def login(self, username, password):
if True:
params = {
'AuthFlow': 'USER_PASSWORD_AUTH',
'AuthParameters': {
'USERNAME': username,
'PASSWORD': password,
},
'ClientId': self.client_id
}
try:
#start_time = time.time()
response = self.__get_client().initiate_auth(**params)
#print(time.time()-start_time)
except Exception as e:
print(e)
return (False, None)
return (self.__get_result(response), response)
else:
client = self.__get_client()
params = {
'username': username,
'password': password,
'pool_id': self.pool_id,
'client_id': self.client_id,
'client': client
}
try:
#start_time = time.time()
aws = AWSSRP(**params)
response = aws.authenticate_user()
#print(time.time()-start_time)
except:
return (False, None)
return (self.__get_result(response), response)
async def _auth(self):
now = pendulum.now()
if not self.token or now >= self.expires:
print(self.expires.to_iso8601_string())
client = boto3.client('cognito-idp', region_name='us-east-1', config=Config(signature_version="UNSIGNED"))
aws = AWSSRP(
username=self.bot.environs.get("STRIDEKICK_USER"),
password=self.bot.environs.get("STRIDEKICK_PASS"),
pool_id=self.bot.environs.get("STRIDEKICK_POOL"),
client_id=self.bot.environs.get("STRIDEKICK_CLNT"),
client=client,
)
tokens = aws.authenticate_user()
id_token = tokens['AuthenticationResult']['IdToken']
refresh_token = tokens['AuthenticationResult']['RefreshToken']
access_token = tokens['AuthenticationResult']['AccessToken']
token_type = tokens['AuthenticationResult']['TokenType']
if tokens:
print("Auth success")
expires = tokens['AuthenticationResult']['ExpiresIn']
# print(expires)
self.token = access_token
self.expires = now.add(seconds=int(expires))
# print(now.add(seconds=int(expires)).to_iso8601_string())
# self.EXPIRES = new_expires
print(self.expires.to_iso8601_string())
else:
return
def __init__(self, username, password, token=None, always_test_token=False,
ignore_token_check=False, ignore_token_retry=True, autoload_data=True):
"""
Initialise API.
:param username: Account E-Mail
:param password: Account Password
:param token: AWS Cognito JWT token
:param always_test_token: Whether the validity of a token should be tested after each request
:param ignore_token_check: Whether a token should be checked at all (when supplied via the token param)
:param ignore_token_retry: Whether to stop using the user/pass params if the supplied token is wrong
:param autoload_data: Whether to automatically load the data on initialization
"""
self.username = username
self.password = password
self.always_test_token = always_test_token
self.ignore_token_check = ignore_token_check
self.ignore_token_retry = ignore_token_retry
self.client = boto3.client('cognito-idp', region_name=self.AWS_REGION,
aws_access_key_id="", aws_secret_access_key="")
self.aws = AWSSRP(username=self.username, password=self.password,
pool_id=self.AWS_POOL_ID,
client_id=self.AWS_CLIENT_ID, client=self.client)
self.token = None
self.getToken(token=token)
self.data = None
if autoload_data:
self.getData()
def __init__(self,
username,
password,
token=None,
always_test_token=False):
self.username = username
self.password = password
self.always_test_token = always_test_token
self.client = boto3.client('cognito-idp',
region_name=self.AWS_REGION,
aws_access_key_id="",
aws_secret_access_key="")
self.aws = AWSSRP(username=self.username,
password=self.password,
pool_id=self.AWS_POOL_ID,
client_id=self.AWS_CLIENT_ID,
client=self.client)
self.token = None
self.getToken(token=token)
self.data = None
self.getData()
def _srp_auth(self):
srp = AWSSRP(
username=self.config["username"],
password=self.config["password"],
pool_id=self.config["user_pool_id"],
client_id=self.config["app_id"],
pool_region=self.config["region_name"],
)
AUTH_PARAMETERS = {
"CHALLENGE_NAME": "SRP_A",
"USERNAME": self.config["username"],
"SRP_A": srp.get_auth_params()["SRP_A"],
}
auth = self.IDP.initiate_auth(
AuthFlow="USER_SRP_AUTH",
AuthParameters=AUTH_PARAMETERS,
ClientId=self.config["app_id"],
ClientMetadata=self.config.get("metadata"),
)
response = srp.process_challenge(auth["ChallengeParameters"])
auth = self.IDP.respond_to_auth_challenge(
ClientId=self.config["app_id"],
ChallengeName="PASSWORD_VERIFIER",
ChallengeResponses=response,
)["AuthenticationResult"]
return auth
def _retrieve_tokens(self, user_name, password):
"""
With the exchange of username and password this function retrieves an identity token.
