From e6ca161f88e3a8887a78d06e0f760a5c1b5fed0d Mon Sep 17 00:00:00 2001 From: Peter Holloway Date: Fri, 17 Apr 2026 16:21:11 +0100 Subject: [PATCH] Use Depends injection to extract user name --- src/blueapi/service/authentication.py | 9 +++++++++ src/blueapi/service/main.py | 15 ++++----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/blueapi/service/authentication.py b/src/blueapi/service/authentication.py index 944dccf5d..64dfc3004 100644 --- a/src/blueapi/service/authentication.py +++ b/src/blueapi/service/authentication.py @@ -325,3 +325,12 @@ def validate_bearer_token(request: Request, token: UncheckedBearerToken): def access_token(request: Request) -> Mapping[str, Any] | None: """Get the decoded and verified access token of the user making the request""" return getattr(request.state, "decoded_access_token", None) + + +def fedid( + access_token: Annotated[Mapping[str, Any] | None, Depends(access_token)], +) -> str | None: + return access_token.get("fedid") if access_token else None + + +Fedid = Annotated[str | None, Depends(fedid)] diff --git a/src/blueapi/service/main.py b/src/blueapi/service/main.py index 5dae9462a..546155f5c 100644 --- a/src/blueapi/service/main.py +++ b/src/blueapi/service/main.py @@ -2,7 +2,7 @@ import urllib.parse from collections.abc import Awaitable, Callable from contextlib import asynccontextmanager -from typing import Annotated, Any +from typing import Annotated import jwt from fastapi import ( @@ -36,7 +36,7 @@ from blueapi import __version__ from blueapi.config import ApplicationConfig, OIDCConfig, Tag from blueapi.service import interface -from blueapi.service.authentication import build_access_token_check +from blueapi.service.authentication import Fedid, build_access_token_check from blueapi.worker import TrackableTask, WorkerState from blueapi.worker.event import TaskStatusEnum @@ -267,18 +267,11 @@ def submit_task( response: Response, task_request: Annotated[TaskRequest, Body(..., examples=[example_task_request])], runner: Annotated[WorkerDispatcher, Depends(_runner)], + user: Fedid, ) -> TaskResponse: """Submit a task to the worker.""" try: - # Extract user from jwt if using OIDC (if jwt exists) - access_token: dict[str, Any] | None = getattr( - request.state, "decoded_access_token", None - ) - if access_token: - user: str = access_token.get("fedid", "Unknown") - else: - user = "Unknown" - + user = user or "Unknown" task_id: str = runner.run(interface.submit_task, task_request, {"user": user}) response.headers["Location"] = f"{request.url}/{task_id}" return TaskResponse(task_id=task_id)