security stuff

2021-01-27 11:58:47 +01:00 · 2021-01-27 11:58:47 +01:00 · e0f57e9de6
commit e0f57e9de6
parent 4731b64780
3 changed files with 9 additions and 44 deletions
--- a/ENV.tmpl
+++ b/ENV.tmpl
@ -5,7 +5,4 @@ export DB_USER="hausverwaltung-ui"
 export DB_PASS="test123"
 export DB_NAME="hausverwaltung"

-export JWT_ISSUER='de.hottis.hausverwaltung'
 export JWT_SECRET='streng_geheim'
-export JWT_LIFETIME_SECONDS=60
-export JWT_ALGORITHM='HS256'
--- a/auth.py
+++ b/auth.py
@ -5,26 +5,13 @@ from werkzeug.exceptions import Unauthorized
 from jose import JWTError, jwt
 import os

-JWT_ISSUER = os.environ['JWT_ISSUER']
 JWT_SECRET = os.environ['JWT_SECRET']
-JWT_LIFETIME_SECONDS = int(os.environ['JWT_LIFETIME_SECONDS'])
-JWT_ALGORITHM = os.environ['JWT_ALGORITHM']


-def generate_token(user_id):
-    timestamp = _current_timestamp()
-    payload = {
-        "iss": JWT_ISSUER,
-        "iat": int(timestamp),
-        "exp": int(timestamp + JWT_LIFETIME_SECONDS),
-        "sub": str(user_id),
-    }
-    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM)
-

 def decode_token(token):
    try:
-        return jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM])
+        return jwt.decode(token, JWT_SECRET)
    except JWTError as e:
        six.raise_from(Unauthorized, e)

--- a/openapi.yaml
+++ b/openapi.yaml
@ -3,6 +3,9 @@ info:
  title: Hausverwaltung
  version: "0.1"

+security:
+  - jwt: []
+
 paths:
  /hv/objekte:
    get:
@ -304,36 +307,16 @@ paths:
      tags: [ "Zahlung" ]
      operationId: ZahlungenForderungen.put_zahlung
      summary: Inserts a new Zahlung
-      parameters:
-        - name: zahlung
-          in: body
-          schema:
-            $ref: '#/components/schemas/Zahlung'
+      requestBody:
+        content:
+          'application/json':
+            schema:
+              $ref: '#/components/schemas/Zahlung'
      responses:
        202:
          description: Zahlung successfully inserted
        500:
          description: Some server or database error
-  /auth/{user_id}:
-    get:
-      tags: [ "JWT" ]
-      summary: Return JWT token
-      operationId: auth.generate_token
-      parameters:
-      - name: user_id
-        description: User unique identifier
-        in: path
-        required: true
-        example: 12
-        schema:
-          type: integer
-      responses:
-        '200':
-          description: JWT token
-          content:
-            'text/plain':
-              schema:
-                type: string
  /secret:
    get:
      tags: [ "JWT" ]
@ -346,8 +329,6 @@ paths:
            'text/plain':
              schema:
                type: string
-      security:
-      - jwt: ['secret']