示例#1
0
 def get_user_info(self, password):
     self.log.info("Getting user info for username = "******"given_name": "first_name",
                 "middle_name": "middle_name",
                 "family_name": "last_name",
                 "email": "email",
                 "phone_number": "phone_number"
             })
     except Exception as e:
         print(str(e.with_traceback()))
     return user
示例#2
0
def change_password(user_change_password: ChangePassword,
                    token: str = Depends(verify_auth_header)):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'],
                          access_token=token)
    aws_cognito.change_password(user_change_password.old_password,
                                user_change_password.new_password)
示例#3
0
def register_provider(provider: RegisterProvider,
                      database: BlockchainDb = Depends()):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'])

    aws_cognito.username = provider.username
    aws_cognito.set_base_attributes(email=provider.username,
                                    name=f'{provider.name.firstName}')
    aws_cognito.add_custom_attributes(usertype='provider')
    response = aws_cognito.register(provider.username, provider.password)

    for providable_treatment in provider.providableTreatments:
        providable_treatment.providableTreatmentId = uuid.uuid4()

    for address in provider.addresses:
        address.addressId = uuid.uuid4()
    try:
        database.commit_transaction(
            Provider(
                providerId=response['UserSub'],
                name=provider.name,
                phoneNumbers=provider.phoneNumbers,
                addresses=provider.addresses,
                dateOfBirth=provider.dateOfBirth,
                email=provider.email,
                providableTreatments=provider.providableTreatments).dict(),
            'CREATE', 'Provider', 'providerId', response['UserSub'])
        return response['UserSub']
    except:
        aws_cognito.delete_user()
        return status.HTTP_400_BAD_REQUEST
示例#4
0
def authenticate(user_name, password):
    try:
        u = Cognito(user_pool_id, client_id, username=user_name)
        u.authenticate(password=password)
        print("Logged in successfully!")
        return True
    except Exception as e:
        print(e)
        return False
示例#5
0
 def __init__(self, user_pool_id, client_id, client_secret, username):
     self.user_pool_id = user_pool_id
     self.client_id = client_id
     self.client_secret = client_secret
     self.username = username
     self.cognito = Cognito(user_pool_id,
                            client_id,
                            client_secret=client_secret,
                            username=username)
     self.log = Helper.get_logger()
示例#6
0
def confirm(user_name, code, registration_frame):
    try:
        u = Cognito(user_pool_id, client_id)
        u.confirm_sign_up(code, username=user_name)
        print("Your Email was confirmed!")
        Label(registration_frame,
              text="Your Email was confirmed!").grid(row=8,
                                                     column=0,
                                                     columnspan=2)
    except Exception as e:
        print(e)
        return False
示例#7
0
async def verify_auth_header(authorization: HTTPBasicCredentials = Depends(auth)):
    """
    Verifies the credentials sent in the authorisation header with cognito
    """
    try:
        aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                                os.environ['USER_POOL_WEB_CLIENT_ID'],
                                access_token=authorization.credentials)
        if aws_cognito.get_user() is None:
            raise HTTPException(status_code=403)

