From 3ceac57e438cc82f9a2f6c8433af6504df73c3eb Mon Sep 17 00:00:00 2001
From: Johan Marcusson <johan.marcusson@sunet.se>
Date: Fri, 16 Feb 2024 09:06:34 +0100
Subject: [PATCH] validate token for websockets to get sub -> userinfo to log
 user email

---
 src/cnaas_nms/api/app.py        | 3 +--
 src/cnaas_nms/tools/security.py | 8 ++++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/cnaas_nms/api/app.py b/src/cnaas_nms/api/app.py
index 090ff9b5..37c7b7b8 100644
--- a/src/cnaas_nms/api/app.py
+++ b/src/cnaas_nms/api/app.py
@@ -49,7 +49,6 @@
 from cnaas_nms.api.system import api as system_api
 from cnaas_nms.app_settings import api_settings, auth_settings
 from cnaas_nms.tools.log import get_logger
-from cnaas_nms.tools.rbac.token import Token
 from cnaas_nms.tools.security import get_oauth_userinfo, oauth_required
 from cnaas_nms.version import __api_version__
 
@@ -193,7 +192,7 @@ def socketio_on_connect():
     # if oidc, get userinfo
     if auth_settings.OIDC_ENABLED:
         try:
-            token = Token(token_string, None)
+            token = oauth_required.get_token_validator("bearer").authenticate_token(token_string)
             user = get_oauth_userinfo(token)["email"]
         except InvalidTokenError as e:
             logger.debug("InvalidTokenError: " + format(e))
diff --git a/src/cnaas_nms/tools/security.py b/src/cnaas_nms/tools/security.py
index dd742339..2c271853 100644
--- a/src/cnaas_nms/tools/security.py
+++ b/src/cnaas_nms/tools/security.py
@@ -74,8 +74,8 @@ def get_oauth_userinfo(token: Token) -> Any:
                 return json.loads(cached_userinfo)
     except RedisError as e:
         logger.debug("Redis cache error: {}".format(str(e)))
-    except KeyError as e:
-        logger.debug("KeyError: {}".format(str(e)))
+    except (TypeError, KeyError) as e:
+        logger.debug("Error while getting userinfo cache: {}".format(str(e)))
 
     # Request the userinfo
     try:
@@ -113,8 +113,8 @@ def get_oauth_userinfo(token: Token) -> Any:
         raise InvalidTokenError("Invalid JSON in userinfo response: {}".format(str(e)))
     except RedisError as e:
         logger.debug("Redis cache error: {}".format(str(e)))
-    except KeyError as e:
-        logger.debug("KeyError: {}".format(str(e)))
+    except (TypeError, KeyError) as e:
+        logger.debug("Error while getting userinfo cache: {}".format(str(e)))
     return resp.json()