Merge branch 'develop' into feature.extentalbemicmigrations

Josephine-Rutten · Jan 25, 2024 · 7cd1373 · 7cd1373
2 parents 8343cf2 + d4a044e
commit 7cd1373
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 7 deletions.
diff --git a/src/cnaas_nms/api/app.py b/src/cnaas_nms/api/app.py
@@ -6,7 +6,7 @@
 from engineio.payload import Payload
 from flask import Flask, jsonify, request
 from flask_cors import CORS
-from flask_jwt_extended import JWTManager
+from flask_jwt_extended import JWTManager, decode_token
 from flask_jwt_extended.exceptions import InvalidHeaderError, NoAuthorizationError
 from flask_restx import Api
 from flask_socketio import SocketIO, join_room
@@ -215,18 +215,30 @@ def socketio_on_events(data):
 # Log all requests, include username etc
 @app.after_request
 def log_request(response):
+    user = ""
+    if request.method in ["POST", "PUT", "DELETE", "PATCH"]:
+        try:
+            if auth_settings.OIDC_ENABLED:
+                token_string = request.headers.get("Authorization").split(" ")[-1]
+                user = "User: {}, ".format(get_oauth_userinfo(token_string)['email'])
+            else:
+                token = request.headers.get("Authorization").split(" ")[-1]
+                user = "User: {}, ".format(decode_token(token).get("sub"))
+        except Exception:
+            user = "User: unknown, "
+
     try:
         url = re.sub(jwt_query_r, "", request.url)
         if request.headers.get('content-type') == 'application/json':
             logger.info(
-                "Method: {}, Status: {}, URL: {}, JSON: {}".format(
-                    request.method, response.status_code, url, request.json
+                "{}Method: {}, Status: {}, URL: {}, JSON: {}".format(
+                    user, request.method, response.status_code, url, request.json
                 )
             )
         else:
             logger.info(
-                "Method: {}, Status: {}, URL: {}".format(
-                    request.method, response.status_code, url
+                "{}Method: {}, Status: {}, URL: {}".format(
+                    user, request.method, response.status_code, url
                 )
             )
     except Exception:

diff --git a/src/cnaas_nms/app_settings.py b/src/cnaas_nms/app_settings.py
@@ -70,6 +70,7 @@ class AuthSettings(BaseSettings):
     OIDC_CLIENT_ID: str = "client-id"
     OIDC_ENABLED: bool = False
     OIDC_CLIENT_SCOPE: str = "openid"
+    AUDIENCE: str = OIDC_CLIENT_ID
 
 
 def construct_api_settings() -> ApiSettings:
@@ -153,6 +154,7 @@ def construct_auth_settings() -> AuthSettings:
             OIDC_CLIENT_SECRET=config.get("oidc_client_secret", AuthSettings().OIDC_CLIENT_SECRET),
             OIDC_CLIENT_ID=config.get("oidc_client_id", AuthSettings().OIDC_CLIENT_ID),
             OIDC_CLIENT_SCOPE=config.get("oidc_client_scope", AuthSettings().OIDC_CLIENT_SCOPE),
+            AUDIENCE=config.get("audience", AuthSettings().AUDIENCE),
         )
     else:
         return AuthSettings()

diff --git a/src/cnaas_nms/tools/security.py b/src/cnaas_nms/tools/security.py
@@ -144,7 +144,7 @@ def authenticate_token(self, token_string: str):
         algorithm = unverified_header.get("alg")
         try:
             decoded_token = jwt.decode(
-                token_string, key, algorithms=algorithm, audience=auth_settings.OIDC_CLIENT_ID
+                token_string, key, algorithms=algorithm, audience=auth_settings.AUDIENCE
             )
         except exceptions.ExpiredSignatureError as e:
             raise ExpiredSignatureError(e)
@@ -160,7 +160,7 @@ def authenticate_token(self, token_string: str):
             "access_token": token_string,
             "decoded_token": decoded_token,
             "token_type": algorithm,
-            "audience": auth_settings.OIDC_CLIENT_ID,
+            "audience": auth_settings.AUDIENCE,
             "expires_at": decoded_token["exp"],
         }
         return token