Merge branch 'list-of-active-users-#21' into mechanism-for-deactivati…

…ng-users-#12
ral-facilities · Feb 1, 2024 · 14aaae6 · 14aaae6
2 parents 47a8323 + f838641
commit 14aaae6
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 12 deletions.
diff --git a/.github/workflows/.ci.yml b/.github/workflows/.ci.yml
@@ -18,7 +18,9 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install python-ldap system dependencies
-        run: sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev
 
       - name: Set up Python
         uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
@@ -41,7 +43,9 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install python-ldap system dependencies
-        run: sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev
 
       - name: Set up Python
         uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0

diff --git a/Dockerfile b/Dockerfile
@@ -4,13 +4,12 @@ WORKDIR /ldap-jwt-auth-run
 
 COPY pyproject.toml ./
 COPY ldap_jwt_auth/ ldap_jwt_auth/
-COPY keys/ keys/
 
 RUN --mount=type=cache,target=/root/.cache \
     set -eux; \
     \
     apk add --no-cache build-base openldap-dev; \
-    python3 -m pip install .;
+    python3 -m pip install .[dev];
 
 CMD ["uvicorn", "ldap_jwt_auth.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]
 EXPOSE 8000
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,6 +6,7 @@ services:
     build: .
     volumes:
       - ./ldap_jwt_auth:/ldap-jwt-auth-run/ldap_jwt_auth
+      - ./keys:/ldap-jwt-auth-run/keys
     ports:
       - 8000:8000
     restart: on-failure
diff --git a/ldap_jwt_auth/auth/authentication.py b/ldap_jwt_auth/auth/authentication.py
@@ -26,9 +26,13 @@ class Authentication:
     def authenticate(self, user_credentials: UserCredentialsPostRequestSchema) -> None:
         """
         Authenticate a user against an LDAP server based on the provided user credentials.
+
+        Before attempting to authenticate against LDAP, it checks that the credentials are not empty and that the
+        username is part of the active usernames.
         :param user_credentials: The credentials of the user.
         :raises InvalidCredentialsError: If the user credentials are empty or invalid.
         :raises LDAPServerError: If there is a problem with the LDAP server.
+        :raises UserNotActiveError: If the username is not part of the the active usernames.
         """
         username = user_credentials.username
         password = user_credentials.password
@@ -67,9 +71,8 @@ def is_user_active(self, username: str) -> bool:
         :param username: The username to check.
         :return: `True` if the user is active, `False` otherwise.
         """
+        logger.info("Checking if user is active")
         active_usernames = self._get_active_usernames()
-        logger.debug(len(active_usernames))
-        logger.debug(active_usernames)
         return username in active_usernames
 
     def _get_active_usernames(self) -> list:
@@ -80,8 +83,8 @@ def _get_active_usernames(self) -> list:
         :raises ActiveUsernamesFileNotFoundError: If the file containing the active usernames cannot be found.
         """
         try:
-            with open(config.authentication.active_usernames_path, "r", encoding="utf-8") as f:
-                return [line.strip() for line in f.readlines() if line.strip()]
+            with open(config.authentication.active_usernames_path, "r", encoding="utf-8") as file:
+                return [line.strip() for line in file.readlines() if line.strip()]
         except FileNotFoundError as exc:
             raise ActiveUsernamesFileNotFoundError(
                 f"Cannot find file containing active usernames with path: {config.authentication.active_usernames_path}"

diff --git a/ldap_jwt_auth/core/constants.py b/ldap_jwt_auth/core/constants.py
@@ -8,13 +8,13 @@
 # Read the contents of the private and public key files into constants. These are used for encoding and decoding of JWT
 # access and refresh tokens.
 try:
-    with open(config.authentication.private_key_path, "r", encoding="utf-8") as f:
-        PRIVATE_KEY = f.read()
+    with open(config.authentication.private_key_path, "r", encoding="utf-8") as file:
+        PRIVATE_KEY = file.read()
 except FileNotFoundError as exc:
     sys.exit(f"Cannot find private key: {exc}")
 
 try:
-    with open(config.authentication.public_key_path, "r", encoding="utf-8") as f:
-        PUBLIC_KEY = f.read()
+    with open(config.authentication.public_key_path, "r", encoding="utf-8") as file:
+        PUBLIC_KEY = file.read()
 except FileNotFoundError as exc:
     sys.exit(f"Cannot find public key: {exc}")