Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: DIA-1935: fix JWT feature flag #7128

Merged
merged 11 commits into from
Feb 26, 2025
Merged

fix: DIA-1935: fix JWT feature flag #7128

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
aa60baa
dev: add logging
pakelley Feb 21, 2025
18a8000
logging
pakelley Feb 21, 2025
a13769a
logging
pakelley Feb 24, 2025
0ecd03f
logging
pakelley Feb 24, 2025
27cfe36
logging
pakelley Feb 24, 2025
6464d9c
logging
pakelley Feb 24, 2025
84df485
user auto
pakelley Feb 24, 2025
87d6b62
cleanup
pakelley Feb 24, 2025
b2924ab
logging
pakelley Feb 24, 2025
21ab5c6
fix user handling for feature flag
pakelley Feb 24, 2025
b5f0544
simplify logic a bit
pakelley Feb 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 14 additions & 20 deletions label_studio/jwt_auth/middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,27 +18,21 @@
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.exceptions import AuthenticationFailed, InvalidToken, TokenError

JWT_ACCESS_TOKEN_ENABLED = flag_set('fflag__feature_develop__prompts__dia_1829_jwt_token_auth')
if JWT_ACCESS_TOKEN_ENABLED:
try:
user_and_token = JWTAuthentication().authenticate(request)
if not user_and_token:
logger.debug('JWT auth could not resolve user/token')
return self.get_response(request)

try:
user_and_token = JWTAuthentication().authenticate(request)
if user_and_token:
user = User.objects.get(pk=user_and_token[0].pk)
if user.active_organization.jwt.api_tokens_enabled:
logger.debug('JWT auth resolved user/token')
JWT_ACCESS_TOKEN_ENABLED = flag_set(
'fflag__feature_develop__prompts__dia_1829_jwt_token_auth', user=user
)
if JWT_ACCESS_TOKEN_ENABLED and user.active_organization.jwt.api_tokens_enabled:
request.user = user
request.is_jwt = True
else:
logger.debug('JWT auth resolved user/token, but org does not have jwt enabled')

except User.DoesNotExist:
logger.info('JWT authentication failed: User no longer exists')
return JsonResponse({'detail': 'User not found'}, status=status.HTTP_401_UNAUTHORIZED)
except (AuthenticationFailed, InvalidToken, TokenError) as e:
logger.info('JWT authentication failed: %s', e)
# don't raise 401 here, fallback to other auth methods (in case token is valid for them)
# (have unit tests verifying that this still results in a 401 if other auth mechanisms fail)
except User.DoesNotExist:
logger.info('JWT authentication failed: User no longer exists')
return JsonResponse({'detail': 'User not found'}, status=status.HTTP_401_UNAUTHORIZED)

Check warning on line 33 in label_studio/jwt_auth/middleware.py

View check run for this annotation

Codecov / codecov/patch

label_studio/jwt_auth/middleware.py#L32-L33 

Added lines #L32 - L33 were not covered by tests
except (AuthenticationFailed, InvalidToken, TokenError) as e:
logger.info('JWT authentication failed: %s', e)
# don't raise 401 here, fallback to other auth methods (in case token is valid for them)
# (have unit tests verifying that this still results in a 401 if other auth mechanisms fail)
return self.get_response(request)
Loading