        return authorization.credentials
    except Exception as forbidden:
        raise HTTPException(status_code=403) from forbidden
示例#8
0
def get_cognito(request):
    c = Cognito(
        settings.COGNITO_USER_POOL_ID,
        settings.COGNITO_APP_ID,
        access_token=request.session.get("ACCESS_TOKEN"),
        id_token=request.session.get("ID_TOKEN"),
        refresh_token=request.session.get("REFRESH_TOKEN"),
    )
    changed = c.check_token()
    if changed:
        request.session["ACCESS_TOKEN"] = c.access_token
        request.session["REFRESH_TOKEN"] = c.refresh_token
        request.session["ID_TOKEN"] = c.id_token
        request.session.save()
    return c
示例#9
0
 def setUp(self):
     if env("USE_CLIENT_SECRET") == "True":
         self.app_id = env("COGNITO_APP_WITH_SECRET_ID", "app")
         self.client_secret = env("COGNITO_CLIENT_SECRET")
     else:
         self.app_id = env("COGNITO_APP_ID", "app")
         self.client_secret = None
     self.cognito_user_pool_id = env("COGNITO_USER_POOL_ID", "us-east-1_123456789")
     self.username = env("COGNITO_TEST_USERNAME", "bob")
     self.password = env("COGNITO_TEST_PASSWORD", "bobpassword")
     self.user = Cognito(
         self.cognito_user_pool_id,
         self.app_id,
         username=self.username,
         client_secret=self.client_secret,
     )
示例#10
0
    def setUp(self):
        if env("USE_CLIENT_SECRET", "False") == "True":
            self.app_id = env("COGNITO_APP_WITH_SECRET_ID")
        else:
            self.app_id = env("COGNITO_APP_ID")
        self.cognito_user_pool_id = env("COGNITO_USER_POOL_ID",
                                        "us-east-1_123456789")
        self.username = env("COGNITO_TEST_USERNAME")

        self.user = Cognito(
            user_pool_id=self.cognito_user_pool_id,
            client_id=self.app_id,
            username=self.username,
        )

        self.user_metadata = {
            "user_status": "CONFIRMED",
            "username": "******",
        }
        self.user_info = [
            {
                "Name": "name",
                "Value": "Brian Jones"
            },
            {
                "Name": "given_name",
                "Value": "Brian"
            },
            {
                "Name": "birthdate",
                "Value": "12/7/1980"
            },
        ]
示例#11
0
def forgot_password(user_forgot_password: ForgotPassword):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'])

    aws_cognito.username = user_forgot_password.username
    aws_cognito.add_custom_attributes(email=user_forgot_password.username)

    aws_cognito.initiate_forgot_password()
示例#12
0
 def setUp(self):
     if env("USE_CLIENT_SECRET", "False") == "True":
         self.app_id = env("COGNITO_APP_WITH_SECRET_ID")
     else:
         self.app_id = env("COGNITO_APP_ID")
     self.cognito_user_pool_id = env("COGNITO_USER_POOL_ID", "us-east-1_123456789")
     self.group_data = {"GroupName": "test_group", "Precedence": 1}
     self.cognito_obj = Cognito(
         user_pool_id=self.cognito_user_pool_id, client_id=self.app_id
     )
示例#13
0
def _client_from_env(**kwargs) -> Cognito:
    """
    Constructs cognito client from required environment variables and any other given attributes

    :param kwargs: Any configuration attributes for cognito client instance
    :return:
    """
    user_pool_id = pyocle.config.env_var('USER_POOL_ID')
    client_id = pyocle.config.encrypted_env_var('APP_CLIENT_ID')
    return Cognito(user_pool_id=user_pool_id, client_id=client_id, **kwargs)
示例#14
0
async def get_tokens(username: str, password: str):
    # Get keys from AWS async
    key_dict_future = get_key_dict()

    # Meanwhile, authenticate with User Pool
    access_kwargs = {
        'username': username,
        'access_key': aws_access_key_id,
        'secret_key': aws_secret_access_key
    }
    if client_secret:
        access_kwargs['client_secret'] = client_secret

    user = Cognito(pool_id, client_id, **access_kwargs)
    user.authenticate(password=password)

    # Await key response
    key_dict_response = await key_dict_future
    key_dict = key_dict_response.json()

    # Extract tokens and metadata
    groups = user.get_groups()
    region = user.user_pool_region
    id_token = user.id_token
    access_token = user.access_token
    refresh_token = user.refresh_token
    logins = {f"cognito-idp.{region}.amazonaws.com/{pool_id}": id_token}

    # Decode tokens
    id = decode_jwt(id_token, key_dict, client_id)
    access = decode_jwt(access_token, key_dict, client_id)

    # Fetch credentials from Identity Pool
    credentials = get_credentials(logins)

    return {
        "id": id,
        "access": access,
        "id_token": id_token,
        "access_token": access_token,
        "refresh_token": refresh_token,
        "credentials": credentials,
    }
示例#15
0
def authenticate(appclientid, username, userpoolid, password):
    """
    Authenticate a user and return id_token, refresh_token, access_token.

