Register auth serializer with JSON encoding and decoding before setup_security

Author: tobmes

source/app/iris_engine/tasker/celery.py

@@ -17,13 +17,15 @@
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 import os
+import json
+from datetime import datetime, date
 from celery import Celery
 from celery.security import setup_security
+from kombu.serialization import register
 from app.configuration import CeleryConfig
 
 
 def _patch_celery_cert_datetime():
-    import datetime
     from celery.security.certificate import Certificate
 
     _original_has_expired = Certificate.has_expired
@@ -33,11 +35,28 @@ def _patched_has_expired(self):
             return _original_has_expired(self)
         except TypeError:
             not_valid_after = self._cert.not_valid_after_utc
-            return datetime.datetime.now(datetime.timezone.utc) >= not_valid_after
+            return datetime.now(datetime.timezone.utc) >= not_valid_after
 
     Certificate.has_expired = _patched_has_expired
 
 
+def _register_auth_serializer():
+    """Register a minimal auth serializer before setup_security() is called.
+    The actual message signing is handled by setup_security().
+    This is needed because setup_security() tries to enable the auth serializer
+    but it must be registered first."""
+    
+    def _encode_auth(data):
+        return json.dumps(data).encode('utf-8'), 'application/auth'
+
+    def _decode_auth(data):
+        if isinstance(data, bytes):
+            data = data.decode('utf-8')
+        return json.loads(data)
+
+    register('auth', _encode_auth, _decode_auth, content_type='application/auth')
+
+
 def _check_certificate_files():
     key_path = CeleryConfig.security_key
     cert_path = CeleryConfig.security_certificate
@@ -63,6 +82,7 @@ def make_celery(name):
     )
 
     if _check_certificate_files():
+        _register_auth_serializer()
         _patch_celery_cert_datetime()
         setup_security(
             allowed_serializers=['auth'],