Use max_priority instead of permissions in JWT token

canonical · Sep 30, 2024 · e27259c · e27259c
1 parent 39addbe
commit e27259c
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 14 deletions.
diff --git a/server/src/api/v1.py b/server/src/api/v1.py
@@ -658,15 +658,16 @@ def queue_wait_time_percentiles_get():
     return queue_percentile_data
 
 
-def generate_token(permissions, secret_key):
+def generate_token(max_priority, secret_key):
     """Generates JWT token with queue permission given a secret key"""
     expiration_time = datetime.utcnow() + timedelta(seconds=2)
     token_payload = {
         "exp": expiration_time,
         "iat": datetime.now(timezone.utc),  # Issued at time
         "sub": "access_token",
-        "permissions": permissions,
+        "max_priority": max_priority,
     }
+
     token = jwt.encode(token_payload, secret_key, algorithm="HS256")
     return token
 
@@ -687,8 +688,8 @@ def validate_client_key_pair(client_id: str, client_key: str):
         client_permissions_entry["client_secret_hash"].encode("utf8"),
     ):
         return None
-    permissions = client_permissions_entry["permissions"]
-    return permissions
+    max_priority = client_permissions_entry["max_priority"]
+    return max_priority
 
 
 SECRET_KEY = os.environ.get("JWT_SIGNING_KEY")

diff --git a/server/tests/conftest.py b/server/tests/conftest.py
@@ -74,17 +74,15 @@ def mongo_app_with_permissions(mongo_app):
         client_key.encode("utf-8"), client_salt
     ).decode("utf-8")
 
-    permissions = {
-        "max_priority": {
-            "myqueue": 100,
-            "myqueue2": 200,
-        }
+    max_priority = {
+        "myqueue": 100,
+        "myqueue2": 200,
     }
     mongo.client_permissions.insert_one(
         {
             "client_id": client_id,
             "client_secret_hash": client_key_hash,
-            "permissions": permissions,
+            "max_priority": max_priority,
         }
     )
-    yield app, mongo, client_id, client_key, permissions
+    yield app, mongo, client_id, client_key, max_priority
diff --git a/server/tests/test_v1.py b/server/tests/test_v1.py
@@ -744,7 +744,7 @@ def create_auth_header(client_id: str, client_key: str) -> dict:
 
 def test_authenticate_client_post(mongo_app_with_permissions):
     """Tests authentication endpoint which returns JWT with permissions"""
-    app, _, client_id, client_key, permissions = mongo_app_with_permissions
+    app, _, client_id, client_key, max_priority = mongo_app_with_permissions
     v1.SECRET_KEY = "my_secret_key"
     output = app.post(
         "/v1/oauth2/token",
@@ -756,9 +756,9 @@ def test_authenticate_client_post(mongo_app_with_permissions):
         token,
         v1.SECRET_KEY,
         algorithms="HS256",
-        options={"require": ["exp", "iat", "sub", "permissions"]},
+        options={"require": ["exp", "iat", "sub", "max_priority"]},
     )
-    assert decoded_token["permissions"] == permissions
+    assert decoded_token["max_priority"] == max_priority
 
 
 def test_authenticate_invalid_client_id(mongo_app_with_permissions):