    :param appclientid: Userpool applcation client ID
    :param username: Cognito user login
    :param userpoolid: Userpool ID
    :param password: Cognito user password
    :return: id_token, refresh_token, access_token
    """
    user = Cognito(userpoolid, appclientid, username=username)
    user.authenticate(password=password)
    data = {
        "access_token": user.access_token,
        "id_token": user.id_token,
        "refresh_token": user.refresh_token,
    }
    print(data)
    print("Written to tmp_token.json")
    with open("tmp_token.json", "w") as f:
        json.dump(data, f, indent=2)
示例#16
0
def authenticate_user(username, password):
    try:
        u = Cognito(client_id=client_id,
                    user_pool_id=user_pool_id,
                    username=username,
                    user_pool_region='eu-west-1')
        u.authenticate(password=password)
        user = u.get_user(attr_map={"user_id": "sub"})
        user_id = user.sub

    except Exception as e:
        print("Incorrect username or password, please try again" + str(e))
        return False

    user_data = {
        'user_id': user_id,
        "username": username,
        "password": password
    }

    User.get_instance(user_data)  # instantiate singleton object
    return True
示例#17
0
def confirm_forgot_password(
        user_confirm_forgot_password: ConfirmForgotPassword):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'])

    aws_cognito.username = user_confirm_forgot_password.username
    aws_cognito.add_custom_attributes(
        email=user_confirm_forgot_password.username)

    aws_cognito.confirm_forgot_password(
        user_confirm_forgot_password.verification_code,
        user_confirm_forgot_password.new_password)
示例#18
0
def register(user_name, password, email, registration_frame):
    try:
        u = Cognito(user_pool_id, client_id)
        u.set_base_attributes(email=email)
        u.register(user_name, password)
        print("New user created successfully!")
        Label(registration_frame,
              text="New user created successfully!").grid(row=5,
                                                          column=0,
                                                          columnspan=2)
    except Exception as e:
        print(e)
        return False
示例#19
0
def register_client(client: RegisterClient,
                    database: BlockchainDb = Depends()):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'])

    aws_cognito.username = client.username
    aws_cognito.set_base_attributes(email=client.username,
                                    name=f'{client.name.firstName}')
    aws_cognito.add_custom_attributes(usertype='client')
    response = aws_cognito.register(client.username, client.password)

    client.address.addressId = uuid.uuid4()

