[DOP-21268] - minor fixes

Author: maxim-lixakov

.env.docker

@@ -7,6 +7,7 @@ SYNCMASTER__SERVER__DEBUG=true
 # Logging
 SYNCMASTER__LOGGING__SETUP=True
 SYNCMASTER__LOGGING__PRESET=colored
+SYNCMASTER__LOG_URL_TEMPLATE=https://grafana.example.com?correlation_id={{ correlation_id }}&run_id={{ run.id }}
 
 # Encrypt / Decrypt credentials data
 SYNCMASTER__CRYPTO_KEY=UBgPTioFrtH2unlC4XFDiGf5sYfzbdSf_VgiUSaQc94=

.env.local

@@ -7,6 +7,7 @@ export SYNCMASTER__SERVER__DEBUG=true
 # Logging
 export SYNCMASTER__LOGGING__SETUP=True
 export SYNCMASTER__LOGGING__PRESET=colored
+export SYNCMASTER__LOG_URL_TEMPLATE="https://grafana.example.com?correlation_id={{ correlation_id }}&run_id={{ run.id }}"
 
 # Encrypt / Decrypt credentials data
 export SYNCMASTER__CRYPTO_KEY=UBgPTioFrtH2unlC4XFDiGf5sYfzbdSf_VgiUSaQc94=

syncmaster/backend/api/v1/auth.py

@@ -1,25 +1,23 @@
 # SPDX-FileCopyrightText: 2023-2024 MTS PJSC
 # SPDX-License-Identifier: Apache-2.0
-from typing import TYPE_CHECKING, Annotated
+from typing import Annotated
 
 from fastapi import APIRouter, Depends, HTTPException, Request
 from fastapi.responses import RedirectResponse
 from fastapi.security import OAuth2PasswordRequestForm
 
 from syncmaster.backend.dependencies import Stub
-from syncmaster.backend.providers.auth import AuthProvider
+from syncmaster.backend.providers.auth import (
+    AuthProvider,
+    DummyAuthProvider,
+    KeycloakAuthProvider,
+)
 from syncmaster.backend.utils.state import validate_state
 from syncmaster.errors.registration import get_error_responses
 from syncmaster.errors.schemas.invalid_request import InvalidRequestSchema
 from syncmaster.errors.schemas.not_authorized import NotAuthorizedSchema
 from syncmaster.schemas.v1.auth import AuthTokenSchema
 
-if TYPE_CHECKING:
-    from syncmaster.backend.providers.auth import (
-        DummyAuthProvider,
-        KeycloakAuthProvider,
-    )
-
 router = APIRouter(
     prefix="/auth",
     tags=["Auth"],
@@ -29,7 +27,7 @@
 
 @router.post("/token")
 async def token(
-    auth_provider: Annotated["DummyAuthProvider", Depends(Stub(AuthProvider))],
+    auth_provider: Annotated[DummyAuthProvider, Depends(Stub(AuthProvider))],
     form_data: OAuth2PasswordRequestForm = Depends(),
 ) -> AuthTokenSchema:
     token = await auth_provider.get_token_password_grant(
@@ -48,7 +46,7 @@ async def auth_callback(
     request: Request,
     code: str,
     state: str,
-    auth_provider: Annotated["KeycloakAuthProvider", Depends(Stub(AuthProvider))],
+    auth_provider: Annotated[KeycloakAuthProvider, Depends(Stub(AuthProvider))],
 ):
     original_redirect_url = validate_state(state)
     if not original_redirect_url:

syncmaster/backend/api/v1/runs.py

@@ -22,7 +22,9 @@
     RunPageSchema,
 )
 from syncmaster.worker.config import celery
-from syncmaster.worker.settings import worker_settings
+
+# TODO: remove global import of WorkerSettings
+from syncmaster.worker.settings import WorkerSettings as Settings
 
 router = APIRouter(tags=["Runs"], responses=get_error_responses())
 
@@ -117,7 +119,7 @@ async def start_run(
             type=RunType.MANUAL,
         )
 
-        log_url = Template(worker_settings.LOG_URL_TEMPLATE).render(
+        log_url = Template(Settings().LOG_URL_TEMPLATE).render(
             run=run,
             correlation_id=correlation_id.get(),
         )

syncmaster/backend/dependencies/get_access_token.py

@@ -4,7 +4,7 @@
 from fastapi.security.utils import get_authorization_scheme_param
 
