def mutate_and_get_payload(cls, root, input, client_mutation_id=None):
# Call the logout method to remove any locally stored data
get_identity_manager_instance().logout()
# Remove user's git creds
git_cred_file = os.path.expanduser(os.path.join('~', '.git-credentials'))
if os.path.exists(git_cred_file):
os.remove(git_cred_file)
logger.info("Removed git credentials on logout")
# Wipe current user from request context
flask.g.user_obj = None
flask.g.id_token = None
flask.g.access_token = None
return RemoveUserIdentity(user_identity_edge=UserIdentity())
def test_get_identity_manager_instance(
self, fixture_working_dir_with_cached_user):
"""Test getting identity manager in a flask app"""
# Test normal
mgr = get_identity_manager_instance()
assert type(mgr) == LocalIdentityManager
# Test when no mgr is set
current_app.config["LABMGR_ID_MGR"] = None
mgr = get_identity_manager_instance()
assert mgr is None
# Test when mgr is missing from the current Flask application config
del current_app.config["LABMGR_ID_MGR"]
with pytest.raises(AuthenticationError):
get_identity_manager_instance()
def get_logged_in_user():
"""A method to get the current logged in User object"""
# Check for user in redis cache
access_token = flask.g.get('access_token', None)
if access_token:
# Build unique key from the bearer token
key = access_token[0::6]
# Get a redis client
client = flask.g.get('redis_client', None)
if not client:
client = redis.StrictRedis(db=4)
flask.g.redis_client = client
# Check if user data is cached
if client.exists(key):
# Load user data from redis
user = User()
user.username = client.hget(key, "username").decode()
user.email = client.hget(key, "email").decode()
user.given_name = client.hget(key, "given_name").decode()
user.family_name = client.hget(key, "family_name").decode()
else:
# User not loaded yet, so get it from the identity manager
user = get_identity_manager_instance().get_user_profile(
access_token)
# Save to redis
client.hset(key, "username", user.username)
client.hset(key, "email", user.email)
client.hset(key, "given_name", user.given_name)
client.hset(key, "family_name", user.family_name)
# Set a TTL of 5 minutes. This will auto-delete the key so the identity will be re-queried
client.expire(key, 60 * 5)
else:
# No access token, so assume running locally or malformed request and force a full load from manager
user = get_identity_manager_instance().get_user_profile(access_token)
return user
def get_logged_in_user() -> User:
"""A method to get the current logged in User object"""
# Check for user in redis cache
access_token = flask.g.get('access_token', None)
id_token = flask.g.get('id_token', None)
request_scoped_user = flask.g.get('user_obj', None)
if not request_scoped_user:
request_scoped_user = get_identity_manager_instance().get_user_profile(
access_token, id_token)
flask.g.user_obj = request_scoped_user
return request_scoped_user
def resolve(self, next, root, info, **args):
if not self.identity_mgr:
self.identity_mgr = get_identity_manager_instance()
# On first field processed in request, authenticate
if not hasattr(info.context, "auth_middleware_complete"):
# Pull the token out of the header if available
token = None
if "Authorization" in info.context.headers:
token = parse_token(info.context.headers["Authorization"])
# Save token to the request context for future use (e.g. look up a user's profile information if needed)
flask.g.access_token = token
# Check if you are authenticated
try:
self.identity_mgr.is_authenticated(token)
except AuthenticationError:
raise AuthenticationError("User not authenticated", 401)
info.context.auth_middleware_complete = True
return next(root, info, **args)