Refactor api/ekirjasto_authentication.py

NatLibFi · Mar 1, 2024 · bd87beb · bd87beb
1 parent 4564310
commit bd87beb
Showing 1 changed file with 25 additions and 28 deletions.
diff --git a/api/ekirjasto_authentication.py b/api/ekirjasto_authentication.py
@@ -58,6 +58,8 @@ class EkirjastoEnvironment(Enum):
 class EkirjastoAuthAPISettings(AuthProviderSettings):
     """Settings for the EkirjastoAuthenticationAPI."""
 
+    _DEFAULT_DELEGATE_EXPIRE_SECONDS = datetime.timedelta(hours=12).seconds
+
     # API environment form field, choose between dev and prod.
     ekirjasto_environment: EkirjastoEnvironment = FormField(
         EkirjastoEnvironment.FAKE,
@@ -78,7 +80,7 @@ class EkirjastoAuthAPISettings(AuthProviderSettings):
     )
 
     delegate_expire_time: int = FormField(
-        60 * 60 * 12,  # 12 hours
+        _DEFAULT_DELEGATE_EXPIRE_SECONDS,
         form=ConfigurationFormItem(
             label=_("Delegate token expire time in seconds"),
             description=_(
@@ -520,9 +522,7 @@ def remote_patron_lookup(
                 )
             else:
                 return None
-
         url = self._ekirjasto_api_url + "/v1/auth/userinfo"
-
         try:
             response = self.requests_get(url, ekirjasto_token)
         except requests.exceptions.ConnectionError as e:
@@ -690,39 +690,36 @@ def authenticated_patron(
         """
         # authorization is the decoded payload of the delegate token, including
         # encrypted ekirjasto token.
-        if type(authorization) != dict:
+
+        if (
+            type(authorization) is not dict
+            or "token" not in authorization
+            or "exp" not in authorization
+            or "sub" not in authorization
+        ):
             return UNSUPPORTED_AUTHENTICATION_MECHANISM
 
         ekirjasto_token = None
         delegate_patron = None
-        if (
-            "token" in authorization
-            and "exp" in authorization
-            and "sub" in authorization
-        ):
-            encrypted_ekirjasto_token = authorization["token"]
-            delegate_expired = from_timestamp(authorization["exp"]) < utc_now()
-            patron_delegate_id = authorization["sub"]
+        delegate_expired = from_timestamp(authorization["exp"]) < utc_now()
+        if delegate_expired:
+            # Causes to return 401 error
+            return None
 
-            if delegate_expired:
-                # Causes to return 401 error
-                return None
+        encrypted_ekirjasto_token = authorization["token"]
+        patron_delegate_id = authorization["sub"]
 
-            delegate_patron = self.get_patron_with_delegate_id(_db, patron_delegate_id)
-            if delegate_patron == None:
-                # Causes to return 401 error
-                return None
+        delegate_patron = self.get_patron_with_delegate_id(_db, patron_delegate_id)
+        if delegate_patron == None:
+            # Causes to return 401 error
+            return None
 
-            if PatronUtility.needs_external_sync(delegate_patron):
-                # We should sometimes try to update the patron from remote.
-                ekirjasto_token = self._decrypt_ekirjasto_token(
-                    encrypted_ekirjasto_token
-                )
-            else:
-                # No need to update patron.
-                return delegate_patron
+        if PatronUtility.needs_external_sync(delegate_patron):
+            # We should sometimes try to update the patron from remote.
+            ekirjasto_token = self._decrypt_ekirjasto_token(encrypted_ekirjasto_token)
         else:
-            return UNSUPPORTED_AUTHENTICATION_MECHANISM
+            # No need to update patron.
+            return delegate_patron
 
         # If we come here, we have ekirjasto_token and we should try to update the patron.
         with elapsed_time_logging(