From f13268cf48b909da6fc3169f5ed1fad2fd4508c6 Mon Sep 17 00:00:00 2001 From: Carter Mak Date: Thu, 19 Oct 2023 15:38:40 -0700 Subject: [PATCH] Aerie 1.14.0 auth changes --- src/aerie_cli/aerie_host.py | 23 +++++++++-------------- src/aerie_cli/app.py | 6 +++--- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/src/aerie_cli/aerie_host.py b/src/aerie_cli/aerie_host.py index 6d9102f8..99746ab6 100644 --- a/src/aerie_cli/aerie_host.py +++ b/src/aerie_cli/aerie_host.py @@ -40,10 +40,10 @@ def __init__(self, encoded_jwt: str) -> None: encoded_jwt_payload = b64decode(jwt_components[1] + "==", validate=False) try: payload = json.loads(encoded_jwt_payload) - self.active_role = payload["activeRole"] self.allowed_roles = payload["https://hasura.io/jwt/claims"][ "x-hasura-allowed-roles" ] + self.default_role = payload["https://hasura.io/jwt/claims"]["x-hasura-default-role"] self.username = payload["username"] except KeyError: @@ -83,6 +83,7 @@ def __init__( self.gateway_url = gateway_url self.configuration_name = configuration_name self.aerie_jwt = None + self.active_role = None def post_to_graphql(self, query: str, **kwargs) -> Dict: """Issue a post request to the Aerie instance GraphQL API @@ -201,17 +202,7 @@ def change_role(self, new_role: str) -> None: f"Cannot set role {new_role}. Must be one of: {', '.join(self.aerie_jwt.allowed_roles)}" ) - resp = self.session.post( - self.gateway_url + "/auth/changeRole", - json={"role": new_role}, - headers=self.get_auth_headers(), - ) - - try: - resp_json = process_gateway_response(resp) - self.aerie_jwt = AerieJWT(resp_json["token"]) - except (RuntimeError, KeyError): - raise RuntimeError(f"Failed to select new role") + self.active_role = new_role def check_auth(self) -> bool: """Checks if session is correctly authenticated with Aerie host @@ -237,9 +228,12 @@ def check_auth(self) -> bool: return False def get_auth_headers(self): + if self.aerie_jwt is None: + return {} + return { "Authorization": f"Bearer {self.aerie_jwt.encoded_jwt}", - "x-hasura-role": self.aerie_jwt.active_role, + "x-hasura-role": self.active_role, } def is_auth_enabled(self) -> bool: @@ -248,7 +242,7 @@ def is_auth_enabled(self) -> bool: Returns: bool: False if authentication is disabled, otherwise True """ - resp = self.session.get(self.gateway_url + "/auth/user") + resp = self.session.get(self.gateway_url + "/auth/session") if resp.ok: try: resp_json = resp.json() @@ -275,6 +269,7 @@ def authenticate(self, username: str, password: str = None): raise RuntimeError("Failed to authenticate") self.aerie_jwt = AerieJWT(resp_json["token"]) + self.active_role = self.aerie_jwt.default_role if not self.check_auth(): raise RuntimeError(f"Failed to open session") diff --git a/src/aerie_cli/app.py b/src/aerie_cli/app.py index c1d83629..6d188d18 100644 --- a/src/aerie_cli/app.py +++ b/src/aerie_cli/app.py @@ -137,14 +137,14 @@ def change_role( client = get_active_session_client() if role is None: - typer.echo(f"Active Role: {client.aerie_host.aerie_jwt.active_role}") + typer.echo(f"Active Role: {client.aerie_host.active_role}") role = select_from_list(client.aerie_host.aerie_jwt.allowed_roles) client.aerie_host.change_role(role) PersistentSessionManager.set_active_session(client.aerie_host) - typer.echo(f"Changed role to: {client.aerie_host.aerie_jwt.active_role}") + typer.echo(f"Changed role to: {client.aerie_host.active_role}") @app.command("status") @@ -158,4 +158,4 @@ def print_status(): if client.aerie_host.configuration_name: typer.echo(f"Active configuration: {client.aerie_host.configuration_name}") - typer.echo(f"Active role: {client.aerie_host.aerie_jwt.active_role}") + typer.echo(f"Active role: {client.aerie_host.active_role}")