[DOP-29537] Adjust Swagger schema for OAuth2GatewayProvider

dolfinus · dolfinus · commit 36ca9a076412 · 2025-11-07T15:31:38.000+03:00
diff --git a/syncmaster/server/api/v1/auth.py b/syncmaster/server/api/v1/auth.py
@@ -63,7 +63,7 @@ async def auth_callback(
 )
 async def logout(
     request: Request,
-    current_user: Annotated[User, Depends(get_user(is_active=True))],
+    current_user: Annotated[User, Depends(get_user())],
     auth_provider: Annotated[KeycloakAuthProvider, Depends(Stub(AuthProvider))],
 ):
     refresh_token = request.session.get("refresh_token", None)
diff --git a/syncmaster/server/api/v1/connections.py b/syncmaster/server/api/v1/connections.py
@@ -39,7 +39,7 @@ async def read_connections(
     page: int = Query(gt=0, default=1),
     page_size: int = Query(gt=0, le=50, default=20),  # noqa: WPS432
     type: list[ConnectionType] | None = Query(None),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
     search_query: str | None = Query(
         None,
@@ -102,7 +102,7 @@ async def read_connections(
 @router.post("/connections")
 async def create_connection(
     connection_data: CreateConnectionSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadConnectionSchema:
     """Create new connection"""
@@ -144,15 +144,15 @@ async def create_connection(
     )
 
 
-@router.get("/connections/known_types", dependencies=[Depends(get_user(is_active=True))])
+@router.get("/connections/known_types", dependencies=[Depends(get_user())])
 async def read_connection_types() -> list[str]:
     return CONNECTION_TYPES
 
 
 @router.get("/connections/{connection_id}")
 async def read_connection(
     connection_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadConnectionSchema:
     resource_role = await unit_of_work.connection.get_resource_permission(
@@ -186,7 +186,7 @@ async def read_connection(
 async def update_connection(  # noqa: WPS217, WPS238
     connection_id: int,
     connection_data: UpdateConnectionSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadConnectionSchema:
     resource_role = await unit_of_work.connection.get_resource_permission(
@@ -246,7 +246,7 @@ async def update_connection(  # noqa: WPS217, WPS238
 @router.delete("/connections/{connection_id}", status_code=NO_CONTENT)
 async def delete_connection(
     connection_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ):
     resource_role = await unit_of_work.connection.get_resource_permission(
@@ -274,7 +274,7 @@ async def delete_connection(
 async def copy_connection(  # noqa: WPS238
     connection_id: int,
     copy_connection_data: ConnectionCopySchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadConnectionSchema:
     resource_role = await unit_of_work.connection.get_resource_permission(
diff --git a/syncmaster/server/api/v1/groups.py b/syncmaster/server/api/v1/groups.py
@@ -30,7 +30,7 @@ async def read_groups(
     page: int = Query(gt=0, default=1),
     page_size: int = Query(gt=0, le=50, default=20),  # noqa: WPS432
     role: str | None = Query(default=None),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
     search_query: str | None = Query(
         None,
@@ -59,7 +59,7 @@ async def read_groups(
 async def create_group(
     group_data: CreateGroupSchema,
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
 ) -> ReadGroupSchema:
     async with unit_of_work:
         group = await unit_of_work.group.create(
@@ -73,7 +73,7 @@ async def create_group(
 @router.get("/groups/{group_id}")
 async def read_group(
     group_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> GroupWithUserRoleSchema:
     resource_role = await unit_of_work.group.get_group_permission(
@@ -96,7 +96,7 @@ async def read_group(
 async def update_group(  # noqa: WPS217
     group_id: int,
     group_data: UpdateGroupSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadGroupSchema:
     resource_rule = await unit_of_work.group.get_group_permission(
@@ -154,7 +154,7 @@ async def read_group_users(
     group_id: int,
     page: int = Query(gt=0, default=1),
     page_size: int = Query(gt=0, le=50, default=20),  # noqa: WPS432
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> UserPageSchemaAsGroupMember:
     resource_role = await unit_of_work.group.get_group_permission(
@@ -178,7 +178,7 @@ async def update_user_role_group(
     group_id: int,
     user_id: int,
     update_user_data: AddUserSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> AddUserSchema:
     resource_rule = await unit_of_work.group.get_group_permission(
@@ -207,7 +207,7 @@ async def add_user_to_group(
     group_id: int,
     user_id: int,
     add_user_data: AddUserSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ):
     resource_rule = await unit_of_work.group.get_group_permission(
@@ -237,7 +237,7 @@ async def add_user_to_group(
 async def delete_user_from_group(
     group_id: int,
     user_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ):
     resource_rule = await unit_of_work.group.get_group_permission(
diff --git a/syncmaster/server/api/v1/queue.py b/syncmaster/server/api/v1/queue.py
@@ -27,7 +27,7 @@ async def read_queues(
     group_id: int,
     page: int = Query(gt=0, default=1),
     page_size: int = Query(gt=0, le=50, default=20),  # noqa: WPS432
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
     search_query: str | None = Query(
         None,
@@ -55,7 +55,7 @@ async def read_queues(
 @router.get("/queues/{queue_id}", description="Read queue by id")
 async def read_queue(
     queue_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadQueueSchema:
     resource_role = await unit_of_work.queue.get_resource_permission(
@@ -75,7 +75,7 @@ async def read_queue(
 @router.post("/queues", description="Create new queue")
 async def create_queue(
     queue_data: CreateQueueSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadQueueSchema:
     group_permission = await unit_of_work.queue.get_group_permission(
@@ -98,7 +98,7 @@ async def create_queue(
 async def update_queue(
     queue_id: int,
     queue_data: UpdateQueueSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadQueueSchema:
     resource_role = await unit_of_work.queue.get_resource_permission(
@@ -123,7 +123,7 @@ async def update_queue(
 @router.delete("/queues/{queue_id}", description="Delete queue by id", status_code=NO_CONTENT)
 async def delete_queue(
     queue_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ):
     resource_role = await unit_of_work.queue.get_resource_permission(
diff --git a/syncmaster/server/api/v1/runs.py b/syncmaster/server/api/v1/runs.py
@@ -36,7 +36,7 @@ async def read_runs(
     status: list[Status] | None = Query(default=None),
     started_at_since: datetime | None = Query(default=None),
     started_at_until: datetime | None = Query(default=None),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
 ) -> RunPageSchema:
     """Return runs of transfer with pagination"""
     resource_rule = await unit_of_work.transfer.get_resource_permission(
@@ -63,7 +63,7 @@ async def read_runs(
 async def read_run(
     run_id: int,
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
 ) -> ReadRunSchema:
     run = await unit_of_work.run.read_by_id(run_id=run_id)
 
