Milliways/lenticular_cloud2
4
0
Fork 0
Code Issues 1 Pull requests Packages Projects Releases Wiki Activity

parse uuid before usage

Browse source
This commit is contained in:
tuxcoder 2023-12-17 17:10:41 +01:00
parent 4b1de43d43
commit 3775c8eace
2 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lenticular_cloud/views/auth.py
View file

@ -21,7 +21,7 @@ from ory_hydra_client.api.o_auth_2 import get_o_auth_2_consent_request, accept_o
from ory_hydra_client import models as ory_hydra_m from ory_hydra_client import models as ory_hydra_m
from ory_hydra_client.models import TheRequestPayloadUsedToAcceptALoginOrConsentRequest, TheRequestPayloadUsedToAcceptAConsentRequest, GenericError from ory_hydra_client.models import TheRequestPayloadUsedToAcceptALoginOrConsentRequest, TheRequestPayloadUsedToAcceptAConsentRequest, GenericError
from typing import Optional from typing import Optional
from uuid import uuid4 from uuid import uuid4, UUID
from ..model import db, User, SecurityUser from ..model import db, User, SecurityUser
from ..form.auth import ConsentForm, LoginForm, RegistrationForm from ..form.auth import ConsentForm, LoginForm, RegistrationForm
@ -54,7 +54,9 @@ async def consent() -> ResponseReturnValue:
requested_audiences = consent_request.requested_access_token_audience requested_audiences = consent_request.requested_access_token_audience
if form.validate_on_submit() or consent_request.skip: if form.validate_on_submit() or consent_request.skip:
user = User.query.get(consent_request.subject) # type: Optional[User]
uid = UUID(consent_request.subject)
user = User.query.get(uid)
if user is None: if user is None:
return 'internal error', 500 return 'internal error', 500
access_token = { access_token = {

3
lenticular_cloud/views/oauth2.py
View file

@ -7,6 +7,7 @@ from flask_login import LoginManager
from typing import Optional from typing import Optional
from werkzeug.wrappers.response import Response as WerkzeugResponse from werkzeug.wrappers.response import Response as WerkzeugResponse
import logging import logging
from uuid import UUID
from ..model import User, SecurityUser from ..model import User, SecurityUser
from ..hydra import hydra_service from ..hydra import hydra_service
@ -46,7 +47,7 @@ def authorized() -> ResponseReturnValue:
return 'bad request', 400 return 'bad request', 400
session['token'] = token session['token'] = token
userinfo = oauth2.custom.get('/userinfo').json() userinfo = oauth2.custom.get('/userinfo').json()
user = User.query.get(str(userinfo["sub"])) # type: Optional[User] user = User.query.get(UUID(userinfo["sub"])) # type: Optional[User]
if user is None: if user is None:
return "user not found", 404 return "user not found", 404
logger.info(f"user `{user.username}` successfully logged in") logger.info(f"user `{user.username}` successfully logged in")