julius/cutt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: don't rely on secure JWT when it comes to scopes

Browse Source
This commit is contained in:
julius 2025-03-20 17:04:20 +01:00
parent ded2b79db7
commit 7f4f6142c9
Signed by: julius
GPG Key ID: C80A63E6A5FD7092
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
security.py
View File

@ -141,8 +141,9 @@ async def get_current_user(
user = get_user(username=token_data.username) user = get_user(username=token_data.username)
if user is None: if user is None:
raise credentials_exception raise credentials_exception
allowed_scopes = set(user.scopes.split())
for scope in security_scopes.scopes: for scope in security_scopes.scopes:
if scope not in token_data.scopes: if scope not in allowed_scopes or scope not in token_data.scopes:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not enough permissions", detail="Not enough permissions",
@ -159,6 +160,10 @@ async def get_current_active_user(
return current_user return current_user
async def verify_team_scope(user: Annotated[Player, Depends(get_current_active_user)]):
allowed_scopes = set(user.scopes.split())
async def login_for_access_token( async def login_for_access_token(
form_data: Annotated[OAuth2PasswordRequestForm, Depends()], response: Response form_data: Annotated[OAuth2PasswordRequestForm, Depends()], response: Response
) -> Token: ) -> Token: