Compare commits
29 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
91178b1fa7
|
|||
|
1f55ef0a80
|
|||
|
19b8aab8c2
|
|||
|
e0bc8371ac
|
|||
| 7346da8419 | |||
|
fd9b673df9
|
|||
|
c7dbaeabbb
|
|||
|
0911a73085
|
|||
|
1de73e99e3
|
|||
|
b44af0658a
|
|||
|
309b4c6ba8
|
|||
|
a921fb6a0f
|
|||
|
f56db65012
|
|||
|
ef0793be4e
|
|||
|
3f2442e259
|
|||
|
78439a7ed8
|
|||
|
0377278ea0
|
|||
|
49e8aa43b4
|
|||
|
35a997774f
|
|||
|
08734cb82c
|
|||
|
875301b437
|
|||
|
da06065959
|
|||
|
fe007cbfe7
|
|||
|
e2d5ed21ad
|
|||
|
003c83da92
|
|||
|
ca17c556d6
|
|||
|
ef1b8ddf30
|
|||
|
e1b9597fdb
|
|||
|
ca9e0b81d3
|
@ -16,15 +16,17 @@ ENV JWT_SECRET='streng_geheim'
|
||||
|
||||
RUN \
|
||||
apt update && \
|
||||
apt install -y libmariadbclient-dev && \
|
||||
pip3 install mariadb && \
|
||||
apt install -y postgresql-client-common && \
|
||||
pip3 install psycopg2 && \
|
||||
pip3 install loguru && \
|
||||
pip3 install dateparser && \
|
||||
pip3 install connexion && \
|
||||
pip3 install connexion[swagger-ui] && \
|
||||
pip3 install uwsgi && \
|
||||
pip3 install flask-cors && \
|
||||
pip3 install six && \
|
||||
pip3 install python-jose[cryptography]
|
||||
pip3 install python-jose[cryptography] && \
|
||||
pip3 install pbkdf2
|
||||
|
||||
RUN \
|
||||
mkdir -p ${APP_DIR} && \
|
||||
|
||||
3
ENV.tmpl
3
ENV.tmpl
@ -1,9 +1,10 @@
|
||||
# copy to ENV and adjust values
|
||||
|
||||
export DB_HOST="172.16.10.18"
|
||||
export DB_USER="hausverwaltung-ui"
|
||||
export DB_USER="authservice-ui"
|
||||
export DB_PASS="test123"
|
||||
export DB_NAME="authservice"
|
||||
|
||||
# only required for decoding, on client side
|
||||
export JWT_SECRET='streng_geheim'
|
||||
export JWT_ISSUER='de.hottis.authservice'
|
||||
|
||||
59
asadduser.py
Executable file
59
asadduser.py
Executable file
@ -0,0 +1,59 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import mariadb
|
||||
from pbkdf2 import crypt
|
||||
import argparse
|
||||
import os
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser(description='asadduser')
|
||||
parser.add_argument('--user', '-u',
|
||||
help='Login',
|
||||
required=True)
|
||||
parser.add_argument('--password', '-p',
|
||||
help='Password',
|
||||
required=True)
|
||||
parser.add_argument('--application', '-a',
|
||||
help='Application',
|
||||
required=True)
|
||||
|
||||
args = parser.parse_args()
|
||||
user = args.user
|
||||
password = args.password
|
||||
application = args.application
|
||||
|
||||
|
||||
DB_USER = os.environ["DB_USER"]
|
||||
DB_PASS = os.environ["DB_PASS"]
|
||||
DB_HOST = os.environ["DB_HOST"]
|
||||
DB_NAME = os.environ["DB_NAME"]
|
||||
|
||||
pwhash = crypt(password, iterations=100000)
|
||||
|
||||
conn = None
|
||||
cur = None
|
||||
try:
|
||||
conn = mariadb.connect(user = DB_USER, password = DB_PASS,
|
||||
host = DB_HOST, database = DB_NAME)
|
||||
conn.autocommit = False
|
||||
|
||||
cur = conn.cursor()
|
||||
cur.execute("""
|
||||
INSERT INTO users (login, pwhash)
|
||||
VALUES(?, ?)
