From 66d5bbf963603b68b3086e2bedbde79e49d36f0d Mon Sep 17 00:00:00 2001 From: Daniel McKnight Date: Mon, 11 Nov 2024 17:29:48 -0800 Subject: [PATCH] Refactor `read` requests to accept a token for auth Validate passed token as an access token, rather than refresh --- neon_data_models/models/api/mq.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/neon_data_models/models/api/mq.py b/neon_data_models/models/api/mq.py index 9056224..dc1dd53 100644 --- a/neon_data_models/models/api/mq.py +++ b/neon_data_models/models/api/mq.py @@ -28,8 +28,9 @@ from pydantic import Field, TypeAdapter, model_validator +from neon_data_models.models.api.jwt import HanaToken from neon_data_models.models.base.contexts import MQContext -from neon_data_models.models.user.database import User, TokenConfig +from neon_data_models.models.user.database import User class CreateUserRequest(MQContext): @@ -43,16 +44,19 @@ class ReadUserRequest(MQContext): auth_user_spec: str = Field( default="", description="Username or ID to authorize database read. " "If unset, this will use `user_spec`") - access_token: Optional[TokenConfig] = Field( + access_token: Optional[HanaToken] = Field( None, description="Token associated with `auth_username`") password: Optional[str] = Field(None, description="Password associated with " "`auth_username`") @model_validator(mode="after") - def get_auth_username(self) -> 'ReadUserRequest': + def validate_params(self) -> 'ReadUserRequest': if not self.auth_user_spec: self.auth_user_spec = self.user_spec + if self.access_token and self.access_token.purpose != "access": + raise ValueError(f"Expected an access token but got: " + f"{self.access_token.purpose}") return self