mirror of
https://github.com/GNS3/gns3-server
synced 2025-01-13 17:40:54 +00:00
Add default JWT secret key and fix tests.
This commit is contained in:
parent
bde706d19a
commit
58c1b01439
@ -23,7 +23,6 @@ from passlib.context import CryptContext
|
|||||||
from typing import Optional
|
from typing import Optional
|
||||||
from fastapi import HTTPException, status
|
from fastapi import HTTPException, status
|
||||||
from gns3server.schemas.tokens import TokenData
|
from gns3server.schemas.tokens import TokenData
|
||||||
from gns3server.controller.controller_error import ControllerError
|
|
||||||
from gns3server.config import Config
|
from gns3server.config import Config
|
||||||
from pydantic import ValidationError
|
from pydantic import ValidationError
|
||||||
|
|
||||||
@ -32,6 +31,8 @@ log = logging.getLogger(__name__)
|
|||||||
|
|
||||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||||
|
|
||||||
|
DEFAULT_JWT_SECRET_KEY = "efd08eccec3bd0a1be2e086670e5efa90969c68d07e072d7354a76cea5e33d4e"
|
||||||
|
|
||||||
|
|
||||||
class AuthService:
|
class AuthService:
|
||||||
|
|
||||||
@ -75,7 +76,8 @@ class AuthService:
|
|||||||
if secret_key is None:
|
if secret_key is None:
|
||||||
secret_key = self._server_config.get("jwt_secret_key", None)
|
secret_key = self._server_config.get("jwt_secret_key", None)
|
||||||
if secret_key is None:
|
if secret_key is None:
|
||||||
raise ControllerError("No JWT secret key has been configured")
|
secret_key = DEFAULT_JWT_SECRET_KEY
|
||||||
|
log.error("A JWT secret key must be configured to secure the server, using default key...")
|
||||||
algorithm = self._server_config.get("jwt_algorithm", "HS256")
|
algorithm = self._server_config.get("jwt_algorithm", "HS256")
|
||||||
encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm)
|
encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm)
|
||||||
return encoded_jwt
|
return encoded_jwt
|
||||||
@ -91,7 +93,8 @@ class AuthService:
|
|||||||
if secret_key is None:
|
if secret_key is None:
|
||||||
secret_key = self._server_config.get("jwt_secret_key", None)
|
secret_key = self._server_config.get("jwt_secret_key", None)
|
||||||
if secret_key is None:
|
if secret_key is None:
|
||||||
raise ControllerError("No JWT secret key has been configured")
|
secret_key = DEFAULT_JWT_SECRET_KEY
|
||||||
|
log.error("A JWT secret key must be configured to secure the server, using default key...")
|
||||||
algorithm = self._server_config.get("jwt_algorithm", "HS256")
|
algorithm = self._server_config.get("jwt_algorithm", "HS256")
|
||||||
payload = jwt.decode(token, secret_key, algorithms=[algorithm])
|
payload = jwt.decode(token, secret_key, algorithms=[algorithm])
|
||||||
username: str = payload.get("sub")
|
username: str = payload.get("sub")
|
||||||
|
@ -25,6 +25,7 @@ from jose import jwt
|
|||||||
from sqlalchemy.ext.asyncio import AsyncSession
|
from sqlalchemy.ext.asyncio import AsyncSession
|
||||||
from gns3server.db.repositories.users import UsersRepository
|
from gns3server.db.repositories.users import UsersRepository
|
||||||
from gns3server.services import auth_service
|
from gns3server.services import auth_service
|
||||||
|
from gns3server.services.authentication import DEFAULT_JWT_SECRET_KEY
|
||||||
from gns3server.config import Config
|
from gns3server.config import Config
|
||||||
from gns3server.schemas.users import User
|
from gns3server.schemas.users import User
|
||||||
|
|
||||||
@ -129,18 +130,16 @@ class TestAuthTokens:
|
|||||||
test_user: User
|
test_user: User
|
||||||
) -> None:
|
) -> None:
|
||||||
|
|
||||||
secret_key = auth_service._server_config.get("jwt_secret_key")
|
|
||||||
token = auth_service.create_access_token(test_user.username)
|
token = auth_service.create_access_token(test_user.username)
|
||||||
payload = jwt.decode(token, secret_key, algorithms=["HS256"])
|
payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
|
||||||
username = payload.get("sub")
|
username = payload.get("sub")
|
||||||
assert username == test_user.username
|
assert username == test_user.username
|
||||||
|
|
||||||
async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None:
|
async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None:
|
||||||
|
|
||||||
secret_key = auth_service._server_config.get("jwt_secret_key")
|
|
||||||
token = auth_service.create_access_token(None)
|
token = auth_service.create_access_token(None)
|
||||||
with pytest.raises(jwt.JWTError):
|
with pytest.raises(jwt.JWTError):
|
||||||
jwt.decode(token, secret_key, algorithms=["HS256"])
|
jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
|
||||||
|
|
||||||
async def test_can_retrieve_username_from_token(
|
async def test_can_retrieve_username_from_token(
|
||||||
self,
|
self,
|
||||||
@ -198,9 +197,8 @@ class TestUserLogin:
|
|||||||
assert res.status_code == status.HTTP_200_OK
|
assert res.status_code == status.HTTP_200_OK
|
||||||
|
|
||||||
# check that token exists in response and has user encoded within it
|
# check that token exists in response and has user encoded within it
|
||||||
secret_key = auth_service._server_config.get("jwt_secret_key")
|
|
||||||
token = res.json().get("access_token")
|
token = res.json().get("access_token")
|
||||||
payload = jwt.decode(token, secret_key, algorithms=["HS256"])
|
payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"])
|
||||||
assert "sub" in payload
|
assert "sub" in payload
|
||||||
username = payload.get("sub")
|
username = payload.get("sub")
|
||||||
assert username == test_user.username
|
assert username == test_user.username
|
||||||
|
@ -39,6 +39,7 @@ if sys.platform.startswith("win") and sys.version_info < (3, 8):
|
|||||||
yield loop
|
yield loop
|
||||||
asyncio.set_event_loop(None)
|
asyncio.set_event_loop(None)
|
||||||
|
|
||||||
|
|
||||||
# https://github.com/pytest-dev/pytest-asyncio/issues/68
|
# https://github.com/pytest-dev/pytest-asyncio/issues/68
|
||||||
# this event_loop is used by pytest-asyncio, and redefining it
|
# this event_loop is used by pytest-asyncio, and redefining it
|
||||||
# is currently the only way of changing the scope of this fixture
|
# is currently the only way of changing the scope of this fixture
|
||||||
|
Loading…
Reference in New Issue
Block a user