Merge pull request #42 from valueonag/int

fixed google login
2025-09-15 08:28:09 +02:00 · 2025-09-15 08:28:09 +02:00 · 5253b6800a
commit 5253b6800a
parent 885b0e9b64 4cf60b4230
3 changed files with 20 additions and 5 deletions
--- a/debug_audio/audio_google_interpreter_recording.webm
+++ b/debug_audio/audio_google_interpreter_recording.webm
--- a/modules/routes/routeSecurityGoogle.py
+++ b/modules/routes/routeSecurityGoogle.py
@ -312,14 +312,27 @@ async def auth_callback(code: str, state: str, request: Request) -> HTMLResponse
                    externalEmail=user_info.get("email")
                )
            
-            # Create token
+            # Create JWT token data (like Microsoft does)
+            from modules.security.auth import createAccessToken
+            jwt_token_data = {
+                "sub": user.username,
+                "mandateId": str(user.mandateId),
+                "userId": str(user.id),
+                "authenticationAuthority": AuthAuthority.GOOGLE
+            }
+
+            # Create JWT access token
+            jwt_token, jwt_expires_at = createAccessToken(jwt_token_data)
+
+            # Create JWT token
+            from modules.interfaces.interfaceAppModel import Token
            token = Token(
                userId=user.id,  # Use local user's ID
                authority=AuthAuthority.GOOGLE,
-                tokenAccess=token_response["access_token"],
+                tokenAccess=jwt_token,  # Use JWT token instead of Google access token
                tokenRefresh=token_response.get("refresh_token", ""),
-                tokenType=token_response.get("token_type", "bearer"),
-                expiresAt=create_expiration_timestamp(token_response.get("expires_in", 0)),
+                tokenType="bearer",
+                expiresAt=jwt_expires_at.timestamp(),
                createdAt=get_utc_timestamp()
            )
            
--- a/modules/routes/routeSecurityLocal.py
+++ b/modules/routes/routeSecurityLocal.py
@ -159,6 +159,8 @@ async def register_user(
        appInterface.mandateId = defaultMandateId
        
        # Create user with local authentication
+        # Set safe default privilege level for new registrations
+        from modules.interfaces.interfaceAppModel import UserPrivilege
        user = appInterface.createUser(
            username=userData.username,
            password=password,
@ -166,7 +168,7 @@ async def register_user(
            fullName=userData.fullName,
            language=userData.language,
            enabled=userData.enabled,
-            privilege=userData.privilege,
+            privilege=UserPrivilege.USER,  # Always set to USER for new registrations
            authenticationAuthority=AuthAuthority.LOCAL
        )