def post(self): headers = {'Content-Type': 'text/html'} token = request.args.get('id_token') if token: return respondToToken(token) else: if request.form: user = request.form['username'] pwd = request.form['pwd'] u = Cognito(COGNITO_USER_POOL,COGNITO_APP_ID, username=user) print "No Token, Trying to login for user %s" %(user) try: u.authenticate(password=pwd) except: return make_response( render_template('TokenError.html', msg="Login Failed. Access Denied" ),404,headers) try: resp = respondToToken(u.id_token) return resp except: return make_response( render_template('TokenError.html', msg="Something very bad happend!! Can Not Open Homepage!!" ),404,headers)
def homePage(): if request.method == 'POST': #Gather username and password from form username = request.form['username'] password = request.form['password'] #Authenticate user login info u = Cognito(pool_id, client_id, username) try: u.authenticate(password) return redirect('/folders') except ForceChangePasswordException: #new_password = request.form['new_password'] #u.change_password(password, new_password) u.change_password(password, 'Test@12345') return redirect('/folders') #aws = AWSSRP(username=username, password=password, pool_id=pool_id, # client_id=client_id, client=auth_client) #tokens = aws.authenticate_user() #If user login info authenticated, return buckets page #if tokens: # return redirect('/folders') #else: # flash('Unable to authenticate user login information.') # return redirect('/') else: return render_template('index.html')
def login(username, password): """ Use username and password to get Canotic api key. """ user = Cognito(access_key='AKIAIOSFODNN7EXAMPLE', secret_key='wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', user_pool_id=COGNITO_USERPOOL_ID, client_id=COGNITO_CLIENT_ID, user_pool_region=COGNITO_REGION, username=username) try: user.authenticate(password) except ClientError as e: if e.response['Error']['Code'] == 'UserNotFoundException' or e.response['Error'][ 'Code'] == 'NotAuthorizedException': print("Incorrect username or password") return else: print(f"Unexpected error: {e}") return client = Client(auth_token=user.access_token) api_keys = client.get_apikeys() if len(api_keys) > 0: save_api_key(api_keys[0]) print(f'Api key {api_keys[0]} was set') else: print(f'User {username} doesn\'t have any api keys')
def login(): loadMe = json.dumps(request.get_json(silent=True)["user"]) payInfo = json.loads(loadMe) try: u = Cognito(pool_id, client_id, user_pool_region='us-east-2', access_key=os.environ["AWS_ACCESS_KEY"], secret_key=os.environ['AWS_SECRET_KEY'], username=payInfo["email"]); u.authenticate(password=payInfo["password"]); uuid = generate_uuid(payInfo) response = table.get_item( Key={ 'userID' : uuid } ) item = response['Item']; # return jsonify(item); convertedItem = json.loads(json.dumps(item, default=decimal_default)); adminStatus = convertedItem['admin']; wholeTable = getTable(); if (adminStatus == 1): return response_with(responses.SUCCESS_200, value={"value" : wholeTable}, message={"userID" : uuid, "admin" : adminStatus}); elif (adminStatus == 0): #just a reg employee return response_with(responses.SUCCESS_200, value={"value": convertedItem}, message={"userID" : uuid, "admin" : adminStatus}); #returns just user except Exception as e: return response_with(responses.UNAUTHORIZED_401, value={"value" : str(e)})
def get_token(self, username: str, password: str) -> str: u = Cognito(self.user_pool, self.client_id, self.region, username=username) u.authenticate(password=password) return u.access_token
def authenticate(self, username, password): clientId = self.identity['provider']['client_id'] userPoolId = self.identity['provider']['userpool_id'] u = Cognito(userPoolId, clientId, username=username) u.authenticate(password=password) # TODO: if this fails, we should error gracefully with a 401 token = u.id_token self.allowed_perms = self.set_perms(token)
def post(self): data = self.parser.parse_args() u = Cognito(os.environ['COGNITO_USERPOOL_ID'], os.environ['COGNITO_APP_CLIENT_ID'], username=data['username']) try: u.authenticate(password=data['password']) except ClientError as e: return {'message': str(e)} return {'access_token': u.id_token}
def valid_login(username, password): cognito = Cognito(cognito_userpool_id, cognito_app_client_id, username=username) try: cognito.authenticate(password) except Exception as e: print(e) return False return True
def setUpClass(cls): super(VGBaseTestCase, cls).setUpClass() user = Cognito(COGNITO_USER_POOL, COGNITO_APP_ID, username=COGNITO_USER) user.authenticate(password=COGNITO_USER_PASSWORD) cls.token = user.id_token nauser = Cognito(COGNITO_USER_POOL, COGNITO_APP_ID, username=COGNITO_USER_NONADMIN) nauser.authenticate(password=COGNITO_USER_PASSWORD_NONADMIN) cls.natoken = nauser.id_token
def do_work(): user_pool_id = os.environ['AWS_COGNITO_POOL_ID'] client_id = os.environ['AWS_COGNITO_CLIENT_ID'] client_secret = os.environ.get('AWS_COGNITO_SECRET_KEY') username = os.environ.get('COGNITO_USER') password = os.environ['COGNITO_PASSWORD'] u = Cognito(user_pool_id=user_pool_id, client_id=client_id, client_secret=client_secret, username=username) u.authenticate(password=password) print(u.access_token)
def authenticate_user(config, username, password): u = Cognito(config['aws']['cognitio']['userPoolId'], config['aws']['cognitio']['userPoolClientId'], username=username) u.authenticate(password=password) user = u.get_user(attr_map={ "given_name": "first_name", "family_name": "last_name" }) print user.username, user.email_verified, u.access_token return u.access_token
def login_user(): data = request.data dataDict = json.loads(data) _email = dataDict.get('email') _password = dataDict.get('password') u = Cognito(CONSTANTS['cognito_id'], CONSTANTS['cognito_app'], username=_email) u.authenticate(password=_password) info = { "idToken": u.id_token, "accessToken": u.access_token, "refreshToken": u.refresh_token } return Response(json.dumps(info), status=200, mimetype='application/json')
def test_valid_login(): client_id = "5bl2caob065vqodmm3sobp3k7d" user_pool_id = "eu-west-1_mQ0D78123" login(username, password) user_details = User.get_instance() u = Cognito(client_id=client_id, user_pool_id=user_pool_id, username=username, user_pool_region='eu-west-1') u.authenticate(password=password) user = u.get_user(attr_map={"user_id": "sub"}) assert user_details.user_id == user.sub assert user_details.username == user.username assert user_details.hcp_id != 0
def handler(event, context): print(event) cognito_pool_id = os.environ['COGNITO_POOL_ID'] cognito_client_id = os.environ['COGNITO_CLIENT_ID'] username = event['username'] password = event['password'] cognito = Cognito(cognito_pool_id, cognito_client_id, user_pool_region=os.environ['AWS_REGION'], username=username) try: cognito.authenticate(password=password) except Exception as e: print(e) raise Exception else: return cognito.id_token
def handler(event, context): print(event) cognito_pool_id = os.environ['COGNITO_POOL_ID'] cognito_client_id = os.environ['COGNITO_CLIENT_ID'] username = event['username'] password = event['password'] cognito = Cognito( cognito_pool_id, cognito_client_id, user_pool_region=os.environ['AWS_REGION'], username=username) try: cognito.authenticate(password=password) except Exception as e: print(e) raise Exception else: return cognito.id_token
def post(self): """login/authenticate a user""" json_data = request.get_json(force=True) email = json_data['email'] password = json_data['password'] try: u = Cognito(cognitoUserPoolId, cognitoUserPoolClientId, awsRegion, username=email) u.authenticate(password) data = { # "email":email, "id_token": u.id_token, "refresh_token": u.refresh_token, "access_token": u.access_token, "token_type": u.token_type, } print(ReturnDocument(data, "success").asdict()) return ReturnDocument(data, "success").asdict() except ClientError as err: return ReturnDocument(err.__str__(), "error").asdict()
def validate_user( self, username, pin, ): info = self.ids.info username = self.ids.username.text pin = self.ids.pin.text + self.ids.pin.text try: #### enter your AWS creds here u = Cognito( 'eu-west-1_#########', '#################', user_pool_region='eu-west-1', username=username, access_key='#############', secret_key='##########################################') u.authenticate(password=pin) self.isAuthenticated = True except: info.text = '[color=#FF0000]Invalid Username and/or Password[/color]'
def cog_test_authenticate(self): cognito = Cognito( 'us-east-1_V2t2miGey', '3nlvl0p7duau88cbbmd3pv337o', user_pool_region='us-east-1', client_secret='4q67ap5cb1msfci67v5p7bgv3buam78mvvhcbbmgq9va9konod4', username='******') # cognito = Cognito('us-east-1_iWsiqRN3n', '4stcts76mik8nvc1rjef5s3c3p', # user_pool_region='us-east-1', # client_secret='5n2kp1j7p818hril9eqcmgsqqjqedfgou544rrf9qjk29dkispm', # username='******') # cognito = Cognito('us-east-1_V2t2miGey', '3nlvl0p7duau88cbbmd3pv337o', # user_pool_region='us-east-1', # client_secret='4q67ap5cb1msfci67v5p7bgv3buam78mvvhcbbmgq9va9konod4') # Registration # cognito.add_base_attributes(email='*****@*****.**') # # cognito.register('nauge1', 'Nauge009#') # # cognito.admin_confirm_sign_up(username='******') # Authentication cognito.authenticate(password='******') access_token = cognito.access_token id_token = cognito.id_token refresh_token = cognito.refresh_token user = cognito.get_user(attr_map={"email": "email"}) user_emnail = user._data['email'] # Delete User # cognito.authenticate(password='******') # cognito.delete_user() self.logger.debug("Cognito:")
def login(): # TODO: render to each user if request.method == 'POST': username = request.form['username'] password = request.form['password'] u = Cognito(USER_POOL_ID, CLIENT_ID, REGION, username=username, access_key='dummy_not_used', secret_key='dummy_not_used') try: u.authenticate(password) session['asscess_token'] = u.access_token session['refresh_token'] = u.refresh_token session['id_token'] = u.id_token session['user_login'] = True session['username'] = username return redirect(url_for('index')) except ClientError as e: flash(e.response.get('Error').get('Message')) except ValueError as e: flash('Incorrect username or password.') return render_template("login.html")
