1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-11-25 01:38:08 +00:00

Merge pull request #2084 from GNS3/token-as-a-param

Allow JWT token to be passed as a URL param
This commit is contained in:
Jeremy Grossmann 2022-07-11 14:27:37 +02:00 committed by GitHub
commit 56734b171b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 2 deletions

View File

@ -26,13 +26,26 @@ from gns3server.db.repositories.rbac import RbacRepository
from gns3server.services import auth_service from gns3server.services import auth_service
from .database import get_repository from .database import get_repository
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/v3/users/login") oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/v3/users/login", auto_error=False)
async def get_user_from_token( async def get_user_from_token(
token: str = Depends(oauth2_scheme), user_repo: UsersRepository = Depends(get_repository(UsersRepository)) bearer_token: str = Depends(oauth2_scheme),
user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
token: Optional[str] = None,
) -> schemas.User: ) -> schemas.User:
if bearer_token:
# bearer token is used first, then any token passed as a URL parameter
token = bearer_token
if token is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not authenticated",
headers={"WWW-Authenticate": "Bearer"},
)
username = auth_service.get_username_from_token(token) username = auth_service.get_username_from_token(token)
user = await user_repo.get_user_by_username(username) user = await user_repo.get_user_by_username(username)
if user is None: if user is None:

View File

@ -291,6 +291,26 @@ class TestUserLogin:
assert response.status_code == status_code assert response.status_code == status_code
assert "access_token" not in response.json() assert "access_token" not in response.json()
async def test_user_can_use_token_as_url_param(
self,
app: FastAPI,
unauthorized_client: AsyncClient,
test_user: User,
config: Config
) -> None:
credentials = {
"username": test_user.username,
"password": "user1_password",
}
response = await unauthorized_client.post(app.url_path_for("authenticate"), json=credentials)
assert response.status_code == status.HTTP_200_OK
token = response.json().get("access_token")
response = await unauthorized_client.get(app.url_path_for("get_projects"), params={"token": token})
assert response.status_code == status.HTTP_200_OK
class TestUserMe: class TestUserMe: