fix: Fix, bug not caught by CI (sqlite not raising anything)

Author: Robin-Van-de-Merghel

diracx-db/src/diracx/db/sql/utils/functions.py

@@ -157,6 +157,10 @@ def hash(code: str):
     return hashlib.sha256(code.encode()).hexdigest()
 
 
+def raw_hash(code: str):
+    return hashlib.sha256(code.encode()).digest()
+
+
 async def fetch_records_bulk_or_raises(
     conn: AsyncConnection,
     model: Any,  # Here, we currently must use `Any` because `declarative_base()` returns any

diracx-db/tests/pilot_agents/test_pilot_auth.py

@@ -16,7 +16,7 @@
 )
 from diracx.db.exceptions import DBInBadStateError
 from diracx.db.sql.pilot_agents.db import PilotAgentsDB
-from diracx.db.sql.utils.functions import hash
+from diracx.db.sql.utils.functions import raw_hash
 from diracx.testing.time import mock_sqlite_time
 
 MAIN_VO = "lhcb"
@@ -70,7 +70,7 @@ async def add_secrets_and_time(
         stamps = [pilot["PilotStamp"] for pilot in add_stamps]
 
         secrets = [f"AW0nd3rfulS3cr3t_{str(i)}" for i in range(len(stamps))]
-        hashed_secrets = [hash(secret).encode() for secret in secrets]
+        hashed_secrets = [raw_hash(secret) for secret in secrets]
 
         # Add creds
         await pilot_agents_db.insert_unique_secrets_bulk(
@@ -115,7 +115,7 @@ async def add_secrets_and_time(
 async def verify_pilot_secret(
     pilot_stamp: str,
     pilot_db: PilotAgentsDB,
-    hashed_secret: str,
+    hashed_secret: bytes,
     frozen_time: freezegun.FreezeGun,
 ) -> None:
 
@@ -125,9 +125,7 @@ async def verify_pilot_secret(
     real_secret_uuid = pilot["PilotSecretUUID"]
 
     # 2. Get the secret itself
-    given_secrets = await pilot_db.get_secrets_by_hashed_secrets_bulk(
-        [hashed_secret.encode()]
-    )
+    given_secrets = await pilot_db.get_secrets_by_hashed_secrets_bulk([hashed_secret])
     given_secret = given_secrets[0]
     given_secret_uuid = given_secret[
         "SecretUUID"
@@ -217,23 +215,23 @@ async def test_create_pilot_and_verify_secret(
             await verify_pilot_secret(
                 pilot_db=pilot_agents_db,
                 pilot_stamp=stamp,
-                hashed_secret=hash(secret),
+                hashed_secret=raw_hash(secret),
                 frozen_time=frozen_time,
             )
 
         with pytest.raises(SecretNotFoundError):
             await verify_pilot_secret(
                 pilot_db=pilot_agents_db,
                 pilot_stamp=stamps[0],
-                hashed_secret=hash("I love stawberries :)"),
+                hashed_secret=raw_hash("I love stawberries :)"),
                 frozen_time=frozen_time,
             )
 
         with pytest.raises(PilotNotFoundError):
             await verify_pilot_secret(
                 pilot_db=pilot_agents_db,
                 pilot_stamp="I am a spider",
-                hashed_secret=hash(secrets[0]),
+                hashed_secret=raw_hash(secrets[0]),
                 frozen_time=frozen_time,
             )
 
@@ -258,7 +256,7 @@ async def test_create_pilot_and_verify_secret_with_delay(
             await verify_pilot_secret(
                 pilot_db=pilot_agents_db,
                 pilot_stamp=stamps[0],
-                hashed_secret=hash(secrets[0]),
+                hashed_secret=raw_hash(secrets[0]),
                 frozen_time=frozen_time,
             )
 
@@ -281,7 +279,7 @@ async def test_create_pilot_and_verify_secret_too_much_secret_use(
         await verify_pilot_secret(
             pilot_db=pilot_agents_db,
             pilot_stamp=stamps[0],
-            hashed_secret=hash(secrets[0]),
+            hashed_secret=raw_hash(secrets[0]),
             frozen_time=frozen_time,
         )
 
@@ -291,7 +289,7 @@ async def test_create_pilot_and_verify_secret_too_much_secret_use(
             await verify_pilot_secret(
                 pilot_db=pilot_agents_db,
                 pilot_stamp=stamps[0],
-                hashed_secret=hash(secrets[0]),
+                hashed_secret=raw_hash(secrets[0]),
                 frozen_time=frozen_time,
             )
 
@@ -316,6 +314,6 @@ async def test_create_pilot_and_login_with_bad_secret(
                 await verify_pilot_secret(
                     pilot_db=pilot_agents_db,
                     pilot_stamp=stamps[0],
-                    hashed_secret=hash(secret),
+                    hashed_secret=raw_hash(secret),
                     frozen_time=frozen_time,
                 )

diracx-logic/src/diracx/logic/pilots/auth.py

@@ -28,7 +28,7 @@
 from diracx.db.sql import AuthDB, PilotAgentsDB
 
 # TODO: Move this hash function in diracx-logic, and rename it
-from diracx.db.sql.utils.functions import hash
+from diracx.db.sql.utils.functions import raw_hash
 from diracx.logic.auth.token import exchange_token, get_token_info_from_refresh_flow
 
 
@@ -50,7 +50,7 @@ async def create_raw_secrets(
     # Can be customized
     random_secrets = [generate_pilot_secret() for _ in range(n)]
 
-    hashed_secrets = [hash(random_secret).encode() for random_secret in random_secrets]
+    hashed_secrets = [raw_hash(random_secret) for random_secret in random_secrets]
 
     # Insert secrets
     await pilot_db.insert_unique_secrets_bulk(
@@ -120,7 +120,7 @@ async def associate_pilots_with_secrets(
 ):
 
     # 1. Hash the secrets
-    hashed_secrets = [hash(secret).encode() for secret in pilot_secrets]
+    hashed_secrets = [raw_hash(secret) for secret in pilot_secrets]
 
     # 2. Get the secret ids to later associate them with pilots
     secrets_obj = await pilot_db.get_secrets_by_hashed_secrets_bulk(hashed_secrets)
@@ -254,17 +254,15 @@ async def verify_pilot_credentials(
     available_properties: set[SecurityProperty],
 ) -> tuple[AccessTokenPayload, RefreshTokenPayload | None]:
 
-    hashed_secret = hash(pilot_secret)
+    hashed_secret = raw_hash(pilot_secret)
 
     # 1. Get the pilot
     pilots = await pilot_db.get_pilots_by_stamp_bulk([pilot_stamp])
     pilot = dict(pilots[0])  # Semantic, assured by fetch_records_bulk_or_raises
     real_secret_uuid = pilot["PilotSecretUUID"]
 
     # 2. Get the secret itself
-    given_secrets = await pilot_db.get_secrets_by_hashed_secrets_bulk(
-        [hashed_secret.encode()]
-    )
+    given_secrets = await pilot_db.get_secrets_by_hashed_secrets_bulk([hashed_secret])
     given_secret = given_secrets[0]
     given_secret_uuid = given_secret[
         "SecretUUID"

diracx-routers/tests/pilots/test_pilot_auth.py

@@ -7,7 +7,7 @@
 
 from diracx.core.utils import extract_timestamp_from_uuid7
 from diracx.db.sql.pilot_agents.db import PilotAgentsDB
-from diracx.db.sql.utils import hash
+from diracx.db.sql.utils.functions import raw_hash
 
 pytestmark = pytest.mark.enabled_dependencies(
     [
@@ -75,7 +75,7 @@ async def add_secrets_and_time(test_client, add_stamps, secret_duration_sec):
         stamps = [pilot["PilotStamp"] for pilot in add_stamps]
 
         secrets = [f"AW0nd3rfulS3cr3t_{str(i)}" for i in range(len(stamps))]
-        hashed_secrets = [hash(secret).encode() for secret in secrets]
+        hashed_secrets = [raw_hash(secret) for secret in secrets]
 
         # Add creds
         await pilot_agents_db.insert_unique_secrets_bulk(