def docs(): headers = CUSTOM_DEFAULT_HEADERS.copy() headers['Content-Type'] = "text/html" html_file = open_vendor_file('./public/swagger/index.html', 'r') html = html_file.read() return http_helper.create_response(body=html, status_code=200, headers=headers)
def get_datasources(self): with open_vendor_file('./datasources/standard.datasources.json', 'r') as f: stub_str = f.read() try: return json.loads(stub_str) except: raise Exception('Invalid JSON')
def generate_openapi_yml(spec_object, logger, force=False): openapi_data = spec_object.to_yaml() if os.environ['APP_ENV'] == 'development' or force: stream = open_vendor_file("./public/swagger/openapi.yml", "w") if stream: stream.write(openapi_data) stream.close()
def get_claims(self, token): try: app_client_id = os.environ[ 'AWS_POLL_CLIENT_ID'] if 'AWS_POLL_CLIENT_ID' in os.environ else '' headers = jwt.get_unverified_header(token) kid = headers['kid'] hmac_keys = json.loads( open_vendor_file('public/jwks.json', 'r').read()) keys = hmac_keys['keys'] key = None for i in range(len(keys)): if kid == keys[i]['kid']: key = keys[i] break if not key: self.logger.error('Public key not found') return False # construct the public key public_key = jwk.construct(key) # get the last two sections of the token, # message and signature (encoded in base64) message, encoded_signature = str(token).rsplit('.', 1) # decode the signature decoded_signature = base64url_decode( encoded_signature.encode('utf-8')) # verify the signature if not public_key.verify(message.encode("utf8"), decoded_signature): self.logger.error('Signature verification failed') return False self.logger.info('Signature successfully verified') # since we passed the verification, we can now safely # use the unverified claims claims = jwt.get_unverified_claims(token) # additionally we can verify the token expiration if time.time() > claims['exp']: self.logger.error('Token is expired') if not self.UNIT_TEST_ENV: return False # and the Audience (use claims['client_id'] if verifying an access token) if 'aud' in claims and claims['aud'] != app_client_id: self.logger.error('Token was not issued for this audience') return False # now we can use the claims return claims except Exception as err: self.logger.error(err) return False