def test_auth(app, cognito_service_test_factory, token_service_test_factory,
client, test_view):
plugin = AWSCognitoAuthentication(
app,
_token_service_factory=token_service_test_factory,
_cognito_service_factory=cognito_service_test_factory,
)
app.route("/")(plugin.authentication_required(test_view))
res = client.get("/", headers={"Authorization": "Bearer good_token"})
assert res.status_code == 200
assert res.json == {"data": 123}
def test_no_auth_bad_token(app, cognito_service_test_factory,
token_service_test_factory, client, test_view):
plugin = AWSCognitoAuthentication(
app,
_token_service_factory=token_service_test_factory,
_cognito_service_factory=cognito_service_test_factory,
)
app.route("/")(plugin.authentication_required(test_view))
res = client.get("/", headers={"Authorization": "Bearer bad_token"})
assert res.status_code == 401
assert res.json == {"message": "test"}
def test_get_user_info(app, cognito_service_test_factory,
token_service_test_factory, test_access_token):
plugin = AWSCognitoAuthentication(
app,
_token_service_factory=token_service_test_factory,
_cognito_service_factory=cognito_service_test_factory,
)
with app.app_context():
assert plugin.token_service
assert plugin.cognito_service
plugin.get_user_info(test_access_token)
plugin.cognito_service.get_user_info.assert_called_with(
test_access_token)
def test_get_access_token(app, cognito_service_test_factory,
token_service_test_factory):
plugin = AWSCognitoAuthentication(
app,
_token_service_factory=token_service_test_factory,
_cognito_service_factory=cognito_service_test_factory,
)
with app.app_context():
assert plugin.token_service
assert plugin.cognito_service
req_args = {
"code": "code",
"state": "dc0de448b88af41d1cd06387ac2d5102"
}
plugin.get_access_token(req_args)
plugin.cognito_service.exchange_code_for_token.assert_called_with(
"code")
def get_aws_auth(server):
server.config['COGNITO_AUTH_CLIENT_ID'] = os.getenv("COGNITO_AUTH_CLIENT_ID")
server.config['COGNITO_AUTH_CLIENT_SECRET'] = os.getenv("COGNITO_AUTH_CLIENT_SECRET")
server.config['AWS_DEFAULT_REGION'] = os.getenv("DEFAULT_REGION")
server.config['AWS_COGNITO_DOMAIN'] = os.getenv("AWS_COGNITO_DOMAIN")
server.config['AWS_COGNITO_USER_POOL_ID'] = os.getenv("AWS_COGNITO_USER_POOL_ID")
server.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = os.getenv("COGNITO_AUTH_CLIENT_ID")
server.config['AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = os.getenv("COGNITO_AUTH_CLIENT_SECRET")
server.config['AWS_COGNITO_REDIRECT_URL'] = os.getenv("AWS_COGNITO_REDIRECT_URL")
server.config['JWT_TOKEN_LOCATION'] = ["cookies"]
server.config['JWT_IDENTITY_CLAIM'] = "sub"
server.config['JWT_ACCESS_COOKIE_NAME'] = "aws_token"
server.config['JWT_ACCESS_COOKIE_PATH'] = "/"
server.config['JWT_COOKIE_DOMAIN'] = os.getenv("JWT_COOKIE_DOMAIN")
server.config['JWT_COOKIE_SECURE'] = True
server.config['JWT_COOKIE_SAMESITE'] = 'None'
server.config['JWT_COOKIE_CSRF_PROTECT'] = False
server.config['JWT_COOKIE_CSRF_PROTECT'] = False
server.config['JWT_CSRF_IN_COOKIE'] = False
server.config['JWT_ACCESS_CSRF_FIELD_NAME'] = 'csrf-token'
server.config['JWT_ALGORITHM'] = "RS256"
server.config["JWT_PUBLIC_KEY"] = RSAAlgorithm.from_jwk(get_cognito_public_keys())
return AWSCognitoAuthentication(server)
app.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = ssm_parameters[
'/tag-tamer/cognito-app-client-id']
app.config['AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = ssm_parameters[
'/tag-tamer/cognito-app-client-secret-value']
app.config['AWS_COGNITO_REDIRECT_URL'] = ssm_parameters[
'/tag-tamer/cognito-redirect-url-value']
app.config['JWT_TOKEN_LOCATION'] = ssm_parameters[
'/tag-tamer/jwt-token-location']
app.config['JWT_ACCESS_COOKIE_NAME'] = ssm_parameters[
'/tag-tamer/jwt-access-cookie-name']
app.config['JWT_COOKIE_SECURE'] = ssm_parameters[
'/tag-tamer/jwt-cookie-secure']
app.config['JWT_COOKIE_CSRF_PROTECT'] = ssm_parameters[
'/tag-tamer/jwt-cookie-csrf-protect']
aws_auth = AWSCognitoAuthentication(app)
jwt = JWTManager(app)
# Allow users to sign into Tag Tamer via an AWS Cognito User Pool
@app.route('/log-in')
@app.route('/sign-in')
def sign_in():
return redirect(aws_auth.get_sign_in_url())
# Redirect the user to the Tag Tamer home page after successful AWS Cognito login
@app.route('/aws_cognito_redirect', methods=['GET'])
def aws_cognito_redirect():
access_token = None
access_token = aws_auth.get_access_token(request.args)
import boto3
import uuid
from werkzeug.utils import secure_filename
from flask import Flask, render_template, request, redirect, url_for, make_response
from flask_awscognito import AWSCognitoAuthentication
from flask import Blueprint, current_app
from flask_jwt_extended import (JWTManager, set_access_cookies,
verify_jwt_in_request_optional,
get_jwt_identity, jwt_required,
get_current_user, get_jwt_claims, get_raw_jwt)
from .tools import get_photos, upload_file_to_s3
from .forms import PhotoForm
from .utils import allowed_file
api = Blueprint('prod', __name__)
aws_auth = AWSCognitoAuthentication(current_app)
@api.route('/')
def index():
return render_template("index.html")
@api.route('/sign_in')
def sign_in():
return redirect(aws_auth.get_sign_in_url())
@api.route("/loggedin", methods=["GET"])
def logged_in():
access_token = aws_auth.get_access_token(request.args)
def aws_auth():
return AWSCognitoAuthentication(current_app)
