def get_user_from_req():
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
jwt = JWT()
m = jwt.decode(auth_token, jwt_key_pub)
user_id = m['sub']
user = datastore.find_user_by_id(user_id)
now = datetime.now()
exp = datetime.utcfromtimestamp(m['exp'])
if m['iss'] == 'dc_games' and user and exp > now:
return user
else:
return None
else:
return None
def get_auth_header(installation_id, priv_key):
payload = {
"iss": 5168,
"iat": int(time.time()),
"exp": int(time.time()) + 300
}
jwt = JWT()
token = jwt.encode(payload, priv_key, 'RS256')
# url = "https://api.github.com/app"
url = "https://api.github.com/installations/%s/access_tokens" % installation_id
headers = {
'Accept': 'application/vnd.github.machine-man-preview+json',
'Authorization': 'Bearer ' + token
}
r = requests.post(url, headers=headers)
ret_headers = {
"Authorization": "token " + r.json()["token"],
"Accept": "application/vnd.github.machine-man-preview+json"
}
return ret_headers
def login(self, email, password):
r = self.post('/auth/login', {'email': email, 'password': password})
r_json = json.loads(r.text)
if 'status' in r_json and r_json['status'] == 'success':
if r_json['auth_token']:
self.auth_token = r_json['auth_token']
jwt = JWT()
decoded_payload = JWT.decode(jwt,
self.auth_token,
do_verify=False)
self.sub = decoded_payload['sub']
self.team_name = decoded_payload['team_name']
self.team_researcher = decoded_payload['team_researcher']
self.admin = decoded_payload['admin']
self.session.headers.update(
{'Authorization': 'Bearer ' + self.auth_token})
return True
return False
def genToken(appid):
exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=10)
exp = calendar.timegm(exp.timetuple())
message = {
'iat': int(time.time()),
'exp': exp,
'iss': 39594,
}
with open('tesseract-issue.pem', 'rb') as fh:
signing_key = jwk_from_pem(fh.read())
jwt = JWT()
compact_jws = jwt.encode(message, signing_key, 'RS256')
data = {
'Authorization': f'Bearer {compact_jws}',
'Accept': 'application/vnd.github.machine-man-preview+json'
}
r = requests.post(
url=f"https://api.github.com/app/installations/{appid}/access_tokens",
headers=data)
data = r.json()
token = data["token"]
return token
def generate_jwt_token(private_key):
current_time = int(time.time())
return JWT().encode(
{
# Issued at time
'iat': current_time,
# JWT expiration time (10 minute maximum)
'exp': current_time + 10 * 60,
# GitHub app identifier
'iss': 94194,
},
private_key,
alg='RS256')
def get_token():
os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
# Open a web-browser for OAuth Login to Microsoft Online
oauth = OAuth2Session(
client_id="b36b1432-1a1c-4c82-9b76-24de1cab42f2",
redirect_uri="urn:ietf:wg:oauth:2.0:oob",
)
authorization_url, state = oauth.authorization_url(
url="https://login.microsoftonline.com/common/oauth2/authorize",
resource="https://meeservices.minecraft.net",
)
webbrowser.open(authorization_url)
print(
"Your browser will open to log into the system. Once done it will then try to open an invalid URL beginning with:"
)
print(" urn:ietf:wg:oauth:2.0:oob?code=")
print(
"Please copy and paste that entire URL below. In Chrome you should right click the message box and choose 'copy full text"
)
print(
"which will grab all the text. You can use this as well as we will ignore the message text"
)
print("\n\n")
while True:
authorization_response = re.search(
"urn[^ ]+", input('Enter the full url (or text): ')).group(0)
if ".." in authorization_response:
print(
"You have provided a shortened response. Try right clicking the message box and choosing 'copy full text' "
)
continue
break
token = oauth.fetch_token(
token_url="https://login.microsoftonline.com/common/oauth2/token",
authorization_response=authorization_response,
include_client_id=True,
)
# Get Tenant ID from access_token
access = JWT().decode(token["access_token"],
do_verify=False,
do_time_check=False)
return access["tid"], token["refresh_token"]
def get_jwt_token(token_type: TokenType, email: str, user_info: object, oauth_token: object):
"""Gets a signed JWT token for the specified OAuth provider"""
now = time.time()
message = {
'iss': os.environ['TOKEN_ISSUER'],
'sub': email,
'iat': now,
'aud': 'postgraphile',
'exp': now + TOKEN_VALIDITY,
'type': str(token_type),
'user_info': user_info,
'user_token': oauth_token,
'role': 'TBD for postgraphile',
'user_id': 'TBD for postgraphile'
}
signing_key = get_private_key()
return JWT().encode(message, signing_key, 'RS256')
def get(self):
user = users.get_current_user()
template = JINJA_ENVIRONMENT.get_template('client/add_suggestion.html')
if user:
username = user.nickname()
log_url = users.create_logout_url(self.request.uri)
log_url_linktext = 'Sign out'
token = JWT.create_token(user.email(), "insert")
template_values = {
'user': user,
'username': username,
'log_url': log_url,
'log_url_linktext': log_url_linktext,
'token': token,
}
self.response.write(template.render(template_values))
else:
self.redirect(users.create_login_url(self.request.uri))
def __init__(
self,
senseHost,
proxyPrefix,
userDirectory,
userId,
privateKeyPath,
userGroup=None,
ignoreCertErrors=False,
rootCA=None,
):
self.url = "wss://" + senseHost + "/" + proxyPrefix + "/app/engineData"
sslOpts = {}
if ignoreCertErrors:
sslOpts = {"cert_reqs": ssl.CERT_NONE}
else:
if rootCA is not None:
sslOpts = {'ca_certs': rootCA}
else:
sslOpts = None
payload = {'user': userId, 'directory': userDirectory}
if userGroup is not None:
payload['group'] = userGroup
privateKey = jwk_from_pem(open(privateKeyPath, "rb").read())
token = JWT().encode(key=privateKey,
alg='RS256',
payload=payload,
optional_headers={
'exp': (datetime.utcnow() +
timedelta(minutes=10)).isoformat()
})
self.ws = create_connection(
self.url,
sslopt=sslOpts,
header=['authorization: bearer ' + str(token)])
self.session = self.ws.recv()
