def decrypt_jwt_token(self, token):
try:
if token:
logging.debug("Decrypting signed JWT " + strings.to_str(token))
tokens = token.split('.')
if len(tokens) != 5:
raise InvalidTokenException("Incorrect size")
jwe_protected_header = tokens[0]
self.__check_jwe_protected_header(jwe_protected_header)
encrypted_key = tokens[1]
encoded_iv = tokens[2]
decrypted_key = self._decrypt_key(encrypted_key)
iv = self._base64_decode(encoded_iv)
if not self._check_iv_length(iv):
raise InvalidTokenException("IV incorrect length")
if not self._check_cek_length(decrypted_key):
raise InvalidTokenException("CEK incorrect length")
signed_token = super().decrypt(token)
return self.decode_signed_jwt_token(signed_token)
else:
raise NoTokenException("JWT Missing")
except (jwt.DecodeError, InvalidTag, InternalError, ValueError,
AssertionError) as e:
raise InvalidTokenException(repr(e))
def send_feedback():
if 'action[sign_out]' in request.form:
return redirect(url_for('session.get_sign_out'))
metadata = get_metadata(current_user)
if not metadata:
raise NoTokenException(401)
form = FeedbackForm()
if form.validate():
message = convert_feedback(
escape(request.form.get('message')),
escape(request.form.get('name')),
escape(request.form.get('email')),
request.referrer or '',
metadata,
g.schema.json['survey_id'],
)
encrypted_message = encrypt(message, current_app.eq['key_store'], key_purpose=KEY_PURPOSE_SUBMISSION)
sent = current_app.eq['submitter'].send_message(encrypted_message,
current_app.config['EQ_RABBITMQ_QUEUE_NAME'],
metadata['tx_id'])
if not sent:
raise SubmissionFailedException()
if request.form.get('redirect', 'true') == 'true':
return redirect(url_for('feedback.thank_you'))
return '', 200
def before_questionnaire_request():
metadata = get_metadata(current_user)
if not metadata:
raise NoTokenException(401)
logger.bind(tx_id=metadata['tx_id'])
values = request.view_args
logger.bind(eq_id=values['eq_id'],
form_type=values['form_type'],
ce_id=values['collection_id'])
logger.info('questionnaire request',
method=request.method,
url_path=request.full_path)
_check_same_survey(
url_eq_id=values['eq_id'],
url_form_type=values['form_type'],
url_collection_id=values['collection_id'],
session_eq_id=metadata['eq_id'],
session_form_type=metadata['form_type'],
session_collection_id=metadata['collection_exercise_sid'])
session_data = get_session_store().session_data
g.schema = load_schema_from_session_data(session_data)
def jwt_login(request):
"""
Login using a JWT token, this must be an encrypted JWT.
:param request: The flask request
"""
# clear the session entry in the database
session_storage.clear()
# also clear the secure cookie data
session.clear()
if request.args.get('token') is None:
raise NoTokenException("Please provide a token")
token = _jwt_decrypt(request)
# once we've decrypted the token correct
# check we have the required user data
_check_user_data(token)
# get the hashed user id for eq
user_id = UserIDGenerator.generate_id(token)
user_ik = UserIDGenerator.generate_ik(token)
# store the user id in the session
session_storage.store_user_id(user_id)
# store the user ik in the cookie
session_storage.store_user_ik(user_ik)
# store the meta data
metadata = parse_metadata(token)
logger.bind(tx_id=metadata["tx_id"])
questionnaire_store = get_questionnaire_store(user_id, user_ik)
questionnaire_store.metadata = metadata
questionnaire_store.add_or_update()
logger.info("user authenticated")
def before_questionnaire_request():
metadata = get_metadata(current_user)
if not metadata:
raise NoTokenException(401)
logger.bind(tx_id=metadata['tx_id'])
values = request.view_args
if check_multiple_survey(metadata, values):
raise MultipleSurveyError
logger.bind(eq_id=values['eq_id'],
form_type=values['form_type'],
ce_id=values['collection_id'])
logger.info('questionnaire request',
method=request.method,
url_path=request.full_path)
session_store = get_session_store()
session_data = session_store.session_data
language_code = request.args.get('language_code')
if language_code:
session_data.language_code = language_code
session_store.save()
g.schema = load_schema_from_session_data(session_data)
def metadata_context_wrapper(*args, **kwargs):
metadata = get_metadata(current_user)
if not metadata:
raise NoTokenException(401)
metadata_context = build_metadata_context(metadata)
return func(*args, metadata_context=metadata_context, **kwargs)
def decrypt_token(encrypted_token):
if not encrypted_token:
raise NoTokenException('Please provide a token')
logger.debug('decrypting token')
