def get_user_from_req(): auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = '' if auth_token: jwt = JWT() m = jwt.decode(auth_token, jwt_key_pub) user_id = m['sub'] user = datastore.find_user_by_id(user_id) now = datetime.now() exp = datetime.utcfromtimestamp(m['exp']) if m['iss'] == 'dc_games' and user and exp > now: return user else: return None else: return None
def get_auth_header(installation_id, priv_key): payload = { "iss": 5168, "iat": int(time.time()), "exp": int(time.time()) + 300 } jwt = JWT() token = jwt.encode(payload, priv_key, 'RS256') # url = "https://api.github.com/app" url = "https://api.github.com/installations/%s/access_tokens" % installation_id headers = { 'Accept': 'application/vnd.github.machine-man-preview+json', 'Authorization': 'Bearer ' + token } r = requests.post(url, headers=headers) ret_headers = { "Authorization": "token " + r.json()["token"], "Accept": "application/vnd.github.machine-man-preview+json" } return ret_headers
def login(self, email, password): r = self.post('/auth/login', {'email': email, 'password': password}) r_json = json.loads(r.text) if 'status' in r_json and r_json['status'] == 'success': if r_json['auth_token']: self.auth_token = r_json['auth_token'] jwt = JWT() decoded_payload = JWT.decode(jwt, self.auth_token, do_verify=False) self.sub = decoded_payload['sub'] self.team_name = decoded_payload['team_name'] self.team_researcher = decoded_payload['team_researcher'] self.admin = decoded_payload['admin'] self.session.headers.update( {'Authorization': 'Bearer ' + self.auth_token}) return True return False
def genToken(appid): exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=10) exp = calendar.timegm(exp.timetuple()) message = { 'iat': int(time.time()), 'exp': exp, 'iss': 39594, } with open('tesseract-issue.pem', 'rb') as fh: signing_key = jwk_from_pem(fh.read()) jwt = JWT() compact_jws = jwt.encode(message, signing_key, 'RS256') data = { 'Authorization': f'Bearer {compact_jws}', 'Accept': 'application/vnd.github.machine-man-preview+json' } r = requests.post( url=f"https://api.github.com/app/installations/{appid}/access_tokens", headers=data) data = r.json() token = data["token"] return token
def generate_jwt_token(private_key): current_time = int(time.time()) return JWT().encode( { # Issued at time 'iat': current_time, # JWT expiration time (10 minute maximum) 'exp': current_time + 10 * 60, # GitHub app identifier 'iss': 94194, }, private_key, alg='RS256')
def get_token(): os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" # Open a web-browser for OAuth Login to Microsoft Online oauth = OAuth2Session( client_id="b36b1432-1a1c-4c82-9b76-24de1cab42f2", redirect_uri="urn:ietf:wg:oauth:2.0:oob", ) authorization_url, state = oauth.authorization_url( url="https://login.microsoftonline.com/common/oauth2/authorize", resource="https://meeservices.minecraft.net", ) webbrowser.open(authorization_url) print( "Your browser will open to log into the system. Once done it will then try to open an invalid URL beginning with:" ) print(" urn:ietf:wg:oauth:2.0:oob?code=") print( "Please copy and paste that entire URL below. In Chrome you should right click the message box and choose 'copy full text" ) print( "which will grab all the text. You can use this as well as we will ignore the message text" ) print("\n\n") while True: authorization_response = re.search( "urn[^ ]+", input('Enter the full url (or text): ')).group(0) if ".." in authorization_response: print( "You have provided a shortened response. Try right clicking the message box and choosing 'copy full text' " ) continue break token = oauth.fetch_token( token_url="https://login.microsoftonline.com/common/oauth2/token", authorization_response=authorization_response, include_client_id=True, ) # Get Tenant ID from access_token access = JWT().decode(token["access_token"], do_verify=False, do_time_check=False) return access["tid"], token["refresh_token"]
def get_jwt_token(token_type: TokenType, email: str, user_info: object, oauth_token: object): """Gets a signed JWT token for the specified OAuth provider""" now = time.time() message = { 'iss': os.environ['TOKEN_ISSUER'], 'sub': email, 'iat': now, 'aud': 'postgraphile', 'exp': now + TOKEN_VALIDITY, 'type': str(token_type), 'user_info': user_info, 'user_token': oauth_token, 'role': 'TBD for postgraphile', 'user_id': 'TBD for postgraphile' } signing_key = get_private_key() return JWT().encode(message, signing_key, 'RS256')
def get(self): user = users.get_current_user() template = JINJA_ENVIRONMENT.get_template('client/add_suggestion.html') if user: username = user.nickname() log_url = users.create_logout_url(self.request.uri) log_url_linktext = 'Sign out' token = JWT.create_token(user.email(), "insert") template_values = { 'user': user, 'username': username, 'log_url': log_url, 'log_url_linktext': log_url_linktext, 'token': token, } self.response.write(template.render(template_values)) else: self.redirect(users.create_login_url(self.request.uri))
def __init__( self, senseHost, proxyPrefix, userDirectory, userId, privateKeyPath, userGroup=None, ignoreCertErrors=False, rootCA=None, ): self.url = "wss://" + senseHost + "/" + proxyPrefix + "/app/engineData" sslOpts = {} if ignoreCertErrors: sslOpts = {"cert_reqs": ssl.CERT_NONE} else: if rootCA is not None: sslOpts = {'ca_certs': rootCA} else: sslOpts = None payload = {'user': userId, 'directory': userDirectory} if userGroup is not None: payload['group'] = userGroup privateKey = jwk_from_pem(open(privateKeyPath, "rb").read()) token = JWT().encode(key=privateKey, alg='RS256', payload=payload, optional_headers={ 'exp': (datetime.utcnow() + timedelta(minutes=10)).isoformat() }) self.ws = create_connection( self.url, sslopt=sslOpts, header=['authorization: bearer ' + str(token)]) self.session = self.ws.recv()