|
||||
""", [user, pwhash])
|
||||
cur.execute("""
|
||||
INSERT INTO user_applications_mapping (application, user)
|
||||
VALUES(
|
||||
(SELECT id FROM applications WHERE name = ?),
|
||||
(SELECT id FROM users WHERE login = ?)
|
||||
)
|
||||
""", [application, user])
|
||||
conn.commit()
|
||||
finally:
|
||||
if cur:
|
||||
cur.close()
|
||||
if conn:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
|
||||
179
auth.py
179
auth.py
@ -1,107 +1,172 @@
|
||||
import time
|
||||
import connexion
|
||||
from jose import JWTError, jwt
|
||||
from jose import JWTError, jwt, jwe
|
||||
import json
|
||||
import werkzeug
|
||||
import os
|
||||
import mariadb
|
||||
import psycopg2
|
||||
from collections import namedtuple
|
||||
|
||||
from pbkdf2 import crypt
|
||||
from loguru import logger
|
||||
|
||||
DB_USER = os.environ["DB_USER"]
|
||||
DB_PASS = os.environ["DB_PASS"]
|
||||
DB_HOST = os.environ["DB_HOST"]
|
||||
DB_NAME = os.environ["DB_NAME"]
|
||||
|
||||
|
||||
class NoUserException(Exception): pass
|
||||
class ManyUsersException(Exception): pass
|
||||
|
||||
UserEntry = namedtuple('UserEntry', ['id', 'login', 'issuer', 'secret', 'expiry', 'claims'])
|
||||
JWT_ISSUER = os.environ["JWT_ISSUER"]
|
||||
|
||||
|
||||
|
||||
def getUserEntryFromDB(login: str, password: str) -> UserEntry:
|
||||
|
||||
|
||||
class NoUserException(Exception):
|
||||
pass
|
||||
|
||||
class ManyUsersException(Exception):
|
||||
pass
|
||||
|
||||
class PasswordMismatchException(Exception):
|
||||
pass
|
||||
|
||||
|
||||
UserEntry = namedtuple('UserEntry', ['id', 'login', 'pwhash', 'expiry', 'claims'])
|
||||
|
||||
JWT_PRIV_KEY = ""
|
||||
try:
|
||||
JWT_PRIV_KEY = os.environ["JWT_PRIV_KEY"]
|
||||
except KeyError:
|
||||
with open('/opt/app/config/authservice.key', 'r') as f:
|
||||
JWT_PRIV_KEY = f.read()
|
||||
|
||||
JWT_PUB_KEY = ""
|
||||
try:
|
||||
JWT_PUB_KEY = os.environ["JWT_PUB_KEY"]
|
||||
except KeyError:
|
||||
with open('/opt/app/config/authservice.pub', 'r') as f:
|
||||
JWT_PUB_KEY = f.read()
|
||||
|
||||
|
||||
def getUserEntryFromDB(application: str, login: str):
|
||||
conn = None
|
||||
cur = None
|
||||
try:
|
||||
conn = mariadb.connect(user = DB_USER, password = DB_PASS,
|
||||
host = DB_HOST, database = DB_NAME)
|
||||
conn = psycopg2.connect(user = DB_USER, password = DB_PASS,
|
||||
host = DB_HOST, database = DB_NAME)
|
||||
conn.autocommit = False
|
||||
|
||||
cur = conn.cursor(dictionary=True)
|
||||
# print("DEBUG: getUserEntryFromDB: login: <{}>, password: <{}>".format(login, password))
|
||||
cur.execute("SELECT id, issuer, secret, expiry FROM user_and_issuer WHERE login = ? AND password = ?",
|
||||
[login, password])
|
||||
resObj = cur.next()
|
||||
print("DEBUG: getUserEntryFromDB: resObj: {}".format(resObj))
|
||||
if not resObj:
|
||||
raise NoUserException()
|
||||
invObj = cur.next()
|
||||
if invObj:
|
||||
raise ManyUsersException()
|
||||
userObj = None
|
||||
