wn/authservice
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adjust for postgres

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2021-05-11 16:48:02 +02:00
parent 7346da8419
commit e0bc8371ac
Signed by: wn
GPG Key ID: E49AF3B9EF6DD469
6 changed files with 70 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@ -16,8 +16,9 @@ ENV JWT_SECRET='streng_geheim'
RUN \
apt update && \
apt install -y libmariadbclient-dev && \
pip3 install mariadb && \
apt install -y postgresql-client-common && \
pip3 install psycopg2 && \
pip3 install loguru && \
pip3 install dateparser && \
pip3 install connexion && \
pip3 install connexion[swagger-ui] && \

91
auth.py
View File

@ -6,6 +6,7 @@ import os
import psycopg2
from collections import namedtuple
from pbkdf2 import crypt
from loguru import logger
DB_USER = os.environ["DB_USER"]
DB_PASS = os.environ["DB_PASS"]
@ -28,8 +29,7 @@ class PasswordMismatchException(Exception):
pass
UserEntry = namedtuple('UserEntry', ['id', 'login', 'expiry', 'claims'])
UserEntry = namedtuple('UserEntry', ['id', 'login', 'pwhash', 'expiry', 'claims'])
JWT_PRIV_KEY = ""
try:
@ -54,48 +54,46 @@ def getUserEntryFromDB(application: str, login: str):
host = DB_HOST, database = DB_NAME)
conn.autocommit = False
cur = conn.cursor(dictionary=True)
cur.execute("SELECT id, pwhash, expiry FROM user_application" +
" WHERE application = ? AND login = ?",
[application, login])
resObj = cur.next()
print("DEBUG: getUserEntryFromDB: resObj: {}".format(resObj))
if not resObj:
raise NoUserException()
invObj = cur.next()
if invObj:
raise ManyUsersException()
userObj = None
with conn.cursor() as cur:
cur.execute("SELECT id, pwhash, expiry FROM user_application_v" +
" WHERE application = %s AND login = %s",
(application, login))
userObj = cur.fetchone()
logger.debug("getUserEntryFromDB: userObj: {}".format(userObj))
if not userObj:
raise NoUserException()
invObj = cur.fetchone()
if invObj:
raise ManyUsersException()
userId = resObj["id"]
cur.execute("SELECT user, `key`, `value` FROM claims_for_user where user = ?",
[userId])
claims = {}
for claimObj in cur:
print("DEBUG: getUserEntryFromDB: add claim {} -> {}".format(claimObj["key"], claimObj["value"]))
if claimObj["key"] in claims:
if isinstance(claims[claimObj["key"]], list):
claims[claimObj["key"]].append(claimObj["value"])
with conn.cursor() as cur:
cur.execute('SELECT key, value FROM claims_for_user_v where "user" = %s and application = %s',
(userObj[0], application))
for claimObj in cur:
logger.debug("getUserEntryFromDB: add claim {} -> {}".format(claimObj[0], claimObj[1]))
if claimObj[0] in claims:
if isinstance(claims[claimObj[0]], list):
claims[claimObj[0]].append(claimObj[1])
else:
claims[claimObj[0]] = [ claims[claimObj[0]] ]
claims[claimObj[0]].append(claimObj[1])
else:
claims[claimObj["key"]] = [ claims[claimObj["key"]] ]
claims[claimObj["key"]].append(claimObj["value"])
else:
claims[claimObj["key"]] = claimObj["value"]
claims[claimObj[0]] = claimObj[1]
userEntry = UserEntry(id=userId, login=login, expiry=resObj["expiry"], claims=claims)
userEntry = UserEntry(id=userObj[0], login=login, pwhash=userObj[1], expiry=userObj[2], claims=claims)
return userEntry, resObj["pwhash"]
except mariadb.Error as err:
return userEntry
except psycopg2.Error as err:
raise Exception("Error when connecting to database: {}".format(err))
finally:
if cur:
cur.close()
if conn:
conn.rollback()
conn.close()
def getUserEntry(application, login, password):
userEntry, pwhash = getUserEntryFromDB(application, login)
if pwhash != crypt(password, pwhash):
userEntry = getUserEntryFromDB(application, login)
if userEntry.pwhash != crypt(password, userEntry.pwhash):
raise PasswordMismatchException()
return userEntry
@ -116,25 +114,26 @@ def generateToken(**args):
"sub": str(userEntry.id),
"aud": application
}
logger.debug("claims: {}".format(userEntry.claims))
for claim in userEntry.claims.items():
# print("DEBUG: generateToken: add claim {} -> {}".format(claim[0], claim[1]))
logger.debug("generateToken: add claim {}".format(claim))
payload[claim[0]] = claim[1]
return jwt.encode(payload, JWT_PRIV_KEY, algorithm='RS256')
except NoUserException:
print("ERROR: generateToken: no user found, login or application wrong")
logger.error("generateToken: no user found, login or application wrong")
raise werkzeug.exceptions.Unauthorized()
except ManyUsersException:
print("ERROR: generateToken: too many users found")
logger.error("generateToken: too many users found")
raise werkzeug.exceptions.Unauthorized()
except PasswordMismatchException:
print("ERROR: generateToken: wrong password")
logger.error("generateToken: wrong password")
raise werkzeug.exceptions.Unauthorized()
except KeyError:
print("ERROR: generateToken: application, login or password missing")
logger.error("generateToken: application, login or password missing")
raise werkzeug.exceptions.Unauthorized()
except Exception as e:
print("ERROR: generateToken: unspecific exception: {}".format(str(e)))
logger.error("generateToken: unspecific exception: {}".format(str(e)))
raise werkzeug.exceptions.Unauthorized()
def generateTokenFromEnc(**args):
@ -144,3 +143,17 @@ def generateTokenFromEnc(**args):
def getPubKey():
return JWT_PUB_KEY
def decodeToken(token):
try:
return jwt.decode(token, JWT_PUB_KEY, audience="test")
except JWTError as e:
logger.error("decodeToken: {}".format(e))
raise werkzeug.exceptions.Unauthorized()
def getSecret(user, token_info):
return '''
You are user_id {user} and the secret is 'wbevuec'.
Decoded token claims: {token_info}.
'''.format(user=user, token_info=token_info)