:param user_name: user_name as appears in the user pool
:param password: password as set by the user after passing the password challenge
:return: a dictionary with identity token and refresh token
"""
client = boto3.client('cognito-idp')
try:
aws_srp = AWSSRP(user_name,
password,
self.user_pool_id,
self.client_id,
client=None)
result = aws_srp.authenticate_user()
id_token = result['AuthenticationResult']['IdToken']
refresh_token = result['AuthenticationResult']['RefreshToken']
return {'id_token': id_token, 'refresh_token': refresh_token}
except (client.exceptions.NotAuthorizedException,
client.exceptions.UserNotFoundException):
raise LoginWithCognitoException(
'Could not get identity token from Cognito user pool. Are you sure the '
'user account exists in the Cognito user pool and the password is '
'valid? Please test your user account by logging into the '
'monitoring tool. https://www.fd19.sports.intel.com/')
def authenticate(username, password):
"""
Be careful about using this function excessively, e.g via tests, as the cognito request may get throttled by IP Address
"""
if not username:
raise CognitoAuthError("Empty username", "error.auth.invalid_user")
if not password:
raise CognitoAuthError("Empty password", "error.auth.invalid_password")
client = boto3.client('cognito-idp', region_name=AWS_REGIOM)
log.info("Authenticating user: {}".format(username))
cognito = AWSSRP(username=username,
password=password,
pool_id=cognito_userpool_id,
client_id=cognito_app_client_id,
client=client)
try:
tokens = cognito.authenticate_user()
return {
'IdToken': tokens['AuthenticationResult']['IdToken'],
'AccessToken': tokens['AuthenticationResult']['AccessToken'],
'ExpiresIn': tokens['AuthenticationResult']['ExpiresIn'],
'RefreshToken': tokens['AuthenticationResult']['RefreshToken'],
'TokenType': tokens['AuthenticationResult']['TokenType']
}
except client.exceptions.NotAuthorizedException as ex:
log.info("Failed to authenticate user: {}".format(username))
raise CognitoAuthError(ex, "error.auth.not_authorized")
except client.exceptions.UserNotFoundException as ex:
log.info("Invalid user: {}".format(username))
raise CognitoAuthError(ex, "error.auth.invalid_user")
except client.exceptions.UserNotConfirmedException as ex:
log.info("UserNotConfirmedException: {}".format(username))
raise CognitoAuthError(ex, "error.auth.unconfirmed_user")
def _get_auth_token(self):
aws = AWSSRP(username=self._username,
password=self._password,
pool_id=self._cognito_pool_id,
client_id=self._client_id,
pool_region=self._region_name)
token = aws.authenticate_user()
return token['AuthenticationResult']['IdToken']
def setUp(self):
self.cognito_user_pool_id = env('COGNITO_USER_POOL_ID')
self.app_id = env('COGNITO_APP_ID')
self.username = env('COGNITO_TEST_USERNAME')
self.password = env('COGNITO_TEST_PASSWORD')
self.aws = AWSSRP(username=self.username, password=self.password,
pool_id=self.cognito_user_pool_id,
client_id=self.app_id)
def get_alis_access_token():
config = configparser.ConfigParser()
config.read('./alis_connect.ini')
POOL_ID = 'ap-northeast-1_HNT0fUj4J'
POOL_REGION = 'ap-northeast-1'
CLIENT_ID = '2gri5iuukve302i4ghclh6p5rg'
USERNAME = config.get('DB', 'USERNAME')
PASSWORD = config.get('DB', 'PASSWORD')
aws = AWSSRP(username=USERNAME, password=PASSWORD, pool_id=POOL_ID, client_id=CLIENT_ID, pool_region=POOL_REGION)
id_token = aws.authenticate_user()['AuthenticationResult']['IdToken']
return id_token
def get_paid_token(username, password):
session = custom_session.Session(force_tlsv1=False)
prog_dialog = xbmcgui.DialogProgress()
prog_dialog.create('Logging in with mobile service')
prog_dialog.update(1, 'Obtaining user ID from AWS')
try:
client = boto3.client('cognito-idp',
region_name=config.AWS_REGION,
aws_access_key_id='',
aws_secret_access_key='')
aws = AWSSRP(username=username,
password=password,
pool_id=config.AWS_POOL_ID,
client_id=config.AWS_CLIENT_ID,
client=client)
except NameError:
raise TelstraAuthException('Paid subscriptions not supported on some '
'platforms of Kodi < 18. Please upgrade to '
'Kodi 18 to resolve this.')