    database.commit_transaction(
        Client(clientId=response['UserSub'],
               name=client.name,
               phoneNumbers=client.phoneNumbers,
               address=client.address,
               dateOfBirth=client.dateOfBirth,
               email=client.email).dict(), 'CREATE', 'Client', 'clientId',
        response['UserSub'])
    return response['UserSub']
示例#20
0
def sign_in(user_sign_in: SignIn):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'])
    aws_cognito.username = user_sign_in.username
    aws_cognito.authenticate(password=user_sign_in.password)
    user = aws_cognito.get_user(attr_map={
        "usertype": "custom:usertype",
        "user_id": "sub"
    })
    usertype = user._data["custom:usertype"]
    user_id = user.sub
    resp = {
        "user": User(userId=user_id, username=user.username,
                     usertype=usertype),
        "token": Token(**aws_cognito.__dict__)
    }
    return SignInResponse(**resp)
示例#21
0
 def get_queryset(self):
     return Cognito(
         settings.COGNITO_USER_POOL_ID, settings.COGNITO_APP_ID
     ).get_users(attr_map=settings.COGNITO_ATTR_MAPPING)
示例#22
0
 def get_user_object(self):
     return Cognito(
         settings.COGNITO_USER_POOL_ID,
         settings.COGNITO_APP_ID,
         username=self.kwargs.get("username"),
     ).admin_get_user(attr_map=settings.COGNITO_ATTR_MAPPING)
示例#23
0
 def test_set_attributes(self):
     user = Cognito(self.cognito_user_pool_id, self.app_id)
     user._set_attributes(
         {"ResponseMetadata": {"HTTPStatusCode": 200}}, {"somerandom": "attribute"}
     )
     self.assertEqual(user.somerandom, "attribute")
示例#24
0
def sign_out(token: str = Depends(verify_auth_header)):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'],
                          access_token=token)
    aws_cognito.logout()
示例#25
0
def confirm_registration(confirm_sign_up: ConfirmSignUp):
    aws_cognito = Cognito(os.environ['USER_POOL_ID'],
                          os.environ['USER_POOL_WEB_CLIENT_ID'])
    aws_cognito.confirm_sign_up(confirm_sign_up.verificationCode,
                                username=confirm_sign_up.username)
示例#26
0
class CognitoAuthTestCase(unittest.TestCase):
    def setUp(self):
        if env("USE_CLIENT_SECRET") == "True":
            self.app_id = env("COGNITO_APP_WITH_SECRET_ID", "app")
            self.client_secret = env("COGNITO_CLIENT_SECRET")
        else:
            self.app_id = env("COGNITO_APP_ID", "app")
            self.client_secret = None
        self.cognito_user_pool_id = env("COGNITO_USER_POOL_ID", "us-east-1_123456789")
        self.username = env("COGNITO_TEST_USERNAME", "bob")
        self.password = env("COGNITO_TEST_PASSWORD", "bobpassword")
        self.user = Cognito(
            self.cognito_user_pool_id,
            self.app_id,
            username=self.username,
            client_secret=self.client_secret,
        )

    @patch("pycognito.aws_srp.AWSSRP.authenticate_user", _mock_authenticate_user)
    @patch("pycognito.Cognito.verify_token", _mock_verify_tokens)
    def test_authenticate(self):

        self.user.authenticate(self.password)
        self.assertNotEqual(self.user.access_token, None)
        self.assertNotEqual(self.user.id_token, None)
        self.assertNotEqual(self.user.refresh_token, None)

    @patch("pycognito.aws_srp.AWSSRP.authenticate_user", _mock_authenticate_user)
    @patch("pycognito.Cognito.verify_token", _mock_verify_tokens)
    def test_verify_token(self):
        self.user.authenticate(self.password)
        bad_access_token = "{}wrong".format(self.user.access_token)

        with self.assertRaises(TokenVerificationException):
            self.user.verify_token(bad_access_token, "access_token", "access")

    @patch("pycognito.Cognito", autospec=True)
    def test_register(self, cognito_user):
        user = cognito_user(
            self.cognito_user_pool_id, self.app_id, username=self.username
        )
        base_attr = dict(
            given_name="Brian",
            family_name="Jones",
            name="Brian Jones",
            email="*****@*****.**",
            phone_number="+19194894555",
            gender="Male",
            preferred_username="******",
        )

        user.set_base_attributes(**base_attr)
        user.register("sampleuser", "sample4#Password")

    @patch("pycognito.aws_srp.AWSSRP.authenticate_user", _mock_authenticate_user)
    @patch("pycognito.Cognito.verify_token", _mock_verify_tokens)
    @patch("pycognito.Cognito._add_secret_hash", return_value=None)
    def test_renew_tokens(self, _):

        stub = Stubber(self.user.client)

        # By the stubber nature, we need to add the sequence
        # of calls for the AWS SRP auth to test the whole process
        stub.add_response(
            method="initiate_auth",
            service_response={
                "AuthenticationResult": {
                    "TokenType": "admin",
                    "IdToken": "dummy_token",
                    "AccessToken": "dummy_token",
                    "RefreshToken": "dummy_token",
                },
                "ResponseMetadata": {"HTTPStatusCode": 200},
            },
            expected_params={
                "ClientId": self.app_id,
                "AuthFlow": "REFRESH_TOKEN_AUTH",
                "AuthParameters": {"REFRESH_TOKEN": "dummy_token"},
            },
        )

        with stub:
            self.user.authenticate(self.password)
            self.user.renew_access_token()
            stub.assert_no_pending_responses()

