Hub: Filter auth_info from config

Make sure the auth_info in config is sane and only send known keys to the clients.
holesch · May 20, 2024 · f21441d · f21441d
1 parent cd9653b
commit f21441d
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/not_my_board/_hub.py b/not_my_board/_hub.py
@@ -155,7 +155,15 @@ def __init__(self, config=None):
                 format="%(levelname)s: %(name)s: %(message)s", level=log_level
             )
 
-        self._config = config
+        auth_info = config.get("auth_info")
+        if auth_info:
+            required_keys = ["issuer", "client_id"]
+            optional_keys = ["show_claims"]
+            keys = required_keys
+            keys.extend([k for k in optional_keys if k in auth_info])
+            self._auth_info = {k: auth_info[k] for k in keys}
+        else:
+            self._auth_info = {}
 
         self._id_generator = itertools.count(start=1)
 
@@ -299,8 +307,7 @@ async def oidc_callback(self, query):
 
     @jsonrpc.hidden
     def auth_info(self):
-        # TODO check and filter config
-        return self._config.get("auth_info", {})
+        return self._auth_info
 
 
 def _unmap_ip(ip_str):