diff --git a/jhub_apps/service/auth.py b/jhub_apps/service/auth.py index a554fc5c..9433ab71 100644 --- a/jhub_apps/service/auth.py +++ b/jhub_apps/service/auth.py @@ -6,12 +6,12 @@ import jwt from fastapi import HTTPException, status -from jhub_apps.service.security import JHUB_APPS_AUTH_COOKIE_NAME - logger = structlog.get_logger(__name__) +JHUB_APPS_AUTH_COOKIE_NAME = "jhub_apps_access_token" + -def create_access_token(data: dict, expires_delta: typing.Optional[timedelta] = None): +def _create_access_token(data: dict, expires_delta: typing.Optional[timedelta] = None): logger.info("Creating access token") to_encode = data.copy() if expires_delta: @@ -24,7 +24,7 @@ def create_access_token(data: dict, expires_delta: typing.Optional[timedelta] = return encoded_jwt -def get_jhub_token_from_jwt_token(token): +def _get_jhub_token_from_jwt_token(token): logger.info("Trying to get JHub Apps token from JWT Token") credentials_exception = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, diff --git a/jhub_apps/service/routes.py b/jhub_apps/service/routes.py index faf3ba89..ab7fa99d 100644 --- a/jhub_apps/service/routes.py +++ b/jhub_apps/service/routes.py @@ -21,7 +21,7 @@ from starlette.responses import RedirectResponse from jhub_apps.hub_client.hub_client import HubClient -from jhub_apps.service.auth import create_access_token +from jhub_apps.service.auth import _create_access_token, JHUB_APPS_AUTH_COOKIE_NAME from jhub_apps.service.client import get_client from jhub_apps.service.models import ( AuthorizationError, @@ -29,7 +29,7 @@ ServerCreation, User, ) -from jhub_apps.service.security import get_current_user, JHUB_APPS_AUTH_COOKIE_NAME +from jhub_apps.service.security import get_current_user from jhub_apps.service.utils import ( get_conda_envs, get_jupyterhub_config, @@ -74,7 +74,7 @@ async def get_token(code: str): } resp = await client.post("/oauth2/token", data=data) access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) - access_token = create_access_token( + access_token = _create_access_token( data={"sub": resp.json()}, expires_delta=access_token_expires ) ### resp.json() is {'access_token': , 'token_type': 'Bearer'} diff --git a/jhub_apps/service/security.py b/jhub_apps/service/security.py index 516c9364..1ca85a12 100644 --- a/jhub_apps/service/security.py +++ b/jhub_apps/service/security.py @@ -6,7 +6,7 @@ from fastapi.security.api_key import APIKeyQuery from jhub_apps.hub_client.hub_client import get_users_and_group_allowed_to_share_with, is_jupyterhub_5 -from .auth import get_jhub_token_from_jwt_token +from .auth import _get_jhub_token_from_jwt_token, JHUB_APPS_AUTH_COOKIE_NAME from .client import get_client from .models import User @@ -16,8 +16,6 @@ ### Hub technically supports cookie auth too, but it is deprecated so ### not being included here. -JHUB_APPS_AUTH_COOKIE_NAME = "jhub_apps_access_token" - auth_by_param = APIKeyQuery(name="token", auto_error=False) auth_by_cookie = APIKeyCookie(name=JHUB_APPS_AUTH_COOKIE_NAME) @@ -53,7 +51,7 @@ async def get_current_user( detail="Must login with token parameter or Authorization bearer header", ) - token = get_jhub_token_from_jwt_token(token) + token = _get_jhub_token_from_jwt_token(token) async with get_client() as client: endpoint = "/user"