Skip to content

Commit

Permalink
Aerie 1.14.0 auth changes
Browse files Browse the repository at this point in the history
  • Loading branch information
cartermak committed Oct 19, 2023
1 parent 23018ed commit f13268c
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 17 deletions.
23 changes: 9 additions & 14 deletions src/aerie_cli/aerie_host.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@ def __init__(self, encoded_jwt: str) -> None:
encoded_jwt_payload = b64decode(jwt_components[1] + "==", validate=False)
try:
payload = json.loads(encoded_jwt_payload)
self.active_role = payload["activeRole"]
self.allowed_roles = payload["https://hasura.io/jwt/claims"][
"x-hasura-allowed-roles"
]
self.default_role = payload["https://hasura.io/jwt/claims"]["x-hasura-default-role"]
self.username = payload["username"]

except KeyError:
Expand Down Expand Up @@ -83,6 +83,7 @@ def __init__(
self.gateway_url = gateway_url
self.configuration_name = configuration_name
self.aerie_jwt = None
self.active_role = None

def post_to_graphql(self, query: str, **kwargs) -> Dict:
"""Issue a post request to the Aerie instance GraphQL API
Expand Down Expand Up @@ -201,17 +202,7 @@ def change_role(self, new_role: str) -> None:
f"Cannot set role {new_role}. Must be one of: {', '.join(self.aerie_jwt.allowed_roles)}"
)

resp = self.session.post(
self.gateway_url + "/auth/changeRole",
json={"role": new_role},
headers=self.get_auth_headers(),
)

try:
resp_json = process_gateway_response(resp)
self.aerie_jwt = AerieJWT(resp_json["token"])
except (RuntimeError, KeyError):
raise RuntimeError(f"Failed to select new role")
self.active_role = new_role

def check_auth(self) -> bool:
"""Checks if session is correctly authenticated with Aerie host
Expand All @@ -237,9 +228,12 @@ def check_auth(self) -> bool:
return False

def get_auth_headers(self):
if self.aerie_jwt is None:
return {}

return {
"Authorization": f"Bearer {self.aerie_jwt.encoded_jwt}",
"x-hasura-role": self.aerie_jwt.active_role,
"x-hasura-role": self.active_role,
}

def is_auth_enabled(self) -> bool:
Expand All @@ -248,7 +242,7 @@ def is_auth_enabled(self) -> bool:
Returns:
bool: False if authentication is disabled, otherwise True
"""
resp = self.session.get(self.gateway_url + "/auth/user")
resp = self.session.get(self.gateway_url + "/auth/session")
if resp.ok:
try:
resp_json = resp.json()
Expand All @@ -275,6 +269,7 @@ def authenticate(self, username: str, password: str = None):
raise RuntimeError("Failed to authenticate")

self.aerie_jwt = AerieJWT(resp_json["token"])
self.active_role = self.aerie_jwt.default_role

if not self.check_auth():
raise RuntimeError(f"Failed to open session")
Expand Down
6 changes: 3 additions & 3 deletions src/aerie_cli/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -137,14 +137,14 @@ def change_role(
client = get_active_session_client()

if role is None:
typer.echo(f"Active Role: {client.aerie_host.aerie_jwt.active_role}")
typer.echo(f"Active Role: {client.aerie_host.active_role}")
role = select_from_list(client.aerie_host.aerie_jwt.allowed_roles)

client.aerie_host.change_role(role)

PersistentSessionManager.set_active_session(client.aerie_host)

typer.echo(f"Changed role to: {client.aerie_host.aerie_jwt.active_role}")
typer.echo(f"Changed role to: {client.aerie_host.active_role}")


@app.command("status")
Expand All @@ -158,4 +158,4 @@ def print_status():
if client.aerie_host.configuration_name:
typer.echo(f"Active configuration: {client.aerie_host.configuration_name}")

typer.echo(f"Active role: {client.aerie_host.aerie_jwt.active_role}")
typer.echo(f"Active role: {client.aerie_host.active_role}")

0 comments on commit f13268c

Please sign in to comment.