    @patch("pycognito.Cognito", autospec=True)
    def test_update_profile(self, cognito_user):
        user = cognito_user(
            self.cognito_user_pool_id, self.app_id, username=self.username
        )
        user.authenticate(self.password)
        user.update_profile({"given_name": "Jenkins"})

    def test_admin_get_user(self):
        stub = Stubber(self.user.client)

        stub.add_response(
            method="admin_get_user",
            service_response={
                "Enabled": True,
                "UserStatus": "CONFIRMED",
                "Username": self.username,
                "UserAttributes": [],
            },
            expected_params={
                "UserPoolId": self.cognito_user_pool_id,
                "Username": self.username,
            },
        )

        with stub:
            u = self.user.admin_get_user()
            self.assertEqual(u.username, self.username)
            stub.assert_no_pending_responses()

    def test_check_token(self):
        # This is a sample JWT with an expiration time set to January, 1st, 3000
        self.user.access_token = (
            "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG"
            "9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjMyNTAzNjgwMDAwfQ.C-1gPxrhUsiWeCvMvaZuuQYarkDNAc"
            "pEGJPIqu_SrKQ"
        )
        self.assertFalse(self.user.check_token())

    @patch("pycognito.Cognito", autospec=True)
    def test_validate_verification(self, cognito_user):
        u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username)
        u.validate_verification("4321")

    @patch("pycognito.Cognito", autospec=True)
    def test_confirm_forgot_password(self, cognito_user):
        u = cognito_user(self.cognito_user_pool_id, self.app_id, username=self.username)
        u.confirm_forgot_password("4553", "samplepassword")
        with self.assertRaises(TypeError):
            u.confirm_forgot_password(self.password)

    @patch("pycognito.aws_srp.AWSSRP.authenticate_user", _mock_authenticate_user)
    @patch("pycognito.Cognito.verify_token", _mock_verify_tokens)
    @patch("pycognito.Cognito.check_token", return_value=True)
    def test_change_password(self, _):
        # u = cognito_user(self.cognito_user_pool_id, self.app_id,
        #                  username=self.username)
        self.user.authenticate(self.password)

        stub = Stubber(self.user.client)

        stub.add_response(
            method="change_password",
            service_response={"ResponseMetadata": {"HTTPStatusCode": 200}},
            expected_params={
                "PreviousPassword": self.password,
                "ProposedPassword": "******",
                "AccessToken": self.user.access_token,
            },
        )

        with stub:
            self.user.change_password(self.password, "crazypassword$45DOG")
            stub.assert_no_pending_responses()

        with self.assertRaises(ParamValidationError):
            self.user.change_password(self.password, None)

    def test_set_attributes(self):
        user = Cognito(self.cognito_user_pool_id, self.app_id)
        user._set_attributes(
            {"ResponseMetadata": {"HTTPStatusCode": 200}}, {"somerandom": "attribute"}
        )
        self.assertEqual(user.somerandom, "attribute")

    @patch("pycognito.Cognito.verify_token", _mock_verify_tokens)
    def test_admin_authenticate(self):

        stub = Stubber(self.user.client)