class Client: def __init__(self): # AWS cognito account info imported from .env dotenv_path = join(dirname(__file__), '.client_env') load_dotenv(dotenv_path) self.region = os.environ.get('REGION') self.userpool_id = os.environ.get('USERPOOL_ID') self.app_id_client = os.environ.get('APP_CLIENT_ID') self.app_client_secret = os.environ.get('APP_CLIENT_SECRET') self.username = os.environ.get('USERNAME') self.password = os.environ.get('PASS') self.user = Cognito(self.userpool_id, self.app_id_client, client_secret=self.app_client_secret, username=self.username) try: self.user.authenticate(password=self.password) except Exception as e: print(e) def public_api_route(self): response = requests.get("http://localhost:5000/public") return response.text def private_api_route(self): header = {} try: self.user.check_token() header = {"Authorization": f"Bearer {self.user.access_token}"} except AttributeError as e: print(e) response = requests.get("http://localhost:5000/private", headers=header) return response.text
class CognitoAuthTestCase(unittest.TestCase): def setUp(self): self.cognito_user_pool_id = env('COGNITO_USER_POOL_ID') self.app_id = env('COGNITO_APP_ID') self.username = env('COGNITO_TEST_USERNAME') self.password = env('COGNITO_TEST_PASSWORD') self.user = Cognito(self.cognito_user_pool_id, self.app_id, username=self.username) def test_authenticate(self): self.user.authenticate(self.password) self.assertNotEqual(self.user.access_token, None) self.assertNotEqual(self.user.id_token, None) self.assertNotEqual(self.user.refresh_token, None) def test_verify_token(self): self.user.authenticate(self.password) bad_access_token = '{}wrong'.format(self.user.access_token) with self.assertRaises(TokenVerificationException) as vm: self.user.verify_token(bad_access_token, 'access_token', 'access') # def test_logout(self): # self.user.authenticate(self.password) # self.user.logout() # self.assertEqual(self.user.id_token,None) # self.assertEqual(self.user.refresh_token,None) # self.assertEqual(self.user.access_token,None) @patch('warrant.Cognito', autospec=True) def test_register(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) res = u.register('sampleuser', 'sample4#Password', given_name='Brian', family_name='Jones', name='Brian Jones', email='*****@*****.**', phone_number='+19194894555', gender='Male', preferred_username='******') # TODO: Write assumptions def test_renew_tokens(self): self.user.authenticate(self.password) self.user.renew_access_token() @patch('warrant.Cognito', autospec=True) def test_update_profile(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.authenticate(self.password) u.update_profile({'given_name': 'Jenkins'}) def test_admin_get_user(self): u = self.user.admin_get_user() self.assertEqual(u.pk, self.username) def test_check_token(self): self.user.authenticate(self.password) self.assertFalse(self.user.check_token()) @patch('warrant.Cognito', autospec=True) def test_validate_verification(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.validate_verification('4321') @patch('warrant.Cognito', autospec=True) def test_confirm_forgot_password(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.confirm_forgot_password('4553', 'samplepassword') with self.assertRaises(TypeError) as vm: u.confirm_forgot_password(self.password) @patch('warrant.Cognito', autospec=True) def test_change_password(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.authenticate(self.password) u.change_password(self.password, 'crazypassword$45DOG') with self.assertRaises(TypeError) as vm: self.user.change_password(self.password) def test_set_attributes(self): u = Cognito(self.cognito_user_pool_id, self.app_id) u._set_attributes({'ResponseMetadata': { 'HTTPStatusCode': 200 }}, {'somerandom': 'attribute'}) self.assertEqual(u.somerandom, 'attribute') def test_admin_authenticate(self): self.user.admin_authenticate(self.password) self.assertNotEqual(self.user.access_token, None) self.assertNotEqual(self.user.id_token, None) self.assertNotEqual(self.user.refresh_token, None)
class PyEmVue(object): def __init__(self): self.username = None self.token_storage_file = None self.customer = None self.cognito = None def get_devices(self): """Get all devices under the current customer account.""" url = API_ROOT + API_CUSTOMER_DEVICES.format(customerGid = self.customer.customer_gid) response = self._get_request(url) response.raise_for_status() devices = [] if response.text: j = response.json() if 'devices' in j: for dev in j['devices']: devices.append(VueDevice().from_json_dictionary(dev)) if 'devices' in dev: for subdev in dev['devices']: devices.append(VueDevice().from_json_dictionary(subdev)) return devices def populate_device_properties(self, device): """Get details about a specific device""" url = API_ROOT + API_DEVICE_PROPERTIES.format(deviceGid=device.device_gid) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() device.populate_location_properties_from_json(j) return device def get_customer_details(self): """Get details for the current customer.""" url = API_ROOT + API_CUSTOMER.format(email=quote(self.username)) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() return