This is an automated email from the ASF dual-hosted git repository.
yasithdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airavata-portals.git
The following commit(s) were added to refs/heads/main by this push:
new acb400793 Fix stale auth-middleware comments (#218)
acb400793 is described below
commit acb400793fd978e3d57e663983314a2bf1c18343
Author: Yasith Jayawardana <[email protected]>
AuthorDate: Sat Jun 13 01:39:55 2026 -0400
Fix stale auth-middleware comments (#218)
The session/bearer auth middlewares are wired in settings.MIDDLEWARE, but
their
comments still said "NOT wired into settings yet" and referenced the
since-removed
token_authentication.KeycloakTokenAuthentication class. Update the section
header,
the keycloak_bearer_middleware docstring, and the non-admin-default comment
to
describe the live state.
---
airavata-django-portal/django_airavata/apps/admin/views.py | 5 -----
airavata-django-portal/django_airavata/apps/api/helpers.py | 5 -----
airavata-django-portal/django_airavata/apps/api/web.py | 12 ------------
.../django_airavata/apps/auth/middleware.py | 12 +++++-------
4 files changed, 5 insertions(+), 29 deletions(-)
diff --git a/airavata-django-portal/django_airavata/apps/admin/views.py
b/airavata-django-portal/django_airavata/apps/admin/views.py
index cf2967782..98d4eee51 100644
--- a/airavata-django-portal/django_airavata/apps/admin/views.py
+++ b/airavata-django-portal/django_airavata/apps/admin/views.py
@@ -24,11 +24,6 @@ def credential_store(request):
return render(request, "admin/admin_base.html")
-@login_required
-def compute_resource(request):
- return render(request, "admin/compute_resource.html")
-
-
@login_required
def group_resource_profile(request):
request.active_nav_item = "group_resource_profile"
diff --git a/airavata-django-portal/django_airavata/apps/api/helpers.py
b/airavata-django-portal/django_airavata/apps/api/helpers.py
index 9324444f6..f1ddd5d22 100644
--- a/airavata-django-portal/django_airavata/apps/api/helpers.py
+++ b/airavata-django-portal/django_airavata/apps/api/helpers.py
@@ -195,8 +195,3 @@ class WorkspacePreferencesHelper:
def _can_write(self, request, entity_id):
return compute_resources.user_can_write(request.airavata, entity_id)
-
- def _can_read(self, request, entity_id):
- return request.airavata.sharing.user_has_access(
- resource_id=entity_id, user_id=request.user.username,
permission_type="READ"
- )
diff --git a/airavata-django-portal/django_airavata/apps/api/web.py
b/airavata-django-portal/django_airavata/apps/api/web.py
index 5f1c5164f..f622ae271 100644
--- a/airavata-django-portal/django_airavata/apps/api/web.py
+++ b/airavata-django-portal/django_airavata/apps/api/web.py
@@ -274,18 +274,6 @@ class NOT:
# Make the operators on BasePermission subclasses return _OperandHolder so that
# ``ClassA | ClassB`` (classes, not instances) composes into a callable class.
-def _cls_or(cls, other):
- return _OperandHolder(OR, cls, other)
-
-
-def _cls_and(cls, other):
- return _OperandHolder(AND, cls, other)
-
-
-def _cls_invert(cls):
- return _OperandHolder(NOT, cls)
-
-
OperationHolderMixin.__or__ = lambda self, other: _OperandHolder(OR, self,
other) # ty: ignore[invalid-assignment] # intentional monkeypatch so
class-level operators return _OperandHolder
OperationHolderMixin.__and__ = lambda self, other: _OperandHolder(AND, self,
other) # ty: ignore[invalid-assignment] # intentional monkeypatch so
class-level operators return _OperandHolder
OperationHolderMixin.__invert__ = lambda self: _OperandHolder(NOT, self) #
ty: ignore[invalid-assignment] # intentional monkeypatch so class-level
operators return _OperandHolder
diff --git a/airavata-django-portal/django_airavata/apps/auth/middleware.py
b/airavata-django-portal/django_airavata/apps/auth/middleware.py
index e04018e9a..81c1973d3 100644
--- a/airavata-django-portal/django_airavata/apps/auth/middleware.py
+++ b/airavata-django-portal/django_airavata/apps/auth/middleware.py
@@ -89,8 +89,8 @@ def gateway_groups_middleware(get_response):
# ---------------------------------------------------------------------------
-# DRF-replacement middleware (Phase B). NOT wired into settings yet — defined
-# here so the cutover can add them to MIDDLEWARE in one step.
+# DRF-replacement auth middleware (session + Keycloak bearer token), wired into
+# settings.MIDDLEWARE.
# ---------------------------------------------------------------------------
@@ -192,15 +192,13 @@ def session_keycloak_user_middleware(get_response):
def keycloak_bearer_middleware(get_response):
"""Authenticate ``Authorization: Bearer <jwt>`` requests against Keycloak.
- Mirrors ``token_authentication.KeycloakTokenAuthentication`` (reusing
- ``_jwks`` / ``KeycloakUser`` / ``AuthzToken``): if ``request.user`` is
already
+ Reuses ``token_authentication``'s ``_jwks`` / ``KeycloakUser`` /
``AuthzToken``:
+ if ``request.user`` is already
authenticated (session) this is a no-op; elif a Bearer token is present it
is
validated and ``request.user`` / ``request.authz_token`` (+ the
``is_gateway_admin`` / ``is_read_only_gateway_admin`` defaults) are set;
else
the request is left Anonymous. An invalid token leaves the user Anonymous
(no
raise — the permission layer returns 401).
-
- NOT wired into settings yet.
"""
import jwt
@@ -240,7 +238,7 @@ def keycloak_bearer_middleware(get_response):
request.user = keycloak_user
request.authz_token = authz_token
# The session-based gateway_groups_middleware sets these; pure-token
auth
- # skips it, so default to non-admin (matches
KeycloakTokenAuthentication).
+ # skips it, so default to non-admin.
request.is_gateway_admin = False
request.is_read_only_gateway_admin = False
