Convert Auth to Being Stateless (#1143)

Co-authored-by: Thomas Chopitea <[email protected]>
yeti-platform · Oct 10, 2024 · 4cd94f6 · 4cd94f6
1 parent dc41200
commit 4cd94f6
Showing 1 changed file with 1 addition and 10 deletions.
diff --git a/core/web/apiv2/auth.py b/core/web/apiv2/auth.py
@@ -32,8 +32,6 @@
 
 AUTH_MODULE = yeti_config.get("auth", "module")
 
-SESSION_STORE = set()
-
 if AUTH_MODULE == "oidc":
     if (
         not yeti_config.get("auth", "oidc_client_id")
@@ -92,10 +90,6 @@ async def get_current_user(
     if not token and not cookie:
         raise credentials_exception
 
-    # When dealing with cookies, check that we haven't logged out the user.
-    if cookie and cookie not in SESSION_STORE:
-        raise credentials_exception
-
     token = token or cookie
 
     try:
@@ -189,7 +183,6 @@ async def oidc_callback(request: Request) -> RedirectResponse:
             secure=True,
             max_age=int(BROWSER_TOKEN_EXPIRE_DELTA.total_seconds()),
         )
-        SESSION_STORE.add(access_token)
         return response
 
     @router.post("/oidc-callback-token")
@@ -274,7 +267,6 @@ async def login(
             expires_delta=BROWSER_TOKEN_EXPIRE_DELTA,
         )
         response.set_cookie(key="yeti_session", value=access_token, httponly=True)
-        SESSION_STORE.add(access_token)
         return {"access_token": access_token, "token_type": "bearer"}
 
 
@@ -308,7 +300,6 @@ async def me(current_user: User = Depends(get_current_user)) -> User:
 
 
 @router.post("/logout")
-async def logout(response: Response, cookie: str = Security(cookie_scheme)):
+async def logout(response: Response):
     response.delete_cookie(key="yeti_session")
-    SESSION_STORE.remove(cookie)
     return {"message": "Logged out"}