Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
疯人忠
Cvat
提交
08dd27d9
C
Cvat
项目概览
疯人忠
/
Cvat
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
Cvat
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
08dd27d9
编写于
11月 23, 2022
作者:
M
Maria Khrustaleva
提交者:
GitHub
11月 23, 2022
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix missed token with using social account authentication (#5344)
上级
bc079c31
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
35 addition
and
9 deletion
+35
-9
CHANGELOG.md
CHANGELOG.md
+1
-0
cvat-core/src/server-proxy.ts
cvat-core/src/server-proxy.ts
+5
-1
cvat/apps/engine/schema.py
cvat/apps/engine/schema.py
+7
-0
cvat/apps/engine/serializers.py
cvat/apps/engine/serializers.py
+6
-0
cvat/apps/engine/views.py
cvat/apps/engine/views.py
+13
-7
tests/python/rest_api/test_users.py
tests/python/rest_api/test_users.py
+3
-1
未找到文件。
CHANGELOG.md
浏览文件 @
08dd27d9
...
...
@@ -78,6 +78,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
(
<https://github.com/opencv/cvat/issues/4839>
)
-
Fixed job exporting (
<https://github.com/opencv/cvat/pull/5282>
)
-
Visibility and ignored information fail to be loaded (MOT dataset format) (
<https://github.com/opencv/cvat/pull/5270>
)
-
Missed token with using social account authentication (
<https://github.com/opencv/cvat/pull/5344>
)
### Security
-
TDB
...
...
cvat-core/src/server-proxy.ts
浏览文件 @
08dd27d9
...
...
@@ -449,7 +449,11 @@ class ServerProxy {
async
function
authorized
()
{
try
{
await
getSelf
();
const
response
=
await
getSelf
();
if
(
!
store
.
get
(
'
token
'
))
{
store
.
set
(
'
token
'
,
response
.
key
);
Axios
.
defaults
.
headers
.
common
.
Authorization
=
`Token
${
response
.
key
}
`
;
}
}
catch
(
serverError
)
{
if
(
serverError
.
code
===
401
)
{
removeToken
();
...
...
cvat/apps/engine/schema.py
浏览文件 @
08dd27d9
...
...
@@ -178,6 +178,13 @@ class MetaUserSerializerExtension(AnyOfProxySerializerExtension):
# field here, because these serializers don't have such.
target_component
=
'MetaUser'
class
MetaSelfUserSerializerExtension
(
AnyOfProxySerializerExtension
):
# Need to replace oneOf to anyOf for MetaUser variants
# Otherwise, clients cannot distinguish between classes
# using just input data. Also, we can't use discrimintator
# field here, because these serializers don't have such.
target_component
=
'MetaSelfUser'
class
PolymorphicProjectSerializerExtension
(
AnyOfProxySerializerExtension
):
# Need to replace oneOf to anyOf for PolymorphicProject variants
# Otherwise, clients cannot distinguish between classes
...
...
cvat/apps/engine/serializers.py
浏览文件 @
08dd27d9
...
...
@@ -53,6 +53,12 @@ class UserSerializer(serializers.ModelSerializer):
'last_login'
:
{
'allow_null'
:
True
}
}
class
SelfUserSerializer
(
UserSerializer
):
key
=
serializers
.
CharField
(
allow_blank
=
True
,
required
=
False
)
class
Meta
(
UserSerializer
.
Meta
):
fields
=
UserSerializer
.
Meta
.
fields
+
(
'key'
,)
class
AttributeSerializer
(
serializers
.
ModelSerializer
):
values
=
serializers
.
ListField
(
allow_empty
=
True
,
child
=
serializers
.
CharField
(
max_length
=
200
),
...
...
cvat/apps/engine/views.py
浏览文件 @
08dd27d9
...
...
