +module = Module(name="newsroom.auth_server.client", endpoints=[oauth2.blueprint], init=oauth2.config_oauth) diff --git a/newsroom/auth_server/models.py b/newsroom/auth_server/models.py index 952a36bb2..0098642ac 100644 --- a/newsroom/auth_server/models.py +++ b/newsroom/auth_server/models.py @@ -11,7 +11,8 @@ from bson import ObjectId from bson.errors import InvalidId from authlib.oauth2.rfc6749 import ClientMixin -import superdesk +from newsroom.oauth_clients.clients_async import ClientService +from newsroom.async_utils import run_async_to_sync logger = logging.getLogger(__name__) # client_id to OAuth2Client instance map @@ -40,16 +41,15 @@ def get_allowed_scope(self, scope): def query_client(client_id): - clients_service = superdesk.get_resource_service("oauth_clients") try: - client_data = clients_service.find_one(req=None, _id=ObjectId(client_id)) + client_data = run_async_to_sync(ClientService().find_by_id(ObjectId(client_id))) except InvalidId as e: logger.error("Invalid 'client_id' was provided. Exception: {}".format(e)) return None if client_data is None: return None - return OAuth2Client(client_data) + return OAuth2Client(client_data.to_dict()) def save_token(token, request): diff --git a/newsroom/auth_server/oauth2.py b/newsroom/auth_server/oauth2.py index e4b22ca73..c3a9a367f 100644 --- a/newsroom/auth_server/oauth2.py +++ b/newsroom/auth_server/oauth2.py @@ -13,26 +13,27 @@ from authlib.jose import jwt from bson import ObjectId -from superdesk.flask import request, Blueprint from .models import query_client, save_token -from newsroom.utils import get_cached_resource_by_id -import superdesk from superdesk.utc import utcnow +from superdesk.core.web import EndpointGroup +from superdesk.core.types import Request +from newsroom.oauth_clients.clients_async import ClientService + logger = logging.getLogger(__name__) authorization = AuthorizationServer(query_client=query_client, save_token=save_token) -blueprint = Blueprint("auth_server", __name__) +blueprint = EndpointGroup("auth_server", __name__) TOKEN_ENDPOINT = "/api/auth_server/token" shared_secret = None expiration_delay = 0 -@blueprint.route(TOKEN_ENDPOINT, methods=["POST"]) -async def issue_token(): +@blueprint.endpoint(TOKEN_ENDPOINT, methods=["POST"]) +async def issue_token(request: Request): current_time = utcnow() try: token_response = authorization.create_token_response() @@ -44,10 +45,8 @@ async def issue_token(): raise else: if client_id: - client = get_cached_resource_by_id("oauth_clients", client_id) - superdesk.get_resource_service("oauth_clients").system_update( - ObjectId(client_id), {"last_active": current_time}, client - ) + client = ClientService().find_by_id(client_id) + ClientService().system_update(ObjectId(client_id), {"last_active": current_time}, client) return token_response @@ -64,10 +63,9 @@ def generate_jwt_token(client, grant_type, user, scope): def config_oauth(app): global expiration_delay - expiration_delay = app.config["AUTH_SERVER_EXPIRATION_DELAY"] - + expiration_delay = app.wsgi.config["AUTH_SERVER_EXPIRATION_DELAY"] global shared_secret - shared_secret = app.config["AUTH_SERVER_SHARED_SECRET"] + shared_secret = app.wsgi.config["AUTH_SERVER_SHARED_SECRET"] if not shared_secret.strip(): logger.warning( "No shared secret set, please set it using AUTH_SERVER_SHARED_SECRET " @@ -75,9 +73,9 @@ def config_oauth(app): ) return - app.config["OAUTH2_ACCESS_TOKEN_GENERATOR"] = generate_jwt_token - app.config["OAUTH2_TOKEN_EXPIRES_IN"] = {"client_credentials": expiration_delay} - authorization.init_app(app) + app.wsgi.config["OAUTH2_ACCESS_TOKEN_GENERATOR"] = generate_jwt_token + app.wsgi.config["OAUTH2_TOKEN_EXPIRES_IN"] = {"client_credentials": expiration_delay} + authorization.init_app(app.wsgi) authorization.register_grant(ClientCredentialsGrant) diff --git a/newsroom/web/default_settings.py b/newsroom/web/default_settings.py index 02a8dda86..be03ec0d4 100644 --- a/newsroom/web/default_settings.py +++ b/newsroom/web/default_settings.py @@ -122,7 +122,6 @@ "newsroom.agenda", "newsroom.news_api.api_tokens", "newsroom.monitoring", - "newsroom.auth_server.oauth2", ] CORE_APPS = [ @@ -176,6 +175,7 @@ "newsroom.history_async", "newsroom.company_admin", "newsroom.public", + "newsroom.auth_server.client", ] SITE_NAME = "Newshub"