try:
tokens = aws.authenticate_user().get('AuthenticationResult')
except Exception as e:
raise TelstraAuthException(str(e))
response = client.get_user(AccessToken=tokens.get('AccessToken'))
userid = response.get('Username')
prog_dialog.update(33, 'Obtaining oauth token')
config.OAUTH_DATA.update({'x-user-id': userid})
oauth_resp = session.post(config.OAUTH_URL, data=config.OAUTH_DATA)
oauth_json = json.loads(oauth_resp.text)
access_token = oauth_json.get('access_token')
session.headers = {}
session.headers.update(
{'Authorization': 'Bearer {0}'.format(access_token)})
prog_dialog.update(66, 'Checking for valid subscription')
try:
session.get(config.MEDIA_PURCHASE_URL.format(userid))
except requests.exceptions.HTTPError as e:
if e.response.status_code == 404:
message = json.loads(e.response.text).get('message')
raise TelstraAuthException(message)
else:
utils.log(json.loads(e.response.text).get('exception'))
raise TelstraAuthException('Unknown error. Please check the log '
'for more information.')
session.close()
prog_dialog.update(100, 'Finished!')
prog_dialog.close()
return json.dumps({'pai': str(userid), 'bearer': access_token})
def __init__(self, config, username=None, password=None, logger=None):
super(AMaaSPasswordSession, self).__init__(logger)
self.username = username or config.username
self.password = password or config.password
self.aws = AWSSRP(
username=self.username, password=self.password,
pool_id=config.cognito_pool_id,
pool_region=config.cognito_region,
client_id=config.cognito_client_id,
)
if self.needs_refresh():
self.login()
def getTokens(self):
"""Authenticates with Cognito. Return Cognito's tokens as a dict.
result format : {'AccessToken':'str','ExpiresIn':int,'IdToken':'str','RefreshToken':'str','TokenType':'str'}
See : https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AuthenticationResultType.html"""
self.aws = AWSSRP(
username=self.username,
password=self.password,
pool_id=self.poolID,
pool_region=self.poolRegion,
client_id=self.clientID) #todo : manage authentification error
self.cognitoTokens = self.aws.authenticate_user(
)['AuthenticationResult']
self.isConnected = True
return self.cognitoTokens
def setUp(self):
if env('USE_CLIENT_SECRET') == 'True':
self.client_secret = env('COGNITO_CLIENT_SECRET')
self.app_id = env('COGNITO_APP_WITH_SECRET_ID')
else:
self.app_id = env('COGNITO_APP_ID')
self.client_secret = None
self.cognito_user_pool_id = env('COGNITO_USER_POOL_ID')
self.username = env('COGNITO_TEST_USERNAME')
self.password = env('COGNITO_TEST_PASSWORD')
self.aws = AWSSRP(username=self.username,
password=self.password,
pool_id=self.cognito_user_pool_id,
client_id=self.app_id,
client_secret=self.client_secret)
def login():
body = app.current_request.json_body
aws = AWSSRP(username=body['email'],
password=body['password'],
pool_id=os.environ['APPUSERPOOLID'],
client_id=os.environ['APPCLIENTID'])
tokens = None
try:
if 'newpassword' in body:
tokens = aws.set_new_password_challenge(body['newpassword'])
else:
tokens = aws.authenticate_user()
return {'token': tokens, 'status': 'loggedin'}
except ForceChangePasswordException:
return {"status": "changepwd"}
class AWSSRPTestCase(unittest.TestCase):
def setUp(self):
if env('USE_CLIENT_SECRET') == 'True':
self.client_secret = env('COGNITO_CLIENT_SECRET')
self.app_id = env('COGNITO_APP_WITH_SECRET_ID')
else:
self.app_id = env('COGNITO_APP_ID')
self.client_secret = None
self.cognito_user_pool_id = env('COGNITO_USER_POOL_ID')
self.username = env('COGNITO_TEST_USERNAME')
self.password = env('COGNITO_TEST_PASSWORD')