with conn.cursor() as cur:
|
||||
cur.execute("SELECT id, pwhash, expiry FROM user_application_v" +
|
||||
" WHERE application = %s AND login = %s",
|
||||
(application, login))
|
||||
userObj = cur.fetchone()
|
||||
logger.debug("userObj: {}".format(userObj))
|
||||
if not userObj:
|
||||
raise NoUserException()
|
||||
invObj = cur.fetchone()
|
||||
if invObj:
|
||||
raise ManyUsersException()
|
||||
|
||||
userId = resObj["id"]
|
||||
cur.execute("SELECT user, `key`, `value` FROM claims_for_user where user = ?",
|
||||
[userId])
|
||||
claims = {}
|
||||
for claimObj in cur:
|
||||
print("DEBUG: getUserEntryFromDB: add claim {} -> {}".format(claimObj["key"], claimObj["value"]))
|
||||
if claimObj["key"] in claims:
|
||||
if isinstance(claimObj["key"], list):
|
||||
claims[claimObj["key"]].append(claimObj["value"])
|
||||
with conn.cursor() as cur:
|
||||
cur.execute('SELECT key, value FROM claims_for_user_v where "user" = %s and application = %s',
|
||||
(userObj[0], application))
|
||||
for claimObj in cur:
|
||||
logger.debug("add claim {} -> {}".format(claimObj[0], claimObj[1]))
|
||||
if claimObj[0] in claims:
|
||||
if isinstance(claims[claimObj[0]], list):
|
||||
claims[claimObj[0]].append(claimObj[1])
|
||||
else:
|
||||
claims[claimObj[0]] = [ claims[claimObj[0]] ]
|
||||
claims[claimObj[0]].append(claimObj[1])
|
||||
else:
|
||||
claims[claimObj["key"]] = [ claims[claimObj["key"]] ]
|
||||
claims[claimObj["key"]].append(claimObj["value"])
|
||||
else:
|
||||
claims[claimObj["key"]] = claimObj["value"]
|
||||
claims[claimObj[0]] = claimObj[1]
|
||||
|
||||
userEntry = UserEntry(id=userId, login=login, secret=resObj["secret"],
|
||||
issuer=resObj["issuer"], expiry=resObj["expiry"],
|
||||
claims=claims)
|
||||
userEntry = UserEntry(id=userObj[0], login=login, pwhash=userObj[1], expiry=userObj[2], claims=claims)
|
||||
|
||||
return userEntry
|
||||
except mariadb.Error as err:
|
||||
except psycopg2.Error as err:
|
||||
raise Exception("Error when connecting to database: {}".format(err))
|
||||
finally:
|
||||
if cur:
|
||||
cur.close()
|
||||
if conn:
|
||||
conn.rollback()
|
||||
conn.close()
|
||||
|
||||
|
||||
def getUserEntry(login: str, password: str) -> UserEntry:
|
||||
return getUserEntryFromDB(login, password)
|
||||
|
||||
def getUserEntry(application, login, password):
|
||||
userEntry = getUserEntryFromDB(application, login)
|
||||
if userEntry.pwhash != crypt(password, userEntry.pwhash):
|
||||
raise PasswordMismatchException()
|
||||
return userEntry
|
||||
|
||||
def generateToken(**args):
|
||||
try:
|
||||
body = args["body"]
|
||||
login = body["login"]
|
||||
password = body["password"]
|
||||
userEntry = getUserEntryFromDB(login, password)
|
||||
|
||||
application = ""
|
||||
login = ""
|
||||
password = ""
|
||||
if (("application" in body) and
|
||||
("login" in body) and
|
||||
("password" in body)):
|
||||
application = body["application"]
|
||||
login = body["login"]
|
||||