decrypted_token = decrypt(token=encrypted_token,
key_store=current_app.eq['key_store'],
key_purpose=KEY_PURPOSE_AUTHENTICATION,
leeway=current_app.config['EQ_JWT_LEEWAY_IN_SECONDS'])
logger.debug('token decrypted')
return decrypted_token
def decrypt_token(encrypted_token: str) -> dict[str, Union[str, list, int]]:
if not encrypted_token:
raise NoTokenException("Please provide a token")
logger.debug("decrypting token")
decrypted_token: dict[str, Union[str, list, int]] = decrypt(
token=encrypted_token,
key_store=current_app.eq["key_store"], # type: ignore
key_purpose=KEY_PURPOSE_AUTHENTICATION,
leeway=current_app.config["EQ_JWT_LEEWAY_IN_SECONDS"],
)
logger.debug("token decrypted")
return decrypted_token
def before_post_submission_request():
session_store = get_session_store()
if not session_store or not session_store.session_data:
raise NoTokenException(401)
session_data = session_store.session_data
g.schema = load_schema_from_session_data(session_data)
logger.bind(tx_id=session_data.tx_id)
values = request.view_args
logger.bind(eq_id=values['eq_id'], form_type=values['form_type'])
logger.info('questionnaire request',
method=request.method,
url_path=request.full_path)
metadata_from_session_data = {
'tx_id': session_data.tx_id,
'eq_id': session_data.eq_id,
'form_type': session_data.form_type,
}
if check_multiple_survey(metadata_from_session_data, values):
raise NoTokenException(401)
def before_post_submission_request():
session_store = get_session_store()
if not session_store or not session_store.session_data:
raise NoTokenException(401)
session_data = session_store.session_data
handle_language()
g.schema = load_schema_from_session_data(session_data)
logger.bind(tx_id=session_data.tx_id, schema_name=session_data.schema_name)
logger.info(
"questionnaire request", method=request.method, url_path=request.full_path
)
def decode_signed_jwt_token(self, signed_token, leeway):
try:
if signed_token:
logger.debug("decoding signed jwt", jwt_token=strings.to_str(signed_token))
self._check_token(signed_token)
token = jwt.decode(signed_token, self.rrm_public_key, algorithms=['RS256'],
leeway=leeway)
if not token:
raise InvalidTokenException("Missing Payload")
return token
else:
raise NoTokenException("JWT Missing")
except (jwt.DecodeError,
jwt.exceptions.InvalidAlgorithmError,
jwt.exceptions.ExpiredSignatureError,
jwt.exceptions.InvalidIssuedAtError) as e:
raise InvalidTokenException(repr(e))
def before_questionnaire_request():
metadata = get_metadata(current_user)
if not metadata:
raise NoTokenException(401)
logger.bind(
tx_id=metadata["tx_id"],
schema_name=metadata["schema_name"],
ce_id=metadata["collection_exercise_sid"],
questionnaire_id=metadata["questionnaire_id"],
)
logger.info(
"questionnaire request", method=request.method, url_path=request.full_path
)
handle_language()
session_store = get_session_store()
g.schema = load_schema_from_session_data(session_store.session_data)
def decrypt_token(encrypted_token):
logger.debug("decrypting token")
if encrypted_token is None:
raise NoTokenException("Please provide a token")
decoder = JWTDecryptor(
current_app.config['EQ_USER_AUTHENTICATION_SR_PRIVATE_KEY'],
current_app.config['EQ_USER_AUTHENTICATION_SR_PRIVATE_KEY_PASSWORD'],
current_app.config['EQ_USER_AUTHENTICATION_RRM_PUBLIC_KEY'],
)
decrypted_token = decoder.decrypt_jwt_token(
encrypted_token,
current_app.config['EQ_JWT_LEEWAY_IN_SECONDS'],
)
valid, field = is_valid_metadata(decrypted_token)
if not valid:
raise InvalidTokenException("Missing value {}".format(field))
logger.debug("token decrypted")
return decrypted_token
def before_post_submission_request():
session_store = get_session_store()
if not session_store or not session_store.session_data:
raise NoTokenException(401)
session_data = session_store.session_data
g.schema = load_schema_from_session_data(session_data)
logger.bind(tx_id=session_data.tx_id)
values = request.view_args
logger.bind(eq_id=values['eq_id'], form_type=values['form_type'])
logger.info('questionnaire request',
method=request.method,
url_path=request.full_path)
_check_same_survey(url_eq_id=values['eq_id'],
url_form_type=values['form_type'],
url_collection_id='',
session_eq_id=session_data.eq_id,
session_form_type=session_data.form_type,
session_collection_id='')
def test_no_token_exception():
no_token = NoTokenException("test")
assert "test" == str(no_token)
def test(self):
no_token = NoTokenException('test')
self.assertEqual('test', str(no_token))
def test(self):
no_token = NoTokenException("test")
self.assertEqual("test", str(no_token))