Customer().from_json_dictionary(j) return None def get_devices_usage(self, deviceGids, instant, scale=Scale.SECOND.value, unit=Unit.KWH.value): """Returns a list of VueDeviceChannelUsage with the total usage of the devices over the specified scale. Note that you may need to scale this to get a rate (1MIN in kw = 60*result)""" if not instant: instant = datetime.datetime.utcnow() gids = deviceGids if isinstance(deviceGids, list): gids = '+'.join(map(str, deviceGids)) url = API_ROOT + API_DEVICES_USAGE.format(deviceGids=gids, instant=_format_time(instant), scale=scale, unit=unit) response = self._get_request(url) response.raise_for_status() channels = [] if response.text: j = response.json() if 'channelUsages' in j: for channel in j['channelUsages']: if channel: channels.append(VueDeviceChannelUsage().from_json_dictionary(channel)) return channels def get_chart_usage(self, channel, start, end, scale=Scale.SECOND.value, unit=Unit.KWH.value): """Gets the usage over a given time period and the start of the measurement period. Note that you may need to scale this to get a rate (1MIN in kw = 60*result)""" if channel.channel_num in ['MainsFromGrid', 'MainsToGrid']: # These is not populated for the special Mains data as of right now return [], start if not start: start = datetime.datetime.utcnow() if not end: end = datetime.datetime.utcnow() url = API_ROOT + API_CHART_USAGE.format(deviceGid=channel.device_gid, channel=channel.channel_num, start=_format_time(start), end=_format_time(end), scale=scale, unit=unit) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() if 'firstUsageInstant' in j: instant = parse(j['firstUsageInstant']) else: instant = start if 'usageList' in j: usage = j['usageList'] else: usage = [] return usage, instant return [], start def get_outlets(self): """ Return a list of outlets linked to the account. """ url = API_ROOT + API_GET_OUTLETS.format(customerGid=self.customer.customer_gid) response = self._get_request(url) response.raise_for_status() outlets = [] if response.text: j = response.json() for raw_outlet in j: outlets.append(OutletDevice().from_json_dictionary(raw_outlet)) return outlets def update_outlet(self, outlet, on=None): """ Primarily to turn an outlet on or off. If the on parameter is not provided then uses the value in the outlet object. If on parameter provided uses the provided value.""" url = API_ROOT + API_OUTLET if on is not None: outlet.outlet_on = on response = self._put_request(url, outlet.as_dictionary()) response.raise_for_status() outlet.from_json_dictionary(response.json()) return outlet def login(self, username=None, password=None, id_token=None, access_token=None, refresh_token=None, token_storage_file=None): """ Authenticates the current user using access tokens if provided or username/password if no tokens available. Provide a path for storing the token data that can be used to reauthenticate without providing the password. Tokens stored in the file are updated when they expire. """ # Use warrant to go through the SRP authentication to get an auth token and refresh token client = boto3.client('cognito-idp', region_name='us-east-2', config=botocore.client.Config(signature_version=botocore.UNSIGNED)) if id_token is not None and access_token is not None and refresh_token is not None: # use existing tokens self.cognito = Cognito(USER_POOL, CLIENT_ID, user_pool_region='us-east-2', id_token=id_token, access_token=access_token, refresh_token=refresh_token) self.cognito.client = client elif username is not None and password is not None: #log in with username and password self.cognito = Cognito(USER_POOL, CLIENT_ID, user_pool_region='us-east-2', username=username) self.cognito.client = client self.cognito.authenticate(password=password) else: raise Exception('No authentication method found. Must supply username/password or id/auth/refresh tokens.') if self.cognito.access_token is not None: if token_storage_file is not None: self.token_storage_file = token_storage_file self._check_token() user = self.cognito.get_user() self.username = user._data['email'] self.customer = self.get_customer_details() self._store_tokens() return self.customer is not None def _check_token(self): if self.cognito.check_token(renew=True): # Token expired and we renewed it. Store new token self._store_tokens() def _store_tokens(self): if not self.token_storage_file: return data = { 'idToken': self.cognito.id_token, 'accessToken': self.cognito.access_token, 'refreshToken': self.cognito.refresh_token } if self.username: data['email'] = self.username with open(self.token_storage_file, 'w') as f: json.dump(data, f, indent=2) def _get_request(self, full_endpoint): if not self.cognito: raise Exception('Must call "login" before calling any API methods.') self._check_token() # ensure our token hasn't expired, refresh if it has headers = {'authtoken': self.cognito.id_token} return requests.get(full_endpoint, headers=headers) def _put_request(self, full_endpoint, body): if not self.cognito: raise Exception('Must call "login" before calling any API methods.') self._check_token() # ensure our token hasn't expired, refresh if it has headers = {'authtoken': self.cognito.id_token} return requests.put(full_endpoint, headers=headers, json=body)
