align JWT with ENABLE_AUTH #1213
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #1213 +/- ##
===========================================
+ Coverage 85.93% 86.00% +0.06%
===========================================
Files 94 94
Lines 3236 3251 +15
Branches 371 372 +1
===========================================
+ Hits 2781 2796 +15
Misses 380 380
Partials 75 75 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Hi @MattShirley - I don't think this is quite what I was after, although I guess it addresses another failure mode. The place where we are currently failing wrt Nebraska is the |
…hirley/handle-optional-jwt
…hirley/handle-optional-jwt
for more information, see https://pre-commit.ci
…-hep/ServiceX into mshirley/handle-optional-jwt
|
@ponyisi I added a no-op/dummy pass through decorator |
| user = None | ||
| if current_app.config.get("ENABLE_AUTH"): | ||
| user = UserModel.find_by_email(get_jwt_identity()) | ||
| # since jwt is optional, attach user only when jwt available |
There was a problem hiding this comment.
I think the "optional"-ness of the JWT came from the idea that it would handle the case we're now protecting. If ENABLE_AUTH is set now, I don't think there is a case where we should not expect a JWT? (In which case we should get rid of the optional=True in all cases and this additional protection.)
There was a problem hiding this comment.
I have removed both calls with optional=True
…t with new endpoint)
MattShirley
changed the title
get_requesting_user without throwing a 500 error…hirley/handle-optional-jwt
The existing setup has no connection between JWT and ENABLE_AUTH.
This PR introduces a
jwt_required_if_auth_enableddecorator that requires a JWT only ifENABLE_AUTH=True. Otherwise, the endpoint will allow traffic without checking for a JWT.