From e0f57e9de65d06aafe94e506282a96d0b1b7862e Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <w.hottgenroth@krohne.com>
Date: Wed, 27 Jan 2021 11:58:47 +0100
Subject: [PATCH] security stuff

---
 ENV.tmpl     |  3 ---
 auth.py      | 15 +--------------
 openapi.yaml | 35 ++++++++---------------------------
 3 files changed, 9 insertions(+), 44 deletions(-)

diff --git a/ENV.tmpl b/ENV.tmpl
index e5dbece..cec2b87 100644
--- a/ENV.tmpl
+++ b/ENV.tmpl
@@ -5,7 +5,4 @@ export DB_USER="hausverwaltung-ui"
 export DB_PASS="test123"
 export DB_NAME="hausverwaltung"
 
-export JWT_ISSUER='de.hottis.hausverwaltung'
 export JWT_SECRET='streng_geheim'
-export JWT_LIFETIME_SECONDS=60
-export JWT_ALGORITHM='HS256'
diff --git a/auth.py b/auth.py
index 645f298..7243e77 100755
--- a/auth.py
+++ b/auth.py
@@ -5,26 +5,13 @@ from werkzeug.exceptions import Unauthorized
 from jose import JWTError, jwt
 import os
 
-JWT_ISSUER = os.environ['JWT_ISSUER']
 JWT_SECRET = os.environ['JWT_SECRET']
-JWT_LIFETIME_SECONDS = int(os.environ['JWT_LIFETIME_SECONDS'])
-JWT_ALGORITHM = os.environ['JWT_ALGORITHM']
 
 
-def generate_token(user_id):
-    timestamp = _current_timestamp()
-    payload = {
-        "iss": JWT_ISSUER,
-        "iat": int(timestamp),
-        "exp": int(timestamp + JWT_LIFETIME_SECONDS),
-        "sub": str(user_id),
-    }
-    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM)
-
 
 def decode_token(token):
     try:
-        return jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM])
+        return jwt.decode(token, JWT_SECRET)
     except JWTError as e:
         six.raise_from(Unauthorized, e)
 
diff --git a/openapi.yaml b/openapi.yaml
index a4e0471..b798ee0 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -3,6 +3,9 @@ info:
   title: Hausverwaltung
   version: "0.1"
 
+security:
+  - jwt: []
+
 paths:
   /hv/objekte:
     get:
@@ -304,36 +307,16 @@ paths:
       tags: [ "Zahlung" ]
       operationId: ZahlungenForderungen.put_zahlung
       summary: Inserts a new Zahlung
-      parameters:
-        - name: zahlung
-          in: body
-          schema:
-            $ref: '#/components/schemas/Zahlung'
+      requestBody:
+        content:
+          'application/json':
+            schema:
+              $ref: '#/components/schemas/Zahlung'
       responses:
         202:
           description: Zahlung successfully inserted
         500:
           description: Some server or database error
-  /auth/{user_id}:
-    get:
-      tags: [ "JWT" ]
-      summary: Return JWT token
-      operationId: auth.generate_token
-      parameters:
-      - name: user_id
-        description: User unique identifier
-        in: path
-        required: true
-        example: 12
-        schema:
-          type: integer
-      responses:
-        '200':
-          description: JWT token
-          content:
-            'text/plain':
-              schema:
-                type: string
   /secret:
     get:
       tags: [ "JWT" ]
@@ -346,8 +329,6 @@ paths:
             'text/plain':
               schema:
                 type: string
-      security:
-      - jwt: ['secret']