Fix

truenas · Aug 7, 2024 · c323f86 · c323f86
1 parent 89eb9bf
commit c323f86
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 41 deletions.
diff --git a/src/middlewared/middlewared/auth.py b/src/middlewared/middlewared/auth.py
@@ -79,6 +79,43 @@ def dump(self):
         }
 
 
+class TokenSessionManagerCredentials(SessionManagerCredentials):
+    def __init__(self, token_manager, token):
+        root_credentials = token.root_credentials()
+
+        self.token_manager = token_manager
+        self.token = token
+        self.is_user_session = root_credentials.is_user_session
+        if self.is_user_session:
+            self.user = root_credentials.user
+
+        self.allowlist = root_credentials.allowlist
+
+    def is_valid(self):
+        return self.token.is_valid()
+
+    def authorize(self, method, resource):
+        return self.token.parent_credentials.authorize(method, resource)
+
+    def has_role(self, role):
+        return self.token.parent_credentials.has_role(role)
+
+    def notify_used(self):
+        self.token.notify_used()
+
+    def logout(self):
+        self.token_manager.destroy(self.token)
+
+    def dump(self):
+        data = {
+            "parent": dump_credentials(self.token.parent_credentials),
+        }
+        if self.is_user_session:
+            data["username"] = self.user["username"]
+
+        return data
+
+
 class TrueNasNodeSessionManagerCredentials(SessionManagerCredentials):
     def authorize(self, method, resource):
         return True

diff --git a/src/middlewared/middlewared/plugins/auth.py b/src/middlewared/middlewared/plugins/auth.py
@@ -9,7 +9,8 @@
 
 from middlewared.auth import (SessionManagerCredentials, UserSessionManagerCredentials,
                               UnixSocketSessionManagerCredentials, LoginPasswordSessionManagerCredentials,
-                              ApiKeySessionManagerCredentials, TrueNasNodeSessionManagerCredentials)
+                              ApiKeySessionManagerCredentials, TrueNasNodeSessionManagerCredentials,
+                              TokenSessionManagerCredentials)
 from middlewared.schema import accepts, Any, Bool, Datetime, Dict, Int, List, Password, Patch, Ref, returns, Str
 from middlewared.service import (
     Service, filterable, filterable_returns, filter_list, no_auth_required, no_authz_required,
@@ -166,44 +167,6 @@ def dump(self):
         }
 
 
-class TokenSessionManagerCredentials(SessionManagerCredentials):
-    def __init__(self, token_manager, token):
-        root_credentials = token.root_credentials()
-
-        self.token_manager = token_manager
-        self.token = token
-        self.is_user_session = root_credentials.is_user_session
-        if self.is_user_session:
-            self.user = root_credentials.user
-
-        self.allowlist = root_credentials.allowlist
-
-    def is_valid(self):
-        return self.token.is_valid()
-
-    def authorize(self, method, resource):
-        return self.token.parent_credentials.authorize(method, resource)
-
-    def has_role(self, role):
-        return self.token.parent_credentials.has_role(role)
-
-    def notify_used(self):
-        self.token.notify_used()
-
-    def logout(self):
-        self.token_manager.destroy(self.token)
-
-    def dump(self):
-        data = {
-            "parent": dump_credentials(self.token.parent_credentials),
-        }
-        if self.is_user_session:
-            data["username"] = self.user["username"]
-
-        return data
-
-
-
 def is_internal_session(session):
     if isinstance(session.app.origin, UnixSocketOrigin) and session.app.origin.uid == 0:
         return True

diff --git a/src/middlewared/middlewared/utils/audit.py b/src/middlewared/middlewared/utils/audit.py
@@ -1,5 +1,6 @@
 from middlewared.auth import (
     ApiKeySessionManagerCredentials,
+    TokenSessionManagerCredentials,
     TrueNasNodeSessionManagerCredentials
 )
 
@@ -8,7 +9,7 @@
 INTERNAL_SESSION = '.TRUENAS_INTERNAL'
 API_KEY_PREFIX = '.TRUENAS_API_KEY:'
 NODE_SESSION = '.TRUENAS_NODE'
-UNKNOWN_SESSSION = '.UNKNOWN'
+UNKNOWN_SESSION = '.UNKNOWN'
 
 
 def audit_username_from_session(cred) -> str:
@@ -20,7 +21,7 @@ def audit_username_from_session(cred) -> str:
         return cred.user['username']
 
     # Track back to root credential if necessary (token session)
-    if hasattr(cred, 'root_credentials'):
+    if isinstance(cred, TokenSessionManagerCredentials):
         cred = cred.root_credentials
 
     if isinstance(cred, ApiKeySessionManagerCredentials):