class AccessToken: """ Access Token Util Class""" def __init__(self): self.__instance = JWT() self.__algorithm = "RS256" with open(get_root() + 'auth' + os.sep + 'jwtRS256_private.pem', 'rb') as fh: self.__signing_key = jwk_from_pem(fh.read()) with open(get_root() + 'auth' + os.sep + 'jwtRS256_public.pem', 'rb') as fh: self.__verifying_key = jwk_from_pem(fh.read()) def create_access_token(self, *, data: dict, expires_delta: timedelta = None) -> str: """Create Access Token Using JWT with RSA256 Encryption""" to_encode = data.copy() if expires_delta: expire = datetime.utcnow() + expires_delta else: expire = datetime.utcnow() + timedelta(minutes=15) to_encode.update({"ist": get_int_from_datetime(datetime.utcnow())}) to_encode.update({"exp": get_int_from_datetime(expire)}) encoded_jwt = self.__instance.encode(to_encode, self.__signing_key, self.__algorithm) return encoded_jwt def decode_access_token(self, *, token: str) -> Dict: """ Decode Access Token """ return self.__instance.decode(token, self.__verifying_key, do_time_check=False) def generate_password_reset_token(self, email: str) -> str: """ Generate Access Token for password Reset email""" delta = timedelta(hours=EmailSettings.EMAIL_RESET_TOKEN_EXPIRE_HOURS) now = datetime.utcnow() expires = now + delta encoded_jwt = self.__instance.encode( { "exp": get_int_from_datetime(expires), "ist": get_int_from_datetime(now), "sub": email }, self.__signing_key, alg=self.__algorithm, ) return encoded_jwt def verify_password_reset_token(self, token: str) -> Dict: """ Decode Access Token """ return self.__instance.decode(token, self.__verifying_key, do_time_check=False)
def sign_in(): if request.method == "GET": if get_jwt(): return redirect(url_for("videos")) else: return template("sign_in.html") if request.method == "POST": # Maybe use an actual db here? idk lol conn = sqlite3.connect(":memory:") c = conn.cursor() c.execute("CREATE TABLE users (username char, password char, privilege int)") c.execute("INSERT INTO users (username, password, privilege) VALUES ('Harry', 'P@ssw0rd123!s%dgyASD', 1);") c.execute("INSERT INTO users (username, password, privilege) VALUES ('John', 'cr1k3yth4ts4l0ngp4ss', 1);") c.execute("INSERT INTO users (username, password, privilege) VALUES ('Dave', 'p3rf3ct1nfr4structre', 1);") c.execute(f"SELECT * FROM users WHERE username = '******'user']}' AND password = '******'pass']}';") res = c.fetchall() if len(res) == 0: return template("sign_in.html", error="Invalid username / password.") if len(res) > 1: return template("sign_in.html", error="Attempting to login as more than one user!??") key = jwk.OctetJWK(bytes(JWT_SECRET, "utf-8")) jwt = JWT() jwt = jwt.encode({"user": res[0][0], "privilege": res[0][2]}, key, 'HS256') resp = make_response(redirect(url_for("videos"))) resp.set_cookie("auth", jwt) return resp
def genToken(appid): import json import datetime import time import calendar import requests from jwt import ( JWT, jwk_from_pem, ) exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=10) exp = calendar.timegm(exp.timetuple()) message = { 'iat': int(time.time()), 'exp': exp, 'iss': 39888, } with open('now-deploy.pem', 'rb') as fh: signing_key = jwk_from_pem(fh.read()) jwt = JWT() compact_jws = jwt.encode(message, signing_key, 'RS256') data = { 'Authorization': f'Bearer {compact_jws}', 'Accept': 'application/vnd.github.machine-man-preview+json' } r = requests.post( url=f"https://api.github.com/app/installations/{appid}/access_tokens", headers=data) data = r.json() token = data["token"] return token
def jwt_for_user(user): init = time.time() exp = datetime.now() + timedelta(hours=3) exp = time.mktime(exp.timetuple()) message = {'iss': 'dc_games', 'sub': user.id, 'iat': init, 'exp': exp} jwt = JWT() return jwt.encode(message, jwt_key_priv, 'RS256'), exp
def genToken(appid): exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=10) exp = calendar.timegm(exp.timetuple()) message = { 'iat': int(time.time()), 'exp': exp, 'iss': 41287, } signing_key = get_key() jwt = JWT() compact_jws = jwt.encode(message, signing_key, 'RS256') data = { 'Authorization': f'Bearer {compact_jws}', 'Accept': 'application/vnd.github.machine-man-preview+json' } r = requests.post( url=f"https://api.github.com/app/installations/{appid}/access_tokens", headers=data) data = r.json() token = data["token"] return token
