def test_auth(app, cognito_service_test_factory, token_service_test_factory, client, test_view): plugin = AWSCognitoAuthentication( app, _token_service_factory=token_service_test_factory, _cognito_service_factory=cognito_service_test_factory, ) app.route("/")(plugin.authentication_required(test_view)) res = client.get("/", headers={"Authorization": "Bearer good_token"}) assert res.status_code == 200 assert res.json == {"data": 123}
def test_no_auth_bad_token(app, cognito_service_test_factory, token_service_test_factory, client, test_view): plugin = AWSCognitoAuthentication( app, _token_service_factory=token_service_test_factory, _cognito_service_factory=cognito_service_test_factory, ) app.route("/")(plugin.authentication_required(test_view)) res = client.get("/", headers={"Authorization": "Bearer bad_token"}) assert res.status_code == 401 assert res.json == {"message": "test"}
def test_get_user_info(app, cognito_service_test_factory, token_service_test_factory, test_access_token): plugin = AWSCognitoAuthentication( app, _token_service_factory=token_service_test_factory, _cognito_service_factory=cognito_service_test_factory, ) with app.app_context(): assert plugin.token_service assert plugin.cognito_service plugin.get_user_info(test_access_token) plugin.cognito_service.get_user_info.assert_called_with( test_access_token)
def test_get_access_token(app, cognito_service_test_factory, token_service_test_factory): plugin = AWSCognitoAuthentication( app, _token_service_factory=token_service_test_factory, _cognito_service_factory=cognito_service_test_factory, ) with app.app_context(): assert plugin.token_service assert plugin.cognito_service req_args = { "code": "code", "state": "dc0de448b88af41d1cd06387ac2d5102" } plugin.get_access_token(req_args) plugin.cognito_service.exchange_code_for_token.assert_called_with( "code")
def get_aws_auth(server): server.config['COGNITO_AUTH_CLIENT_ID'] = os.getenv("COGNITO_AUTH_CLIENT_ID") server.config['COGNITO_AUTH_CLIENT_SECRET'] = os.getenv("COGNITO_AUTH_CLIENT_SECRET") server.config['AWS_DEFAULT_REGION'] = os.getenv("DEFAULT_REGION") server.config['AWS_COGNITO_DOMAIN'] = os.getenv("AWS_COGNITO_DOMAIN") server.config['AWS_COGNITO_USER_POOL_ID'] = os.getenv("AWS_COGNITO_USER_POOL_ID") server.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = os.getenv("COGNITO_AUTH_CLIENT_ID") server.config['AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = os.getenv("COGNITO_AUTH_CLIENT_SECRET") server.config['AWS_COGNITO_REDIRECT_URL'] = os.getenv("AWS_COGNITO_REDIRECT_URL") server.config['JWT_TOKEN_LOCATION'] = ["cookies"] server.config['JWT_IDENTITY_CLAIM'] = "sub" server.config['JWT_ACCESS_COOKIE_NAME'] = "aws_token" server.config['JWT_ACCESS_COOKIE_PATH'] = "/" server.config['JWT_COOKIE_DOMAIN'] = os.getenv("JWT_COOKIE_DOMAIN") server.config['JWT_COOKIE_SECURE'] = True server.config['JWT_COOKIE_SAMESITE'] = 'None' server.config['JWT_COOKIE_CSRF_PROTECT'] = False server.config['JWT_COOKIE_CSRF_PROTECT'] = False server.config['JWT_CSRF_IN_COOKIE'] = False server.config['JWT_ACCESS_CSRF_FIELD_NAME'] = 'csrf-token' server.config['JWT_ALGORITHM'] = "RS256" server.config["JWT_PUBLIC_KEY"] = RSAAlgorithm.from_jwk(get_cognito_public_keys()) return AWSCognitoAuthentication(server)
app.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = ssm_parameters[ '/tag-tamer/cognito-app-client-id'] app.config['AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = ssm_parameters[ '/tag-tamer/cognito-app-client-secret-value'] app.config['AWS_COGNITO_REDIRECT_URL'] = ssm_parameters[ '/tag-tamer/cognito-redirect-url-value'] app.config['JWT_TOKEN_LOCATION'] = ssm_parameters[ '/tag-tamer/jwt-token-location'] app.config['JWT_ACCESS_COOKIE_NAME'] = ssm_parameters[ '/tag-tamer/jwt-access-cookie-name'] app.config['JWT_COOKIE_SECURE'] = ssm_parameters[ '/tag-tamer/jwt-cookie-secure'] app.config['JWT_COOKIE_CSRF_PROTECT'] = ssm_parameters[ '/tag-tamer/jwt-cookie-csrf-protect'] aws_auth = AWSCognitoAuthentication(app) jwt = JWTManager(app) # Allow users to sign into Tag Tamer via an AWS Cognito User Pool @app.route('/log-in') @app.route('/sign-in') def sign_in(): return redirect(aws_auth.get_sign_in_url()) # Redirect the user to the Tag Tamer home page after successful AWS Cognito login @app.route('/aws_cognito_redirect', methods=['GET']) def aws_cognito_redirect(): access_token = None access_token = aws_auth.get_access_token(request.args)
import boto3 import uuid from werkzeug.utils import secure_filename from flask import Flask, render_template, request, redirect, url_for, make_response from flask_awscognito import AWSCognitoAuthentication from flask import Blueprint, current_app from flask_jwt_extended import (JWTManager, set_access_cookies, verify_jwt_in_request_optional, get_jwt_identity, jwt_required, get_current_user, get_jwt_claims, get_raw_jwt) from .tools import get_photos, upload_file_to_s3 from .forms import PhotoForm from .utils import allowed_file api = Blueprint('prod', __name__) aws_auth = AWSCognitoAuthentication(current_app) @api.route('/') def index(): return render_template("index.html") @api.route('/sign_in') def sign_in(): return redirect(aws_auth.get_sign_in_url()) @api.route("/loggedin", methods=["GET"]) def logged_in(): access_token = aws_auth.get_access_token(request.args)
def aws_auth(): return AWSCognitoAuthentication(current_app)