1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-12-25 16:28:11 +00:00

Add default JWT secret key and fix tests.

This commit is contained in:
grossmj 2020-12-18 16:51:54 +10:30
parent bde706d19a
commit 58c1b01439
3 changed files with 11 additions and 9 deletions

View File

@ -23,7 +23,6 @@ from passlib.context import CryptContext
from typing import Optional
from fastapi import HTTPException, status
from gns3server.schemas.tokens import TokenData
from gns3server.controller.controller_error import ControllerError
from gns3server.config import Config
from pydantic import ValidationError
@ -32,6 +31,8 @@ log = logging.getLogger(__name__)
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
DEFAULT_JWT_SECRET_KEY = "efd08eccec3bd0a1be2e086670e5efa90969c68d07e072d7354a76cea5e33d4e"
class AuthService:
@ -75,7 +76,8 @@ class AuthService:
if secret_key is None:
secret_key = self._server_config.get("jwt_secret_key", None)
if secret_key is None:
raise ControllerError("No JWT secret key has been configured")
secret_key = DEFAULT_JWT_SECRET_KEY
log.error("A JWT secret key must be configured to secure the server, using default key...")
algorithm = self._server_config.get("jwt_algorithm", "HS256")
encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm)
return encoded_jwt
@ -91,7 +93,8 @@ class AuthService:
if secret_key is None:
secret_key = self._server_config.get("jwt_secret_key", None)
if secret_key is None:
raise ControllerError("No JWT secret key has been configured")
secret_key = DEFAULT_JWT_SECRET_KEY
log.error("A JWT secret key must be configured to secure the server, using default key...")
algorithm = self._server_config.get("jwt_algorithm", "HS256")
payload = jwt.decode(token, secret_key, algorithms=[algorithm])
username: str = payload.get("sub")

View File

@ -25,6 +25,7 @@ from jose import jwt
from sqlalchemy.ext.asyncio import AsyncSession
from gns3server.db.repositories.users import UsersRepository
from gns3server.services import auth_service
from gns3server.services.authentication import DEFAULT_JWT_SECRET_KEY
from gns3server.config import Config
from gns3server.schemas.users import User
@ -129,18 +130,16 @@ class TestAuthTokens:
test_user: User
) -> None:
secret_key = auth_service._server_config.get("jwt_secret_key")
token = auth_service.create_access_token(test_user.username)
payload = jwt.decode(token, secret_key, algorithms=["HS256"])
payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
username = payload.get("sub")
assert username == test_user.username
async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None:
secret_key = auth_service._server_config.get("jwt_secret_key")
token = auth_service.create_access_token(None)
with pytest.raises(jwt.JWTError):
jwt.decode(token, secret_key, algorithms=["HS256"])
jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
async def test_can_retrieve_username_from_token(
self,
@ -198,9 +197,8 @@ class TestUserLogin:
assert res.status_code == status.HTTP_200_OK
# check that token exists in response and has user encoded within it
secret_key = auth_service._server_config.get("jwt_secret_key")
token = res.json().get("access_token")
payload = jwt.decode(token, secret_key, algorithms=["HS256"])
payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
assert "sub" in payload
username = payload.get("sub")
assert username == test_user.username

View File

@ -39,6 +39,7 @@ if sys.platform.startswith("win") and sys.version_info < (3, 8):
yield loop
asyncio.set_event_loop(None)
# https://github.com/pytest-dev/pytest-asyncio/issues/68
# this event_loop is used by pytest-asyncio, and redefining it
# is currently the only way of changing the scope of this fixture