password = body["password"]
|
||||
elif ("encAleTuple" in body):
|
||||
clearContent = jwe.decrypt(body["encAleTuple"], JWT_PRIV_KEY)
|
||||
clearObj = json.loads(clearContent)
|
||||
application = clearObj["application"]
|
||||
login = clearObj["login"]
|
||||
password = clearObj["password"]
|
||||
else:
|
||||
raise KeyError("Neither application, login and password nor encAleTuple given")
|
||||
|
||||
logger.debug(f"Tuple: {application} {login} {password}")
|
||||
|
||||
userEntry = getUserEntry(application, login, password)
|
||||
|
||||
timestamp = int(time.time())
|
||||
payload = {
|
||||
"iss": userEntry.issuer,
|
||||
"iss": JWT_ISSUER,
|
||||
"iat": int(timestamp),
|
||||
"exp": int(timestamp + userEntry.expiry),
|
||||
"sub": str(userEntry.id)
|
||||
"sub": str(userEntry.id),
|
||||
"aud": application
|
||||
}
|
||||
logger.debug("claims: {}".format(userEntry.claims))
|
||||
for claim in userEntry.claims.items():
|
||||
# print("DEBUG: generateToken: add claim {} -> {}".format(claim[0], claim[1]))
|
||||
payload["x-{}".format(claim[0])] = claim[1]
|
||||
logger.debug("add claim {}".format(claim))
|
||||
payload[claim[0]] = claim[1]
|
||||
|
||||
return jwt.encode(payload, userEntry.secret)
|
||||
return jwt.encode(payload, JWT_PRIV_KEY, algorithm='RS256')
|
||||
except NoUserException:
|
||||
print("ERROR: generateToken: no user found, login or password wrong")
|
||||
logger.error("no user found, login or application wrong")
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
except ManyUsersException:
|
||||
print("ERROR: generateToken: too many users found")
|
||||
logger.error("too many users found")
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
except PasswordMismatchException:
|
||||
logger.error("wrong password")
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
except KeyError:
|
||||
print("ERROR: generateToken: login or password missing")
|
||||
logger.error("application, login or password missing")
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
except Exception as e:
|
||||
print("ERROR: generateToken: unspecific exception: {}".format(str(e)))
|
||||
logger.error("unspecific exception: {}".format(str(e)))
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
|
||||
def getPubKey():
|
||||
return JWT_PUB_KEY
|
||||
|
||||
def decodeToken(token):
|
||||
try:
|
||||
return jwt.decode(token, JWT_PUB_KEY, audience="test")
|
||||
except JWTError as e:
|
||||
logger.error("{}".format(e))
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
|
||||
def testToken(user, token_info):
|
||||
return '''
|
||||
You are user_id {user} and the provided token has been signed by this issuers. Fine.'.
|
||||
Decoded token claims: {token_info}.
|
||||
'''.format(user=user, token_info=token_info)
|
||||
|
||||
|
||||
2
build.sh
2
build.sh
@ -4,5 +4,5 @@ IMAGE_NAME="registry.hottis.de/wolutator/authservice"
|
||||
VERSION=0.0.1
|
||||
|
||||
docker build -t ${IMAGE_NAME}:${VERSION} .
