From 58c1b014393772589264245c6defc22133c53ebd Mon Sep 17 00:00:00 2001
From: grossmj <grossmj@gns3.net>
Date: Fri, 18 Dec 2020 16:51:54 +1030
Subject: [PATCH] Add default JWT secret key and fix tests.

---
 gns3server/services/authentication.py     |  9 ++++++---
 tests/api/routes/controller/test_users.py | 10 ++++------
 tests/conftest.py                         |  1 +
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/gns3server/services/authentication.py b/gns3server/services/authentication.py
index e9f7782c..77eadfc4 100644
--- a/gns3server/services/authentication.py
+++ b/gns3server/services/authentication.py
@@ -23,7 +23,6 @@ from passlib.context import CryptContext
 from typing import Optional
 from fastapi import HTTPException, status
 from gns3server.schemas.tokens import TokenData
-from gns3server.controller.controller_error import ControllerError
 from gns3server.config import Config
 from pydantic import ValidationError
 
@@ -32,6 +31,8 @@ log = logging.getLogger(__name__)
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
+DEFAULT_JWT_SECRET_KEY = "efd08eccec3bd0a1be2e086670e5efa90969c68d07e072d7354a76cea5e33d4e"
+
 
 class AuthService:
 
@@ -75,7 +76,8 @@ class AuthService:
         if secret_key is None:
             secret_key = self._server_config.get("jwt_secret_key", None)
         if secret_key is None:
-            raise ControllerError("No JWT secret key has been configured")
+            secret_key = DEFAULT_JWT_SECRET_KEY
+            log.error("A JWT secret key must be configured to secure the server, using default key...")
         algorithm = self._server_config.get("jwt_algorithm", "HS256")
         encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm)
         return encoded_jwt
@@ -91,7 +93,8 @@ class AuthService:
             if secret_key is None:
                 secret_key = self._server_config.get("jwt_secret_key", None)
             if secret_key is None:
-                raise ControllerError("No JWT secret key has been configured")
+                secret_key = DEFAULT_JWT_SECRET_KEY
+                log.error("A JWT secret key must be configured to secure the server, using default key...")
             algorithm = self._server_config.get("jwt_algorithm", "HS256")
             payload = jwt.decode(token, secret_key, algorithms=[algorithm])
             username: str = payload.get("sub")
diff --git a/tests/api/routes/controller/test_users.py b/tests/api/routes/controller/test_users.py
index faa65393..b8e6caca 100644
--- a/tests/api/routes/controller/test_users.py
+++ b/tests/api/routes/controller/test_users.py
@@ -25,6 +25,7 @@ from jose import jwt
 from sqlalchemy.ext.asyncio import AsyncSession
 from gns3server.db.repositories.users import UsersRepository
 from gns3server.services import auth_service
+from gns3server.services.authentication import DEFAULT_JWT_SECRET_KEY
 from gns3server.config import Config
 from gns3server.schemas.users import User
 
@@ -129,18 +130,16 @@ class TestAuthTokens:
             test_user: User
     ) -> None:
 
-        secret_key = auth_service._server_config.get("jwt_secret_key")
         token = auth_service.create_access_token(test_user.username)
-        payload = jwt.decode(token, secret_key, algorithms=["HS256"])
+        payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
         username = payload.get("sub")
         assert username == test_user.username
 
     async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None:
 
-        secret_key = auth_service._server_config.get("jwt_secret_key")
         token = auth_service.create_access_token(None)
         with pytest.raises(jwt.JWTError):
-            jwt.decode(token, secret_key, algorithms=["HS256"])
+            jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
 
     async def test_can_retrieve_username_from_token(
             self,
@@ -198,9 +197,8 @@ class TestUserLogin:
         assert res.status_code == status.HTTP_200_OK
 
         # check that token exists in response and has user encoded within it
-        secret_key = auth_service._server_config.get("jwt_secret_key")
         token = res.json().get("access_token")
-        payload = jwt.decode(token, secret_key, algorithms=["HS256"])
+        payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
         assert "sub" in payload
         username = payload.get("sub")
         assert username == test_user.username
diff --git a/tests/conftest.py b/tests/conftest.py
index c41998dc..808a3cf1 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -39,6 +39,7 @@ if sys.platform.startswith("win") and sys.version_info < (3, 8):
         yield loop
         asyncio.set_event_loop(None)
 
+
 # https://github.com/pytest-dev/pytest-asyncio/issues/68
 # this event_loop is used by pytest-asyncio, and redefining it
 # is currently the only way of changing the scope of this fixture