 
-async def get_access_token(request: Request):
+async def get_access_token(request: Request) -> str | None:
     authorization = request.headers.get("Authorization")
     scheme, token = get_authorization_scheme_param(authorization)
     if not authorization or scheme.lower() != "bearer":

syncmaster/backend/middlewares/static_files.py

@@ -1,7 +1,6 @@
 # SPDX-FileCopyrightText: 2023-2024 MTS PJSC
 # SPDX-License-Identifier: Apache-2.0
 from fastapi import FastAPI
-from fastapi.staticfiles import StaticFiles
 
 from syncmaster.backend.settings.server.static_files import StaticFilesSettings
 
@@ -12,5 +11,5 @@ def apply_static_files(app: FastAPI, settings: StaticFilesSettings) -> FastAPI:
         return app
 
     # https://fastapi.tiangolo.com/how-to/custom-docs-ui-assets/#serve-the-static-files
-    app.mount("/static", StaticFiles(directory=settings.directory), name="static")
+    # app.mount("/static", StaticFiles(directory=settings.directory), name="static")
     return app

syncmaster/backend/providers/auth/dummy_provider.py

@@ -65,9 +65,6 @@ async def get_token_password_grant(
                 user = await self._uow.user.create(
                     username=login,
                     email=f"{login}@example.com",
-                    first_name=f"{login}_first",
-                    middle_name=f"{login}_middle",
-                    last_name=f"{login}_last",
                     is_active=True,
                 )
 

syncmaster/backend/providers/auth/keycloak_provider.py

@@ -105,6 +105,8 @@ async def get_current_user(self, access_token: str, *args, **kwargs) -> Any:
                 log.debug("Failed to refresh access token: %s", e)
                 self.redirect_to_auth(request.url.path)
 
+        # these names are hardcoded in keycloak:
+        # https://github.com/keycloak/keycloak/blob/3ca3a4ad349b4d457f6829eaf2ae05f1e01408be/core/src/main/java/org/keycloak/representations/IDToken.java
         user_id = token_info.get("sub")
         login = token_info.get("preferred_username")
         email = token_info.get("email")
@@ -133,9 +135,6 @@ async def refresh_access_token(self, refresh_token: str) -> dict[str, Any]:
         new_tokens = self.keycloak_openid.refresh_token(refresh_token)
         return new_tokens
 
-    async def get_user_info(self, access_token: str) -> dict[str, Any]:
-        return self.keycloak_openid.userinfo(access_token)
-
     def redirect_to_auth(self, path: str) -> None:
         state = generate_state(path)
         auth_url = self.keycloak_openid.auth_url(

syncmaster/backend/services/get_user.py

@@ -3,13 +3,13 @@
 from collections.abc import Callable, Coroutine
 from typing import Annotated, Any
 
-from fastapi import Depends, Request, status
-from fastapi.exceptions import HTTPException
+from fastapi import Depends, Request
 from fastapi.security import OAuth2PasswordBearer
 
 from syncmaster.backend.dependencies import Stub
 from syncmaster.backend.providers.auth import AuthProvider
 from syncmaster.db.models import User
+from syncmaster.exceptions import ActionNotAllowedError, EntityNotFoundError
 
 oauth_schema = OAuth2PasswordBearer(tokenUrl="v1/auth/token", auto_error=False)
 
@@ -21,7 +21,7 @@ def get_user(
     async def wrapper(
         request: Request,
         auth_provider: Annotated[AuthProvider, Depends(Stub(AuthProvider))],
-        access_token: Annotated[str, Depends(oauth_schema)],
+        access_token: Annotated[str | None, Depends(oauth_schema)],
     ) -> User:
         # keycloak provider patches session and store access_token in cookie,
         # when dummy auth stores it in "Authorization" header
@@ -31,20 +31,11 @@ async def wrapper(
             request=request,
         )
         if user is None:
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail="User not found",
-            )
+            raise EntityNotFoundError("User not found")
         if is_active and not user.is_active:
-            raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN,
-                detail="Inactive user",
-            )
+            raise ActionNotAllowedError("Inactive user")
         if is_superuser and not user.is_superuser:
-            raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN,
-                detail="You have no power here",
-            )
+            raise ActionNotAllowedError("You have no power here")
         return user
 
     return wrapper

syncmaster/db/repositories/user.py

@@ -60,9 +60,9 @@ async def create(
         username: str,
         email: str,
         is_active: bool,
-        first_name: str | None,
-        middle_name: str | None,
-        last_name: str | None,
+        first_name: str | None = None,
+        middle_name: str | None = None,
+        last_name: str | None = None,
         is_superuser: bool = False,
     ) -> User:
         query = (