|
||||
docker push ${IMAGE_NAME}:${VERSION}
|
||||
# docker push ${IMAGE_NAME}:${VERSION}
|
||||
|
||||
|
||||
@ -1,81 +1,61 @@
|
||||
CREATE TABLE `issuers` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`name` varchar(128) NOT NULL,
|
||||
`secret` varchar(128) NOT NULL,
|
||||
`max_expiry` int(10) NOT NULL,
|
||||
CONSTRAINT PRIMARY KEY (`id`),
|
||||
CONSTRAINT UNIQUE KEY `uk_issuers_name` (`name`)
|
||||
) ENGINE=InnoDB;
|
||||
create sequence application_s start with 1 increment by 1;
|
||||
create table application_t (
|
||||
id integer primary key not null default nextval('application_s'),
|
||||
name varchar(128) not null unique
|
||||
);
|
||||
|
||||
ALTER TABLE `issuers`
|
||||
MODIFY COLUMN `max_expiry` int(10) unsigned NOT NULL;
|
||||
create sequence user_s start with 1 increment by 1;
|
||||
create table user_t (
|
||||
id integer primary key not null default nextval('user_s'),
|
||||
login varchar(64) not null unique,
|
||||
pwhash varchar(64) not null,
|
||||
expiry integer not null default 600
|
||||
);
|
||||
|
||||
CREATE TABLE `users` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`login` varchar(64) NOT NULL,
|
||||
`password` varchar(64) NOT NULL,
|
||||
CONSTRAINT PRIMARY KEY (`id`),
|
||||
CONSTRAINT UNIQUE KEY `uk_users_login` (`login`)
|
||||
) ENGINE=InnoDB;
|
||||
create sequence claim_s start with 1 increment by 1;
|
||||
create table claim_t (
|
||||
id integer primary key not null default nextval('claim_s'),
|
||||
key varchar(64) not null,
|
||||
value varchar(64) not null,
|
||||
application integer not null references application(id),
|
||||
unique (key, value)
|
||||
);
|
||||
|
||||
ALTER TABLE `users`
|
||||
ADD COLUMN issuer int(10) unsigned;
|
||||
|
||||
ALTER TABLE `users`
|
||||
MODIFY COLUMN issuer int(10) unsigned NOT NULL;
|
||||
create table user_claim_mapping_t (
|
||||
"user" integer not null references user_t(id),
|
||||
claim integer not null references claim_t(id),
|
||||
unique ("user", claim)
|
||||
);
|
||||
|
||||
ALTER TABLE `users`
|
||||
ADD CONSTRAINT FOREIGN KEY `fk_users_issuer` (`issuer`)
|
||||
REFERENCES `issuers` (`id`);
|
||||
create table user_application_mapping_t (
|
||||
"user" integer not null references user_t(id),
|
||||
application integer not null references application_t(id),
|
||||
unique ("user", application)
|
||||
);
|
||||
|
||||
ALTER TABLE `users`
|
||||
DROP CONSTRAINT `uk_users_login`;
|
||||
create or replace view claims_for_user_v as
|
||||
select u.id as "user",
|
||||
a.name as application,
|
||||
c.key as key,
|
||||
c.value as value
|
||||
from user_t u,
|
||||
claim_t c,
|
||||
user_claim_mapping_t m,
|
||||
application_t a
|
||||
where m.user = u.id and
|
||||
m.claim = c.id and
|
||||
a.id = c.application;
|
||||
|
||||
create or replace view user_application_v as
|
||||
select u.login as login,
|
||||
u.pwhash as pwhash,
|
||||
u.id as id,
|
||||
u.expiry as expiry,
|
||||
a.name as application
|
||||
from user_t u,
|
||||
application_t a,
|
||||
user_application_mapping_t m
|
||||
