authe

changes
pubkey stuff, remove debug
2021-05-07 12:24:59 +02:00 · 2021-05-07 12:15:30 +02:00 · 2021-05-06 16:55:39 +02:00 · 2021-05-06 16:52:16 +02:00 · 2021-05-06 16:50:17 +02:00 · 2021-05-06 16:46:19 +02:00
3 changed files with 61 additions and 3 deletions
--- a/auth.py
+++ b/auth.py
@ -13,7 +13,9 @@ DB_HOST = os.environ["DB_HOST"]
 DB_NAME = os.environ["DB_NAME"]
 JWT_ISSUER = os.environ["JWT_ISSUER"]
-JWT_SECRET = os.environ["JWT_SECRET"]
+
 class NoUserException(Exception): 
@ -28,6 +30,13 @@ class PasswordMismatchException(Exception):
 UserEntry = namedtuple('UserEntry', ['id', 'login', 'expiry', 'claims'])
 JWT_PRIV_KEY = ""
 with open('/opt/app/config/authservice.key', 'r') as f:
    JWT_PRIV_KEY = f.read()
 JWT_PUB_KEY = ""
 with open('/opt/app/config/authservice.pub', 'r') as f:
    JWT_PUB_KEY = f.read()
 def getUserEntryFromDB(application: str, login: str):
@ -103,7 +112,7 @@ def generateToken(**args):
            # print("DEBUG: generateToken: add claim {} -> {}".format(claim[0], claim[1]))
            payload[claim[0]] = claim[1]
-        return jwt.encode(payload, JWT_SECRET)
+        return jwt.encode(payload, JWT_PRIV_KEY, algorithm='RS256')
    except NoUserException:
        print("ERROR: generateToken: no user found, login or application wrong")
        raise werkzeug.exceptions.Unauthorized()
@ -119,3 +128,9 @@ def generateToken(**args):
    except Exception as e:
        print("ERROR: generateToken: unspecific exception: {}".format(str(e)))
        raise werkzeug.exceptions.Unauthorized()
 def generateTokenFromEnc(content):
    return content
 def getPubKey():
    return JWT_PUB_KEY
--- a/openapi.yaml
+++ b/openapi.yaml
@ -7,7 +7,7 @@ paths:
  /auth:
    post:
      tags: [ "JWT" ]
-      summary: Return JWT token
+      summary: Accept login and password, return JWT token
      operationId: auth.generateToken
      requestBody:
        content:
@ -21,6 +21,23 @@ paths:
            'text/plain':
              schema:
                type: string
  /authe:
    post:
      tags: [ "JWT" ]
      summary: Accept encrypted set of credentials, return JWT token 
      operationId: auth.generateTokenFromEnc
      requestBody:
        content:
          'text/plain':
            schema:
              type: string
      responses:
        '200':
          description: JWT token
          content:
            'text/plain':
              schema:
                type: string
  /secret:
    get:
      tags: [ "JWT" ]
@ -35,6 +52,19 @@ paths:
                type: string
      security:
      - jwt: ['secret']
  /pubkey:
    get:
      tags: [ "JWT" ]
      summary: Get the public key of this issuer
      operationId: auth.getPubKey
      responses:
        '200':
          description: public key
          content:
            'text/plain':
              schema:
                type: string
 components:
  securitySchemes:
--- a/readme.md
+++ b/readme.md
@ -0,0 +1,13 @@
 Generate the RSA key pair using:
 Private key (keep it secret!):
   openssl genrsa -out authservice.key 2048
 Extract the public key (publish it):
   openssl rsa -in authservice.pem -outform PEM -pubout -out authservice.pub
Author	SHA1	Message	Date
Wolfgang Hottgenroth	309b4c6ba8	authe	2021-05-07 12:24:59 +02:00
Wolfgang Hottgenroth	a921fb6a0f	changes	2021-05-07 12:15:30 +02:00
Wolfgang Hottgenroth	f56db65012	pubkey stuff, remove debug	2021-05-06 16:55:39 +02:00
Wolfgang Hottgenroth	ef0793be4e	pubkey stuff	2021-05-06 16:52:16 +02:00
Wolfgang Hottgenroth	3f2442e259	pubkey stuff	2021-05-06 16:50:17 +02:00
Wolfgang Hottgenroth	78439a7ed8	pubkey stuff	2021-05-06 16:46:19 +02:00
Wolfgang Hottgenroth	0377278ea0	pubkey stuff	2021-05-06 16:37:32 +02:00
Wolfgang Hottgenroth	49e8aa43b4	use rs256	2021-05-06 15:42:46 +02:00