def decrypt_jwt_token(self, token): try: if token: logging.debug("Decrypting signed JWT " + strings.to_str(token)) tokens = token.split('.') if len(tokens) != 5: raise InvalidTokenException("Incorrect size") jwe_protected_header = tokens[0] self.__check_jwe_protected_header(jwe_protected_header) encrypted_key = tokens[1] encoded_iv = tokens[2] decrypted_key = self._decrypt_key(encrypted_key) iv = self._base64_decode(encoded_iv) if not self._check_iv_length(iv): raise InvalidTokenException("IV incorrect length") if not self._check_cek_length(decrypted_key): raise InvalidTokenException("CEK incorrect length") signed_token = super().decrypt(token) return self.decode_signed_jwt_token(signed_token) else: raise NoTokenException("JWT Missing") except (jwt.DecodeError, InvalidTag, InternalError, ValueError, AssertionError) as e: raise InvalidTokenException(repr(e))
def send_feedback(): if 'action[sign_out]' in request.form: return redirect(url_for('session.get_sign_out')) metadata = get_metadata(current_user) if not metadata: raise NoTokenException(401) form = FeedbackForm() if form.validate(): message = convert_feedback( escape(request.form.get('message')), escape(request.form.get('name')), escape(request.form.get('email')), request.referrer or '', metadata, g.schema.json['survey_id'], ) encrypted_message = encrypt(message, current_app.eq['key_store'], key_purpose=KEY_PURPOSE_SUBMISSION) sent = current_app.eq['submitter'].send_message(encrypted_message, current_app.config['EQ_RABBITMQ_QUEUE_NAME'], metadata['tx_id']) if not sent: raise SubmissionFailedException() if request.form.get('redirect', 'true') == 'true': return redirect(url_for('feedback.thank_you')) return '', 200
def before_questionnaire_request(): metadata = get_metadata(current_user) if not metadata: raise NoTokenException(401) logger.bind(tx_id=metadata['tx_id']) values = request.view_args logger.bind(eq_id=values['eq_id'], form_type=values['form_type'], ce_id=values['collection_id']) logger.info('questionnaire request', method=request.method, url_path=request.full_path) _check_same_survey( url_eq_id=values['eq_id'], url_form_type=values['form_type'], url_collection_id=values['collection_id'], session_eq_id=metadata['eq_id'], session_form_type=metadata['form_type'], session_collection_id=metadata['collection_exercise_sid']) session_data = get_session_store().session_data g.schema = load_schema_from_session_data(session_data)
def jwt_login(request): """ Login using a JWT token, this must be an encrypted JWT. :param request: The flask request """ # clear the session entry in the database session_storage.clear() # also clear the secure cookie data session.clear() if request.args.get('token') is None: raise NoTokenException("Please provide a token") token = _jwt_decrypt(request) # once we've decrypted the token correct # check we have the required user data _check_user_data(token) # get the hashed user id for eq user_id = UserIDGenerator.generate_id(token) user_ik = UserIDGenerator.generate_ik(token) # store the user id in the session session_storage.store_user_id(user_id) # store the user ik in the cookie session_storage.store_user_ik(user_ik) # store the meta data metadata = parse_metadata(token) logger.bind(tx_id=metadata["tx_id"]) questionnaire_store = get_questionnaire_store(user_id, user_ik) questionnaire_store.metadata = metadata questionnaire_store.add_or_update() logger.info("user authenticated")
def before_questionnaire_request(): metadata = get_metadata(current_user) if not metadata: raise NoTokenException(401) logger.bind(tx_id=metadata['tx_id']) values = request.view_args if check_multiple_survey(metadata, values): raise MultipleSurveyError logger.bind(eq_id=values['eq_id'], form_type=values['form_type'], ce_id=values['collection_id']) logger.info('questionnaire request', method=request.method, url_path=request.full_path) session_store = get_session_store() session_data = session_store.session_data language_code = request.args.get('language_code') if language_code: session_data.language_code = language_code session_store.save() g.schema = load_schema_from_session_data(session_data)
def metadata_context_wrapper(*args, **kwargs): metadata = get_metadata(current_user) if not metadata: raise NoTokenException(401) metadata_context = build_metadata_context(metadata) return func(*args, metadata_context=metadata_context, **kwargs)