where u.id = m.user and
|
||||
a.id = m.application;
|
||||
|
||||
ALTER TABLE `users`
|
||||
ADD CONSTRAINT UNIQUE KEY `uk_users_login_issuer` (`login`, `issuer`);
|
||||
|
||||
ALTER TABLE `users`
|
||||
ADD COLUMN expiry int(10) unsigned;
|
||||
|
||||
ALTER TABLE `users`
|
||||
MODIFY COLUMN expiry int(10) unsigned NOT NULL;
|
||||
|
||||
CREATE TABLE `claims` (
|
||||
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
|
||||
`key` varchar(64) NOT NULL,
|
||||
`value` varchar(1024) NOT NULL,
|
||||
CONSTRAINT PRIMARY KEY (`id`),
|
||||
CONSTRAINT UNIQUE KEY `uk_claims_key_value` (`key`, `value`)
|
||||
) ENGINE=InnoDB;
|
||||
|
||||
CREATE TABLE `user_claims_mapping` (
|
||||
`user` int(10) unsigned NOT NULL,
|
||||
`claim` int(10) unsigned NOT NULL,
|
||||
CONSTRAINT UNIQUE KEY `uk_user_claims_mapping` (`user`, `claim` ),
|
||||
CONSTRAINT FOREIGN KEY `fk_user_claims_mapping_user` (`user`)
|
||||
REFERENCES `users`(`id`),
|
||||
CONSTRAINT FOREIGN KEY `fk_user_claims_mapping_claim` (`claim`)
|
||||
REFERENCES `claims`(`id`)
|
||||
) ENGINE=InnoDB;
|
||||
|
||||
CREATE OR REPLACE VIEW claims_for_user AS
|
||||
SELECT u.id AS user,
|
||||
c.`key` AS `key`,
|
||||
c.`value` AS `value`
|
||||
FROM users u,
|
||||
claims c,
|
||||
user_claims_mapping m
|
||||
WHERE m.user = u.id AND
|
||||
m.claim = c.id;
|
||||
|
||||
CREATE OR REPLACE VIEW user_and_issuer AS
|
||||
SELECT u.login AS login,
|
||||
u.password AS password,
|
||||
u.id AS id,
|
||||
i.name AS issuer,
|
||||
i.secret AS secret,
|
||||
least(u.expiry, i.max_expiry) AS expiry
|
||||
FROM users u,
|
||||
issuers i
|
||||
WHERE u.issuer = i.id;
|
||||
|
||||
|
||||
39
openapi.yaml
39
openapi.yaml
@ -4,16 +4,18 @@ info:
|
||||
version: "0.1"
|
||||
|
||||
paths:
|
||||
/auth:
|
||||
/token:
|
||||
post:
|
||||
tags: [ "JWT" ]
|
||||
summary: Return JWT token
|
||||
summary: Accept encrypted or clear set of credentials, return JWT token
|
||||
operationId: auth.generateToken
|
||||
requestBody:
|
||||
content:
|
||||
'application/json':
|
||||
schema:
|
||||
$ref: '#/components/schemas/User'
|
||||
anyOf:
|
||||
- $ref: '#/components/schemas/User'
|
||||
- $ref: '#/components/schemas/EncUser'
|
||||
responses:
|
||||
'200':
|
||||
description: JWT token
|
||||
@ -21,11 +23,11 @@ paths:
|
||||
'text/plain':
|
||||
schema:
|
||||
type: string
|
||||
/secret:
|
||||
/test:
|
||||
get:
|
||||
tags: [ "JWT" ]
|
||||
tags: [ "Test" ]
|
||||
summary: Return secret string
|
||||
operationId: test.getSecret
|
||||
operationId: auth.testToken
|
||||
responses:
|
||||
'200':
|
||||
description: secret response
|
||||
@ -35,6 +37,19 @@ paths:
|
||||
type: string
|
||||
security:
|
||||
- jwt: ['secret']
|
||||
/pubkey:
|
||||
get:
|
||||
tags: [ "JWT" ]
|
||||
summary: Get the public key of this issuer
|
||||
operationId: auth.getPubKey
|
||||
responses:
|
||||
'200':
|
||||
description: public key
|
||||
content:
|
||||
'text/plain':
|
||||
schema:
|
||||
type: string
|
||||
|
||||
|
||||
components:
|
||||
securitySchemes:
|
||||
