示例#1
0
def _verify_token(token):
    """
    Checks whether the token is valid and if it is in the blacklist.
    :param token: the token to be verified
    """
    log.info("Verifying token")
    jwt.decode(token, PUBLIC_KEY, algorithms=["RS256"])
    if token in get_config_value(Config.BLACKLIST):
        log.warning("Token in blacklist: %s", token)
        raise Exception("Token in blacklist")
    log.info("Token verified")
示例#2
0
 def _get_payload(self):
     """
     Creates an ICATAuthenticator and calls the authenticate method to get a payload
     :return: The payload
     """
     log.info("Creating ICATAuthenticator")
     authenticator = ICATAuthenticator()
     session_id = authenticator.authenticate(
         self.mnemonic,
         credentials=self.credentials,
     )
     username = authenticator.get_username(session_id)
     user_is_admin = username in get_config_value(Config.ADMIN_USERS)
     return {
         "sessionId": session_id,
         "username": username,
         "userIsAdmin": user_is_admin,
     }
示例#3
0
    def refresh_token(self, refresh_token, prev_access_token):
        """
        Given a refresh token, generate a new access token if the refresh token is valid
        and the previous access token allows for a refresh
        :param refresh_token: The refresh token to be checked
        :param prev_access_token: The access token to be refreshed
        :return: - tuple with message and status code e.g. ("", 200)
        """
        try:
            log.info("Refreshing token")
            jwt.decode(refresh_token, PUBLIC_KEY, algorithms=["RS256"])
            if refresh_token in get_config_value(Config.BLACKLIST):
                log.warning(
                    "Attempted refresh from token in blacklist: %s",
                    refresh_token,
                )
                raise Exception("JWT in blacklist")
            log.info("Token verified")
        except Exception:
            log.warning("Refresh token was not valid")
            return "Refresh token was not valid", 403

        try:
            payload = jwt.decode(
                prev_access_token,
                PUBLIC_KEY,
                algorithms=["RS256"],
                options={"verify_exp": False},
            )
            payload["exp"] = current_time() + datetime.timedelta(
                minutes=ACCESS_TOKEN_VALID_FOR, )

            log.info("Creating ICATAuthenticator")
            authenticator = ICATAuthenticator()
            authenticator.refresh(payload["sessionId"])
            return self._pack_jwt(payload), 200
        except Exception:
            log.warning("Unable to refresh token")
            return "Unable to refresh token", 403
示例#4
0
from scigateway_auth.common.config import Config, get_config_value

try:
    with open(get_config_value(Config.PRIVATE_KEY_PATH), "r") as f:
        PRIVATE_KEY = f.read()
except FileNotFoundError:
    PRIVATE_KEY = ""

try:
    with open(get_config_value(Config.PUBLIC_KEY_PATH), "r") as f:
        PUBLIC_KEY = f.read()
except FileNotFoundError:
    PUBLIC_KEY = ""

ICAT_URL = get_config_value(Config.ICAT_URL)
ACCESS_TOKEN_VALID_FOR = get_config_value(Config.ACCESS_TOKEN_VALID_FOR)
REFRESH_TOKEN_VALID_FOR = get_config_value(Config.REFRESH_TOKEN_VALID_FOR)
MAINTENANCE_CONFIG_PATH = get_config_value(Config.MAINTENANCE_CONFIG_PATH)
SCHEDULED_MAINTENANCE_CONFIG_PATH = get_config_value(
    Config.SCHEDULED_MAINTENANCE_CONFIG_PATH, )
SECURE = True
VERIFY = get_config_value(Config.VERIFY)
示例#5
0
from scigateway_auth.common.logger_setup import setup_logger
from scigateway_auth.src.endpoints import (
    AuthenticatorsEndpoint,
    LoginEndpoint,
    MaintenanceEndpoint,
    RefreshEndpoint,
    ScheduledMaintenanceEndpoint,
    VerifyEndpoint,
)  # NOQA: E402

app = Flask(__name__)
cors = CORS(app)
app.url_map.strict_slashes = False
api = Api(app)

setup_logger()

api.add_resource(LoginEndpoint, "/login")
api.add_resource(VerifyEndpoint, "/verify")
api.add_resource(RefreshEndpoint, "/refresh")
api.add_resource(AuthenticatorsEndpoint, "/authenticators")
api.add_resource(MaintenanceEndpoint, "/maintenance")
api.add_resource(ScheduledMaintenanceEndpoint, "/scheduled_maintenance")

if __name__ == "__main__":
    app.run(
        host=get_config_value(Config.HOST),
        port=get_config_value(Config.PORT),
        debug=get_config_value(Config.DEBUG_MODE),
    )
 def test_get_config_value_missing(self):
     with self.assertRaises(SystemExit):
         get_config_value(Config.BLACKLIST)
 def test_get_config_value(self):
     self.assertEqual(get_config_value(Config.VERIFY), True)
示例#8
0
import logging.config

from scigateway_auth.common.config import Config, get_config_value

logger_config = {
    "version": 1,
    "formatters": {
        "default": {
            "format":
            "[%(asctime)s] {%(module)s:%(filename)s:%(funcName)s:"
            "%(lineno)d} %(levelname)s - %(message)s  ",
        },
    },
    "handlers": {
        "default": {
            "level": get_config_value(Config.LOG_LEVEL),
            "formatter": "default",
            "class": "logging.handlers.RotatingFileHandler",
            "filename": get_config_value(Config.LOG_LOCATION),
            "maxBytes": 5000000,
            "backupCount": 10,
        },
    },
    "root": {
        "level": get_config_value(Config.LOG_LEVEL),
        "handlers": ["default"]
    },
}


def setup_logger():