async def extract_token(self):
request = self.request
if 'ws_token' in request.query:
jwt_token = request.query['ws_token'].encode('utf-8')
try:
jwetoken = jwe.JWE()
jwetoken.deserialize(jwt_token.decode('utf-8'))
jwetoken.decrypt(get_jwk_key())
payload = jwetoken.payload
except jwe.InvalidJWEOperation:
logger.warn(f'Invalid operation', exc_info=True)
return
except jwe.InvalidJWEData:
logger.warn(f'Error decrypting JWT token', exc_info=True)
return
json_payload = json.loads(payload)
if json_payload['exp'] <= int(time.time()):
logger.warn(f'Expired token {jwt_token}', exc_info=True)
return
data = {
'type': 'wstoken',
'token': json_payload['token']
}
if 'id' in json_payload:
data['id'] = json_payload['id']
return data
async def generate_validation_token(data, ttl=3660):
data = data or {}
claims = {
"iat": int(time.time()),
"exp": int(time.time() + ttl),
}
claims.update(data)
payload = orjson.dumps(claims)
jwetoken = jwe.JWE(payload,
json_encode({
"alg": "A256KW",
"enc": "A256CBC-HS512"
}))
jwetoken.add_recipient(get_jwk_key())
token = jwetoken.serialize(compact=True)
last_time = time.time() + ttl
datetime_format = app_settings.get("datetime_format")
default_timezone = app_settings.get("default_timezone", "UTC")
tz = pytz.timezone(default_timezone)
if datetime_format is None:
last_date = datetime.fromtimestamp(last_time, tz=tz).isoformat()
else:
last_date = datetime.fromtimestamp(last_time,
tz=tz).strftime(datetime_format)
return token, last_date
def generate_websocket_token(self, real_token, data=None):
data = data or {}
claims = {
"iat": int(time.time()),
"exp": int(time.time() + self._websockets_ttl),
"token": real_token,
}
claims.update(data)
payload = ujson.dumps(claims)
jwetoken = jwe.JWE(payload.encode("utf-8"), json_encode({"alg": "A256KW", "enc": "A256CBC-HS512"}))
jwetoken.add_recipient(get_jwk_key())
token = jwetoken.serialize(compact=True)
return token
def generate_websocket_token(self, real_token, data={}):
claims = {
'iat': int(time.time()),
'exp': int(time.time() + self._websockets_ttl),
'token': real_token
}
claims.update(data)
payload = ujson.dumps(claims)
jwetoken = jwe.JWE(
payload.encode('utf-8'),
json_encode({
"alg": "A256KW",
"enc": "A256CBC-HS512"}))
jwetoken.add_recipient(get_jwk_key())
token = jwetoken.serialize(compact=True)
return token
def generate_websocket_token(self, real_token, data={}):
claims = {
'iat': int(time.time()),
'exp': int(time.time() + self._websockets_ttl),
'token': real_token
}
claims.update(data)
payload = ujson.dumps(claims)
jwetoken = jwe.JWE(
payload.encode('utf-8'),
json_encode({
"alg": "A256KW",
"enc": "A256CBC-HS512"
}))
jwetoken.add_recipient(get_jwk_key())
token = jwetoken.serialize(compact=True)
return token
async def extract_validation_token(jwt_token):
try:
jwetoken = jwe.JWE()
jwetoken.deserialize(jwt_token)
jwetoken.decrypt(get_jwk_key())
payload = jwetoken.payload
except jwe.InvalidJWEOperation:
logger.warn(f"Invalid operation", exc_info=True)
return
except jwe.InvalidJWEData:
logger.warn(f"Error decrypting JWT token", exc_info=True)
return
json_payload = ujson.loads(payload)
if json_payload["exp"] <= int(time.time()):
logger.warning(f"Expired token {jwt_token}", exc_info=True)
return
return json_payload
async def generate_validation_token(data, ttl=3660):
data = data or {}
claims = {
"iat": int(time.time()),
"exp": int(time.time() + ttl),
}
claims.update(data)
payload = ujson.dumps(claims)
jwetoken = jwe.JWE(payload.encode("utf-8"),
json_encode({
"alg": "A256KW",
"enc": "A256CBC-HS512"
}))
jwetoken.add_recipient(get_jwk_key())
token = jwetoken.serialize(compact=True)
last_time = time.time() + ttl
last_date = datetime.fromtimestamp(last_time).isoformat()
return token, last_date
async def extract_token(self):
request = self.request
if "ws_token" in request.query:
jwt_token = request.query["ws_token"].encode("utf-8")
try:
jwetoken = jwe.JWE()
jwetoken.deserialize(jwt_token.decode("utf-8"))
jwetoken.decrypt(get_jwk_key())
payload = jwetoken.payload
except jwe.InvalidJWEOperation:
logger.warn(f"Invalid operation", exc_info=True)
return
except jwe.InvalidJWEData:
logger.warn(f"Error decrypting JWT token", exc_info=True)
return
json_payload = json.loads(payload)
if json_payload["exp"] <= int(time.time()):
logger.warning(f"Expired token {jwt_token}", exc_info=True)
return
data = {"type": "wstoken", "token": json_payload["token"]}
if "id" in json_payload:
data["id"] = json_payload["id"]
return data
async def extract_token(self):
request = self.request
if 'ws_token' in request.query:
jwt_token = request.query['ws_token'].encode('utf-8')
try:
jwetoken = jwe.JWE()
jwetoken.deserialize(jwt_token.decode('utf-8'))
jwetoken.decrypt(get_jwk_key())
payload = jwetoken.payload
except jwe.InvalidJWEOperation:
logger.warn(f'Invalid operation', exc_info=True)
return
except jwe.InvalidJWEData:
logger.warn(f'Error decrypting JWT token', exc_info=True)
return
json_payload = json.loads(payload)
if json_payload['exp'] <= int(time.time()):
logger.warn(f'Expired token {jwt_token}', exc_info=True)
return
data = {'type': 'wstoken', 'token': json_payload['token']}
if 'id' in json_payload:
data['id'] = json_payload['id']
return data
def test_warn_about_jwk_secret(loop, caplog):
with caplog.at_level(logging.WARNING, logger="guillotina"):
utils.get_jwk_key(settings={"debug": False})
assert len(caplog.records) == 1
assert "has been dynamically generated" in caplog.records[0].message
