From c0c191a33ea9e16d918be33ce86c92797ca9006c Mon Sep 17 00:00:00 2001 From: Komal Thareja Date: Sat, 14 Sep 2024 14:59:53 -0400 Subject: [PATCH 1/2] fix llt issue --- fabric_cm/credmgr/token/token_encoder.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/fabric_cm/credmgr/token/token_encoder.py b/fabric_cm/credmgr/token/token_encoder.py index 358bb2d..fa7d40a 100644 --- a/fabric_cm/credmgr/token/token_encoder.py +++ b/fabric_cm/credmgr/token/token_encoder.py @@ -90,8 +90,7 @@ def encode(self, private_key: str, validity_in_seconds: int, kid: str, pass_phra self._add_fabric_claims() if not Utils.is_short_lived(lifetime_in_hours=int(validity_in_seconds/3600)) and \ - not self._validate_lifetime(validity=validity_in_seconds, project_id=self.project_id, - roles=self.claims.get(self.ROLES)): + not self._validate_lifetime(validity=validity_in_seconds, project=self.claims[self.PROJECTS][0]): raise TokenError(f"User {self.claims[self.EMAIL]} is not authorized to create long lived tokens!") code, token_or_exception = JWTManager.encode_and_sign_with_private_key(validity=validity_in_seconds, @@ -107,19 +106,15 @@ def encode(self, private_key: str, validity_in_seconds: int, kid: str, pass_phra self.encoded = True return self.token - def _validate_lifetime(self, *, validity: int, roles: dict, project_id: str): + def _validate_lifetime(self, *, validity: int, roles: dict, project: dict): """ Set the claims for the Token by adding membership, project and scope """ if validity == CONFIG_OBJ.get_token_life_time(): return True - llt_role = f"{project_id}-{CONFIG_OBJ.get_llt_role_suffix()}" - - # User doesn't have the role to create Long lived tokens - for role in roles: - if llt_role in role.values(): - return True + if project.get("memberships") and project.get("memberships").get("is_token_holder"): + return True return False From 9db0a97ad71097ee4cf1b44b184f52b4e99ae9e0 Mon Sep 17 00:00:00 2001 From: Komal Thareja Date: Sat, 14 Sep 2024 15:04:51 -0400 Subject: [PATCH 2/2] fix llt issue --- fabric_cm/credmgr/token/token_encoder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fabric_cm/credmgr/token/token_encoder.py b/fabric_cm/credmgr/token/token_encoder.py index fa7d40a..11fee82 100644 --- a/fabric_cm/credmgr/token/token_encoder.py +++ b/fabric_cm/credmgr/token/token_encoder.py @@ -106,7 +106,7 @@ def encode(self, private_key: str, validity_in_seconds: int, kid: str, pass_phra self.encoded = True return self.token - def _validate_lifetime(self, *, validity: int, roles: dict, project: dict): + def _validate_lifetime(self, *, validity: int, project: dict): """ Set the claims for the Token by adding membership, project and scope """