def gen_jwt_token(self, user): token_dict = { 'username': user.username, 'phone': user.telephone, 'exp': time.time() + 24 * 3600, 'iat': time.time() } obj = JWT() token = obj.encode(token_dict, key=self.verifying_key) return token
def get_jwt(pem): # Encodes and returns JWT from jwt import JWT, jwk_from_pem payload = { "iat": int(time.time()), "exp": int(time.time()) + (10 * 60), "iss": os.environ.get("APP_ID"), } jwt = JWT() return jwt.encode(payload, jwk_from_pem(pem), "RS256")
def get_jwt(subject, name, issuer) -> str: ident = { 'sub': subject, 'name': name, 'iss': issuer, 'iat': get_int_from_datetime(datetime.now(timezone.utc)), } signing_key = get_signing_key() instance = JWT() return instance.encode(ident, signing_key, alg='RS256')
def create(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) if serializer.is_valid(raise_exception=True): print(request.data) account = Account.objects.filter(request.data) if account: account = JWT.encode(account, key='jhl') res = Response(serializer.data, status=status.HTTP_200_OK) res.set_cookie('account', account) return res return Response('No this account', status=status.HTTP_404_NOT_FOUND) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get_auth_header(installation_id, priv_key): payload = {"iss": 6166, "iat": int(time.time()), "exp": int(time.time()) + 300} jwt = JWT() token = jwt.encode(payload, priv_key, 'RS256') # url = "https://api.github.com/app" url = "https://api.github.com/installations/%s/access_tokens" % installation_id headers = {'Accept': 'application/vnd.github.machine-man-preview+json', 'Authorization': 'Bearer ' + token} r = requests.post(url, headers=headers) ret_headers = {"Authorization": "token " + r.json()["token"], "Accept": "application/vnd.github.machine-man-preview+json"} return ret_headers
def generate_token(self): jwt = JWT() # Generate the JWT payload = { # issued at time 'iat': int(time.time()), # JWT expiration time (10 minute maximum) 'exp': int(time.time()) + self.expiration, # GitHub App's identifier 'iss': self.iss } token = jwt.encode(payload, self.key, 'RS256') return token
def _get_jwt(self): """ This creates a JWT that can be used to retrieve an authentication token for the Github app.""" jwt = JWT() now = int(time.time()) payload = { "iat": now, "exp": now + (60), "iss": self.noisepage_repo_client.app_id } private_key = jwk_from_pem(str.encode(self.private_key)) return { "jwt": jwt.encode(payload, private_key, alg='RS256'), "exp": payload.get('exp') }
def compute_jwt_token(log, private_file, jwt_token_template=JWT_TEMPLATE, max_timeout_hours=DEFAULT_EXPIRE_TIME): jwt_token_template["exp"] = expires_timestamp(max_timeout_hours) fp_private_file = os.path.realpath(private_file) log.info("Opening private file: " + fp_private_file) log.debug("JWT: " + json.dumps(jwt_token_template)) jwt_token = "not-calculated" jwt_obj = JWT() with open(fp_private_file, "r", encoding="UTF-8") as priv_file_pointer: priv_key = jwk_from_pem(priv_file_pointer.read().encode()) jwt_token = jwt_obj.encode(jwt_token_template, priv_key, 'RS256') log.debug("Calculated JWT token: " + str(jwt_token)) return jwt_token return jwt_token
def make_sign_api_signature_upload_request(auth_method, access_token, digest, algorithm): jwt_client = JWT() signing_base_url = get_signing_base_path(auth_method) # patch for RSS support whilst requirements for local signing and RSS are different # todo: remove this logic once they are aligned if auth_method == "cis2": pem = DEMO_APP_LOCAL_SIGNING_PRIVATE_KEY.encode("utf-8") sub = DEMO_APP_CLIENT_ID iss = DEMO_APP_CLIENT_ID kid = DEMO_APP_KEY_ID else: # always 'simulated' (this will only support RSS Windows/IOS, smartcard simulated auth will fail as JWTs are different) pem = DEMO_APP_REMOTE_SIGNING_PRIVATE_KEY.encode("utf-8") sub = DEMO_APP_REMOTE_SIGNING_SUBJECT iss = DEMO_APP_REMOTE_SIGNING_ISSUER kid = DEMO_APP_REMOTE_SIGNING_KID signing_key = jwk_from_pem(pem) jwt_request = jwt_client.encode( { "sub": sub, "iss": iss, "aud": signing_base_url, "iat": time.time(), "exp": time.time() + 600, "payload": digest, "algorithm": algorithm, }, signing_key, alg="RS512", optional_headers={"kid": kid}, ) print("Sending Signing Service signature upload request...") print(jwt_request) return httpx.post( f"{signing_base_url}/signaturerequest", headers={ "Content-Type": "text/plain", "Authorization": f"Bearer {access_token}" }, data=jwt_request, verify=False, ).json()
