From c0f53ffd8ae53d96a59bb9c2684d6f541e1d1e78 Mon Sep 17 00:00:00 2001 From: John Pollo Date: Wed, 13 Oct 2021 11:10:58 +0530 Subject: [PATCH 1/6] Update cryptography --- requirements/test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/test.txt b/requirements/test.txt index 7b2fea1..c97b5ed 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -6,4 +6,4 @@ pytest-cov==2.5.1 pytest-travis-fold==1.3.0 pytest-env==0.6.2 pluggy==0.6.0 -cryptography==2.4.1 +cryptography==3.2 From 1d838cfa5666585760164b3704cff82acfea338d Mon Sep 17 00:00:00 2001 From: John Pollo Date: Thu, 14 Oct 2021 11:29:10 +0530 Subject: [PATCH 2/6] Find Account by Username --- src/authentic/backends/jwt/usecases.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/authentic/backends/jwt/usecases.py b/src/authentic/backends/jwt/usecases.py index b21565e..c654c11 100644 --- a/src/authentic/backends/jwt/usecases.py +++ b/src/authentic/backends/jwt/usecases.py @@ -120,9 +120,14 @@ def process_request(self, request_object): # Find the identity in the decoded jwt identity = jwt_data.get(active_config.JWT_IDENTITY_CLAIM, None) + try: - account = self.repo.get(identity.get('account_id')) - except ObjectNotFoundError: + if jwt_data.get('id'): + account = self.repo.filter(username=jwt_data.get('id')).first + account = self.repo.get(account.id) + else: + account = self.repo.get(identity.get('account_id')) + except (ObjectNotFoundError, AttributeError): return ResponseFailure( Status.UNAUTHORIZED, {'username_or_email': 'Account does not exist'}) From 707f4ebc023465562120f5e77af41343fbab9abe Mon Sep 17 00:00:00 2001 From: John Pollo Date: Thu, 14 Oct 2021 12:09:37 +0530 Subject: [PATCH 3/6] Add Session Entry --- docs/conf.py | 4 ++-- setup.py | 2 +- src/authentic/backends/jwt/usecases.py | 16 +++++++++++----- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index c920b8d..e840a9f 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -23,10 +23,10 @@ source_suffix = '.rst' master_doc = 'index' project = 'Authentic' -year = '2018' +year = '2021' author = 'Subhash Bhushan C' copyright = '{0}, {1}'.format(year, author) -version = release = '0.0.6' +version = release = '0.0.7' pygments_style = 'trac' templates_path = ['.'] diff --git a/setup.py b/setup.py index d94b7dc..683a048 100644 --- a/setup.py +++ b/setup.py @@ -28,7 +28,7 @@ def read(*names, **kwargs): setup( name='authentic', - version='0.0.6a', + version='0.0.7a', license='BSD 3-Clause License', description='Comprehensive Authentication Package', long_description='%s\n%s' % ( diff --git a/src/authentic/backends/jwt/usecases.py b/src/authentic/backends/jwt/usecases.py index c654c11..adddf6d 100644 --- a/src/authentic/backends/jwt/usecases.py +++ b/src/authentic/backends/jwt/usecases.py @@ -119,14 +119,20 @@ def process_request(self, request_object): Status.UNAUTHORIZED, {'credentials': f'Invalid JWT Token. {e}'}) # Find the identity in the decoded jwt - identity = jwt_data.get(active_config.JWT_IDENTITY_CLAIM, None) - + try: if jwt_data.get('id'): account = self.repo.filter(username=jwt_data.get('id')).first - account = self.repo.get(account.id) - else: - account = self.repo.get(identity.get('account_id')) + jwt_data[active_config.JWT_IDENTITY_CLAIM] = {'account_id': account.id} + repo.SessionSchema.create( + session_key=f'token-{account.id}' + f'-{jwt_data["jti"]}', + session_data={}, + expire_date=datetime.utcnow() + + active_config.JWT_ACCESS_TOKEN_EXPIRES + ) + identity = jwt_data.get(active_config.JWT_IDENTITY_CLAIM, None) + account = self.repo.get(identity.get('account_id')) except (ObjectNotFoundError, AttributeError): return ResponseFailure( Status.UNAUTHORIZED, From 1e9ddc2340ee165ac0f143811d3597a614a0443f Mon Sep 17 00:00:00 2001 From: John Pollo Date: Thu, 14 Oct 2021 14:09:39 +0530 Subject: [PATCH 4/6] Handle Session Properly --- src/authentic/backends/jwt/usecases.