bstein/bstein-dev-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

portal: allow onboarding confirms without login

Browse Source
This commit is contained in:
Brad Stein 2026-01-23 00:08:13 -03:00
parent 8677efaa94
commit 944cb24538
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
backend/atlas_portal/routes/access_requests.py
View File

@ -15,7 +15,7 @@ import psycopg
from .. import ariadne_client from .. import ariadne_client
from ..db import connect, configured from ..db import connect, configured
from ..keycloak import admin_client, require_auth from ..keycloak import admin_client, oidc_client, require_auth
from ..mailer import MailerError, access_request_verification_body, send_text_email from ..mailer import MailerError, access_request_verification_body, send_text_email
from ..rate_limit import rate_limit_allow from ..rate_limit import rate_limit_allow
from ..provisioning import provision_access_request, provision_tasks_complete from ..provisioning import provision_access_request, provision_tasks_complete
@ -878,7 +878,6 @@ def register(app) -> None:
return jsonify({"error": "failed to load status"}), 502 return jsonify({"error": "failed to load status"}), 502
@app.route("/api/access/request/onboarding/attest", methods=["POST"]) @app.route("/api/access/request/onboarding/attest", methods=["POST"])
@require_auth
def request_access_onboarding_attest() -> Any: def request_access_onboarding_attest() -> Any:
if not configured(): if not configured():
return jsonify({"error": "server not configured"}), 503 return jsonify({"error": "server not configured"}), 503
@ -895,9 +894,20 @@ def register(app) -> None:
if step in KEYCLOAK_MANAGED_STEPS: if step in KEYCLOAK_MANAGED_STEPS:
return jsonify({"error": "step is managed by keycloak"}), 400 return jsonify({"error": "step is managed by keycloak"}), 400
username = getattr(g, "keycloak_username", "") or "" username = ""
if not username: bearer = request.headers.get("Authorization", "")
if bearer:
parts = bearer.split(None, 1)
if len(parts) != 2 or parts[0].lower() != "bearer":
return jsonify({"error": "invalid token"}), 401 return jsonify({"error": "invalid token"}), 401
token = parts[1].strip()
if not token:
return jsonify({"error": "invalid token"}), 401
try:
claims = oidc_client().verify(token)
except Exception:
return jsonify({"error": "invalid token"}), 401
username = claims.get("preferred_username") or ""
try: try:
with connect() as conn: with connect() as conn:
@ -907,7 +917,7 @@ def register(app) -> None:
).fetchone() ).fetchone()
if not row: if not row:
return jsonify({"error": "not found"}), 404 return jsonify({"error": "not found"}), 404
if (row.get("username") or "") != username: if username and (row.get("username") or "") != username:
return jsonify({"error": "forbidden"}), 403 return jsonify({"error": "forbidden"}), 403
status = _normalize_status(row.get("status") or "") status = _normalize_status(row.get("status") or "")

7
frontend/src/views/OnboardingView.vue
View File

@ -944,8 +944,8 @@ async function toggleStep(stepId, event) {
} }
async function setStepCompletion(stepId, completed) { async function setStepCompletion(stepId, completed) {
if (!auth.authenticated) { if (!requestCode.value.trim()) {
error.value = "Log in to update onboarding steps."; error.value = "Request code is missing.";
return; return;
} }
if (isStepBlocked(stepId)) { if (isStepBlocked(stepId)) {
@ -957,7 +957,8 @@ async function setStepCompletion(stepId, completed) {
loading.value = true; loading.value = true;
error.value = ""; error.value = "";
try { try {
const resp = await authFetch("/api/access/request/onboarding/attest", { const requester = auth.authenticated ? authFetch : fetch;
const resp = await requester("/api/access/request/onboarding/attest", {
method: "POST", method: "POST",
headers: { "Content-Type": "application/json" }, headers: { "Content-Type": "application/json" },
body: JSON.stringify({ request_code: requestCode.value.trim(), step: stepId, completed }), body: JSON.stringify({ request_code: requestCode.value.trim(), step: stepId, completed }),