def main():
"""
The main loop.
"""
options = parse_arguments()
if options['clipboard']:
try:
import pyperclip
except ImportError:
print_error('The pyperclip module is needed to use the clipboard.')
options['clipboard'] = False
if options['adfs_login']:
options['cookie'] = adfs_login(options)
if options['adfs_code']:
options['code'] = get_code(options)
if options['adfs_token']:
options['token'] = get_token(options)
if options['token']:
if options['clipboard']:
pyperclip.copy('Authorization: Bearer ' + options['token'])
print_status('Token and header copied to clipboard')
proxy_token, access_token = extract_tokens(options['token'])
print_status('proxy token: {0}\nclaims: {1}'.
format(jwt.process_jwt(proxy_token)[0],
jwt.process_jwt(proxy_token)[1]), options)
print_status('access token: {0}\nclaims: {1}'.
format(jwt.process_jwt(access_token)[0],
jwt.process_jwt(access_token)[1]), options)
if options['inputfile']:
endpoints = read_endpoints(options['inputfile'])
for endpoint in endpoints:
# expecting URI[{value}]
line = re.split('[{}]', endpoint)
call_api(line[0], options['token'], len(line) > 1, options)
def verify_token(request):
"""Verify a token set in the headers
Expects to find a header 'Authorization' in the form:
Bearer (JSON Web Token)
If header not found or doesn't verify raises HTTPUnauthorized.
If JWT verifies auth token is checked against the server side session.
If no session, raises HTTPUnauthorised.
If all is well, returns the token claims.
"""
# get the token or raise Unauthorized if none
try:
token = request.headers['Authorization']
token = token.split()[1]
except:
log.info("%s: Couldn't get token from headers" % request.client_addr)
raise HTTPUnauthorized
# load the pub and private keys
path = os.path.dirname(request.registry.settings.get('app.config'))
config = request.registry.app_config['general']
f = open(os.path.join(path, config['jwt.pub']), 'r')
public_key = f.read()
f.close()
public_key = RSA.importKey(public_key)
#print dir(public_key)
# verify the jwt
try:
headers, claims = jwt.process_jwt(json.dumps(token))
log.info("%s: JWT verified." % request.client_addr)
except:
log.error("%s: Couldn't verify JWT. Raising HTTPUnauthorized." % request.client_addr)
raise HTTPUnauthorized
# grab a handle to the database
db = mdb(request)
log.info("%s: Checking auth token for '%s (%s)' still valid." % (request.client_addr, claims['user']['name'], claims['user']['email']))
token = claims['user']['token']
doc = db.session.find_one({ 'token': token })
if doc is None:
log.error("%s: No session found for '%s (%s)'. Raising HTTPUnauthorized." % (request.client_addr, claims['user']['name'], claims['user']['email']))
raise HTTPUnauthorized
return claims
def main():
"""
The main loop.
"""
options = parse_arguments()
if options['clipboard']:
try:
import pyperclip
except ImportError:
print_error('The pyperclip module is needed to use the clipboard.')
options['clipboard'] = False
if options['adfs_login']:
options['cookie'] = adfs_login(options)
if options['adfs_code']:
options['code'] = get_code(options)
if options['adfs_token']:
options['token'] = get_token(options)
if options['token']:
if options['clipboard']:
pyperclip.copy('Authorization: Bearer ' + options['token'])
print_status('Token and header copied to clipboard')
proxy_token, access_token = extract_tokens(options['token'])
print_status(
'proxy token: {0}\nclaims: {1}'.format(
jwt.process_jwt(proxy_token)[0],
jwt.process_jwt(proxy_token)[1]), options)
print_status(
'access token: {0}\nclaims: {1}'.format(
jwt.process_jwt(access_token)[0],
jwt.process_jwt(access_token)[1]), options)
if options['inputfile']:
endpoints = read_endpoints(options['inputfile'])
for endpoint in endpoints:
# expecting URI[{value}]
line = re.split('[{}]', endpoint)
call_api(line[0], options['token'], len(line) > 1, options)
def topic(self, topic):
""" Get just the token, don't need clock """
_, sjwt = topic
return jwt.process_jwt(sjwt)
def topic(self, topic):
""" Get just the token, don't need clock """
_, sjwt = topic
return jwt.process_jwt(sjwt)
def jwt_process_with_verify(token):
jwt.process_jwt(token)
jwt.verify_jwt(token)
def jwt_process_without_verify(token):
jwt.process_jwt(token) # Noncompliant
print(token)