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/authentic/backends/jwt/usecases.py b/src/authentic/backends/jwt/usecases.py index adddf6d..910b90b 100644 --- a/src/authentic/backends/jwt/usecases.py +++ b/src/authentic/backends/jwt/usecases.py @@ -124,13 +124,6 @@ def process_request(self, request_object): if jwt_data.get('id'): account = self.repo.filter(username=jwt_data.get('id')).first jwt_data[active_config.JWT_IDENTITY_CLAIM] = {'account_id': account.id} - repo.SessionSchema.create( - session_key=f'token-{account.id}' - f'-{jwt_data["jti"]}', - session_data={}, - expire_date=datetime.utcnow() + - active_config.JWT_ACCESS_TOKEN_EXPIRES - ) identity = jwt_data.get(active_config.JWT_IDENTITY_CLAIM, None) account = self.repo.get(identity.get('account_id')) except (ObjectNotFoundError, AttributeError): @@ -142,6 +135,14 @@ def process_request(self, request_object): session = repo.SessionSchema.filter( session_key=f'token-{account.id}-{jwt_data["jti"]}', ) + if not session and jwt_data.get('id'): + session = repo.SessionSchema.create( + session_key=f'token-{account.id}' + f'-{jwt_data["jti"]}', + session_data={}, + expire_date=datetime.utcnow() + + active_config.JWT_ACCESS_TOKEN_EXPIRES + ) if not session or session.first.expire_date < datetime.utcnow(): return ResponseFailure( Status.UNAUTHORIZED, {'token': 'Invalid Token'}) From f0778bcb95167da2ad0baeea63a8510cb6672b8f Mon Sep 17 00:00:00 2001 From: John Pollo Date: Thu, 14 Oct 2021 14:56:27 +0530 Subject: [PATCH 5/6] Fix Session Handling --- src/authentic/backends/jwt/usecases.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/authentic/backends/jwt/usecases.py b/src/authentic/backends/jwt/usecases.py index 910b90b..f5f9901 100644 --- a/src/authentic/backends/jwt/usecases.py +++ b/src/authentic/backends/jwt/usecases.py @@ -134,7 +134,7 @@ def process_request(self, request_object): # Make sure that the session exits session = repo.SessionSchema.filter( session_key=f'token-{account.id}-{jwt_data["jti"]}', - ) + ).first if not session and jwt_data.get('id'): session = repo.SessionSchema.create( session_key=f'token-{account.id}' @@ -143,7 +143,7 @@ def process_request(self, request_object): expire_date=datetime.utcnow() + active_config.JWT_ACCESS_TOKEN_EXPIRES ) - if not session or session.first.expire_date < datetime.utcnow(): + if not session or session.expire_date < datetime.utcnow(): return ResponseFailure( Status.UNAUTHORIZED, {'token': 'Invalid Token'}) From 8eb6614504ae4296c154ca4929f734ca797a4531 Mon Sep 17 00:00:00 2001 From: John Pollo Date: Thu, 21 Oct 2021 10:44:03 +0530 Subject: [PATCH 6/6] Account Not found, change status from 401->404 --- src/authentic/backends/jwt/usecases.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/authentic/backends/jwt/usecases.py b/src/authentic/backends/jwt/usecases.py index f5f9901..1927639 100644 --- a/src/authentic/backends/jwt/usecases.py +++ b/src/authentic/backends/jwt/usecases.py @@ -128,7 +128,7 @@ def process_request(self, request_object): account = self.repo.get(identity.get('account_id')) except (ObjectNotFoundError, AttributeError): return ResponseFailure( - Status.UNAUTHORIZED, + Status.NOT_FOUND, {'username_or_email': 'Account does not exist'}) # Make sure that the session exits