def decrypt_token(encrypted_token): if not encrypted_token: raise NoTokenException('Please provide a token') logger.debug('decrypting token') decrypted_token = decrypt(token=encrypted_token, key_store=current_app.eq['key_store'], key_purpose=KEY_PURPOSE_AUTHENTICATION, leeway=current_app.config['EQ_JWT_LEEWAY_IN_SECONDS']) logger.debug('token decrypted') return decrypted_token
def decrypt_token(encrypted_token: str) -> dict[str, Union[str, list, int]]: if not encrypted_token: raise NoTokenException("Please provide a token") logger.debug("decrypting token") decrypted_token: dict[str, Union[str, list, int]] = decrypt( token=encrypted_token, key_store=current_app.eq["key_store"], # type: ignore key_purpose=KEY_PURPOSE_AUTHENTICATION, leeway=current_app.config["EQ_JWT_LEEWAY_IN_SECONDS"], ) logger.debug("token decrypted") return decrypted_token
def before_post_submission_request(): session_store = get_session_store() if not session_store or not session_store.session_data: raise NoTokenException(401) session_data = session_store.session_data g.schema = load_schema_from_session_data(session_data) logger.bind(tx_id=session_data.tx_id) values = request.view_args logger.bind(eq_id=values['eq_id'], form_type=values['form_type']) logger.info('questionnaire request', method=request.method, url_path=request.full_path) metadata_from_session_data = { 'tx_id': session_data.tx_id, 'eq_id': session_data.eq_id, 'form_type': session_data.form_type, } if check_multiple_survey(metadata_from_session_data, values): raise NoTokenException(401)
def before_post_submission_request(): session_store = get_session_store() if not session_store or not session_store.session_data: raise NoTokenException(401) session_data = session_store.session_data handle_language() g.schema = load_schema_from_session_data(session_data) logger.bind(tx_id=session_data.tx_id, schema_name=session_data.schema_name) logger.info( "questionnaire request", method=request.method, url_path=request.full_path )
def decode_signed_jwt_token(self, signed_token, leeway): try: if signed_token: logger.debug("decoding signed jwt", jwt_token=strings.to_str(signed_token)) self._check_token(signed_token) token = jwt.decode(signed_token, self.rrm_public_key, algorithms=['RS256'], leeway=leeway) if not token: raise InvalidTokenException("Missing Payload") return token else: raise NoTokenException("JWT Missing") except (jwt.DecodeError, jwt.exceptions.InvalidAlgorithmError, jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidIssuedAtError) as e: raise InvalidTokenException(repr(e))
def before_questionnaire_request(): metadata = get_metadata(current_user) if not metadata: raise NoTokenException(401) logger.bind( tx_id=metadata["tx_id"], schema_name=metadata["schema_name"], ce_id=metadata["collection_exercise_sid"], questionnaire_id=metadata["questionnaire_id"], ) logger.info( "questionnaire request", method=request.method, url_path=request.full_path ) handle_language() session_store = get_session_store() g.schema = load_schema_from_session_data(session_store.session_data)
def decrypt_token(encrypted_token): logger.debug("decrypting token") if encrypted_token is None: raise NoTokenException("Please provide a token") decoder = JWTDecryptor( current_app.config['EQ_USER_AUTHENTICATION_SR_PRIVATE_KEY'], current_app.config['EQ_USER_AUTHENTICATION_SR_PRIVATE_KEY_PASSWORD'], current_app.config['EQ_USER_AUTHENTICATION_RRM_PUBLIC_KEY'], ) decrypted_token = decoder.decrypt_jwt_token( encrypted_token, current_app.config['EQ_JWT_LEEWAY_IN_SECONDS'], ) valid, field = is_valid_metadata(decrypted_token) if not valid: raise InvalidTokenException("Missing value {}".format(field)) logger.debug("token decrypted") return decrypted_token
def before_post_submission_request(): session_store = get_session_store() if not session_store or not session_store.session_data: raise NoTokenException(401) session_data = session_store.session_data g.schema = load_schema_from_session_data(session_data) logger.bind(tx_id=session_data.tx_id) values = request.view_args logger.bind(eq_id=values['eq_id'], form_type=values['form_type']) logger.info('questionnaire request', method=request.method, url_path=request.full_path) _check_same_survey(url_eq_id=values['eq_id'], url_form_type=values['form_type'], url_collection_id='', session_eq_id=session_data.eq_id, session_form_type=session_data.form_type, session_collection_id='')
def test_no_token_exception(): no_token = NoTokenException("test") assert "test" == str(no_token)
def test(self): no_token = NoTokenException('test') self.assertEqual('test', str(no_token))
def test(self): no_token = NoTokenException("test") self.assertEqual("test", str(no_token))