        # By the stubber nature, we need to add the sequence
        # of calls for the AWS SRP auth to test the whole process
        stub.add_response(
            method="admin_initiate_auth",
            service_response={
                "AuthenticationResult": {
                    "TokenType": "admin",
                    "IdToken": "dummy_token",
                    "AccessToken": "dummy_token",
                    "RefreshToken": "dummy_token",
                }
            },
            expected_params={
                "UserPoolId": self.cognito_user_pool_id,
                "ClientId": self.app_id,
                "AuthFlow": "ADMIN_NO_SRP_AUTH",
                "AuthParameters": {
                    "USERNAME": self.username,
                    "PASSWORD": self.password,
                },
            },
        )

        with stub:
            self.user.admin_authenticate(self.password)
            self.assertNotEqual(self.user.access_token, None)
            self.assertNotEqual(self.user.id_token, None)
            self.assertNotEqual(self.user.refresh_token, None)
            stub.assert_no_pending_responses()
示例#27
0
class CognitoUser:
    def __init__(self, user_pool_id, client_id, client_secret, username):
        self.user_pool_id = user_pool_id
        self.client_id = client_id
        self.client_secret = client_secret
        self.username = username
        self.cognito = Cognito(user_pool_id,
                               client_id,
                               client_secret=client_secret,
                               username=username)
        self.log = Helper.get_logger()

    # this method allows the registration of a user in AWS cognito
    def register_user(self, password, email, first_name, middle_name,
                      last_name, phone_number):
        is_registered = False
        self.log.info("registering user with username " + self.username)
        try:
            self.cognito.set_base_attributes(email=email,
                                             given_name=first_name,
                                             middle_name=middle_name,
                                             family_name=last_name,
                                             phone_number=phone_number)
            self.cognito.register(username=self.username, password=password)
            is_registered = True
            self.log.info("username " + self.username +
                          " registered successfully")
        except Exception as e:
            if "UsernameExistException" in str(e):
                self.log.error(
                    "Username already exist, please user another username")
            else:
                self.log.error(str(e))
        return is_registered

    # This method allows for the user to confirm registration
    def confirm_signup(self, confirmation_code):
        signup_confirmed = False
        self.log.info("confirming user="******" with registration code " + confirmation_code)
        try:
            self.cognito.confirm_sign_up(confirmation_code,
                                         username=self.username)
            signup_confirmed = True
            self.log.info("user = "******" has been confirmed ")
        except Exception as e:
            self.log.error(str(e))
        return signup_confirmed

    # This method allows a user to be authenticated with AWS cognito authentication
    def authenticate_user(self, password):
        is_authenticated = False
        self.log.info("Authenticating user = "******"user = "******" has been authenticated")
        except Exception as e:
            self.log.error(str(e))
        return is_authenticated

    # this method returns all the personal information of a given username
    def get_user_info(self, password):
        self.log.info("Getting user info for username = "******"given_name": "first_name",
                    "middle_name": "middle_name",
                    "family_name": "last_name",
                    "email": "email",
                    "phone_number": "phone_number"
                })
        except Exception as e:
            print(str(e.with_traceback()))
        return user
示例#28
0
import graphene
import requests
from fastapi import FastAPI
from starlette.graphql import GraphQLApp
from pydantic import BaseModel
from fastapi.security import PA
from pycognito import Cognito

u = Cognito("eu-west-1_evU2XlBPg",
            "5p05ojqacsr782fouu3nv0hm1r",
            client_secret="password1234",
            username="******")

from gateway.auth import get_jwks, JWTBearer, jwks


class User(BaseModel):
    username: str
    email: str
    disabled: bool


class RoomType(graphene.ObjectType):
    id = graphene.Int()
    capacity = graphene.Int()
    faculty = graphene.String()
    projector = graphene.Boolean()
    booked = graphene.Boolean()


class RoomBookingType(graphene.ObjectType):
示例#29
0
from pycognito import Cognito
import pprint
import env

pp = pprint.PrettyPrinter(indent=4)

u = Cognito(env.USER_POOL_ID,
            env.CLIENT_ID,
            client_secret=env.CLIENT_SECRET,
            access_key=env.ACCESS_ID,
            secret_key=env.ACCESS_KEY)

users = u.get_users(attr_map={
    "mail": "email",
    "given_name": "first_name",
    "family_name": "last_name"
})
for user in users:
    print('{}'.format(user.email))