updates for local testing - examples in local scripts

lukaszgryglicki · lukaszgryglicki · commit edef5d28b654 · 2025-06-25T11:31:53.000+02:00
Signed-off-by: Łukasz Gryglicki &lt;lgryglicki@cncf.io&gt;
diff --git a/cla-backend-go/auth/authorizer.go b/cla-backend-go/auth/authorizer.go
@@ -89,6 +89,10 @@ func (a Authorizer) SecurityAuth(token string, scopes []string) (*user.CLAUser,
 	}
 	f["username"] = username
 
+	// LG: to allow local testing
+	// a.authValidator.nameClaim = "http://lfx.dev/claims/username"
+	// a.authValidator.emailClaim = "http://lfx.dev/claims/email"
+
 	nameClaim, ok := claims[a.authValidator.nameClaim]
 	if !ok {
 		log.WithFields(f).Warnf("name not found: %+v", a.authValidator.nameClaim)
diff --git a/cla-backend-go/cmd/server.go b/cla-backend-go/cmd/server.go
@@ -235,6 +235,8 @@ func server(localMode bool) http.Handler {
 		log.WithFields(f).WithError(err).Panic("unable to setup docraptor client")
 	}
 
+	// LG: to test with manual tokens
+	// configFile.Auth0.UsernameClaim = "http://lfx.dev/claims/username"
 	authValidator, err := auth.NewAuthValidator(
 		configFile.Auth0.Domain,
 		configFile.Auth0.ClientID,
diff --git a/cla-backend/cla/auth.py b/cla-backend/cla/auth.py
@@ -11,6 +11,9 @@
 
 import cla
 
+# LG: for local environment override
+# os.environ["AUTH0_USERNAME_CLAIM"] = os.getenv("AUTH0_USERNAME_CLAIM_CLI", os.environ["AUTH0_USERNAME_CLAIM"])
+
 auth0_base_url = os.environ.get('AUTH0_DOMAIN', '')
 auth0_username_claim = os.environ.get('AUTH0_USERNAME_CLAIM', '')
 algorithms = [os.environ.get('AUTH0_ALGORITHM', '')]
@@ -95,6 +98,8 @@ def authenticate_user(headers):
                 "n": key["n"],
                 "e": key["e"]
             }
+    # print("Token kid:", unverified_header["kid"])
+    # print("JWKS kids:", [key["kid"] for key in jwks["keys"]])
     if rsa_key:
         try:
             payload = jwt.decode(
@@ -118,7 +123,9 @@ def authenticate_user(headers):
 
         username = payload.get(auth0_username_claim)
         if username is None:
-            raise AuthError('username not found')
+            # LG: to have more info
+            # raise AuthError(f"username not found in {auth0_username_claim}")
+            raise AuthError('username claim not found')
 
         auth_user = AuthUser(payload)
 
diff --git a/utils/get_user_from_token_go.sh b/utils/get_user_from_token_go.sh
@@ -3,6 +3,11 @@
 # API_URL=https://api.lfcla.dev.platform.linuxfoundation.org
 # DEBUG='' ./utils/get_user_from_token_go.sh
 # Note: To run manually see cla-backend-go/auth/authorizer.go:SecurityAuth() and update accordingly 'LG:'
+# Or generate a real token using ... and the edit 'cla-backend-go/cmd/server.go' - look for "LG: to test with manual tokens"
+# Or to get a real user data:
+# on local (non remote) computer: ~/get_oauth_token.sh (or ~/get_oauth_token_prod.sh) (will open browser, authenticate to LF, and return token data)
+# edit 'cla-backend-go/cmd/server.go' - look for "LG: to test with manual tokens", then 'cla-backend-go/auth/authorizer.go': LG: to allow local testing", then run ./bin/cla
+# then TOKEN='value from the get_oauth_token.sh script' DEBUG='' ./utils/get_user_from_token_go.sh
 
 if [ -z "$TOKEN" ]
 then

Original file line number	Diff line number	Diff line change
`@@ -235,6 +235,8 @@ func server(localMode bool) http.Handler {`
`235`	`235`	`log.WithFields(f).WithError(err).Panic("unable to setup docraptor client")`
`236`	`236`	`}`
`237`	`237`
	`238`	`+ // LG: to test with manual tokens`
	`239`	`+ // configFile.Auth0.UsernameClaim = "http://lfx.dev/claims/username"`
`238`	`240`	`authValidator, err := auth.NewAuthValidator(`
`239`	`241`	`configFile.Auth0.Domain,`
`240`	`242`	`configFile.Auth0.ClientID,`