1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-12-26 16:58:28 +00:00

Add default JWT secret key and fix tests.

This commit is contained in:
grossmj 2020-12-18 16:51:54 +10:30
parent bde706d19a
commit 58c1b01439
3 changed files with 11 additions and 9 deletions

View File

@ -23,7 +23,6 @@ from passlib.context import CryptContext
from typing import Optional from typing import Optional
from fastapi import HTTPException, status from fastapi import HTTPException, status
from gns3server.schemas.tokens import TokenData from gns3server.schemas.tokens import TokenData
from gns3server.controller.controller_error import ControllerError
from gns3server.config import Config from gns3server.config import Config
from pydantic import ValidationError from pydantic import ValidationError
@ -32,6 +31,8 @@ log = logging.getLogger(__name__)
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
DEFAULT_JWT_SECRET_KEY = "efd08eccec3bd0a1be2e086670e5efa90969c68d07e072d7354a76cea5e33d4e"
class AuthService: class AuthService:
@ -75,7 +76,8 @@ class AuthService:
if secret_key is None: if secret_key is None:
secret_key = self._server_config.get("jwt_secret_key", None) secret_key = self._server_config.get("jwt_secret_key", None)
if secret_key is None: if secret_key is None:
raise ControllerError("No JWT secret key has been configured") secret_key = DEFAULT_JWT_SECRET_KEY
log.error("A JWT secret key must be configured to secure the server, using default key...")
algorithm = self._server_config.get("jwt_algorithm", "HS256") algorithm = self._server_config.get("jwt_algorithm", "HS256")
encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm) encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm)
return encoded_jwt return encoded_jwt
@ -91,7 +93,8 @@ class AuthService:
if secret_key is None: if secret_key is None:
secret_key = self._server_config.get("jwt_secret_key", None) secret_key = self._server_config.get("jwt_secret_key", None)
if secret_key is None: if secret_key is None:
raise ControllerError("No JWT secret key has been configured") secret_key = DEFAULT_JWT_SECRET_KEY
log.error("A JWT secret key must be configured to secure the server, using default key...")
algorithm = self._server_config.get("jwt_algorithm", "HS256") algorithm = self._server_config.get("jwt_algorithm", "HS256")
payload = jwt.decode(token, secret_key, algorithms=[algorithm]) payload = jwt.decode(token, secret_key, algorithms=[algorithm])
username: str = payload.get("sub") username: str = payload.get("sub")

View File

@ -25,6 +25,7 @@ from jose import jwt
from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.ext.asyncio import AsyncSession
from gns3server.db.repositories.users import UsersRepository from gns3server.db.repositories.users import UsersRepository
from gns3server.services import auth_service from gns3server.services import auth_service
from gns3server.services.authentication import DEFAULT_JWT_SECRET_KEY
from gns3server.config import Config from gns3server.config import Config
from gns3server.schemas.users import User from gns3server.schemas.users import User
@ -129,18 +130,16 @@ class TestAuthTokens:
test_user: User test_user: User
) -> None: ) -> None:
secret_key = auth_service._server_config.get("jwt_secret_key")
token = auth_service.create_access_token(test_user.username) token = auth_service.create_access_token(test_user.username)
payload = jwt.decode(token, secret_key, algorithms=["HS256"]) payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
username = payload.get("sub") username = payload.get("sub")
assert username == test_user.username assert username == test_user.username
async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None: async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None:
secret_key = auth_service._server_config.get("jwt_secret_key")
token = auth_service.create_access_token(None) token = auth_service.create_access_token(None)
with pytest.raises(jwt.JWTError): with pytest.raises(jwt.JWTError):
jwt.decode(token, secret_key, algorithms=["HS256"]) jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
async def test_can_retrieve_username_from_token( async def test_can_retrieve_username_from_token(
self, self,
@ -198,9 +197,8 @@ class TestUserLogin:
assert res.status_code == status.HTTP_200_OK assert res.status_code == status.HTTP_200_OK
# check that token exists in response and has user encoded within it # check that token exists in response and has user encoded within it
secret_key = auth_service._server_config.get("jwt_secret_key")
token = res.json().get("access_token") token = res.json().get("access_token")
payload = jwt.decode(token, secret_key, algorithms=["HS256"]) payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
assert "sub" in payload assert "sub" in payload
username = payload.get("sub") username = payload.get("sub")
assert username == test_user.username assert username == test_user.username

View File

@ -39,6 +39,7 @@ if sys.platform.startswith("win") and sys.version_info < (3, 8):
yield loop yield loop
asyncio.set_event_loop(None) asyncio.set_event_loop(None)
# https://github.com/pytest-dev/pytest-asyncio/issues/68 # https://github.com/pytest-dev/pytest-asyncio/issues/68
# this event_loop is used by pytest-asyncio, and redefining it # this event_loop is used by pytest-asyncio, and redefining it
# is currently the only way of changing the scope of this fixture # is currently the only way of changing the scope of this fixture