self.aws = AWSSRP(username=self.username,
password=self.password,
pool_id=self.cognito_user_pool_id,
client_id=self.app_id,
client_secret=self.client_secret)
def tearDown(self):
del self.aws
def test_authenticate_user(self):
tokens = self.aws.authenticate_user()
self.assertTrue('IdToken' in tokens['AuthenticationResult'])
self.assertTrue('AccessToken' in tokens['AuthenticationResult'])
self.assertTrue('RefreshToken' in tokens['AuthenticationResult'])
def login(self, username, password):
client = self.__get_client()
params = {
'username': username,
'password': password,
'pool_id': self.pool_id,
'client_id': self.client_id,
'client': client
}
try:
aws = AWSSRP(**params)
response = aws.authenticate_user()
(self.keys, self.keys_iss) = self.__get_userpool_keys()
except:
return (False, None)
return (self.__get_result(response), response)
def login(username, password):
# Parse configuration
config = configparser.ConfigParser()
config.read(['fleet.cfg', os.path.expanduser('~/.fleet.cfg')])
cognito = config['cognito']
# Amazon Cognito User Pool - authenticate
client = boto3.client('cognito-idp')
aws = AWSSRP(username=username,
password=password,
pool_id=cognito['pool_id'],
client_id=cognito['client_id'],
client=client)
try:
tokens = aws.authenticate_user()
except ForceChangePasswordException:
ntries = 3
while ntries > 0:
try:
ntries -= 1
new_password = getpass.getpass('Enter new password: '******'ResponseMetadata']['HTTPHeaders'][
'x-amzn-errormessage']
print('\tERROR: {}'.format(errormessage))
if ntries == 0:
print('ERROR: Too many attempts to set password')
return {}
# TODO: implement PasswordResetRequiredException
# Amazon Cognito Federated Identities - get credentials
cognito_id = boto3.client('cognito-identity')
id_token = tokens['AuthenticationResult']['IdToken']
response = cognito_id.get_id(IdentityPoolId=cognito['identity_pool_id'],
Logins={cognito['login']: id_token})
identity_id = response['IdentityId']
# Amazon Cognito Federated Identities - get credentials
response = cognito_id.get_credentials_for_identity(
IdentityId=identity_id, Logins={cognito['login']: id_token})
return response
def login_email(username, password):
customLoginKey = "cognito-idp.us-east-1.amazonaws.com/us-east-1_917Igx5Ld"
aws = AWSSRP(username=username,
password=password,
pool_id=userPoolId,
client_id=clientId,
client=id_provider)
tokens = aws.authenticate_user(id_provider)["AuthenticationResult"]
idObj = client.get_id(AccountId=awsAccountId,
IdentityPoolId=identityPoolId,
Logins={customLoginKey: tokens["IdToken"]})
result = {
"IdentityId": idObj["IdentityId"],
"Logins": {
customLoginKey: tokens["IdToken"]
}
}
return jsonify(result)
def __init__(self, username, password, logger):
if not AMaaSSession.__shared_state:
AMaaSSession.__shared_state = self.__dict__
self.refresh_period = 45 * 60 # minutes * seconds
self.username = username
self.password = password
self.tokens = None
self.last_authenticated = None
self.session = requests.Session()
self.client = boto3.client('cognito-idp', COGNITO_REGION)
self.aws = AWSSRP(username=self.username,
password=self.password,
pool_id=COGNITO_POOL,
client_id=COGNITO_CLIENT_ID,
client=self.client)
self.logger = logger
else:
self.__dict__ = AMaaSSession.__shared_state
if self.needs_refresh():
self.login()
def generate_token(username, password):
"""Generate a Cognito token
:param str username: username
:param str password: password
"""
# Amazon Cognito User Pool - authenticate
client = boto3.client('cognito-idp', region_name=conf['region'])
