Merge pull request #108 from DNO-inc/bodya

solved broken token exp field & version 0.7.2

burrito/__init__.py

@@ -1 +1 @@
-__version__ = "0.7.1 indev"
+__version__ = "0.7.2 indev"

burrito/apps/profile/router.py

@@ -3,20 +3,13 @@
 from burrito.schemas.profile_schema import ResponseProfileSchema
 
 from .views import (
-    profile__check_my_profile,
     profile__check_by_id,
     profile__update_my_profile
 )
 
 profile_router = APIRouter()
 
 
-profile_router.add_api_route(
-    "/",
-    profile__check_my_profile,
-    methods=["GET"],
-    response_model=ResponseProfileSchema
-)
 profile_router.add_api_route(
     "/{user_id}",
     profile__check_by_id,

burrito/apps/profile/views.py

@@ -22,17 +22,6 @@
 )
 
 
-async def profile__check_my_profile(
-    __auth_obj: BurritoJWT = Depends(get_auth_core())
-) -> ResponseProfileSchema:
-    """Return some data to check user profile"""
-
-    token_payload: AuthTokenPayload = await __auth_obj.verify_access_token()
-    check_permission(token_payload)
-
-    return await view_profile_by_user_id(token_payload.user_id)
-
-
 async def profile__check_by_id(
     user_id: int,
 ) -> ResponseProfileSchema:

burrito/utils/auth.py

@@ -1,16 +1,18 @@
 from typing import Any
+from datetime import datetime
 import jwt
 import uuid
 
 from fastapi import HTTPException, Request, status
 from pydantic import BaseModel
 
+from burrito.utils.logger import get_logger
 from burrito.utils.config_reader import get_config
 from burrito.utils.redis_utils import get_redis_connector
 
 
 _JWT_SECRET = get_config().BURRITO_JWT_SECRET
-_TOKEN_TTL = get_config().BURRITO_JWT_TTL
+_TOKEN_TTL = int(get_config().BURRITO_JWT_TTL)
 _KEY_TEMPLATE = "{}_{}_{}"
 
 
@@ -23,7 +25,7 @@ class AuthTokenPayload(BaseModel):
     token_type: str = ""
     user_id: int
     role: str
-    exp: int = _TOKEN_TTL
+    exp: int = datetime.now().timestamp() + _TOKEN_TTL
 
 
 def _make_redis_key(data: AuthTokenPayload) -> str:
@@ -95,8 +97,9 @@ async def verify_access_token(self) -> AuthTokenPayload:
         if get_redis_connector().get(token_key):
             return token_payload
 
+        get_logger().error(f"Authorization: something went wrong with token payload {token_payload.dict()}")
         raise AuthTokenError(
-            detail="Something went wrong",
+            detail="Authorization error: something went wrong",
             status_code=status.HTTP_401_UNAUTHORIZED
         )
 
@@ -113,19 +116,27 @@ async def verify_refresh_token(self) -> AuthTokenPayload:
         if get_redis_connector().get(token_key):
             return token_payload
 
+        get_logger().error(f"Authorization: something went wrong with token payload {token_payload.dict()}")
         raise AuthTokenError(
-            detail="Something went wrong",
+            detail="Authorization error: something went wrong",
             status_code=status.HTTP_401_UNAUTHORIZED
         )
 
     async def _read_token_payload(self, token: str) -> AuthTokenPayload | None:
         try:
             return AuthTokenPayload(**jwt.decode(token, _JWT_SECRET))
-        except:
+
+        except jwt.exceptions.ExpiredSignatureError as exc:
             raise AuthTokenError(
-                detail="Authorization token is invalid or expired",
+                detail="Authorization token is expired",
                 status_code=status.HTTP_401_UNAUTHORIZED
-            )
+            ) from exc
+
+        except Exception as exc:
+            raise AuthTokenError(
+                detail="Authorization token payload is invalid",
+                status_code=status.HTTP_401_UNAUTHORIZED
+            ) from exc
 