IDP = "cognito-idp.us-east-1.amazonaws.com/" + COGNITO_POOL_ID REGION_NAME = 'us-east-1' ACCOUNT_ID = '978327071167' # This URL will come from API url = "https://s3.amazonaws.com/v-lambda-package-v1/Firmware/Backend_Architecture_v4.0.pdf" # These are App User --> Tied to a respective Cognito User Pool user = "******" pwd = "Sunday@2017" # Authenticating with Cognito User Pool(CUP). it_token is a JWT Token # User is assigned to "AppGroup" group in CUP. AppGroup in linked with an IAM Role u = Cognito(COGNITO_POOL_ID, COGNITO_APP, username=user) u.authenticate(password=pwd) u.id_token # With the id_token, user will now try to Assume an IAM role # This process is federated by Cognito Identity Pool (CIP) # CIP lets user to assume an IAM role, namely AppRole. # AppRole is configured to read S3 files boto3.setup_default_session(region_name=REGION_NAME) identity_client = boto3.client('cognito-identity', region_name=REGION_NAME) identity_response = identity_client.get_id(AccountId=ACCOUNT_ID, IdentityPoolId=IDENTITY_POOL_ID, Logins={IDP: u.id_token}) identity_id = identity_response['IdentityId'] credentials_response = identity_client.get_credentials_for_identity( IdentityId=identity_id, Logins={IDP: u.id_token})
class WheelFeederAuthentication: """ WheelFeederAuthentication takes care about building valid session with the Wheel's API using Cognito User Pool that gets created using Cloudformation Template during deployment of the Wheel. """ def __init__(self, cognito_user_pool_id, cognito_client_id, region_name=None): """ :param cognito_user_pool_id: Cognito User Pool Id which the Wheel uses to authenticate the Users :type cognito_user_pool_id: str :param cognito_client_id: Client Id configured in the Cognito User Pool :type cognito_client_id: str """ self._username = None self._password = None self._cognito_user_pool_id = cognito_user_pool_id self._cognito_client_id = cognito_client_id self.region_name = region_name # stores object returned by warrant self._cognito_user_obj = None def build(self): """ Drives the process of getting credentials from the User and initializing valid session with Cognito. """ print("Initiating Authentication with Cognito") self._prompt_for_credentials() self._initalize_tokens() return self @property def id_token(self): return self._cognito_user_obj.id_token def _initalize_tokens(self): """ Calls Cognito to initialize Credentials. There is no easy way yet to authenticate a user against a Cognito User Pool in Boto3. Hence we are using a library that makes it easy: - https://github.com/capless/warrant/tree/master/warrant """ self._cognito_user_obj = Cognito( self._cognito_user_pool_id, self._cognito_client_id, username=self._username, user_pool_region=self.region_name ) try: self._cognito_user_obj.authenticate(password=self._password) except Exception as e: print('Authentication Failed. Please try again. Error message:') print(f'{str(e)}') exit(1) def _prompt_for_credentials(self): """ Prompts the user for username and password interactively """ print("In order to be able to upload Participants, you need to authenticate.") print("Provide credentials of one of the valid users stored in Cognito User Pool") self._username = input('Username: '******'Password: ')
#!/usr/bin/env python # -*- coding: utf-8 -*- # encoding=utf8 ## COGNITO_JWKS # https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_J1HZ86uLX/.well-known/jwks.json from warrant import Cognito POOL_ID = 'eu-central-1_J1HZ86uLX' APP_NAME = 'cognito-app-clients' APP_ID = '6h58tr9l145ek8vqhqo9g3vi4d' USERNAME = '******' PASSWORD = '******' u = Cognito(POOL_ID, APP_ID, username=USERNAME) u.authenticate(password=PASSWORD) print u
def sign(): signinform = SigninForm(prefix="signin") signupform = SignupForm(prefix="signup") if request.method == 'POST': form = request.form pprint.pprint(form) if request.form['btn'] == 'Signin': # session["active_panel"] = "login-form-link" if signinform.validate_on_submit(): try: auth_cognito = Cognito( cognito_userpool_id, cognito_client_id, user_pool_region=cognito_userpool_region, username=form['signin-username']) auth_cognito.authenticate(password=form['signin-password']) decoded_token = cognitojwt.decode(auth_cognito.id_token, cognito_userpool_region, cognito_userpool_id, cognito_client_id) user = auth_cognito.get_user() credit = user._data['custom:credit'] # except NotAuthorizedException as e: # flash(e.response['Error']['Message']) # return redirect(request.referrer) except Exception as e: if hasattr(e, 'message'): msg = e.message else: msg = str(e) flash(msg, 'error') return redirect(request.referrer) else: flash("Signin Successfully!") user = User() user.id = decoded_token["cognito:username"] user.credit = credit session['credit'] = credit session['expires'] = decoded_token["exp"] session['refresh_token'] = auth_cognito.refresh_token session['id_token'] = auth_cognito.id_token session['access_token'] = auth_cognito.access_token login_user(user, remember=True) next_url = request.args.get('next', 