class TokenHandler: def __init__(self): self.jwt = JWT() self.key = get_key() def generate_token(self, user): payload = { 'id': user.id, 'username': user.username, 'admin': user.is_staff } return {'token': self.jwt.encode(payload, self.key, 'RS256')} def decode_token(self, token): return self.jwt.decode(token, self.key, 'RS256') def get_user_id_token(self, token): payload = self.decode_token(token) return payload["id"]
def assertion_token(client_id, tenant_id, issuer, jwk): x5t = jwk['x5t'] signing_key = jwk_from_dict(jwk) now = time.mktime(datetime.now().timetuple()) headers = { 'x5t': x5t } json_data = { 'aud': issuer, 'exp': now + 60, 'iss': client_id, 'jti': str(uuid.uuid4()), 'nbf': now, 'sub': client_id } instance = JWT() return instance.encode(json_data, signing_key, alg='RS256', optional_headers=headers)
def create_jwt(app_id, private_key: bytes, expiration=60): """ Creates a signed JWT, valid for 60 seconds by default. The expiration can be extended beyond this, to a maximum of 600 seconds. :param app_id: Github App ID :param private_key: Github App Private Key in PEM format :param expiration: int :return: an encoded JWT """ now = int(time.time()) payload = { "iat": now, "exp": now + expiration, "iss": int(app_id) } jwt = JWT() return jwt.encode( payload, jwk_from_pem(private_key), "RS256" )
def post(): data = rest.request.get_json(silent=True) if data is None: response = jsonify({'data': {'success': False, 'code': 403, 'message': 'bad module name'}}) response.status_code = 403 return response username = data['username'] password = data['password'] if username != '!admin!' and password != '!admin!': user = PostGre().check_user(username, password) else: user = ['1'] if len(user) == 0: response = jsonify({'data': {'success': False, 'code': 401, 'message': 'Kullanıcı Adı veya Şifre Hatalı'}}) response.status_code = 401 return response else: instance = JWT() user_id = user[0][0] JWT_ALGORITHM = 'RS512' with open('/opt/ante-jamnet/helper/certs/rsa_private_key.pem', 'rb') as fh: signing_key = jwk_from_pem(fh.read()) payload = { 'iss': 'Ante-Jamnet', 'user_name': username, 'iat': get_int_from_datetime(datetime.now(timezone.utc)), 'user_id': user_id, 'exp': get_int_from_datetime( datetime.now(timezone.utc) + timedelta(hours=240)), } jwt_token = instance.encode(payload, signing_key, JWT_ALGORITHM) try: PostGre().set_user_token(user_id, username, jwt_token) except Exception as e: print(e) return {'data': {'success': True, 'token': jwt_token}}
import time import ssmenv import os from jwt import ( JWT, jwk_from_dict, jwk_from_pem, ) private_key = jwk_from_pem(os.environ['GITHUB_APP_PRIVATE_PEM'].encode()) timestamp = int(time.time()) payload = { 'iss': os.environ['GITHUB_APP_ID'], 'iat': timestamp, 'exp': timestamp + 60, } jwt = JWT() compact_jws = jwt.encode(payload, private_key, 'RS256') print(compact_jws)
def get_access_token(): try: debug_print('Starting app authentication against GitHub', func_name='get_access_token') pem_file_path = str(current_app.config.get('GITHUB_APP_PEM_PATH')) # This is the flow to request data about the app # https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app time_now = int(time.time()) payload = { 'iss': current_app.config.get('GITHUB_APP_ID'), 'iat': time_now, 'exp': time_now + (5 * 60) } debug_print('Opening PEM file for reading. PEM file path: {0}'.format(pem_file_path), func_name='get_access_token') with open(pem_file_path, 'rb') as f: private_key = jwk_from_pem(f.read()) f.close() debug_print('PEM file successfully read', func_name='get_access_token') jwtoken = JWT() jwsignature = jwtoken.encode(payload, private_key, 'RS256') api_app_url = 'https://api.github.com/app/installations' headers = { 'Authorization': 'Bearer {0}'.format(str(jwsignature)), 'Accept': 'application/vnd.github.machine-man-preview+json' } debug_print('Sending