diff options
| author | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2021-05-14 15:17:49 +0200 |
|---|---|---|
| committer | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2021-05-17 17:06:50 +0200 |
| commit | 0c6ccca5fac44ab40671627fd3181e9b138672fa (patch) | |
| tree | 0c0cc4aa53921feeddfd0d1c9111eee9a9c84c54 /opendc-web/opendc-web-api/opendc/api/v2/users | |
| parent | 17327a642738e0500f9a007b32a46bb4f426f881 (diff) | |
api: Migrate to Auth0 for API authorization
This change updates the OpenDC API to use Auth0 for API authorization.
This removes the hard dependency on Google for logging into OpenDC and
simplifies implementation as we do not have to store user information
anymore, other than the user identifier.
Diffstat (limited to 'opendc-web/opendc-web-api/opendc/api/v2/users')
| -rw-r--r-- | opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py | 2 | ||||
| -rw-r--r-- | opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py index 0dcf2463..fe61ce25 100644 --- a/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py +++ b/opendc-web/opendc-web-api/opendc/api/v2/users/endpoint.py @@ -20,7 +20,7 @@ def POST(request): request.check_required_parameters(body={'user': {'email': 'string'}}) user = User(request.params_body['user']) - user.set_property('googleId', request.google_id) + user.set_property('googleId', request.current_user['sub']) user.set_property('authorizations', []) user.check_already_exists() diff --git a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py index be3462c0..26ff7717 100644 --- a/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py +++ b/opendc-web/opendc-web-api/opendc/api/v2/users/userId/endpoint.py @@ -27,7 +27,7 @@ def PUT(request): user = User.from_id(request.params_path['userId']) user.check_exists() - user.check_correct_user(request.google_id) + user.check_correct_user(request.current_user['sub']) user.set_property('givenName', request.params_body['user']['givenName']) user.set_property('familyName', request.params_body['user']['familyName']) @@ -45,7 +45,7 @@ def DELETE(request): user = User.from_id(request.params_path['userId']) user.check_exists() - user.check_correct_user(request.google_id) + user.check_correct_user(request.current_user['sub']) for authorization in user.obj['authorizations']: if authorization['authorizationLevel'] != 'OWN': |