 
 def get_auth_core() -> BurritoJWT:

preprocessor_config.json

@@ -42,7 +42,8 @@
         {"permission_id": 2, "name": "CREATE_TICKET"},
         {"permission_id": 3, "name": "READ_TICKET"},
         {"permission_id": 4, "name": "SEND_MESSAGE"},
-        {"permission_id": 5, "name": "ADMIN"}
+        {"permission_id": 5, "name": "ADMIN"},
+        {"permission_id": 6, "name": "GOD_MODE"}
     ],
     "roles": [
         {"role_id": 1, "name": "ALL"},
@@ -53,7 +54,8 @@
         {"role_id": 6, "name": "NO_CTM"},
         {"role_id": 7, "name": "NO_PM"},
         {"role_id": 8, "name": "NO_PCTM"},
-        {"role_id": 9, "name": "ADMIN"}
+        {"role_id": 9, "name": "ADMIN"},
+        {"role_id": 10, "name": "CHIEF_ADMIN"}
     ],
     "role_permissions": [
         {"id": 1, "role_id": 1, "permission_id": 1},
@@ -84,6 +86,9 @@
 
         {"id": 20, "role_id": 8, "permission_id": 3},
 
-        {"id": 20, "role_id": 9, "permission_id": 5}
+        {"id": 21, "role_id": 9, "permission_id": 5},
+
+        {"id": 22, "role_id": 10, "permission_id": 5},
+        {"id": 23, "role_id": 10, "permission_id": 6}
     ]
 }

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "Burrito"
-version = "0.7.1.dev2"
+version = "0.7.2.dev2"
 description = "API for the issue tracker"
 authors = ["DimonBor", "m-o-d-e-r"]
 readme = "README.md"

tests/profile_test.py

@@ -46,19 +46,6 @@ def test_view_profile_without_auth_with_id(self):
             response
         )
 
-    def test_view_profile_without_auth_without_id(self):
-        """Recv profile data in JSON format"""
-
-        response = requests.get(
-            f"http://{get_config().BURRITO_HOST}:{get_config().BURRITO_PORT}/profile/",
-            timeout=0.5
-        )
-
-        self.assertEqual(
-            response.status_code,
-            401
-        )
-
     def test_view_profile_with_auth_with_id(self):
         """Recv profile data in JSON format"""
 
@@ -79,26 +66,6 @@ def test_view_profile_with_auth_with_id(self):
             response
         )
 
-    def test_view_profile_with_auth_without_id(self):
-        """Recv profile data in JSON format"""
-
-        response = requests.get(
-            f"http://{get_config().BURRITO_HOST}:{get_config().BURRITO_PORT}/profile/",
-            headers={
-               "Authorization": f"Bearer {AuthTestCase.access_token}"
-            },
-            timeout=0.5
-        )
-
-        check_error(
-            self.assertEqual,
-            {
-                "first": response.status_code,
-                "second": 200
-            },
-            response
-        )
-
     def test_update_profile_without_auth(self):
         """Update profile data"""
 

tests/run_tests.py

@@ -25,10 +25,10 @@
         unittest.TestLoader().loadTestsFromTestCase(ProfileTestCase),
         unittest.TestLoader().loadTestsFromTestCase(TicketsTestCase),
         unittest.TestLoader().loadTestsFromTestCase(AboutTestCase),
-        unittest.TestLoader().loadTestsFromTestCase(AdminTestCase),
+#        unittest.TestLoader().loadTestsFromTestCase(AdminTestCase),
         unittest.TestLoader().loadTestsFromTestCase(AnonTestCase),
         unittest.TestLoader().loadTestsFromTestCase(MetaTestCase),
-#        #unittest.TestLoader().loadTestsFromTestCase(IOFilesTestCase)
+        #unittest.TestLoader().loadTestsFromTestCase(IOFilesTestCase)
         unittest.TestLoader().loadTestsFromTestCase(CommentsTestCase),
         unittest.TestLoader().loadTestsFromTestCase(NotificationsTestCase)
     ]