Store token in username

plugins/auth/fps_auth/backends.py

@@ -24,6 +24,7 @@
 
 from .config import get_auth_config
 from .db import User, get_user_db, secret
+from .models import UserCreate
 
 logger = get_configured_logger("auth")
 
@@ -118,21 +119,20 @@ async def get_enabled_backends(auth_config=Depends(get_auth_config)):
 )
 
 
-async def create_guest(user_db, auth_config):
+async def create_guest(user_manager, auth_config):
     # workspace and settings are copied from global user
     # but this is a new user
-    global_user = await user_db.get_by_email(auth_config.global_email)
+    global_user = await user_manager.get_by_email(auth_config.global_email)
     user_id = str(uuid.uuid4())
     guest = dict(
-        id=user_id,
         anonymous=True,
         email=f"{user_id}@jupyter.com",
         username=f"{user_id}@jupyter.com",
-        hashed_password="",
+        password="",
         workspace=global_user.workspace,
         settings=global_user.settings,
     )
-    return await user_db.create(guest)
+    return await user_manager.create(UserCreate(**guest))
 
 
 def current_user(resource: Optional[str] = None):
@@ -143,7 +143,7 @@ async def _(
         user: Optional[User] = Depends(
             fapi_users.current_user(optional=True, get_enabled_backends=get_enabled_backends)
         ),
-        user_db=Depends(get_user_db),
+        user_manager: UserManager = Depends(get_user_manager),
         auth_config=Depends(get_auth_config),
     ):
         if auth_config.mode == "user":
@@ -161,18 +161,18 @@ async def _(
             # "noauth" or "token" authentication
             if auth_config.collaborative:
                 if not user and auth_config.mode == "noauth":
-                    user = await create_guest(user_db, auth_config)
+                    user = await create_guest(user_manager, auth_config)
                     await cookie_authentication.login(get_jwt_strategy(), user, response)
 
                 elif not user and auth_config.mode == "token":
-                    global_user = await user_db.get_by_email(auth_config.global_email)
+                    global_user = await user_manager.get_by_email(auth_config.global_email)
                     if global_user and global_user.hashed_password == token:
-                        user = await create_guest(user_db, auth_config)
+                        user = await create_guest(user_manager, auth_config)
                         await cookie_authentication.login(get_jwt_strategy(), user, response)
             else:
                 if auth_config.mode == "token":
-                    global_user = await user_db.get_by_email(auth_config.global_email)
-                    if global_user and global_user.hashed_password == token:
+                    global_user = await user_manager.get_by_email(auth_config.global_email)
+                    if global_user and global_user.username == token:
                         user = global_user
                         await cookie_authentication.login(get_jwt_strategy(), user, response)
 

plugins/auth/fps_auth/db.py

@@ -77,13 +77,3 @@ async def get_async_session() -> AsyncGenerator[AsyncSession, None]:
 
 async def get_user_db(session: AsyncSession = Depends(get_async_session)):
     yield SQLAlchemyUserDatabase(session, User, OAuthAccount)
-
-
-class UserDb:
-    async def __aenter__(self):
-        self.session = async_session_maker()
-        session = await self.session.__aenter__()
-        return SQLAlchemyUserDatabase(session, User, OAuthAccount)
-
-    async def __aexit__(self, exc_type, exc_value, exc_tb):
-        return await self.session.__aexit__(exc_type, exc_value, exc_tb)

plugins/auth/fps_auth/routes.py

@@ -20,7 +20,6 @@
 from .config import get_auth_config
 from .db import (
     User,
-    UserDb,
     async_session_maker,
     create_db_and_tables,
     get_async_session,
@@ -41,25 +40,27 @@
 get_user_manager_context = contextlib.asynccontextmanager(get_user_manager)
 
 
-async def create_user(
-    username: str,
-    email: str,
-    password: str,
-    is_superuser: bool = False,
-    permissions: Dict[str, List[str]] = {},
-):
+@contextlib.asynccontextmanager
+async def _get_user_manager():
     async with get_async_session_context() as session:
         async with get_user_db_context(session) as user_db:
             async with get_user_manager_context(user_db) as user_manager:
-                await user_manager.create(
-                    UserCreate(
-                        username=username,
-                        email=email,
-                        password=password,
-                        is_superuser=is_superuser,
-                        permissions=permissions,
-                    )
-                )
+                yield user_manager
+
+
+async def create_user(**kwargs):
+    async with _get_user_manager() as user_manager:
+        await user_manager.create(UserCreate(**kwargs))
+
+
+async def update_user(user, **kwargs):
+    async with _get_user_manager() as user_manager:
+        await user_manager.update(UserUpdate(**kwargs), user)
+
+
+async def get_user_by_email(user_email):
+    async with _get_user_manager() as user_manager:
+        return await user_manager.get_by_email(user_email)
 
 
 @router.on_event("startup")
@@ -81,14 +82,18 @@ async def startup():
 
     try:
         await create_user(
-            username=auth_config.global_email,
+            username=auth_config.token,
             email=auth_config.global_email,
-            password=auth_config.token,
+            password="",
+            permissions={},
         )
     except UserAlreadyExists:
-        async with UserDb() as user_db:
-            global_user = await user_db.get_by_email(auth_config.global_email)
-            await user_db.update(global_user, {"hashed_password": auth_config.token})
+        global_user = await get_user_by_email(auth_config.global_email)
+        await update_user(
+            global_user,
+            username=auth_config.token,
+            permissions={},
+        )
 
     if auth_config.mode == "token":
         logger.info("")