From 0de1ae1f2e8e8bac575c31181790738176668a68 Mon Sep 17 00:00:00 2001
From: Antoine Lambert <anlambert@softwareheritage.org>
Date: Tue, 4 Feb 2025 11:03:58 +0100
Subject: [PATCH] Fix typing errors with latest python-keycloak release
(v5.3.1)
Latest python-keycloak release updated its typings that trigger
new mypy errors for swh-auth.
---
requirements.txt | 2 +-
swh/auth/keycloak.py | 13 +++----
swh/auth/pytest_plugin.py | 72 ++++++++++++++++++++-------------------
3 files changed, 43 insertions(+), 44 deletions(-)
diff --git a/requirements.txt b/requirements.txt
index 11344b8..a9ba80e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,5 +2,5 @@
# should match https://pypi.python.org/pypi names. For the full spec or
# dependency lines, see https://pip.readthedocs.org/en/1.1/requirements.html
click
-python-keycloak >= 4
+python-keycloak >= 5.3.1
pyyaml
diff --git a/swh/auth/keycloak.py b/swh/auth/keycloak.py
index d3456b3..95fba37 100644
--- a/swh/auth/keycloak.py
+++ b/swh/auth/keycloak.py
@@ -71,11 +71,8 @@ class KeycloakOpenIDConnect:
Returns:
A dictionary filled with OpenID Connect URIS.
"""
- try:
- return self._keycloak.well_known()
- except AttributeError:
- # python-keycloak < 1.0.0
- return self._keycloak.well_know()
+
+ return self._keycloak.well_known()
def authorization_url(self, redirect_uri: str, **extra_params: str) -> str:
"""
@@ -101,7 +98,7 @@ class KeycloakOpenIDConnect:
return auth_url
def authorization_code(
- self, code: str, redirect_uri: str, **extra_params: str
+ self, code: str, redirect_uri: str, **extra_params
) -> Dict[str, Any]:
"""
Get OpenID Connect authentication tokens using Authorization
@@ -125,7 +122,7 @@ class KeycloakOpenIDConnect:
)
def login(
- self, username: str, password: str, scope: str = "openid", **extra_params: str
+ self, username: str, password: str, scope: str = "openid", **extra_params
) -> Dict[str, Any]:
"""
Get OpenID Connect authentication tokens using Direct Access Grant flow.
@@ -240,7 +237,7 @@ def keycloak_error_message(keycloak_error: KeycloakError) -> str:
"""Transform a keycloak exception into an error message."""
try:
# keycloak error wrapped in a JSON document
- msg_dict = json.loads(keycloak_error.error_message.decode())
+ msg_dict = json.loads(keycloak_error.error_message)
error_msg = msg_dict["error"]
error_desc = msg_dict.get("error_description")
if error_desc:
diff --git a/swh/auth/pytest_plugin.py b/swh/auth/pytest_plugin.py
index fb9cb64..51f5f21 100644
--- a/swh/auth/pytest_plugin.py
+++ b/swh/auth/pytest_plugin.py
@@ -67,40 +67,42 @@ class KeycloackOpenIDConnectMock(KeycloakOpenIDConnect):
self.user_groups = user_groups
self.realm_permissions = realm_permissions
self.client_permissions = client_permissions
- self._keycloak.public_key = lambda: raw_realm_public_key
- self._keycloak.well_known = lambda: {
- "issuer": f"{self.server_url}realms/{self.realm_name}",
- "authorization_endpoint": (
- f"{self.server_url}realms/"
- f"{self.realm_name}/protocol/"
- "openid-connect/auth"
- ),
- "token_endpoint": (
- f"{self.server_url}realms/{self.realm_name}/"
- "protocol/openid-connect/token"
- ),
- "token_introspection_endpoint": (
- f"{self.server_url}realms/"
- f"{self.realm_name}/protocol/"
- "openid-connect/token/"
- "introspect"
- ),
- "userinfo_endpoint": (
- f"{self.server_url}realms/{self.realm_name}/"
- "protocol/openid-connect/userinfo"
- ),
- "end_session_endpoint": (
- f"{self.server_url}realms/"
- f"{self.realm_name}/protocol/"
- "openid-connect/logout"
- ),
- "jwks_uri": (
- f"{self.server_url}realms/{self.realm_name}/"
- "protocol/openid-connect/certs"
- ),
- }
- # for python-keycloak < 1.0.0:
- self._keycloak.well_know = self._keycloak.well_known
+ setattr(self._keycloak, "public_key", lambda: raw_realm_public_key)
+ setattr(
+ self._keycloak,
+ "well_known",
+ lambda: {
+ "issuer": f"{self.server_url}realms/{self.realm_name}",
+ "authorization_endpoint": (
+ f"{self.server_url}realms/"
+ f"{self.realm_name}/protocol/"
+ "openid-connect/auth"
+ ),
+ "token_endpoint": (
+ f"{self.server_url}realms/{self.realm_name}/"
+ "protocol/openid-connect/token"
+ ),
+ "token_introspection_endpoint": (
+ f"{self.server_url}realms/"
+ f"{self.realm_name}/protocol/"
+ "openid-connect/token/"
+ "introspect"
+ ),
+ "userinfo_endpoint": (
+ f"{self.server_url}realms/{self.realm_name}/"
+ "protocol/openid-connect/userinfo"
+ ),
+ "end_session_endpoint": (
+ f"{self.server_url}realms/"
+ f"{self.realm_name}/protocol/"
+ "openid-connect/logout"
+ ),
+ "jwks_uri": (
+ f"{self.server_url}realms/{self.realm_name}/"
+ "protocol/openid-connect/certs"
+ ),
+ },
+ )
self.set_auth_success(auth_success, oidc_profile, user_info)
@@ -156,7 +158,7 @@ class KeycloackOpenIDConnectMock(KeycloakOpenIDConnect):
"error": "invalid_grant",
"error_description": "Invalid user credentials",
}
- error_message = json.dumps(error).encode()
+ error_message = json.dumps(error)
exception = KeycloakError(error_message=error_message, response_code=401)
self.authorization_code.side_effect = exception
self.authorization_url.side_effect = exception
--
GitLab