aded new column in auth_sessions for storing access_token for later v…

…erification
Ericsson · Oct 15, 2024 · 75072a3 · 75072a3
1 parent 152f0d9
commit 75072a3
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 15 deletions.
diff --git a/web/server/codechecker_server/database/config_db_model.py b/web/server/codechecker_server/database/config_db_model.py
@@ -124,6 +124,9 @@ class Session(Base):
     user_name = Column(String)
     token = Column(CHAR(32), nullable=False, unique=True)
 
+    # access token of oauth for later use in refresh token
+    access_token = Column(String)
+
     # List of group names separated by semicolons.
     groups = Column(String)
 
@@ -135,13 +138,14 @@ class Session(Base):
     can_expire = Column(Boolean, server_default=true(), default=True)
 
     def __init__(self, token, user_name, groups, description=None,
-                 can_expire=True):
+                 can_expire=True, access_token=None):
         self.token = token
         self.user_name = user_name
         self.groups = groups
         self.description = description
         self.can_expire = can_expire
         self.last_access = datetime.now()
+        self.access_token = access_token
 
 
 class Configuration(Base):

diff --git a/...create_a_state_table_for_verification_.py → ...create_a_state_table_for_verification_.py b/...create_a_state_table_for_verification_.py → ...create_a_state_table_for_verification_.py
@@ -1,9 +1,10 @@
 """
-Create a state table for verification for OAuth
+Create a state table for verification for OAuth and add
+access token column to auth_sessions.
 
-Revision ID: 5bdea278c415
+Revision ID: 1ff62174b95e
 Revises:     00099e8bc212
-Create Date: 2024-10-09 16:14:33.235797
+Create Date: 2024-10-15 16:35:44.277979
 """
 
 from logging import getLogger
@@ -12,7 +13,7 @@
 import sqlalchemy as sa
 
 # Revision identifiers, used by Alembic.
-revision = '5bdea278c415'
+revision = '1ff62174b95e'
 down_revision = '00099e8bc212'
 branch_labels = None
 depends_on = None
@@ -22,16 +23,23 @@ def upgrade():
     LOG = getLogger("migration/config")
     # ### commands auto generated by Alembic - please adjust! ###
     op.create_table('state_codes',
-                    sa.Column('id', sa.Integer(),
-                              autoincrement=True, nullable=False),
+                    sa.Column('id',
+                              sa.Integer(),
+                              autoincrement=True,
+                              nullable=False),
                     sa.Column('state', sa.String(), nullable=False),
                     sa.Column('expires_at', sa.DateTime(), nullable=True),
-                    sa.PrimaryKeyConstraint('id', name=op.f('pk_state_codes')))
+                    sa.PrimaryKeyConstraint('id', name=op.f('pk_state_codes'))
+                    )
+    op.add_column('auth_sessions', sa.Column('access_token',
+                                             sa.String(),
+                                             nullable=True))
     # ### end Alembic commands ###
 
 
 def downgrade():
     LOG = getLogger("migration/config")
     # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('auth_sessions', 'access_token')
     op.drop_table('state_codes')
     # ### end Alembic commands ###
diff --git a/web/server/codechecker_server/session_manager.py b/web/server/codechecker_server/session_manager.py
@@ -77,7 +77,7 @@ class _Session:
 
     def __init__(self, token, username, groups,
                  session_lifetime, refresh_time, is_root=False, database=None,
-                 last_access=None, can_expire=True):
+                 last_access=None, can_expire=True, oauth_access_token=None):
 
         self.token = token
         self.user = username
@@ -88,8 +88,12 @@ def __init__(self, token, username, groups,
         self.__root = is_root
         self.__database = database
         self.__can_expire = can_expire
+        self.oauth_access_token = oauth_access_token
         self.last_access = last_access if last_access else datetime.now()
 
+    def get_access_token(self):
+        return self.oauth_access_token
+
     @property
     def is_root(self):
         """Returns whether or not the Session was created with the master
@@ -273,6 +277,7 @@ def get_oauth_config(self, provider):
         provider_cfg = self.__auth_config.get(
             'method_oauth', {}).get("providers", {}).get(provider, {})
 
+        # turn off configuration if it is set to default values
         if provider_cfg.get("oauth_client_secret",
                             "ExampleClientSecret") == "ExampleClientSecret" \
                 or provider_cfg.get("oauth_client_id",
@@ -614,18 +619,18 @@ def __is_root_user(self, user_name):
         return False
 
     def __create_local_session(self, token, user_name, groups, is_root,
-                               last_access=None, can_expire=True):
+                               last_access=None, can_expire=True,
+                               oauth_access_token=None):
         """
         Returns a new local session object initalized by the given parameters.
         """
         if not is_root:
             is_root = self.__is_root_user(user_name)
-
         return _Session(
             token, user_name, groups,
             self.__auth_config['session_lifetime'],
             self.__refresh_time, is_root, self.__database_connection,
-            last_access, can_expire)
+            last_access, can_expire, oauth_access_token=oauth_access_token)
 
     def create_session(self, auth_string):
         """ Creates a new session for the given auth-string. """
@@ -701,14 +706,18 @@ def create_session_oauth(self, provider, username, token):
         user_data = {'username': username,
                      'token': token,
                      'groups': [],
-                     'is_root': False}
+                     'is_root': False,
+                     'oauth_access_token': token
+                     }
 
         # Generate a new token and create a local session.
         token = generate_session_token()
+        token_data = user_data.get('oauth_access_token')
         local_session = self.__create_local_session(token,
                                                     user_data.get('username'),
                                                     user_data.get('groups'),
-                                                    user_data.get('is_root'))
+                                                    user_data.get('is_root'),
+                                                    oauth_access_token=token_data)
         self.__sessions.append(local_session)
 
         # Store the session in the database.
@@ -720,7 +729,9 @@ def create_session_oauth(self, provider, username, token):
                 # Store the new session.
                 record = SessionRecord(token,
                                        user_data.get('username'),
-                                       ';'.join(user_data.get('groups')))
+                                       ';'.join(user_data.get('groups')),
+                                       access_token=user_data.get(
+                                           'oauth_access_token'))
                 transaction.add(record)
                 transaction.commit()
             except Exception as e: