From a8b8e66a706a287ef45090df66d4b0044aeb5256 Mon Sep 17 00:00:00 2001
From: grensburg <gustav.rensburg@sinergise.com>
Date: Wed, 13 Dec 2023 12:52:38 +0100
Subject: [PATCH 1/5] update public key

---
 rest/authentication/cert.pem | 30 +-----------------------------
 1 file changed, 1 insertion(+), 29 deletions(-)

diff --git a/rest/authentication/cert.pem b/rest/authentication/cert.pem
index a2af45a9..a07a5db0 100644
--- a/rest/authentication/cert.pem
+++ b/rest/authentication/cert.pem
@@ -1,31 +1,3 @@
 -----BEGIN CERTIFICATE-----
-MIIFXjCCBEagAwIBAgIQCbCsLbWjj2N1zP/4iWMwRjANBgkqhkiG9w0BAQsFADCB
-kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
-A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
-BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
-QTAeFw0xNzEyMDUwMDAwMDBaFw0xOTAxMjAyMzU5NTlaMGAxITAfBgNVBAsTGERv
-bWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NMIFdp
-bGRjYXJkMRswGQYDVQQDDBIqLnNlbnRpbmVsLWh1Yi5jb20wggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDKfQo03h9DG1P0KNDRyuGqCsCbpgF98gfQslRM
-mbLqWbIh8J+ycoW4lG/GxkkM5F2yf7mzN1eYF3N/ij+hfKqUg3JwUZzPHkz+dcIw
-IXozFwoxAd/Q8dJcRdkxxPJ9VGQBpCK6YGib4cOa0BM+R4Pxw0KaOwo0DgoLLXh9
-Sl0LE5E1uTVHta0tlTDLl67h3OoS7QC3tw+VH7OQ4owljYynaKMkrpwW7zsLNlFw
-SQroGP6VRF5+4IABHMVce9AxuRQ1Tzbqos9GgZoZ0t/4U3/IFTJEhtgeU5RYpOuh
-HX5g9FP0KTi+QdAukYwtbZyil4UBX0J9G1elEm5uUuwWHriZAgMBAAGjggHhMIIB
-3TAfBgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUBpbN
-MDZ95ZqXeKN/k12hBrvgZ5gwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYB
-BAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
-bS9DUFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29t
-b2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
-QS5jcmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5j
-b21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZl
-ckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMC8G
-A1UdEQQoMCaCEiouc2VudGluZWwtaHViLmNvbYIQc2VudGluZWwtaHViLmNvbTAN
-BgkqhkiG9w0BAQsFAAOCAQEAR/XG35PQHwyKHrX+qeWQz3yUbnHpQCNESDSm4/zx
-drLuAbs8h39rcNCk4ROUjo/BvLqY1kTsvR8dDz49363wsfKtFDuVeyG2O/8TNuVO
-T++3MV8e6GaaoJK3X4ruKAg53KEn64NAjZnL1P0qAiKsyXnYCKGy+3mDgPPnf542
-6FVQ2aovR/lxRYbRdUyJ30BtRumkPBWRGptaDE3FFKNIoWLf7Qr/TlSHBucEkveF
-giCrm8Ozr+qoRJSYafZfr/OzOfV9tBqKlyAVgs731L3tsdiXcXPXBI0p2/JPp0yY
-VtYYNlYgboEcdYhMccPzEnEDtc/2tOqJMgnVk+U7Xm1lpA==
+MIIClzCCAX8CBgGMQ8RAkDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARtYWluMB4XDTIzMTIwNzEwMTEyNFoXDTMzMTIwNzEwMTMwNFowDzENMAsGA1UEAwwEbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKEjoLt3Lq6NcrM7N98UvVZwl/wiG3aDaP2RDfLh11+lTtugeaPA0oVITLDDWfimYscTMfACUK1nkJ7isEtW7bC/BjfjdWsCwCp/12wxsb0dswKi5xHrdKEx7DKVUxrV4o0tEPyj/y7e1ZrBnhMKrP2dDfAhp0BUxsoTv/rfAA7+J1ilNCOQeEMHSO2b+y/zdSaIkVxrjeumj5L+/hvgL2GpeEVaNl2dWA9DHTDCIgwgIB+xAbPN7Ek6UMKgEqNZdDJlT4wcunM0QaAR2oZ5aATVL7vxK0xqPrHiBdV0JJuUrg3jOJNLt8nagszpxIi/m3MYeQOYaDxI6xQICxikt+ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQ6vNQRF8qxHNfjuVgrO/yZHmTTFjE/l0irQW7KFnhkO/pUOPzoeW03uHGuBR9siJScylVA8bCWIM1260EvLQNG3HGEk4BdvochqpJJ348F51iqt6J/jfEx4PLlI6wR3yEakM4Tmkdb5/M/h0mlP8mWNOif7JcMPpcnBDD12J1qKNTeqoeJecnO9eqPbGtwwlxrCE5bzm03jJXxB4VZgLiAhs/o6BcJG01wep9vFkclWEZPxj4RYI2ciVES2KLpBkJ/xzKOIaxKRPJxF/hLUxJM7KfWKAOZ9TKwBVX27O+tlJhfeEtim23dWAl7Xw6D/b4L8UA+qjOAa2da4Azm/9bg==
 -----END CERTIFICATE-----