@@ -25,6 +25,9 @@ from django.db import IntegrityError
from
django.http
import
HttpResponse
,
HttpResponseNotFound
,
HttpResponseBadRequest
from
django.utils
import
timezone
from
dj_rest_auth.models
import
get_token_model
from
dj_rest_auth.app_settings
import
create_token
from
drf_spectacular.types
import
OpenApiTypes
from
drf_spectacular.utils
import
(
OpenApiParameter
,
OpenApiResponse
,
PolymorphicProxySerializer
,
...
...
@@ -60,7 +63,7 @@ from cvat.apps.engine.models import (
)
from
cvat.apps.engine.models
import
CloudStorage
as
CloudStorageModel
from
cvat.apps.engine.serializers
import
(
AboutSerializer
,
AnnotationFileSerializer
,
BasicUserSerializer
,
AboutSerializer
,
AnnotationFileSerializer
,
BasicUserSerializer
,
SelfUserSerializer
,
DataMetaReadSerializer
,
DataMetaWriteSerializer
,
DataSerializer
,
ExceptionSerializer
,
FileInfoSerializer
,
JobReadSerializer
,
JobWriteSerializer
,
LabeledDataSerializer
,
LogEventSerializer
,
ProjectReadSerializer
,
ProjectWriteSerializer
,
ProjectSearchSerializer
,
...
...
@@ -1917,21 +1920,21 @@ class UserViewSet(viewsets.GenericViewSet, mixins.ListModelMixin,
return
UserSerializer
user
=
self
.
request
.
user
is_self
=
int
(
self
.
kwargs
.
get
(
"pk"
,
0
))
==
user
.
id
or
\
self
.
action
==
"self"
if
user
.
is_staff
:
return
UserSerializer
return
UserSerializer
if
not
is_self
else
SelfUserSerializer
else
:
is_self
=
int
(
self
.
kwargs
.
get
(
"pk"
,
0
))
==
user
.
id
or
\
self
.
action
==
"self"
if
is_self
and
self
.
request
.
method
in
SAFE_METHODS
:
return
UserSerializer
return
Self
UserSerializer
else
:
return
BasicUserSerializer
@
extend_schema
(
summary
=
'Method returns an instance of a user who is currently authorized'
,
responses
=
{
'200'
:
PolymorphicProxySerializer
(
component_name
=
'MetaUser'
,
'200'
:
PolymorphicProxySerializer
(
component_name
=
'Meta
Self
User'
,
serializers
=
[
UserSerializer
,
BasicUserSerializer
,
Self
UserSerializer
,
BasicUserSerializer
,
],
resource_type_field_name
=
None
),
})
@
action
(
detail
=
False
,
methods
=
[
'GET'
])
...
...
@@ -1939,6 +1942,9 @@ class UserViewSet(viewsets.GenericViewSet, mixins.ListModelMixin,
"""
Method returns an instance of a user who is currently authorized
"""
token_model
=
get_token_model
()
token
=
create_token
(
token_model
,
request
.
user
,
None
)
request
.
user
.
key
=
token
serializer_class
=
self
.
get_serializer_class
()
serializer
=
serializer_class
(
request
.
user
,
context
=
{
"request"
:
request
})
return
Response
(
serializer
.
data
)
...
...
tests/python/rest_api/test_users.py
浏览文件 @
08dd27d9
...
...
@@ -67,7 +67,9 @@ class TestGetUsers:
def
test_everybody_can_see_self
(
self
,
users_by_name
):
for
user
,
data
in
users_by_name
.
items
():
self
.
_test_can_see
(
user
,
data
,
id_
=
"self"
,
exclude_paths
=
"root['last_login']"
)
self
.
_test_can_see
(
user
,
data
,
id_
=
"self"
,
exclude_paths
=
[
"root['last_login']"
,
"root['key']"
]
)
def
test_non_members_cannot_see_list_of_members
(
self
):
self
.
_test_cannot_see
(
"user2"
,
org
=
"org1"
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录