@ -42,13 +57,21 @@ components:
|
||||
type: http
|
||||
scheme: bearer
|
||||
bearerFormat: JWT
|
||||
x-bearerInfoFunc: test.decodeToken
|
||||
x-bearerInfoFunc: auth.decodeToken
|
||||
schemas:
|
||||
User:
|
||||
description: Login/Password tuple
|
||||
description: Application/Login/Password tuple
|
||||
type: object
|
||||
properties:
|
||||
application:
|
||||
type: string
|
||||
login:
|
||||
type: string
|
||||
password:
|
||||
type: string
|
||||
EncUser:
|
||||
description: Encrypted Application/Login/Password tuple
|
||||
type: object
|
||||
properties:
|
||||
encAleTuple:
|
||||
type: string
|
||||
|
||||
13
readme.md
Normal file
13
readme.md
Normal file
@ -0,0 +1,13 @@
|
||||
Generate the RSA key pair using:
|
||||
|
||||
|
||||
Private key (keep it secret!):
|
||||
|
||||
openssl genrsa -out authservice.key 2048
|
||||
|
||||
|
||||
Extract the public key (publish it):
|
||||
|
||||
openssl rsa -in authservice.pem -outform PEM -pubout -out authservice.pub
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ from flask_cors import CORS
|
||||
|
||||
# instantiate the webservice
|
||||
app = connexion.App(__name__)
|
||||
app.add_api('openapi.yaml')
|
||||
app.add_api('openapi.yaml', options = {"swagger_ui": True})
|
||||
|
||||
# CORSify it - otherwise Angular won't accept it
|
||||
CORS(app.app)
|
||||
|
||||
24
test.py
24
test.py
@ -1,20 +1,8 @@
|
||||
from jose import JWTError, jwt
|
||||
import os
|
||||
import werkzeug
|
||||
import connexion
|
||||
import logging
|
||||
|
||||
logging.basicConfig(level=logging.DEBUG)
|
||||
|
||||
JWT_SECRET = os.environ['JWT_SECRET']
|
||||
|
||||
def decodeToken(token):
|
||||
try:
|
||||
return jwt.decode(token, JWT_SECRET)
|
||||
except JWTError as e:
|
||||
print("ERROR: decodeToken: {}".format(e))
|
||||
raise werkzeug.exceptions.Unauthorized()
|
||||
|
||||
def getSecret(user, token_info):
|
||||
return '''
|
||||
You are user_id {user} and the secret is 'wbevuec'.
|
||||
Decoded token claims: {token_info}.
|
||||
'''.format(user=user, token_info=token_info)
|
||||
|
||||
app = connexion.App('authservice')
|
||||
app.add_api('./openapi.yaml')
|
||||
app.run(port=8080)
|
||||
|
||||
28
testjwe.py
Normal file
28
testjwe.py
Normal file
@ -0,0 +1,28 @@
|
||||
import unittest
|
||||
from jose import jwe
|
||||
import os
|
||||
import json
|
||||
|
||||
JWT_PUB_KEY = os.environ["JWT_PUB_KEY"]
|
||||
JWT_PRIV_KEY = os.environ["JWT_PRIV_KEY"]
|
||||
|
||||
class JweTestMethods(unittest.TestCase):
|
||||
def test_encryptDecrypt(self):
|
||||
inObj = {"application":"test", "login":"wn", "password":"joshua"}
|
||||
plainText = json.dumps(inObj)
|
||||
|
||||
cryptText = jwe.encrypt(plainText, JWT_PUB_KEY, "A256GCM", "RSA-OAEP")
|
||||
print(cryptText)
|
||||
|
||||
clearText = jwe.decrypt(cryptText, JWT_PRIV_KEY)
|
||||
print(clearText)
|
||||
|
||||
outObj = json.loads(clearText)
|
||||
print(outObj)
|
||||
|
||||
self.assertEqual(outObj, inObj)
|
||||
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
Reference in New Issue
Block a user