From 91f4bae30184a94282d4de677f5880df21e8fd7e Mon Sep 17 00:00:00 2001
From: grensburg <gustav.rensburg@sinergise.com>
Date: Wed, 13 Dec 2023 12:54:46 +0100
Subject: [PATCH 2/5] pass accoutId to shUSer as user_id

---
 rest/authentication/authentication.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest/authentication/authentication.py b/rest/authentication/authentication.py
index 22764cdf..c4dc7e77 100644
--- a/rest/authentication/authentication.py
+++ b/rest/authentication/authentication.py
@@ -75,7 +75,7 @@ def authenticate_user_oidc(self, access_token, oidc_provider_id):
     def authenticate_user_basic(self, access_token):
         decoded = decode_sh_access_token(access_token)
         try:
-            user = SHUser(decoded["sub"], sh_access_token=access_token, sh_userinfo=decoded)
+            user = SHUser(decoded["account"], sh_access_token=access_token, sh_userinfo=decoded)
         except BillingPlanInvalid:
             return None
 

From 67b42bf030e154b48cdf9b832b3f513849984945 Mon Sep 17 00:00:00 2001
From: grensburg <gustav.rensburg@sinergise.com>
Date: Wed, 13 Dec 2023 12:55:29 +0100
Subject: [PATCH 3/5] use account-info endpoint to get account_type_number

---
 rest/authentication/user.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/rest/authentication/user.py b/rest/authentication/user.py
index 95faebc4..8a1a261c 100644
--- a/rest/authentication/user.py
+++ b/rest/authentication/user.py
@@ -91,13 +91,12 @@ def get_account_type_number(self):
             return self.sh_userinfo["d"]["1"]["t"]
         else:
             r = requests.get(
-                f"https://services.sentinel-hub.com/oauth/users/{self.user_id}/accounts",
+                f"https://services.sentinel-hub.com/ims/accounts/{self.user_id}/account-info",
                 headers={"Authorization": f"Bearer {self.sh_access_token}"},
             )
+            
             data = json.loads(r.content.decode("utf-8"))
-            for member in data["member"]:
-                if member["domainId"] == 1:
-                    return member["type"]
+            return data["type"]
 
     def get_user_info(self):
         user_info = super().get_user_info()

From d95ff180bec9c16ddbb7a48504c684a60947f780 Mon Sep 17 00:00:00 2001
From: grensburg <gustav.rensburg@sinergise.com>
Date: Wed, 13 Dec 2023 13:09:52 +0100
Subject: [PATCH 4/5] formatting

---
 rest/authentication/user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rest/authentication/user.py b/rest/authentication/user.py
index 8a1a261c..6458ac2a 100644
--- a/rest/authentication/user.py
+++ b/rest/authentication/user.py
@@ -94,7 +94,7 @@ def get_account_type_number(self):
                 f"https://services.sentinel-hub.com/ims/accounts/{self.user_id}/account-info",
                 headers={"Authorization": f"Bearer {self.sh_access_token}"},
             )
-            
+
             data = json.loads(r.content.decode("utf-8"))
             return data["type"]
 

From 5d4eedde242a054cdaba8a508ebf62567be973de Mon Sep 17 00:00:00 2001
From: grensburg <gustav.rensburg@sinergise.com>
Date: Wed, 13 Dec 2023 14:50:19 +0100
Subject: [PATCH 5/5] use account_id instead of self.user_id which can be none

---
 rest/authentication/user.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rest/authentication/user.py b/rest/authentication/user.py
index 6458ac2a..e388dd08 100644
--- a/rest/authentication/user.py
+++ b/rest/authentication/user.py
@@ -90,8 +90,9 @@ def get_account_type_number(self):
         if "d" in self.sh_userinfo and "1" in self.sh_userinfo["d"] and "t" in self.sh_userinfo["d"]["1"]:
             return self.sh_userinfo["d"]["1"]["t"]
         else:
+            account_id = self.sh_userinfo["account"]
             r = requests.get(
-                f"https://services.sentinel-hub.com/ims/accounts/{self.user_id}/account-info",
+                f"https://services.sentinel-hub.com/ims/accounts/{account_id}/account-info",
                 headers={"Authorization": f"Bearer {self.sh_access_token}"},
             )