Loading lib/galaxy/authnz/custos_authnz.py +2 −1 Original line number Diff line number Diff line Loading @@ -128,7 +128,7 @@ class OIDCAuthnzBase(IdentityProvider): # do not refresh tokens if last token is too old skip_old_tokens_threshold_seconds = skip_old_tokens_threshold_days * 86400 # 86400 seconds in a day if int(id_token_decoded["iat"]) + skip_old_tokens_threshold_seconds < int(time.time()): return False raise Exception("Expired Tokens. User needs to sign in.") oauth2_session = self._create_oauth2_session() token_endpoint = self.config.token_endpoint Loading Loading @@ -590,6 +590,7 @@ class OIDCAuthnzBase(IdentityProvider): custos_authnz_token = self._get_custos_authnz_token(sa_session, user_id, self.config.provider) user = custos_authnz_token.user if custos_authnz_token else None self.refresh(sa_session, custos_authnz_token, 90) return user, decoded_jwt Loading lib/galaxy/authnz/managers.py +2 −2 Original line number Diff line number Diff line Loading @@ -298,14 +298,14 @@ class AuthnzManager: msg = f"An error occurred when refreshing user token on `{auth.provider}` identity provider: {message}" log.error(msg) return False refreshed = backend.refresh(trans, auth, 30) refreshed = backend.refresh(trans.sa_session, auth, 30) if refreshed: log.debug(f"Refreshed user token via `{auth.provider}` identity provider") return True except BlockingIOError: log.debug("Another process is refreshing, skipping") return True except Exception: except Exception as e: log.exception("An error occurred when refreshing user token") return False Loading lib/galaxy/authnz/psa_authnz.py +5 −4 Original line number Diff line number Diff line Loading @@ -180,7 +180,7 @@ class PSAAuthnz(IdentityProvider): extra_data["expires"] = int(expires - time.time()) user_authnz_token.set_extra_data(extra_data) def refresh(self, trans, user_authnz_token, skip_old_tokens_threshold_days): def refresh(self, sa_session, user_authnz_token, skip_old_tokens_threshold_days): if not user_authnz_token or not user_authnz_token.extra_data: return False # refresh tokens if they reached their half lifetime Loading @@ -195,17 +195,17 @@ class PSAAuthnz(IdentityProvider): # do not refresh tokens if last token is too old skip_old_tokens_threshold_seconds = skip_old_tokens_threshold_days * 86400 # 86400 seconds in a day if int(user_authnz_token.extra_data["auth_time"]) + skip_old_tokens_threshold_seconds < int(time.time()): return False raise Exception("Expired Tokens. User needs to sign in.") if int(user_authnz_token.extra_data["auth_time"]) + int(expires) / 2 <= int(time.time()): on_the_fly_config(trans.sa_session) on_the_fly_config(sa_session) log.debug( f"Refreshing user token for {user_authnz_token.uid} via `{user_authnz_token.provider}` identity provider" ) if self.config["provider"] == "azure": self.refresh_azure(user_authnz_token) else: strategy = Strategy(None, trans.sa_session, Storage, self.config) strategy = Strategy(None, sa_session, Storage, self.config) user_authnz_token.refresh_token(strategy) log.debug( f"Refreshed user token for {user_authnz_token.uid} via `{user_authnz_token.provider}` identity provider" Loading Loading @@ -329,6 +329,7 @@ class PSAAuthnz(IdentityProvider): user_id = decoded_jwt["unique_name"] authnz_token = self._get_authnz_token(sa_session, user_id, self.config["provider"]) user = authnz_token.user if authnz_token else None self.refresh(sa_session, authnz_token, 90) return user, decoded_jwt @staticmethod Loading Loading
lib/galaxy/authnz/custos_authnz.py +2 −1 Original line number Diff line number Diff line Loading @@ -128,7 +128,7 @@ class OIDCAuthnzBase(IdentityProvider): # do not refresh tokens if last token is too old skip_old_tokens_threshold_seconds = skip_old_tokens_threshold_days * 86400 # 86400 seconds in a day if int(id_token_decoded["iat"]) + skip_old_tokens_threshold_seconds < int(time.time()): return False raise Exception("Expired Tokens. User needs to sign in.") oauth2_session = self._create_oauth2_session() token_endpoint = self.config.token_endpoint Loading Loading @@ -590,6 +590,7 @@ class OIDCAuthnzBase(IdentityProvider): custos_authnz_token = self._get_custos_authnz_token(sa_session, user_id, self.config.provider) user = custos_authnz_token.user if custos_authnz_token else None self.refresh(sa_session, custos_authnz_token, 90) return user, decoded_jwt Loading
lib/galaxy/authnz/managers.py +2 −2 Original line number Diff line number Diff line Loading @@ -298,14 +298,14 @@ class AuthnzManager: msg = f"An error occurred when refreshing user token on `{auth.provider}` identity provider: {message}" log.error(msg) return False refreshed = backend.refresh(trans, auth, 30) refreshed = backend.refresh(trans.sa_session, auth, 30) if refreshed: log.debug(f"Refreshed user token via `{auth.provider}` identity provider") return True except BlockingIOError: log.debug("Another process is refreshing, skipping") return True except Exception: except Exception as e: log.exception("An error occurred when refreshing user token") return False Loading
lib/galaxy/authnz/psa_authnz.py +5 −4 Original line number Diff line number Diff line Loading @@ -180,7 +180,7 @@ class PSAAuthnz(IdentityProvider): extra_data["expires"] = int(expires - time.time()) user_authnz_token.set_extra_data(extra_data) def refresh(self, trans, user_authnz_token, skip_old_tokens_threshold_days): def refresh(self, sa_session, user_authnz_token, skip_old_tokens_threshold_days): if not user_authnz_token or not user_authnz_token.extra_data: return False # refresh tokens if they reached their half lifetime Loading @@ -195,17 +195,17 @@ class PSAAuthnz(IdentityProvider): # do not refresh tokens if last token is too old skip_old_tokens_threshold_seconds = skip_old_tokens_threshold_days * 86400 # 86400 seconds in a day if int(user_authnz_token.extra_data["auth_time"]) + skip_old_tokens_threshold_seconds < int(time.time()): return False raise Exception("Expired Tokens. User needs to sign in.") if int(user_authnz_token.extra_data["auth_time"]) + int(expires) / 2 <= int(time.time()): on_the_fly_config(trans.sa_session) on_the_fly_config(sa_session) log.debug( f"Refreshing user token for {user_authnz_token.uid} via `{user_authnz_token.provider}` identity provider" ) if self.config["provider"] == "azure": self.refresh_azure(user_authnz_token) else: strategy = Strategy(None, trans.sa_session, Storage, self.config) strategy = Strategy(None, sa_session, Storage, self.config) user_authnz_token.refresh_token(strategy) log.debug( f"Refreshed user token for {user_authnz_token.uid} via `{user_authnz_token.provider}` identity provider" Loading Loading @@ -329,6 +329,7 @@ class PSAAuthnz(IdentityProvider): user_id = decoded_jwt["unique_name"] authnz_token = self._get_authnz_token(sa_session, user_id, self.config["provider"]) user = authnz_token.user if authnz_token else None self.refresh(sa_session, authnz_token, 90) return user, decoded_jwt @staticmethod Loading
