fixes #580

jph00 · jph00 · commit 123970800b91 · 2024-11-19T09:51:17.000+10:00
diff --git a/fasthtml/_modidx.py b/fasthtml/_modidx.py
@@ -149,11 +149,11 @@
                                                                                'fasthtml/oauth.py'),
                                 'fasthtml.oauth.OAuth': ('api/oauth.html#oauth', 'fasthtml/oauth.py'),
                                 'fasthtml.oauth.OAuth.__init__': ('api/oauth.html#oauth.__init__', 'fasthtml/oauth.py'),
-                                'fasthtml.oauth.OAuth._chk_auth': ('api/oauth.html#oauth._chk_auth', 'fasthtml/oauth.py'),
-                                'fasthtml.oauth.OAuth.chk_auth': ('api/oauth.html#oauth.chk_auth', 'fasthtml/oauth.py'),
-                                'fasthtml.oauth.OAuth.login': ('api/oauth.html#oauth.login', 'fasthtml/oauth.py'),
+                                'fasthtml.oauth.OAuth.check_invalid': ('api/oauth.html#oauth.check_invalid', 'fasthtml/oauth.py'),
+                                'fasthtml.oauth.OAuth.get_auth': ('api/oauth.html#oauth.get_auth', 'fasthtml/oauth.py'),
                                 'fasthtml.oauth.OAuth.login_link': ('api/oauth.html#oauth.login_link', 'fasthtml/oauth.py'),
                                 'fasthtml.oauth.OAuth.logout': ('api/oauth.html#oauth.logout', 'fasthtml/oauth.py'),
+                                'fasthtml.oauth.OAuth.redir_login': ('api/oauth.html#oauth.redir_login', 'fasthtml/oauth.py'),
                                 'fasthtml.oauth.OAuth.redir_url': ('api/oauth.html#oauth.redir_url', 'fasthtml/oauth.py'),
                                 'fasthtml.oauth.WebApplicationClient.login_link': ( 'api/oauth.html#webapplicationclient.login_link',
                                                                                     'fasthtml/oauth.py'),
diff --git a/fasthtml/oauth.py b/fasthtml/oauth.py
@@ -142,10 +142,10 @@ def __init__(self, app, cli, skip=None, redir_path='/redirect', error_path='/err
         if not skip: skip = [redir_path,error_path,login_path]
         store_attr()
         def before(req, session):
-            token = session.pop('token', None)
             auth = req.scope['auth'] = session.get('auth')
-            if not auth: return RedirectResponse(self.login_path, status_code=303)
-
+            if not auth: return self.redir_login(session)
+            res = self.check_invalid(req, session, auth)
+            if res: return res
         app.before.append(Beforeware(before, skip=skip))
 
         @app.get(redir_path)
@@ -154,25 +154,24 @@ def redirect(req, session, code:str=None, error:str=None, state:str=None):
             scheme = 'http' if url_match(req.url,self.http_patterns) or not self.https else 'https'
             base_url = f"{scheme}://{req.url.netloc}"
             info = AttrDictDefault(cli.retr_info(code, base_url+redir_path))
-            if not self._chk_auth(req, info, session): return RedirectResponse(self.login_path, status_code=303)
-            return self.login(info, state, session=session)
+            ident = info.get(self.cli.id_key)
+            if not ident: return self.redir_login(session)
+            res = self.get_auth(info, ident, session, state)
+            if not res:   return self.redir_login(session)
+            req.scope['auth'] = session['auth'] = ident
+            return res
 
         @app.get(logout_path)
         def logout(session):
             session.pop('auth', None)
             return self.logout(session)
 
+    def redir_login(self, session): return RedirectResponse(self.login_path, status_code=303)
     def redir_url(self, req):
         scheme = 'http' if url_match(req.url,self.http_patterns) or not self.https else 'https'
         return redir_url(req, self.redir_path, scheme)
 
     def login_link(self, req, scope=None, state=None): return self.cli.login_link(self.redir_url(req), scope=scope, state=state)
-
-    def login(self, info, state, session): raise NotImplementedError()
-    def logout(self, session): return RedirectResponse(self.login_path, status_code=303)
-    def chk_auth(self, info, ident, session): raise NotImplementedError()
-    def _chk_auth(self, req, info, session):
-        ident = info.get(self.cli.id_key)
-        if not ident and self.chk_auth(info, ident, session): return print('failed', info)
-        req.scope['auth'] = session['auth'] = ident
-        return True
+    def check_invalid(self, req, session, auth): return False
+    def logout(self, session): return self.redir_login(session)
+    def get_auth(self, info, ident, session, state): raise NotImplementedError()
diff --git a/nbs/api/08_oauth.ipynb b/nbs/api/08_oauth.ipynb
@@ -421,10 +421,10 @@
     "        if not skip: skip = [redir_path,error_path,login_path]\n",
     "        store_attr()\n",
     "        def before(req, session):\n",
-    "            token = session.pop('token', None)\n",
     "            auth = req.scope['auth'] = session.get('auth')\n",
-    "            if not auth: return RedirectResponse(self.login_path, status_code=303)\n",
-    "\n",
+    "            if not auth: return self.redir_login(session)\n",
+    "            res = self.check_invalid(req, session, auth)\n",
+    "            if res: return res\n",
     "        app.before.append(Beforeware(before, skip=skip))\n",
     "\n",
     "        @app.get(redir_path)\n",
@@ -433,28 +433,27 @@
     "            scheme = 'http' if url_match(req.url,self.http_patterns) or not self.https else 'https'\n",
     "            base_url = f\"{scheme}://{req.url.netloc}\"\n",
     "            info = AttrDictDefault(cli.retr_info(code, base_url+redir_path))\n",
-    "            if not self._chk_auth(req, info, session): return RedirectResponse(self.login_path, status_code=303)\n",
-    "            return self.login(info, state, session=session)\n",
+    "            ident = info.get(self.cli.id_key)\n",
+    "            if not ident: return self.redir_login(session)\n",
+    "            res = self.get_auth(info, ident, session, state)\n",
+    "            if not res:   return self.redir_login(session)\n",
+    "            req.scope['auth'] = session['auth'] = ident\n",
+    "            return res\n",
     "\n",
     "        @app.get(logout_path)\n",
     "        def logout(session):\n",
     "            session.pop('auth', None)\n",
     "            return self.logout(session)\n",
     "\n",
+    "    def redir_login(self, session): return RedirectResponse(self.login_path, status_code=303)\n",
     "    def redir_url(self, req):\n",
     "        scheme = 'http' if url_match(req.url,self.http_patterns) or not self.https else 'https'\n",
     "        return redir_url(req, self.redir_path, scheme)\n",
     "\n",
     "    def login_link(self, req, scope=None, state=None): return self.cli.login_link(self.redir_url(req), scope=scope, state=state)\n",
-    "\n",
-    "    def login(self, info, state, session): raise NotImplementedError()\n",
-    "    def logout(self, session): return RedirectResponse(self.login_path, status_code=303)\n",
-    "    def chk_auth(self, info, ident, session): raise NotImplementedError()\n",
-    "    def _chk_auth(self, req, info, session):\n",
-    "        ident = info.get(self.cli.id_key)\n",
-    "        if not ident and self.chk_auth(info, ident, session): return print('failed', info)\n",
-    "        req.scope['auth'] = session['auth'] = ident\n",
-    "        return True"
+    "    def check_invalid(self, req, session, auth): return False\n",
+    "    def logout(self, session): return self.redir_login(session)\n",
+    "    def get_auth(self, info, ident, session, state): raise NotImplementedError()"
    ]
   },
   {