# TODO region could change with user?
aws = AWSSRP( # AWSSRP -> AWS Secure Remote Password protocol
username = username,
password = password,
pool_id = conf['pool_id'],
client_id = conf['client_id'],
client = client
)
# get tokens
tokens = aws.authenticate_user()
id_token = tokens['AuthenticationResult']['IdToken']
return id_token
def cognito_login(username, password, pool_id, client_id, region, account_id, user_pool_id):
aws = AWSSRP(username=username, password=password, pool_id=user_pool_id, client_id=client_id, pool_region=region)
tokens = aws.authenticate_user()
id_token = tokens['AuthenticationResult']['IdToken']
access_token = tokens['AuthenticationResult']['AccessToken']
logins = {'cognito-idp.' + region + '.amazonaws.com/' + user_pool_id: id_token}
client = boto3.client('cognito-identity', region_name=region)
cognito_identity_id = client.get_id(
AccountId=str(account_id),
IdentityPoolId=pool_id,
Logins=logins
)
credentials = client.get_credentials_for_identity(
IdentityId=cognito_identity_id['IdentityId'],
Logins=logins
)
accesskey = credentials['Credentials']['AccessKeyId']
secretkey = credentials['Credentials']['SecretKey']
session_token = credentials['Credentials']['SessionToken']
service = 'execute-api'
return AWS4Auth(accesskey, secretkey, region, service, session_token=session_token), session_token, access_token
class AMaaSPasswordSession(AMaaSSession):
__session_cache = {}
def __new__(cls,
environment_config,
username=None,
password=None,
logger=None):
cache_key = (environment_config, username, password)
cached = cls.__session_cache.get(cache_key)
if not cached:
cached = super(AMaaSPasswordSession, cls).__new__(cls)
cls.__session_cache[cache_key] = cached
return cached
def __init__(self,
environment_config,
username=None,
password=None,
logger=None):
super(AMaaSPasswordSession, self).__init__(logger)
self.username = username
self.password = password
self.aws = AWSSRP(
username=self.username,
password=self.password,
pool_id=environment_config.cognito_pool,
client_id=environment_config.cognito_client_id,
pool_region=environment_config.cognito_region,
)
if self.needs_refresh():
self.login()
def login(self):
try:
self.logger.info("Attempting login for: %s", self.username)
tokens = self.aws.authenticate_user().get('AuthenticationResult')
self.logger.info("Login successful")
self.last_authenticated = datetime.utcnow()
self.session.headers.update(
{'Authorization': tokens.get('IdToken')})
except self.aws.client.exceptions.NotAuthorizedException:
self.logger.exception("Login failed")
self.last_authenticated = None
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import boto3
from getpass import getpass
from warrant.aws_srp import AWSSRP
from settings import *
# authenticate
cognito_idp = boto3.client('cognito-idp')
username = input('Email: ')
aws = AWSSRP(
username = username,
password = getpass('Password: '******'cognito-identity')
logins = {login: tokens['AuthenticationResult']['IdToken']}
identity = cognito_identity.get_id(
IdentityPoolId=identity_pool_id,
Logins=logins
)
# get credentials
credentials = cognito_identity.get_credentials_for_identity(
def connect(envfile_path=None):
"""
Connects to the MAGE server. The connection details may be passed in as an argument. Additional locations checked for the information include: ~/.env and ./.env
Args:
envfile_path (str, optional): Location of file that contains the connection parameters.
Returns:
bool: True on success, False on failure
"""
global client_id
global endpoint
username = None
password = None
home_env = expanduser("~/.env")
if envfile_path and not os.path.isfile(envfile_path):
print('[-] Error locating %s' % envfile_path)
for f in [home_env, '.env', envfile_path]:
if f and os.path.isfile(f):
load_dotenv(f)
username = os.getenv('COGNITO_USERNAME')
password = os.getenv('COGNITO_PASSWORD')
gql_url = os.getenv('GQL_URL')
pool_id = os.getenv('POOL_ID')
client_id = os.getenv('CLIENT_ID')
if not all([gql_url, pool_id, client_id]):
print(
'[-] You must supply a GQL_URL, POOL_ID, and CLIENT_ID in your environment'
)
print("""[!] You can create a .env file with these values at:
* ./.env
* in %s