@@ -83,7 +83,7 @@ async def start_run(  # noqa: WPS217
     create_run_data: CreateRunSchema,
     celery: Annotated[Celery, Depends(Stub(Celery))],
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
 ) -> ReadRunSchema:
     # Check: user can start transfer
     resource_rule = await unit_of_work.transfer.get_resource_permission(
@@ -139,7 +139,7 @@ async def start_run(  # noqa: WPS217
 async def stop_run(
     run_id: int,
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
 ) -> ReadRunSchema:
     run = await unit_of_work.run.read_by_id(run_id=run_id)
 
diff --git a/syncmaster/server/api/v1/transfers.py b/syncmaster/server/api/v1/transfers.py
@@ -45,7 +45,7 @@ async def read_transfers(
     source_connection_type: list[ConnectionType] | None = Query(None),
     target_connection_type: list[ConnectionType] | None = Query(None),
     is_scheduled: bool | None = Query(None),
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> TransferPageSchema:
     """Return transfers in page format"""
@@ -79,7 +79,7 @@ async def read_transfers(
 @router.post("/transfers")
 async def create_transfer(  # noqa: WPS217, WPS238
     transfer_data: CreateTransferSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadTransferSchema:
     group_permission = await unit_of_work.transfer.get_group_permission(
@@ -139,7 +139,7 @@ async def create_transfer(  # noqa: WPS217, WPS238
 @router.get("/transfers/{transfer_id}")
 async def read_transfer(
     transfer_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadTransferSchema:
     """Return transfer data by transfer ID"""
@@ -159,7 +159,7 @@ async def read_transfer(
 async def copy_transfer(  # noqa: WPS217, WPS238
     transfer_id: int,
     transfer_data: CopyTransferSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadTransferSchema:
     resource_role = await unit_of_work.transfer.get_resource_permission(
@@ -239,7 +239,7 @@ async def copy_transfer(  # noqa: WPS217, WPS238
 async def update_transfer(  # noqa: WPS217, WPS238
     transfer_id: int,
     transfer_data: CreateTransferSchema,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadTransferSchema:
     # Check: user can update transfer
@@ -318,7 +318,7 @@ async def update_transfer(  # noqa: WPS217, WPS238
 @router.delete("/transfers/{transfer_id}", status_code=NO_CONTENT)
 async def delete_transfer(
     transfer_id: int,
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ):
     resource_role = await unit_of_work.transfer.get_resource_permission(
diff --git a/syncmaster/server/api/v1/users.py b/syncmaster/server/api/v1/users.py
@@ -20,7 +20,7 @@
 async def get_users(
     page: int = Query(gt=0, default=1),
     page_size: int = Query(gt=0, le=50, default=20),  # noqa: WPS432
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
     search_query: str | None = Query(
         None,
@@ -39,15 +39,15 @@ async def get_users(
 