'index').strip("/") print("next_url:{}".format(next_url)) return redirect(url_for(next_url)) else: flash(signinform.errors) return redirect(request.referrer) elif request.form['btn'] == 'Signup': # session["active_panel"] = "register-form-link" if signupform.validate_on_submit(): try: u = Cognito(cognito_userpool_id, cognito_client_id, cognito_userpool_region) u.add_base_attributes(email=form['signup-email']) u.add_custom_attributes(credit='0') u.register(form['signup-username'], form['signup-password']) except Exception as e: if hasattr(e, 'message'): msg = e.message else: msg = str(e) flash(msg, 'error') else: pprint.pprint(session) flash("Finish the signup by confirm link in mailbox") else: flash(signupform.errors, "error") return redirect(request.referrer) return render_template('sign.html', signinform=signinform, signupform=signupform)
class CognitoAuthTestCase(unittest.TestCase): def setUp(self): if env('USE_CLIENT_SECRET') == 'True': self.app_id = env('COGNITO_APP_WITH_SECRET_ID', 'app') self.client_secret = env('COGNITO_CLIENT_SECRET') else: self.app_id = env('COGNITO_APP_ID', 'app') self.client_secret = None self.cognito_user_pool_id = env('COGNITO_USER_POOL_ID', 'us-east-1_123456789') self.username = env('COGNITO_TEST_USERNAME', 'bob') self.password = env('COGNITO_TEST_PASSWORD', 'bobpassword') self.user = Cognito(self.cognito_user_pool_id, self.app_id, username=self.username, client_secret=self.client_secret) @patch('warrant.aws_srp.AWSSRP.authenticate_user', _mock_authenticate_user) @patch('warrant.Cognito.verify_token', _mock_verify_tokens) def test_authenticate(self): self.user.authenticate(self.password) self.assertNotEqual(self.user.access_token, None) self.assertNotEqual(self.user.id_token, None) self.assertNotEqual(self.user.refresh_token, None) @patch('warrant.aws_srp.AWSSRP.authenticate_user', _mock_authenticate_user) @patch('warrant.Cognito.verify_token', _mock_verify_tokens) def test_verify_token(self): self.user.authenticate(self.password) bad_access_token = '{}wrong'.format(self.user.access_token) with self.assertRaises(TokenVerificationException): self.user.verify_token(bad_access_token, 'access_token', 'access') # def test_logout(self): # self.user.authenticate(self.password) # self.user.logout() # self.assertEqual(self.user.id_token,None) # self.assertEqual(self.user.refresh_token,None) # self.assertEqual(self.user.access_token,None) @patch('warrant.Cognito', autospec=True) def test_register(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.add_base_attributes(given_name='Brian', family_name='Jones', name='Brian Jones', email='*****@*****.**', phone_number='+19194894555', gender='Male', preferred_username='******') u.register('sampleuser', 'sample4#Password') # TODO: Write assumptions @patch('warrant.aws_srp.AWSSRP.authenticate_user', _mock_authenticate_user) @patch('warrant.Cognito.verify_token', _mock_verify_tokens) @patch('warrant.Cognito._add_secret_hash', return_value=None) def test_renew_tokens(self, _): stub = Stubber(self.user.client) # By the stubber nature, we need to add the sequence # of calls for the AWS SRP auth to test the whole process stub.add_response(method='initiate_auth', service_response={ 'AuthenticationResult': { 'TokenType': 'admin', 'IdToken': 'dummy_token', 'AccessToken': 'dummy_token', 'RefreshToken': 'dummy_token' }, 'ResponseMetadata': { 'HTTPStatusCode': 200 } }, expected_params={ 'ClientId': self.app_id, 'AuthFlow': 'REFRESH_TOKEN', 'AuthParameters': { 'REFRESH_TOKEN': 'dummy_token' } }) with stub: self.user.authenticate(self.password) self.user.renew_access_token() stub.assert_no_pending_responses() @patch('warrant.Cognito', autospec=True) def test_update_profile(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.authenticate(self.password) u.update_profile({'given_name': 'Jenkins'}) def test_admin_get_user(self): stub = Stubber(self.user.client) stub.add_response(method='admin_get_user', service_response={ 'Enabled': True, 'UserStatus': 'CONFIRMED', 'Username': self.username, 'UserAttributes': [] }, expected_params={ 'UserPoolId': self.cognito_user_pool_id, 'Username': self.username }) with stub: u = self.user.admin_get_user() self.assertEqual(u.pk, self.username) stub.assert_no_pending_responses() def test_check_token(self): # This is a sample JWT with an expiration time set to January, 1st, 3000 self.user.access_token = ( 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG' '9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjMyNTAzNjgwMDAwfQ.C-1gPxrhUsiWeCvMvaZuuQYarkDNAc' 'pEGJPIqu_SrKQ') self.assertFalse(self.user.check_token()) @patch('warrant.Cognito', autospec=True) def test_validate_verification(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.validate_verification('4321') @patch('warrant.Cognito', autospec=True) def test_confirm_forgot_password(self, cognito_user): u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username) u.confirm_forgot_password('4553', 'samplepassword') with self.assertRaises(TypeError): u.confirm_forgot_password(self.password) @patch('warrant.aws_srp.AWSSRP.authenticate_user', _mock_authenticate_user) @patch('warrant.Cognito.verify_token', _mock_verify_tokens) @patch('warrant.Cognito.check_token', return_value=True) def