* the location passed into the connect function""" % home_env)
return False
if not username or not password:
print('[!] Could not load Cognito credentials from .env file')
username, password = _get_credentials()
##########################
print('[*] Authenticating')
try:
u = AWSSRP(username=username,
password=password,
pool_id=pool_id,
client_id=client_id)
except botocore.exceptions.NoRegionError:
os.environ['AWS_DEFAULT_REGION'] = 'us-east-1'
u = AWSSRP(username=username,
password=password,
pool_id=pool_id,
client_id=client_id)
tokens = u.authenticate_user()
auth = tokens['AuthenticationResult']['AccessToken']
headers = {'Authorization': auth, 'Content-Type': 'application/json'}
endpoint = HTTPEndpoint(gql_url, headers, None)
print('[*] Retrieving client id')
client_id = Client.select('id').list()[0].id
return (client_id is not None and endpoint is not None)
USERNAME = '******'
PASSWORD = '******'
POOL_ID = 'us-east-1_AgAJAlp74'
CLIENT_ID = '7mic2g4j3tkve6sn2hns91uk91'
POOL_REGION = 'us-east-1'
IDENTITYPOOLID = 'us-east-1:e1a2e785-6445-4a73-8b2c-e4395ec34a09'
# athenticate user using SRP and time it
Mastertic = time.time()
tic = time.time()
aws = AWSSRP(username=USERNAME,
password=PASSWORD,
pool_id=POOL_ID,
client_id=CLIENT_ID,
pool_region=POOL_REGION)
tokens = aws.authenticate_user()
toc = time.time()
print("time to authenticate the user in pool", toc - tic)
id_token = tokens['AuthenticationResult']['IdToken']
refresh_token = tokens['AuthenticationResult']['RefreshToken']
access_token = tokens['AuthenticationResult']['AccessToken']
token_type = tokens['AuthenticationResult']['TokenType']
print id_token
#federate user and time it
class FunkAPI:
API_ENDPOINT = "https://appapi.funk.services/"
API_KEY = "FZ3OkFFfdMahh4a1xagOnaon39pUpml732kkb2Aw"
AWS_REGION = "eu-central-1"
AWS_POOL_ID = "eu-central-1_ZPDpzBJy4"
AWS_CLIENT_ID = "3asd34f9vfrg6pd2mrbqhn3g3r"
def __init__(self, username, password, token=None, always_test_token=False):
self.username = username
self.password = password
self.always_test_token = always_test_token
self.client = boto3.client('cognito-idp', region_name=self.AWS_REGION, aws_access_key_id="",
aws_secret_access_key="")
self.aws = AWSSRP(username=self.username, password=self.password,
pool_id=self.AWS_POOL_ID,
client_id=self.AWS_CLIENT_ID, client=self.client)
self.token = None
self.getToken(token=token)
self.data = None
self.getData()
# TOKEN
def getToken(self, refresh=False, token=None):
if token is not None:
if self.testToken(token):
self.token = token
return self.token
self.getToken(refresh=True)
if self.token is None or refresh or (
False if not self.always_test_token else not self.testToken(self.token)):
self.token = self.aws.authenticate_user(
)["AuthenticationResult"]["AccessToken"]
return self.token
def testToken(self, token):
if token is None:
return False
json = {"operationName": "CustomerForDashboardQuery", "variables": {},
"query": "query CustomerForDashboardQuery { me { id } }"}
req = requests.post(self.API_ENDPOINT, json=json,
headers={
"x-api-key": self.API_KEY,
"Authorization": "Bearer " + token
})
result = req.json()
if "errors" in result.keys():
return False
return True
# DATA
def getData(self, refresh=False):
json = {"operationName": "CustomerForDashboardQuery", "variables": {},
"query": "query CustomerForDashboardQuery {\n me {\n ...CustomerForDashboardFragment\n __typename\n }\n}\n\nfragment CustomerForDashboardFragment on Customer {\n id\n details {\n ...DetailsFragment\n __typename\n }\n customerProducts {\n ...ProductFragment\n __typename\n }\n __typename\n}\n\nfragment DetailsFragment on Details {\n firstName\n lastName\n dateOfBirth\n contactEmail\n __typename\n}\n\nfragment ProductFragment on FUNKCustomerProduct {\n id\n state\n paymentMethods {\n ...PaymentMethodFragment\n __typename\n }\n mobileNumbers {\n ...MobileNumberFragment\n __typename\n }\n sims {\n ...SIMFragment\n __typename\n }\n tariffs: tariffCustomerProductServices {\n ...TariffFragment\n __typename\n }\n __typename\n}\n\nfragment PaymentMethodFragment on PaymentMethod {\n id\n state\n approvalChallenge {\n approvalURL\n __typename\n }\n agreement {\n state\n payerInfo {\n payerID\n email\n __typename\n }\n __typename\n }\n __typename\n}\n\nfragment MobileNumberFragment on MobileNumberCPS {\n id\n number\n state\n usage {\n usedDataPercentage\n __typename\n }\n productServiceId\n productServiceInfo {\n id\n label\n __typename\n }\n ... on MNPImportCustomerProductService {\n otherProviderShortcut\n otherProviderCustomName\n otherContract {\n contractType\n mobileNumber\n mobileNumberIsVerified\n __typename\n }\n mnpInfos {\n confirmedPortingDate\n lastPortingResult\n problemCode\n problemReason\n __typename\n }\n __typename\n }\n __typename\n}\n\nfragment SIMFragment on SIMCustomerProductService {\n id\n networkState\n state\n iccid\n delivery {\n state\n trackingDetails {\n stateId\n stateLabel\n trackingURL\n __typename\n }\n deliveryProvider\n address {\n city\n additionalInfo\n __typename\n }\n __typename\n }\n __typename\n}\n\nfragment TariffFragment on TariffCustomerProductService {\n id\n booked\n starts\n state\n productServiceId\n productServiceInfo {\n id\n label\n follower {\n id\n label\n __typename\n }\n marketingInfo {\n name\n __typename\n }\n __typename\n }\n __typename\n}\n"}
if self.data is None or refresh:
req = requests.post(self.API_ENDPOINT, json=json,
headers={
"x-api-key": self.API_KEY,
"Authorization": "Bearer " + self.getToken()
})
self.data = req.json()
return self.data
def getPersonalInfo(self, refreshData=False):
data = self.getData(refresh=refreshData)["data"]["me"]
personalInfo = {"id": data["id"], **data["details"]}
del personalInfo["__typename"]
return personalInfo
def getOrderedProducts(self, refreshData=False):
return self.getData(refresh=refreshData)["data"]["me"]["customerProducts"]
def getCurrentTariff(self, refreshData=False):
return self.getData(refresh=refreshData)["data"]["me"]["customerProducts"][0]["tariffs"][-1]
# TARIFFS
def orderTariff(self, tariffID, productID=None, refreshData=True):
if productID is None:
productID = self.getOrderedProducts()[0]["id"]
json = {"operationName": "AddTariffToProductMutation",
"variables": {"productID": productID, "tariffID": str(tariffID)},
"query": "mutation AddTariffToProductMutation($productID: String!, $tariffID: String!) {\n tariffAddToCustomerProduct(customerProductId: $productID, productServiceId: $tariffID) {\n ...TariffFragment\n __typename\n }\n}\n\nfragment TariffFragment on TariffCustomerProductService {\n id\n booked\n starts\n state\n productServiceId\n productServiceInfo {\n id\n label\n follower {\n id\n label\n __typename\n }\n marketingInfo {\n name\n __typename\n }\n __typename\n }\n __typename\n}\n"}
req = requests.post(self.API_ENDPOINT, json=json,
headers={
"x-api-key": self.API_KEY,
"Authorization": "Bearer " + self.getToken()
})
self.getData(refresh=refreshData)
return req.json()
def removeProduct(self, personalTariffID, refreshData=True):
json = {"operationName": "TerminateTariffMutation",
"variables": {"tariffID": personalTariffID},
"query": "mutation TerminateTariffMutation($tariffID: String!) {\n tariffTerminate(customerProductServiceId: $tariffID) {\n ...TariffFragment\n __typename\n }\n}\n\nfragment TariffFragment on TariffCustomerProductService {\n id\n booked\n starts\n state\n productServiceId\n productServiceInfo {\n id\n label\n follower {\n id\n label\n __typename\n }\n marketingInfo {\n name\n __typename\n }\n __typename\n }\n __typename\n}\n"}
req = requests.post(self.API_ENDPOINT, json=json,
headers={
"x-api-key": self.API_KEY,
"Authorization": "Bearer " + self.getToken()
})
self.getData(refresh=refreshData)
return req.json()
def order1GBTariff(self, **kwargs):
return self.orderTariff(9, **kwargs)
def orderUnlimitedTariff(self, **kwargs):
return self.orderTariff(8, **kwargs)
def startPause(self, **kwargs):
return self.orderTariff(42, **kwargs)
def stopLatestTariff(self, productIndex=0, **kwargs):
personalTariffID = self.getOrderedProducts(
)[productIndex]["tariffs"][-1]["id"]
self.removeProduct(personalTariffID, **kwargs)
class AWSSRPTestCase(unittest.TestCase):
def setUp(self):
if env('USE_CLIENT_SECRET') == 'True':
self.client_secret = env('COGNITO_CLIENT_SECRET')
self.app_id = env('COGNITO_APP_WITH_SECRET_ID', 'app')
else:
self.app_id = env('COGNITO_APP_ID', 'app')
