Make virtual_lab_id optional in header context

Author: eleftherioszisis

app/dependencies/auth.py

@@ -128,6 +128,11 @@ def _check_user_info(
 
     user_info_response = deserialize_response(response, model_class=UserInfoResponse)
 
+    if project_context.virtual_lab_id is None and project_context.project_id is not None:
+        project_context.virtual_lab_id = user_info_response.virtual_lab_from_project_id(
+            project_context.project_id
+        )
+
     is_authorized = user_info_response.is_authorized_for(
         virtual_lab_id=project_context.virtual_lab_id,
         project_id=project_context.project_id,

app/schemas/auth.py

@@ -9,6 +9,10 @@
 from app.errors import AuthErrorReason
 from app.logger import L
 
+PROJECT_REGEX = re.compile(
+    r"/proj/(?P<vlab>[0-9a-fA-F-]+)/(?P<proj>[0-9a-fA-F-]+)/(?P<role>admin|member)"
+)
+
 
 class CacheKey(BaseModel):
     """Cache key for UserContext."""
@@ -106,16 +110,18 @@ def is_authorized_for(self, virtual_lab_id: UUID | None, project_id: UUID | None
                     ]
                 )
 
+    def virtual_lab_from_project_id(self, project_id: UUID) -> UUID | None:
+        for s in self.groups:
+            if (match := PROJECT_REGEX.match(s)) and match.group("proj") == str(project_id):
+                return UUID(match.group("vlab"))
+        return None
+
     def user_project_ids(self) -> list[UUID]:
         """Return the the list if project_ids the user is authorized for."""
-        pattern = r"/proj/[0-9a-fA-F-]+/([0-9a-fA-F-]+)/(admin|member)"
-
         project_ids: set[UUID] = set()
-
         for s in self.groups:
-            match = re.match(pattern, s)
-            if match:
-                project_ids.add(UUID(match.group(1)))
+            if match := PROJECT_REGEX.match(s):
+                project_ids.add(UUID(match.group("proj")))
 
         return list(project_ids)
 

tests/conftest.py

@@ -55,14 +55,14 @@
     ADMIN_SUB_ID,
     AUTH_HEADER_ADMIN,
     AUTH_HEADER_USER_1,
-    AUTH_HEADER_USER_2,
     AUTH_HEADER_USER_1_IDS,
+    AUTH_HEADER_USER_2,
     PROJECT_HEADERS,
     PROJECT_ID,
     TOKEN_ADMIN,
     TOKEN_USER_1,
-    TOKEN_USER_2,
     TOKEN_USER_1_IDS,
+    TOKEN_USER_2,
     UNRELATED_PROJECT_HEADERS,
     UNRELATED_PROJECT_ID,
     UNRELATED_VIRTUAL_LAB_ID,
@@ -204,7 +204,7 @@ def _override_check_user_info(
     user_context_user_1,
     user_context_user_2,
     user_context_no_project,
-    user_context_only_token_ids
+    user_context_only_token_ids,
 ):
     # map (token, project-id) to the expected user_context
     mapping = {

tests/test_auth.py

@@ -23,6 +23,7 @@
 PROJECT_CONTEXTS = [
     OptionalProjectContext(virtual_lab_id=None, project_id=None),
     OptionalProjectContext(virtual_lab_id=VIRTUAL_LAB_ID, project_id=PROJECT_ID),
+    OptionalProjectContext(virtual_lab_id=None, project_id=PROJECT_ID),
 ]