2
build.sh
View File

@ -4,5 +4,5 @@ IMAGE_NAME="registry.hottis.de/wolutator/authservice"
VERSION=0.0.1
docker build -t ${IMAGE_NAME}:${VERSION} .
docker push ${IMAGE_NAME}:${VERSION}
# docker push ${IMAGE_NAME}:${VERSION}

8
initial-schema.sql
View File

@ -17,6 +17,7 @@ create table claim_t (
id integer primary key not null default nextval('claim_s'),
key varchar(64) not null,
value varchar(64) not null,
application integer not null references application(id),
unique (key, value)
);
@ -34,13 +35,16 @@ create table user_application_mapping_t (
create or replace view claims_for_user_v as
select u.id as "user",
a.name as application,
c.key as key,
c.value as value
from user_t u,
claim_t c,
user_claim_mapping_t m
user_claim_mapping_t m,
application_t a
where m.user = u.id and
m.claim = c.id;
m.claim = c.id and
a.id = c.application;
create or replace view user_application_v as
select u.login as login,

4
openapi.yaml
View File

@ -42,7 +42,7 @@ paths:
get:
tags: [ "JWT" ]
summary: Return secret string
operationId: test.getSecret
operationId: auth.getSecret
responses:
'200':
description: secret response
@ -72,7 +72,7 @@ components:
type: http
scheme: bearer
bearerFormat: JWT
x-bearerInfoFunc: test.decodeToken
x-bearerInfoFunc: auth.decodeToken
schemas:
User:
description: Application/Login/Password tuple

24
test.py
View File

@ -1,20 +1,8 @@
from jose import JWTError, jwt
import os
import werkzeug
import connexion
import logging
logging.basicConfig(level=logging.INFO)
JWT_SECRET = os.environ['JWT_SECRET']
def decodeToken(token):
try:
return jwt.decode(token, JWT_SECRET)
except JWTError as e:
print("ERROR: decodeToken: {}".format(e))
raise werkzeug.exceptions.Unauthorized()
def getSecret(user, token_info):
return '''
You are user_id {user} and the secret is 'wbevuec'.
Decoded token claims: {token_info}.
'''.format(user=user, token_info=token_info)
app = connexion.App('authservice')
app.add_api('./openapi.yaml')
app.run(port=8080)