fix: remove default issuer and add models docstring

DIRACGrid · Mar 6, 2025 · 07276b9 · 07276b9
1 parent b03406b
commit 07276b9
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 8 deletions.
diff --git a/diracx-core/src/diracx/core/models.py b/diracx-core/src/diracx/core/models.py
@@ -1,3 +1,8 @@
+"""Models are used to define the data structure of the requests and responses
+for the DiracX API. They are shared between the client components (cli, api) and
+services components (db, logic, routers).
+"""
+
 from __future__ import annotations
 
 from datetime import datetime

diff --git a/diracx-core/src/diracx/core/settings.py b/diracx-core/src/diracx/core/settings.py
@@ -134,9 +134,7 @@ class AuthSettings(ServiceSettingsBase):
     # State key is used to encrypt/decrypt the state dict passed to the IAM
     state_key: FernetKey
 
-    # TODO: this should probably be something mandatory
-    # to set by the user
-    token_issuer: str = "http://lhcbdirac.cern.ch/"  # noqa: S105
+    token_issuer: str
     token_key: TokenSigningKey
     token_algorithm: str = "RS256"  # noqa: S105
     access_token_expire_minutes: int = 20

diff --git a/diracx-db/src/diracx/db/sql/sandbox_metadata/db.py b/diracx-db/src/diracx/db/sql/sandbox_metadata/db.py
@@ -23,7 +23,6 @@ class SandboxMetadataDB(BaseSQLDB):
 
     async def get_owner_id(self, user: UserInfo) -> int | None:
         """Get the id of the owner from the database."""
-        # TODO: Follow https://github.com/DIRACGrid/diracx/issues/49
         stmt = select(SBOwners.OwnerID).where(
             SBOwners.Owner == user.preferred_username,
             SBOwners.OwnerGroup == user.dirac_group,

diff --git a/diracx-logic/src/diracx/logic/auth/token.py b/diracx-logic/src/diracx/logic/auth/token.py
@@ -273,9 +273,6 @@ async def exchange_token(
             "Dynamic registration of users is not yet implemented"
         )
 
-    # Extract attributes from the settings and configuration
-    issuer = settings.token_issuer
-
     # Check that the subject is part of the dirac users
     if sub not in config.Registry[vo].Groups[dirac_group].Users:
         raise PermissionError(
@@ -320,7 +317,7 @@ async def exchange_token(
     access_payload: AccessTokenPayload = {
         "sub": sub,
         "vo": vo,
-        "iss": issuer,
+        "iss": settings.token_issuer,
         "dirac_properties": list(properties),
         "jti": str(uuid4()),
         "preferred_username": preferred_username,