test_change_password(self, _): # u = cognito_user(self.cognito_user_pool_id, self.app_id, # username=self.username) self.user.authenticate(self.password) stub = Stubber(self.user.client) stub.add_response( method='change_password', service_response={'ResponseMetadata': { 'HTTPStatusCode': 200 }}, expected_params={ 'PreviousPassword': self.password, 'ProposedPassword': '******', 'AccessToken': self.user.access_token }) with stub: self.user.change_password(self.password, 'crazypassword$45DOG') stub.assert_no_pending_responses() with self.assertRaises(ParamValidationError): self.user.change_password(self.password, None) def test_set_attributes(self): u = Cognito(self.cognito_user_pool_id, self.app_id) u._set_attributes({'ResponseMetadata': { 'HTTPStatusCode': 200 }}, {'somerandom': 'attribute'}) self.assertEqual(u.somerandom, 'attribute') # @patch('warrant.Cognito.verify_token', _mock_verify_tokens) def test_admin_authenticate(self): stub = Stubber(self.user.client) # By the stubber nature, we need to add the sequence # of calls for the AWS SRP auth to test the whole process stub.add_response(method='admin_initiate_auth', service_response={ 'AuthenticationResult': { 'TokenType': 'admin', 'IdToken': 'dummy_token', 'AccessToken': 'dummy_token', 'RefreshToken': 'dummy_token' } }, expected_params={ 'UserPoolId': self.cognito_user_pool_id, 'ClientId': self.app_id, 'AuthFlow': 'ADMIN_NO_SRP_AUTH', 'AuthParameters': { 'USERNAME': self.username, 'PASSWORD': self.password } }) with stub: self.user.admin_authenticate(self.password) self.assertNotEqual(self.user.access_token, None) self.assertNotEqual(self.user.id_token, None) self.assertNotEqual(self.user.refresh_token, None) stub.assert_no_pending_responses()
class PyEmVue(object): def __init__(self): self.username = None self.token_storage_file = None self.customer = None self.cognito = None def get_devices(self): """Get all devices under the current customer account.""" url = API_ROOT + API_CUSTOMER_DEVICES.format( customerGid=self.customer.customer_gid) response = self._get_request(url) response.raise_for_status() devices = [] if response.text: j = response.json() if 'devices' in j: for dev in j['devices']: devices.append(VueDevice().from_json_dictionary(dev)) if 'devices' in dev: for subdev in dev['devices']: devices.append( VueDevice().from_json_dictionary(subdev)) return devices def populate_device_properties(self, device): """Get details about a specific device""" url = API_ROOT + API_DEVICE_PROPERTIES.format( deviceGid=device.device_gid) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() device.populate_location_properties_from_json(j) return device def get_customer_details(self): """Get details for the current customer.""" url = API_ROOT + API_CUSTOMER.format(email=quote(self.username)) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() return Customer().from_json_dictionary(j) return None def get_total_usage(self, channel, timeFrame=TotalTimeFrame.ALL.value, unit=TotalUnit.WATTHOURS.value): """Get total usage over the provided timeframe for the given device channel.""" url = API_ROOT + API_USAGE_TOTAL.format(deviceGid=channel.device_gid, timeFrame=timeFrame, unit=unit, channels=channel.channel_num) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() if 'usage' in j: return j['usage'] return 0 def get_usage_over_time(self, channel, start, end, scale=Scale.SECOND.value, unit=Unit.WATTS.value): """Get usage over the given time range. Used for primarily for plotting history. Supports time scales less than DAY.""" if scale != Scale.SECOND.value and scale != Scale.MINUTE.value and scale != Scale.MINUTES_15.value and scale != Scale.HOUR.value: raise ValueError( f'Scale of {scale} is invalid, must be 1S, 1MIN, 15MIN, or 1H.' ) url = API_ROOT + API_USAGE_TIME.format(deviceGid=channel.device_gid, startTime=_format_time(start), endTime=_format_time(end), scale=scale, unit=unit, channels=channel.channel_num) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() if 'usage' in j: return j['usage'] return [] def get_usage_over_date_range(self, channel, start, end, scale=Scale.DAY.value, unit=Unit.WATTS.value): """ Get usage over the given date range. Used for primarily for plotting history. Supports time scales of DAY or larger. Note strange behavior with what day is which, first value is for day before start, last value is for day before end, for test timezone of UTC-4. Advise getting a range of days around the desired day and manual verification. """ if scale != Scale.DAY.value and scale != Scale.WEEK.value and scale != Scale.MONTH.value and scale != Scale.YEAR.value: raise ValueError( f'Scale of {scale} is invalid, must be 1D, 1W, 1MON, or 1Y.') url = API_ROOT + API_USAGE_DATE.format(deviceGid=channel.device_gid, startDate=_format_date(start), endDate=_format_date(end), scale=scale, unit=unit, channels=channel.channel_num) response = self._get_request(url) response.raise_for_status() if response.text: j = response.json() if 'usage' in j: return j['usage'] return [] def