 @router.get("/users/me")
 async def read_current_user(
-    current_user: User = Depends(get_user(is_active=True)),
+    current_user: User = Depends(get_user()),
 ) -> ReadUserSchema:
     return ReadUserSchema.model_validate(current_user, from_attributes=True)
 
 
-@router.get("/users/{user_id}", dependencies=[Depends(get_user(is_active=True))])
+@router.get("/users/{user_id}", dependencies=[Depends(get_user())])
 async def read_user(
     user_id: int,
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
 ) -> ReadUserSchema:
-    user = await unit_of_work.user.read_by_id(user_id=user_id, is_active=True)
+    user = await unit_of_work.user.read_by_id(user_id=user_id)
     return ReadUserSchema.model_validate(user, from_attributes=True)
diff --git a/syncmaster/server/services/get_user.py b/syncmaster/server/services/get_user.py
@@ -4,35 +4,55 @@
 from typing import Annotated, Any
 
 from fastapi import Depends, Request
-from fastapi.security import OAuth2PasswordBearer
+from fastapi.security import (
+    HTTPAuthorizationCredentials,
+    HTTPBearer,
+    OAuth2PasswordBearer,
+)
 
 from syncmaster.db.models import User
 from syncmaster.exceptions import ActionNotAllowedError, EntityNotFoundError
 from syncmaster.server.dependencies import Stub
 from syncmaster.server.providers.auth import AuthProvider
 
-oauth_schema = OAuth2PasswordBearer(tokenUrl="v1/auth/token", auto_error=False)
+bearer_token = HTTPBearer(
+    description="Perform authentication using Bearer token",
+    auto_error=False,
+)
+oauth_schema = OAuth2PasswordBearer(
+    description="Perform authentication using configured AuthProvider",
+    tokenUrl="v1/auth/token",
+    auto_error=False,
+)
 
 
-def get_user(
-    is_active: bool = False,
+def get_user(  # noqa: WPS231
     is_superuser: bool = False,
-) -> Callable[[Request, AuthProvider, str], Coroutine[Any, Any, User]]:
+) -> Callable[[Request, AuthProvider, str | None, HTTPAuthorizationCredentials | None], Coroutine[Any, Any, User]]:
     async def wrapper(
         request: Request,
         auth_provider: Annotated[AuthProvider, Depends(Stub(AuthProvider))],
-        access_token: Annotated[str | None, Depends(oauth_schema)],
+        oauth_token: Annotated[str | None, Depends(oauth_schema)],
+        bearer_token: Annotated[HTTPAuthorizationCredentials | None, Depends(bearer_token)],
     ) -> User:
-        # keycloak provider patches session and store access_token in cookie,
-        # when dummy auth stores it in "Authorization" header
-        access_token = request.session.get("access_token", "") or access_token
+        access_token: str | None = None
+        if bearer_token:
+            # explicit token provided by user
+            access_token = bearer_token.credentials
+        elif oauth_token:
+            # DummyAuth stores token in "Authorization" header
+            access_token = oauth_token
+        elif "access_token" in request.session:
+            # KeyaockAuth patches session and store access_token in cookie
+            access_token = request.session["access_token"]
+
         user = await auth_provider.get_current_user(
             access_token=access_token,
             request=request,
         )
         if user is None:
             raise EntityNotFoundError("User not found")
-        if is_active and not user.is_active:
+        if not user.is_active:
             raise ActionNotAllowedError("Inactive user")
         if is_superuser and not user.is_superuser:
             raise ActionNotAllowedError("You have no power here")

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ async def auth_callback(`
`63`	`63`	`)`
`64`	`64`	`async def logout(`
`65`	`65`	`request: Request,`
`66`		`- current_user: Annotated[User, Depends(get_user(is_active=True))],`
	`66`	`+ current_user: Annotated[User, Depends(get_user())],`
`67`	`67`	`auth_provider: Annotated[KeycloakAuthProvider, Depends(Stub(AuthProvider))],`
`68`	`68`	`):`
`69`	`69`	`refresh_token = request.session.get("refresh_token", None)`