From 02ab20a53c6e76a73976335748287f20eca30bb3 Mon Sep 17 00:00:00 2001
From: lleeoo <leo@bouloc.eu>
Date: Thu, 2 Nov 2023 11:35:14 +0100
Subject: [PATCH] minor fixing

---
 CHANGELOG.md                   |  5 +++--
 docs/api.md                    |  2 +-
 src/ralph/api/auth/__init__.py | 13 ++++++++-----
 src/ralph/api/auth/oidc.py     |  4 ++--
 src/ralph/conf.py              |  2 +-
 tests/test_conf.py             |  5 -----
 6 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1e668e162..85f61dae7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -51,8 +51,9 @@ have an authority field matching that of the user
 - Helm: improve volumes and ingress configurations
 - API: Add `RALPH_LRS_RESTRICT_BY_SCOPE` option enabling endpoint access
   control by user scopes
-- API: Variable `RUNSERVER_AUTH_BACKEND` becomes `RUNSERVER_AUTH_BACKENDS`, and
-  multiple authentication methods are supported simultaneously
+- API: Variable `RALPH_RUNSERVER_AUTH_BACKEND` becomes
+  `RALPH_RUNSERVER_AUTH_BACKENDS`, and multiple authentication methods are
+  supported simultaneously
 
 ### Fixed
 
diff --git a/docs/api.md b/docs/api.md
index d0aff35f7..81d052f6f 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -109,7 +109,7 @@ $ curl --user john.doe@example.com:PASSWORD http://localhost:8100/whoami
 Ralph LRS API server supports OpenID Connect (OIDC) on top of OAuth 2.0 for authentication and authorization.
 
 
-To enable OIDC auth, you should modify the `RALPH_RUNSERVER_AUTH_BACKENDS` environment variable by adding (or replacing) `oidc`:
+To enable OIDC auth, you should modify the `RALPH_RUNSERVER_AUTH_BACKENDS` environment variable by adding (or replacing by) `oidc`:
 ```bash
 RALPH_RUNSERVER_AUTH_BACKENDS=basic,oidc
 ```
diff --git a/src/ralph/api/auth/__init__.py b/src/ralph/api/auth/__init__.py
index 037d8163a..2511d206e 100644
--- a/src/ralph/api/auth/__init__.py
+++ b/src/ralph/api/auth/__init__.py
@@ -1,8 +1,11 @@
 """Main module for Ralph's LRS API authentication."""
 
+from typing import Annotated
+
 from fastapi import Depends, HTTPException, status
 from fastapi.security import SecurityScopes
 
+from ralph.api.auth.basic import AuthenticatedUser
 from ralph.api.auth.basic import get_basic_auth_user
 from ralph.api.auth.oidc import get_oidc_user
 from ralph.conf import AuthBackend, settings
@@ -10,19 +13,19 @@
 
 def get_authenticated_user(
     security_scopes: SecurityScopes = SecurityScopes([]),
-    basic_auth_user=Depends(get_basic_auth_user),
-    oidc_auth_user=Depends(get_oidc_user),
-):
+    basic_auth_user: Optional[AuthenticatedUser]=Depends(get_basic_auth_user),
+    oidc_auth_user: Optional[AuthenticatedUser]=Depends(get_oidc_user),
+) -> AuthenticatedUser:
     """Authenticate user with any allowed method, using credentials in the header."""
     if AuthBackend.BASIC not in settings.RUNSERVER_AUTH_BACKENDS:
         basic_auth_user = None
     if AuthBackend.OIDC not in settings.RUNSERVER_AUTH_BACKENDS:
         oidc_auth_user = None
 
-    if basic_auth_user is not None:
+    if basic_auth_user:
         user = basic_auth_user
         auth_method = "Basic"
-    elif oidc_auth_user is not None:
+    elif oidc_auth_user:
         user = oidc_auth_user
         auth_method = "Bearer"
     else:
diff --git a/src/ralph/api/auth/oidc.py b/src/ralph/api/auth/oidc.py
index f11cef628..3bcbf9838 100644
--- a/src/ralph/api/auth/oidc.py
+++ b/src/ralph/api/auth/oidc.py
@@ -66,7 +66,7 @@ def discover_provider(base_url: AnyUrl) -> Dict:
         )
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Could not validate credentials ABU",
+            detail="Could not validate credentials", # TODO: this is not tested
             headers={"WWW-Authenticate": "Bearer"},
         ) from exc
 
@@ -88,7 +88,7 @@ def get_public_keys(jwks_uri: AnyUrl) -> Dict:
         )
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Could not validate credentials ABA",
+            detail="Could not validate credentials", # TODO: this is not tested
             headers={"WWW-Authenticate": "Bearer"},
         ) from exc
 
diff --git a/src/ralph/conf.py b/src/ralph/conf.py
index 90788d6ab..81c32be32 100644
--- a/src/ralph/conf.py
+++ b/src/ralph/conf.py
@@ -145,7 +145,7 @@ class AuthBackends(str):
 
     @classmethod
     def __get_validators__(cls):  # noqa: D105
-        """Checks whether the value is a comma separated string or a tuple representing
+        """Check whether the value is a comma separated string or a tuple representing
         an AuthBackend."""
 
         def validate(
diff --git a/tests/test_conf.py b/tests/test_conf.py
index 676029fe1..e9c681d79 100644
--- a/tests/test_conf.py
+++ b/tests/test_conf.py
@@ -9,11 +9,6 @@
 from ralph.conf import CommaSeparatedTuple, Settings, settings
 from ralph.exceptions import ConfigurationException
 
-# import os
-# def test_env_dist(fs, monkeypatch):
-#     fs.create_file(".env", contents=os.read("../.env.dist"))
-#     Settings()
-
 
 def test_conf_settings_field_value_priority(fs, monkeypatch):
     """Test that the Settings object field values are defined in the following