GET request to {0}'.format(api_app_url), func_name='get_access_token') response = requests.get(api_app_url, headers=headers) # Here starts the flow to acquire the access token # https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation if response.status_code == 200: #OK debug_print('GET request to {0} returned 200 OK'.format(api_app_url), func_name='get_access_token') json_content = json.loads(response.content.decode('utf8')) debug_print('Response content: {0}'.format(json_content), func_name='get_access_token') if type(json_content) is list: debug_print('Content is list...', func_name='get_access_token') # the github account may have more than one application installed for l in json_content: debug_print('json within content list: {0}'.format(l), func_name='get_access_token') if l.get('app_id') == int(current_app.config.get('GITHUB_APP_ID')): debug_print('found the right json: {0}'.format(l), func_name='get_access_token') json_content = l break debug_print('json_content before posting to the access tokens url: {0}'.format(json_content), func_name='get_access_token') access_tokens_url = json_content.get('access_tokens_url') debug_print('Sending POST request to {0}'.format(access_tokens_url), func_name='get_access_token') response = requests.post(access_tokens_url, headers=headers) if response.status_code == 201: #OK Created debug_print('POST request to {0} returned 201 OK Created'.format(access_tokens_url), func_name='get_access_token') json_content = json.loads(response.content.decode('utf8')) return json_content.get('token') else: debug_print('Unexpected response from github api with code: {0}'.format(response.status_code), func_name='get_access_token') except JSONDecodeError: debug_print('ERROR reading json returned by github... (JSONDecodeError)', func_name='get_access_token') except OSError: debug_print('ERROR reading PEM file...', func_name='get_access_token') except: # debug_print('ERROR authorizing app...', func_name='get_access_token') return False else: debug_print('GitHub app authentication successful!', func_name='get_access_token') return True
def generate_credential(**payload): jwt = JWT() with open('private.pem', 'rb') as fh: private_key = jwk_from_pem(fh.read()) token = jwt.encode(payload, private_key, 'RS256') return token
def oauth_callback(provider): oauth = OAuthSignIn.get_provider(provider) social_id, username, email = oauth.callback() logging.info(social_id) logging.info(username) logging.info(email) #Login failed if social_id is None: return jsonify({'status': 'ng', 'data': {}}), 401 #Login success user = User.query.filter_by(email=email).first() user = user_schema.dump(user).data logging.info(user) logging.info(user == {}) logging.info(user != {}) if user == {}: #User not existed logging.info('User not existed') user = User(username, provider, email, None, None, None) logging.info(user) db.session.add(user) db.session.commit() user = { "id": user.id, "username": user.username, "email": user.email, "social_id": user.social_id, "fullname": user.full_name, "phone_number": user.phone_number } else: #User existed logging.info('User existed') logging.info(user) if user['social_id'] == 'facebook' and provider == 'google': logging.info('User facebook sign in via google') else: logging.info('User facebook or google') #Data token data_encode = { 'iss': 'http://localhost:5000', 'sub': 'sudo', 'data': { 'user_id': user['id'] } } #Get private key with open('rsa_private_key.pem', 'rb') as fh: signing_key = jwk_from_pem(fh.read()) #Generate token jwt = JWT() token = jwt.encode(data_encode, signing_key, 'RS256') logging.info(token) #Return response response = make_response(jsonify({'status': 'ok', 'data': user}), 200) response.headers['token'] = token return response
import json import arrow import sys from jwt import ( JWT, jwk_from_dict, jwk_from_pem, ) utc = arrow.utcnow() message = { 'iss': 'Wise2c Technology Co.,Ltd', 'sub': 'License', 'aud': sys.argv[2], 'iat': utc.timestamp, 'exp': utc.shift(days=int(sys.argv[1])).timestamp, } with open('private.pem', 'rb') as fh: signing_key = jwk_from_pem(fh.read()) jwt = JWT() compact_jws = jwt.encode(message, signing_key, 'RS256') print(compact_jws)