fix all pylint warnings, add tests (wip) fix recap

2026-03-06 00:00:01 +01:00
parent 60812652cf
commit b4b4fa7643
25 changed files with 845 additions and 376 deletions
--- a/backend/src/auth/auth.py
+++ b/backend/src/auth/auth.py
@@ -4,14 +4,13 @@ from urllib.parse import urlencode

 import jwt
 import requests
-import src.messages as messages
 import src.users.service as service
-from fastapi import (APIRouter, Cookie, Depends, HTTPException, Request,
-                     Security)
+from fastapi import APIRouter, Cookie, Depends, HTTPException, Request
 from fastapi.responses import RedirectResponse, Response
-from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from fastapi.security import HTTPBearer
 from jwt import PyJWKClient
 from sqlmodel import Session, select
+from src import messages
 from src.database import get_session
 from src.models import User, UserCreate, UserPublic
 from src.settings import (AUTH_URL, ISSUER, JWKS_URL, LOGOUT_URL, TOKEN_URL,
@@ -78,7 +77,18 @@ def callback(code: str, session: Session = Depends(get_session)):
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded'
    }
-    response = requests.post(TOKEN_URL, data=data, headers=headers)
+    try:
+        response = requests.post(
+            TOKEN_URL,
+            data=data,
+            headers=headers,
+            timeout=10
+        )
+    except requests.exceptions.Timeout as error:
+        raise HTTPException(
+            status_code=404,
+            detail=messages.Messages.not_found('token')
+        ) from error
    if response.status_code != 200:
        raise HTTPException(
            status_code=404,
@@ -99,7 +109,13 @@ def callback(code: str, session: Session = Depends(get_session)):
            'client_secret': settings.keycloak_client_secret,
            'refresh_token': token_data['refresh_token'],
        }
-        requests.post(LOGOUT_URL, data=data)
+        try:
+            requests.post(LOGOUT_URL, data=data, timeout=10)
+        except requests.exceptions.Timeout as error:
+            raise HTTPException(
+                status_code=404,
+                detail=messages.Messages.not_found('token')
+            ) from error
        resp = RedirectResponse(f'{settings.origins}?userNotAllowed=true')
        return resp
    roles = resource_access.get(settings.keycloak_client_id)
@@ -109,7 +125,13 @@ def callback(code: str, session: Session = Depends(get_session)):
            'client_secret': settings.keycloak_client_secret,
            'refresh_token': token_data['refresh_token'],
        }
-        requests.post(LOGOUT_URL, data=data)
+        try:
+            requests.post(LOGOUT_URL, data=data, timeout=10)
+        except requests.exceptions.Timeout as error:
+            raise HTTPException(
+                status_code=404,
+                detail=messages.Messages.not_found('token')
+            ) from error
        resp = RedirectResponse(f'{settings.origins}?userNotAllowed=true')
        return resp

@@ -160,16 +182,16 @@ def verify_token(token: str):
            leeway=60,
        )
        return decoded
-    except jwt.ExpiredSignatureError:
+    except jwt.ExpiredSignatureError as error:
        raise HTTPException(
            status_code=401,
            detail=messages.Messages.tokenexipired
-        )
-    except jwt.InvalidTokenError:
+        ) from error
+    except jwt.InvalidTokenError as error:
        raise HTTPException(
            status_code=401,
            detail=messages.Messages.invalidtoken
-        )
+        ) from error


 def get_current_user(
@@ -184,7 +206,7 @@ def get_current_user(
    payload = verify_token(access_token)
    if not payload:
        raise HTTPException(
-            status_code=401, 
+            status_code=401,
            detail='aze'
        )
    email = payload.get('email')
@@ -205,7 +227,7 @@ def get_current_user(


@router.post('/refresh')
-def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
+def refresh_user_token(refresh_token: Annotated[str | None, Cookie()] = None):
    refresh = refresh_token
    data = {
        'grant_type': 'refresh_token',
@@ -216,7 +238,18 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded'
    }
-    result = requests.post(TOKEN_URL, data=data, headers=headers)
+    try:
+        result = requests.post(
+            TOKEN_URL,
+            data=data,
+            headers=headers,
+            timeout=10,
+        )
+    except requests.exceptions.Timeout as error:
+        raise HTTPException(
+            status_code=404,
+            detail=messages.Messages.not_found('token')
+        ) from error
    if result.status_code != 200:
        raise HTTPException(
            status_code=404,
@@ -229,7 +262,7 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
        key='access_token',
        value=token_data['access_token'],
        httponly=True,
-        secure=True if settings.debug == False else True,
+        secure=True if settings.debug is False else True,
        samesite='strict',
        max_age=settings.max_age
    )
@@ -237,7 +270,7 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
        key='refresh_token',
        value=token_data['refresh_token'] or '',
        httponly=True,
-        secure=True if settings.debug == False else True,
+        secure=True if settings.debug is False else True,
        samesite='strict',
        max_age=30 * 24 * settings.max_age
    )