wip

epdb/legacy_api.py

@@ -1,17 +1,22 @@
+import hashlib
 from collections import defaultdict
 from typing import Any, Dict, List, Optional
 
+import jwt
+import requests
+
 import nh3
 from django.conf import settings as s
 from django.contrib.auth import get_user_model
 from django.http import HttpResponse, JsonResponse
 from django.shortcuts import redirect
 from ninja import Field, Form, Query, Router, Schema
+from ninja.errors import HttpError
+from ninja.security import HttpBearer
 from ninja.security import SessionAuth
 
 from utilities.chem import FormatConverter
 from utilities.misc import PackageExporter
-
 from .logic import (
     EPDBURLParser,
     GroupManager,
@@ -59,7 +64,46 @@ def _anonymous_or_real(request):
     return get_user_model().objects.get(username="anonymous")
 
 
-router = Router(auth=SessionAuth(csrf=False))
+def validate_token(token: str) -> dict:
+    TENANT_ID = s.MS_ENTRA_TENANT_ID
+    CLIENT_ID = s.MS_ENTRA_CLIENT_ID
+
+    # Fetch Microsoft's public keys
+    jwks_uri = f"https://login.microsoftonline.com/{TENANT_ID}/discovery/v2.0/keys"
+    jwks = requests.get(jwks_uri).json()
+
+    header = jwt.get_unverified_header(token)
+
+    public_key = jwt.algorithms.RSAAlgorithm.from_jwk(
+        next(k for k in jwks["keys"] if k["kid"] == header["kid"])
+    )
+
+    claims = jwt.decode(
+        token,
+        public_key,
+        algorithms=["RS256"],
+        audience=[CLIENT_ID, f"api://{CLIENT_ID}"],
+        issuer=f"https://sts.windows.net/{TENANT_ID}/",
+    )
+    return claims
+
+
+class MSBearerTokenAuth(HttpBearer):
+
+    def authenticate(self, request, token):
+        if token is None:
+            return None
+
+        claims = validate_token(token)
+
+        if not User.objects.filter(uuid=claims['oid']).exists():
+            return None
+
+        request.user = User.objects.get(uuid=claims['oid'])
+        return request.user
+
+
+router = Router(auth=MSBearerTokenAuth())
 
 
 class Error(Schema):
@@ -153,59 +197,6 @@ class SimpleModel(SimpleObject):
     identifier: str = "relative-reasoning"
 
 
-################
-# Login/Logout #
-################
-@router.post("/", response={200: SimpleUser, 403: Error}, auth=None)
-def login(request, loginusername: Form[str], loginpassword: Form[str]):
-    from django.contrib.auth import authenticate, login
-
-    if request.headers.get("Authorization"):
-        import jwt
-        import requests
-
-        TENANT_ID = s.MS_ENTRA_TENANT_ID
-        CLIENT_ID = s.MS_ENTRA_CLIENT_ID
-
-        def validate_token(token: str) -> dict:
-            # Fetch Microsoft's public keys
-            jwks_uri = f"https://login.microsoftonline.com/{TENANT_ID}/discovery/v2.0/keys"
-            jwks = requests.get(jwks_uri).json()
-
-            header = jwt.get_unverified_header(token)
-
-            public_key = jwt.algorithms.RSAAlgorithm.from_jwk(
-                next(k for k in jwks["keys"] if k["kid"] == header["kid"])
-            )
-
-            claims = jwt.decode(
-                token,
-                public_key,
-                algorithms=["RS256"],
-                audience=[CLIENT_ID, f"api://{CLIENT_ID}"],
-                issuer=f"https://sts.windows.net/{TENANT_ID}/",
-            )
-            return claims
-
-        token = request.headers.get("Authorization").split(" ")[1]
-
-        claims = validate_token(token)
-
-        if not User.objects.filter(uuid=claims['oid']).exists():
-            user = None
-        else:
-            user = User.objects.get(uuid=claims['oid'])
-
-    else:
-        email = User.objects.get(username=loginusername).email
-        user = authenticate(username=email, password=loginpassword)
-
-    if user:
-        login(request, user)
-        return user
-    else:
-        return 403, {"message": "Invalid username and/or password"}
-
 
 ########
 # User #