parse uuid before usage

This commit is contained in:
tuxcoder 2023-12-17 17:10:41 +01:00
parent 4b1de43d43
commit 3775c8eace
2 changed files with 6 additions and 3 deletions

View file

@ -21,7 +21,7 @@ from ory_hydra_client.api.o_auth_2 import get_o_auth_2_consent_request, accept_o
from ory_hydra_client import models as ory_hydra_m
from ory_hydra_client.models import TheRequestPayloadUsedToAcceptALoginOrConsentRequest, TheRequestPayloadUsedToAcceptAConsentRequest, GenericError
from typing import Optional
from uuid import uuid4
from uuid import uuid4, UUID
from ..model import db, User, SecurityUser
from ..form.auth import ConsentForm, LoginForm, RegistrationForm
@ -54,7 +54,9 @@ async def consent() -> ResponseReturnValue:
requested_audiences = consent_request.requested_access_token_audience
if form.validate_on_submit() or consent_request.skip:
user = User.query.get(consent_request.subject) # type: Optional[User]
uid = UUID(consent_request.subject)
user = User.query.get(uid)
if user is None:
return 'internal error', 500
access_token = {

View file

@ -7,6 +7,7 @@ from flask_login import LoginManager
from typing import Optional
from werkzeug.wrappers.response import Response as WerkzeugResponse
import logging
from uuid import UUID
from ..model import User, SecurityUser
from ..hydra import hydra_service
@ -46,7 +47,7 @@ def authorized() -> ResponseReturnValue:
return 'bad request', 400
session['token'] = token
userinfo = oauth2.custom.get('/userinfo').json()
user = User.query.get(str(userinfo["sub"])) # type: Optional[User]
user = User.query.get(UUID(userinfo["sub"])) # type: Optional[User]
if user is None:
return "user not found", 404
logger.info(f"user `{user.username}` successfully logged in")