From 555dfaca1645b94b8cd26f291dc2e85334781c0d Mon Sep 17 00:00:00 2001 From: Georges-Antoine Assi Date: Sun, 12 May 2024 21:40:18 -0400 Subject: [PATCH] backend updates --- backend/decorators/__init__.py | 0 backend/handler/auth_handler/__init__.py | 23 +++++++++++----------- backend/handler/auth_handler/middleware.py | 11 +++++------ 3 files changed, 17 insertions(+), 17 deletions(-) create mode 100644 backend/decorators/__init__.py diff --git a/backend/decorators/__init__.py b/backend/decorators/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/backend/handler/auth_handler/__init__.py b/backend/handler/auth_handler/__init__.py index 3b1d56605..823ac9bdd 100644 --- a/backend/handler/auth_handler/__init__.py +++ b/backend/handler/auth_handler/__init__.py @@ -8,7 +8,8 @@ from config import ( ) from exceptions.auth_exceptions import OAuthCredentialsException from fastapi import HTTPException, status -from jose import JWTError, jwt +from joserfc import jwt +from joserfc.errors import BadSignatureError from passlib.context import CryptContext from sqlalchemy.exc import IntegrityError from starlette.requests import HTTPConnection @@ -65,12 +66,12 @@ class AuthHandler: async def get_current_active_user_from_session(self, conn: HTTPConnection): from handler import db_user_handler - - issuer = conn.session.get('iss') - if not issuer or issuer != 'romm:auth': + + issuer = conn.session.get("iss") + if not issuer or issuer != "romm:auth": return None - username = conn.session.get('sub') + username = conn.session.get("sub") if not username: return None @@ -123,18 +124,18 @@ class OAuthHandler: to_encode.update({"exp": expire}) - return jwt.encode(to_encode, ROMM_AUTH_SECRET_KEY, algorithm=ALGORITHM) + return jwt.encode({"alg": ALGORITHM}, to_encode, ROMM_AUTH_SECRET_KEY) async def get_current_active_user_from_bearer_token(self, token: str): from handler import db_user_handler try: - payload = jwt.decode(token, ROMM_AUTH_SECRET_KEY, algorithms=[ALGORITHM]) - except JWTError: + payload = jwt.decode(token, ROMM_AUTH_SECRET_KEY) + except BadSignatureError: raise OAuthCredentialsException - - issuer = payload.get('iss') - if not issuer or issuer != 'romm:oauth': + + issuer = payload.get("iss") + if not issuer or issuer != "romm:oauth": return None username = payload.get("sub") diff --git a/backend/handler/auth_handler/middleware.py b/backend/handler/auth_handler/middleware.py index a6430f4ce..03ef3ce6a 100644 --- a/backend/handler/auth_handler/middleware.py +++ b/backend/handler/auth_handler/middleware.py @@ -5,7 +5,8 @@ from starlette.datastructures import MutableHeaders, Secret from starlette.requests import HTTPConnection from starlette.types import ASGIApp, Message, Receive, Scope, Send from starlette_csrf.middleware import CSRFMiddleware -from jose import jwt, JWTError +from joserfc import jwt +from joserfc.errors import BadSignatureError class CustomCSRFMiddleware(CSRFMiddleware): @@ -40,7 +41,7 @@ class SessionMiddleware: self.jwt_secret = secret_key # check crypto setup so we bail out if needed - _jwt = jwt.encode({"1": 2}, key=str(self.jwt_secret.encode), algorithm=jwt_alg) + _jwt = jwt.encode({"alg": jwt_alg}, {"1": 2}, key=str(self.jwt_secret.encode)) assert {"1": 2} == jwt.decode( _jwt, key=str( @@ -48,7 +49,6 @@ class SessionMiddleware: if self.jwt_secret.decode else self.jwt_secret.encode ), - algorithms=[jwt_alg], ), "wrong crypto setup" self.session_cookie = session_cookie @@ -91,13 +91,12 @@ class SessionMiddleware: if self.jwt_secret.decode else self.jwt_secret.encode ), - algorithms=[self.jwt_alg], ) jwt_payload = self._validate_jwt_payload(jwt_payload) scope["session"] = jwt_payload initial_session_was_empty = False - except JWTError: + except BadSignatureError: scope["session"] = {} else: scope["session"] = {} @@ -109,9 +108,9 @@ class SessionMiddleware: scope["session"]["exp"] = int(time.time()) + self.max_age data = jwt.encode( + {"alg": self.jwt_alg}, scope["session"], key=str(self.jwt_secret.encode), - algorithm=self.jwt_alg, ) headers = MutableHeaders(scope=message)