self.client_secret = None
self.cognito_user_pool_id = env('COGNITO_USER_POOL_ID',
'us-east-1_123456789')
self.username = env('COGNITO_TEST_USERNAME')
self.password = env('COGNITO_TEST_PASSWORD')
self.aws = AWSSRP(username=self.username,
password=self.password,
pool_region='us-east-1',
pool_id=self.cognito_user_pool_id,
client_id=self.app_id,
client_secret=self.client_secret)
def tearDown(self):
del self.aws
@patch('warrant.aws_srp.AWSSRP.get_auth_params', _mock_get_params)
@patch('warrant.aws_srp.AWSSRP.process_challenge', return_value={})
def test_authenticate_user(self, _):
stub = Stubber(self.aws.client)
# By the stubber nature, we need to add the sequence
# of calls for the AWS SRP auth to test the whole process
stub.add_response(method='initiate_auth',
service_response={
'ChallengeName': 'PASSWORD_VERIFIER',
'ChallengeParameters': {}
},
expected_params={
'AuthFlow': 'USER_SRP_AUTH',
'AuthParameters': _mock_get_params(None),
'ClientId': self.app_id
})
stub.add_response(method='respond_to_auth_challenge',
service_response={
'AuthenticationResult': {
'IdToken': 'dummy_token',
'AccessToken': 'dummy_token',
'RefreshToken': 'dummy_token'
}
},
expected_params={
'ClientId': self.app_id,
'ChallengeName': 'PASSWORD_VERIFIER',
'ChallengeResponses': {}
})
with stub:
tokens = self.aws.authenticate_user()
self.assertTrue('IdToken' in tokens['AuthenticationResult'])
self.assertTrue('AccessToken' in tokens['AuthenticationResult'])
self.assertTrue('RefreshToken' in tokens['AuthenticationResult'])
stub.assert_no_pending_responses()
class AMaaSSession(object):
__shared_state = {}
def __init__(self, username, password, logger):
if not AMaaSSession.__shared_state:
AMaaSSession.__shared_state = self.__dict__
self.refresh_period = 45 * 60 # minutes * seconds
self.username = username
self.password = password
self.tokens = None
self.last_authenticated = None
self.session = requests.Session()
self.client = boto3.client('cognito-idp', COGNITO_REGION)
self.aws = AWSSRP(username=self.username,
password=self.password,
pool_id=COGNITO_POOL,
client_id=COGNITO_CLIENT_ID,
client=self.client)
self.logger = logger
else:
self.__dict__ = AMaaSSession.__shared_state
if self.needs_refresh():
self.login()
def needs_refresh(self):
if not (self.last_authenticated and
(datetime.utcnow() - self.last_authenticated).seconds <
self.refresh_period):
return True
else:
return False
def login(self):
self.logger.info("Attempting login for: %s", self.username)
try:
self.tokens = self.aws.authenticate_user().get(
'AuthenticationResult')
self.logger.info("Login successful")
self.last_authenticated = datetime.utcnow()
self.session.headers.update(
{'Authorization': self.tokens.get('IdToken')})
except self.client.exceptions.NotAuthorizedException as e:
self.logger.info("Login failed")
self.logger.error(e.response.get('Error'))
self.last_authenticated = None
def put(self, url, data=None, **kwargs):
# Add a refresh
if self.last_authenticated and not self.needs_refresh():
return self.session.put(url=url, data=data, **kwargs)
else:
raise AMaaSException('Not Authenticated')
def post(self, url, data=None, **kwargs):
# Add a refresh
if self.last_authenticated and not self.needs_refresh():
return self.session.post(url=url, data=data, **kwargs)
else:
raise AMaaSException('Not Authenticated')
def delete(self, url, **kwargs):
# Add a refresh
if self.last_authenticated and not self.needs_refresh():
return self.session.delete(url=url, **kwargs)
else:
raise AMaaSException('Not Authenticated')
def get(self, url, **kwargs):
# Add a refresh
if self.last_authenticated and not self.needs_refresh():
return self.session.get(url=url, **kwargs)
else:
raise AMaaSException('Not Authenticated')
def patch(self, url, data=None, **kwargs):
# Add a refresh
if self.last_authenticated and not self.needs_refresh():
return self.session.patch(url=url, data=data, **kwargs)
else:
raise AMaaSException('Not Authenticated')
def __auth(self, user, pwd):
aws = AWSSRP(username=user, password=pwd, pool_id=self.POOL_ID, client_id=self.CLIENT_ID, pool_region=self.POOL_REGION)
id_token = aws.authenticate_user()['AuthenticationResult']['IdToken']
self.headers = {'Authorization': id_token}