get_recent_usage(self, scale=Scale.HOUR.value, unit=Unit.WATTS.value): """Get usage over the last 'scale' timeframe.""" now = datetime.datetime.utcnow() return self.get_usage_for_time_scale(now, scale, unit)[0] def get_usage_for_time_scale(self, time, scale=Scale.HOUR.value, unit=Unit.WATTS.value): """ Get usage for the 'scale' timeframe ending at the given time. Only supported for scales less than one day, otherwise time value is ignored and most recent data is given. """ start = time - datetime.timedelta(seconds=1) end = time url = API_ROOT + API_USAGE_DEVICES.format( customerGid=self.customer.customer_gid, scale=scale, unit=unit, startTime=_format_time(start), endTime=_format_time(end)) response = self._get_request(url) response.raise_for_status() channels = [] realStart = None realEnd = None if response.text: j = response.json() if 'start' in j: realStart = parse(j['start']) if 'end' in j: realEnd = parse(j['end']) if 'channels' in j: for channel in j['channels']: channels.append( VuewDeviceChannelUsage().from_json_dictionary(channel)) return channels, realStart, realEnd def get_outlets(self): """ Return a list of outlets linked to the account. """ url = API_ROOT + API_GET_OUTLETS.format( customerGid=self.customer.customer_gid) response = self._get_request(url) response.raise_for_status() outlets = [] if response.text: j = response.json() for raw_outlet in j: outlets.append(OutletDevice().from_json_dictionary(raw_outlet)) return outlets def update_outlet(self, outlet, on=None): """ Primarily to turn an outlet on or off. If the on parameter is not provided then uses the value in the outlet object. If on parameter provided uses the provided value.""" url = API_ROOT + API_OUTLET if on is not None: outlet.outlet_on = on response = self._put_request(url, outlet.as_dictionary()) response.raise_for_status() outlet.from_json_dictionary(response.json()) return outlet def login(self, username=None, password=None, id_token=None, access_token=None, refresh_token=None, token_storage_file=None): """ Authenticates the current user using access tokens if provided or username/password if no tokens available. Provide a path for storing the token data that can be used to reauthenticate without providing the password. Tokens stored in the file are updated when they expire. """ # Use warrant to go through the SRP authentication to get an auth token and refresh token client = boto3.client( 'cognito-idp', region_name='us-east-2', config=botocore.client.Config(signature_version=botocore.UNSIGNED)) if id_token is not None and access_token is not None and refresh_token is not None: # use existing tokens self.cognito = Cognito(USER_POOL, CLIENT_ID, user_pool_region='us-east-2', id_token=id_token, access_token=access_token, refresh_token=refresh_token) self.cognito.client = client elif username is not None and password is not None: #log in with username and password self.cognito = Cognito(USER_POOL, CLIENT_ID, user_pool_region='us-east-2', username=username) self.cognito.client = client self.cognito.authenticate(password=password) else: raise Exception( 'No authentication method found. Must supply username/password or id/auth/refresh tokens.' ) if self.cognito.access_token is not None: if token_storage_file is not None: self.token_storage_file = token_storage_file self._check_token() user = self.cognito.get_user() self.username = user._data['email'] self.customer = self.get_customer_details() self._store_tokens() return self.customer is not None def _check_token(self): if self.cognito.check_token(renew=True): # Token expired and we renewed it. Store new token self._store_tokens() def _store_tokens(self): if not self.token_storage_file: return data = { 'idToken': self.cognito.id_token, 'accessToken': self.cognito.access_token, 'refreshToken': self.cognito.refresh_token } if self.username: data['email'] = self.username with open(self.token_storage_file, 'w') as f: json.dump(data, f, indent=2) def _get_request(self, full_endpoint): if not self.cognito: raise Exception( 'Must call "login" before calling any API methods.') self._check_token( ) # ensure our token hasn't expired, refresh if it has headers = {'authtoken': self.cognito.id_token} return requests.get(full_endpoint, headers=headers) def _put_request(self, full_endpoint, body): if not self.cognito: raise Exception( 'Must call "login" before calling any API methods.') self._check_token( ) # ensure our token hasn't expired, refresh if it has headers = {'authtoken': self.cognito.id_token} return requests.put(full_endpoint, headers=headers, json=body)
def login(self, user): u = Cognito(self.pool_id, self.client_id, username=user.user_id) u.authenticate(password=user.password) attrs = ["id_token", "refresh_token", "access_token", "token_type"] return {attr: getattr(u, attr) for attr in attrs}
def login(self, username, password): u = Cognito(self.USER_POOL_ID, self.CLIENT_ID, username=username) u.authenticate(password=password) return u
def authenticateUser(self, username, password): """Method to authenticate user""" u = Cognito(self.USER_POOL_ID, self.CLIENT_ID, username=username) u.authenticate(password=password) return u