api: restructure user authentication modelling to support other user backends

2026-05-19 19:28:12 +02:00 · 2026-05-19 19:28:12 +02:00 · 63a9485209
commit 63a9485209
parent e5b880d038
4 changed files with 99 additions and 58 deletions
--- a/api/src/dooris_api/app.py
+++ b/api/src/dooris_api/app.py
@ -58,17 +58,9 @@ app.add_exception_handler(
    "/api/user-info/",
    name="get-user-info",
    tags=["auth"],
-    responses={status.HTTP_401_UNAUTHORIZED: {"model": models.HttpProblemDetail}},
 )
-async def get_user_info(
-    req: Request, current_user: deps.CurrentUser
-) -> models.UserStatus:
-    return models.UserStatus(
-        is_authorized=current_user.may_operate_locks,
-        guaranteed_session_until=datetime.fromtimestamp(current_user.id_token.exp, UTC),
-        username=current_user.id_token.preferred_username,
-        ccchh_roles=current_user.ccchh_roles,
-    )
+async def get_user_info(req: Request, current_user: deps.ApiUser) -> models.ApiUser:
+    return current_user


@app.get("/auth/login", tags=["auth"], response_class=RedirectResponse, status_code=302)
@ -143,7 +135,7 @@ async def login_callback(
        auth_start_time = datetime.fromtimestamp(
            float(req.cookies["auth_start_time"]), UTC
        )
-        deps.persist_auth_state(
+        deps.persist_oidc_auth_state(
            oidc_client, resp, auth_result, auth_start_time, req.cookies["auth_nonce"]
        )
        logger.debug("successfully authenticated user")
@ -165,9 +157,9 @@ async def login_callback(
    "/auth/logout", tags=["auth"], response_class=RedirectResponse, status_code=302
 )
 async def logout(
-    resp: Response, oidc_client: deps.OpenidClient, current_user: deps.CurrentUser
+    resp: Response, oidc_client: deps.OpenidClient, current_user: deps.AuthenticatedUser
 ) -> str:
-    deps.clear_auth_state(resp)
+    deps.clear_oidc_auth_state(resp)
    return oidc_client.initiate_logout(
        RpInitiatedLogoutRequest(
            id_token_hint=current_user.raw_id_token,
@ -244,7 +236,7 @@ async def watch_locks(ccujack: deps.CCUJackClient) -> AsyncIterable[List[models.
    while True:
        yield await list_locks(ccujack)
        await ccujack.data_updated.wait()
-        await asyncio.sleep(0.1) # debounce multiple mqtt parameter updates
+        await asyncio.sleep(0.1)  # debounce multiple mqtt parameter updates


@app.patch(
@ -261,7 +253,7 @@ async def operate_lock(
    lock_id: str,
    requested_op: models.LockOperation,
    ccujack: deps.CCUJackClient,
-    current_user: deps.CurrentUser,
+    current_user: deps.AuthenticatedUser,
 ) -> None:
    if not current_user.may_operate_locks:
        raise exceptions.HttpProblemException.forbidden_to_operate(req.url)