wn/authservice
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: wn:0.4.0
Branches Tags
wn:master
wn:0.5.1 wn:0.5.0 wn:0.4.5 wn:0.4.3 wn:0.4.2 wn:0.4.1 wn:0.4.0 wn:0.3.1 wn:0.3.0 wn:0.2.1 wn:0.2.0 wn:0.1.7 wn:0.1.6 wn:0.1.5 wn:0.1.4 wn:0.1.3 wn:0.1.2 wn:0.1.1 wn:0.1.0 wn:0.0.10 wn:0.0.9 wn:0.0.8 wn:0.0.7 wn:0.0.6 wn:0.0.5 wn:0.0.4 wn:0.0.3 wn:0.0.2 wn:0.0.1
..
compare: wn:0.4.5
Branches Tags
wn:master
wn:0.5.1 wn:0.5.0 wn:0.4.5 wn:0.4.3 wn:0.4.2 wn:0.4.1 wn:0.4.0 wn:0.3.1 wn:0.3.0 wn:0.2.1 wn:0.2.0 wn:0.1.7 wn:0.1.6 wn:0.1.5 wn:0.1.4 wn:0.1.3 wn:0.1.2 wn:0.1.1 wn:0.1.0 wn:0.0.10 wn:0.0.9 wn:0.0.8 wn:0.0.7 wn:0.0.6 wn:0.0.5 wn:0.0.4 wn:0.0.3 wn:0.0.2 wn:0.0.1

5 Commits
0.4.0 ... 0.4.5

Author SHA1 Message Date
Wolfgang Hottgenroth
216e1c0684 fix 2021-09-06 21:23:54 +02:00
Wolfgang Hottgenroth
f8afd95a82 fix typo 2021-09-06 21:12:59 +02:00
Wolfgang Hottgenroth
e29ce48971 refresh token expiry check 2021-09-06 21:06:12 +02:00
Wolfgang Ludger Hottgenroth
7163db9ce9 used instead of valid, token expiry check 2021-09-06 18:19:39 +02:00
Wolfgang Ludger Hottgenroth
629a85fc3e expiry in token table 2021-09-03 19:35:30 +02:00
1 changed files with 18 additions and 10 deletions
Expand all files Collapse all files

28
auth.py
View File

@ -38,6 +38,9 @@ except KeyError:
class NoUserException(Exception): class NoUserException(Exception):
pass pass
class RefreshTokenExpiredException(Exception):
pass
class NoTokenException(Exception): class NoTokenException(Exception):
pass pass
@ -145,8 +148,8 @@ def getRefreshTokenFromDB(application, login):
with conn.cursor() as cur: with conn.cursor() as cur:
salt = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(64)) salt = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(64))
cur.execute('INSERT INTO token_t ("user", salt) VALUES (%s, %s) RETURNING id', cur.execute('INSERT INTO token_t ("user", salt, expiry) VALUES (%s, %s, %s) RETURNING id',
(userObj[0], salt)) (userObj[0], salt, userObj[1]))
tokenObj = cur.fetchone() tokenObj = cur.fetchone()
logger.debug("tokenObj: {}".format(tokenObj)) logger.debug("tokenObj: {}".format(tokenObj))
if not tokenObj: if not tokenObj:
@ -297,19 +300,18 @@ def checkAndInvalidateRefreshToken(login, xid, xal):
' WHERE t.id = %s AND ' + ' WHERE t.id = %s AND ' +
' t.salt = %s AND ' + ' t.salt = %s AND ' +
' t."user" = u.id AND ' + ' t."user" = u.id AND ' +
' u.login = %s AND ' + ' u.login = %s',
' t.valid = true',
(xid, xal, login)) (xid, xal, login))
tokenObj = cur.fetchone() tokenObj = cur.fetchone()
logger.debug("tokenObj: {}".format(tokenObj)) logger.debug("tokenObj: {}".format(tokenObj))
if not tokenObj: if not tokenObj:
raise NoValidTokenException() raise NoTokenException()
invObj = cur.fetchone() invObj = cur.fetchone()
if invObj: if invObj:
raise ManyTokensException() raise ManyTokensException()
with conn.cursor() as cur: with conn.cursor() as cur:
cur.execute('UPDATE token_t SET valid = false WHERE id = %s', cur.execute('UPDATE token_t SET used = used + 1 WHERE id = %s',
[ xid ]) [ xid ])
except psycopg2.Error as err: except psycopg2.Error as err:
raise Exception("Error when connecting to database: {}".format(err)) raise Exception("Error when connecting to database: {}".format(err))
@ -324,6 +326,9 @@ def refreshTokens(**args):
refreshTokenObj = jwt.decode(refreshToken, JWT_PUB_KEY) refreshTokenObj = jwt.decode(refreshToken, JWT_PUB_KEY)
logger.info(str(refreshTokenObj)) logger.info(str(refreshTokenObj))
if refreshTokenObj["exp"] < int(time.time()):
raise RefreshTokenExpiredException()
checkAndInvalidateRefreshToken(refreshTokenObj["sub"], refreshTokenObj["xid"], refreshTokenObj["xal"]) checkAndInvalidateRefreshToken(refreshTokenObj["sub"], refreshTokenObj["xid"], refreshTokenObj["xal"])
authToken = _makeSimpleToken(refreshTokenObj["xap"], refreshTokenObj["sub"], "", refresh=True) authToken = _makeSimpleToken(refreshTokenObj["xap"], refreshTokenObj["sub"], "", refresh=True)
@ -335,8 +340,11 @@ def refreshTokens(**args):
except JWTError as e: except JWTError as e:
logger.error("jwt.decode failed: {}".format(e)) logger.error("jwt.decode failed: {}".format(e))
raise werkzeug.exceptions.Unauthorized() raise werkzeug.exceptions.Unauthorized()
except RefreshTokenExpiredException:
logger.error("refresh token expired")
raise werkzeug.exceptions.Unauthorized()
except NoTokenException: except NoTokenException:
logger.error("no token created") logger.error("no token created/found")
raise werkzeug.exceptions.Unauthorized() raise werkzeug.exceptions.Unauthorized()
except NoValidTokenException: except NoValidTokenException:
logger.error("no valid token found") logger.error("no valid token found")
@ -356,8 +364,8 @@ def refreshTokens(**args):
except KeyError: except KeyError:
logger.error("application, login or password missing") logger.error("application, login or password missing")
raise werkzeug.exceptions.Unauthorized() raise werkzeug.exceptions.Unauthorized()
#except Exception as e: except Exception as e:
# logger.error("unspecific exception: {}".format(str(e))) logger.error("unspecific exception: {}".format(str(e)))
# raise werkzeug.exceptions.Unauthorized() raise werkzeug.exceptions.Unauthorized()