jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(chalice): changed login

Browse source
This commit is contained in:
Taha Yassine Kraiem 2022-12-12 12:30:13 +01:00
parent 5738fd7bc7
commit de54e0cad7
6 changed files with 44 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
api/chalicelib/core/authorizers.py
View file

@ -15,7 +15,7 @@ def jwt_authorizer(token):
token[1], token[1],
config("jwt_secret"), config("jwt_secret"),
algorithms=config("jwt_algorithm"), algorithms=config("jwt_algorithm"),
audience=[ f"front:{helper.get_stage_name()}"] audience=[f"front:{helper.get_stage_name()}"]
) )
except jwt.ExpiredSignatureError: except jwt.ExpiredSignatureError:
print("! JWT Expired signature") print("! JWT Expired signature")
@ -37,12 +37,16 @@ def jwt_context(context):
} }
def get_jwt_exp(iat):
return iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000
def generate_jwt(id, tenant_id, iat, aud): def generate_jwt(id, tenant_id, iat, aud):
token = jwt.encode( token = jwt.encode(
payload={ payload={
"userId": id, "userId": id,
"tenantId": tenant_id, "tenantId": tenant_id,
"exp": iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000, "exp": get_jwt_exp(iat),
"iss": config("JWT_ISSUER"), "iss": config("JWT_ISSUER"),
"iat": iat // 1000, "iat": iat // 1000,
"aud": aud "aud": aud

16
api/chalicelib/core/users.py
View file

@ -602,12 +602,12 @@ def auth_exists(user_id, tenant_id, jwt_iat, jwt_aud):
) )
r = cur.fetchone() r = cur.fetchone()
return r is not None \ return r is not None \
and r.get("jwt_iat") is not None \ and r.get("jwt_iat") is not None \
and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \ and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \
or (jwt_aud.startswith("plugin") \ or (jwt_aud.startswith("plugin") \
and (r["changed_at"] is None \ and (r["changed_at"] is None \
or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000))) or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000)))
) )
def change_jwt_iat(user_id): def change_jwt_iat(user_id):
@ -648,9 +648,9 @@ def authenticate(email, password, for_change_password=False):
return True return True
r = helper.dict_to_camel_case(r) r = helper.dict_to_camel_case(r)
jwt_iat = change_jwt_iat(r['userId']) jwt_iat = change_jwt_iat(r['userId'])
iat = TimeUTC.datetime_to_timestamp(jwt_iat)
return { return {
"jwt": authorizers.generate_jwt(r['userId'], r['tenantId'], "jwt": authorizers.generate_jwt(r['userId'], r['tenantId'], iat=iat,
TimeUTC.datetime_to_timestamp(jwt_iat),
aud=f"front:{helper.get_stage_name()}"), aud=f"front:{helper.get_stage_name()}"),
"email": email, "email": email,
**r **r

7
api/chalicelib/utils/helper.py
View file

@ -3,6 +3,7 @@ import random
import re import re
import string import string
from typing import Union from typing import Union
from urllib.parse import urlparse
from decouple import config from decouple import config
@ -98,7 +99,7 @@ TRACK_TIME = True
def allow_captcha(): def allow_captcha():
return config("captcha_server", default=None) is not None and config("captcha_key", default=None) is not None \ return config("captcha_server", default=None) is not None and config("captcha_key", default=None) is not None \
and len(config("captcha_server")) > 0 and len(config("captcha_key")) > 0 and len(config("captcha_server")) > 0 and len(config("captcha_key")) > 0
def string_to_sql_like(value): def string_to_sql_like(value):
@ -304,3 +305,7 @@ def __time_value(row):
def is_saml2_available(): def is_saml2_available():
return config("hastSAML2", default=False, cast=bool) return config("hastSAML2", default=False, cast=bool)
def get_domain():
return urlparse(config("SITE_URL")).netloc

13
api/routers/core.py
View file

@ -2,6 +2,7 @@ from typing import Union
from decouple import config from decouple import config
from fastapi import Depends, Body, HTTPException from fastapi import Depends, Body, HTTPException
from fastapi.responses import JSONResponse
from starlette import status from starlette import status
import schemas import schemas
@ -40,13 +41,18 @@ def login(data: schemas.UserLoginSchema = Body(...)):
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail=r["errors"][0] detail=r["errors"][0]
) )
r["smtp"] = helper.has_smtp() r["smtp"] = helper.has_smtp()
return { content = {
'jwt': r.pop('jwt'), 'jwt': r.pop('jwt'),
'data': { 'data': {
"user": r "user": r
} }
} }
response = JSONResponse(content=content)
response.set_cookie(key="jwt", value=content['jwt'], domain=helper.get_domain(),
expires=config("JWT_EXPIRATION", cast=int))
return response
@app.post('/{projectId}/sessions/search', tags=["sessions"]) @app.post('/{projectId}/sessions/search', tags=["sessions"])
@ -68,8 +74,8 @@ def session_ids_search(projectId: int, data: schemas.FlatSessionsSearchPayloadSc
@app.get('/{projectId}/events/search', tags=["events"]) @app.get('/{projectId}/events/search', tags=["events"])
def events_search(projectId: int, q: str, def events_search(projectId: int, q: str,
type: Union[schemas.FilterType, schemas.EventType, type: Union[schemas.FilterType, schemas.EventType,
schemas.PerformanceEventType, schemas.FetchFilterType, schemas.PerformanceEventType, schemas.FetchFilterType,
schemas.GraphqlFilterType, str] = None, schemas.GraphqlFilterType, str] = None,
key: str = None, source: str = None, live: bool = False, key: str = None, source: str = None, live: bool = False,
context: schemas.CurrentContext = Depends(OR_context)): context: schemas.CurrentContext = Depends(OR_context)):
if len(q) == 0: if len(q) == 0:
@ -973,6 +979,7 @@ def get_limits(context: schemas.CurrentContext = Depends(OR_context)):
} }
} }
@app.get('/integrations/msteams/channels', tags=["integrations"]) @app.get('/integrations/msteams/channels', tags=["integrations"])
def get_msteams_channels(context: schemas.CurrentContext = Depends(OR_context)): def get_msteams_channels(context: schemas.CurrentContext = Depends(OR_context)):
return {"data": webhook.get_by_type(tenant_id=context.tenant_id, webhook_type=schemas.WebhookType.msteams)} return {"data": webhook.get_by_type(tenant_id=context.tenant_id, webhook_type=schemas.WebhookType.msteams)}

7
ee/api/chalicelib/core/authorizers.py
View file

@ -38,13 +38,16 @@ def jwt_context(context):
} }
def get_jwt_exp(iat):
return iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000
def generate_jwt(id, tenant_id, iat, aud, exp=None): def generate_jwt(id, tenant_id, iat, aud, exp=None):
token = jwt.encode( token = jwt.encode(
payload={ payload={
"userId": id, "userId": id,
"tenantId": tenant_id, "tenantId": tenant_id,
"exp": exp + TimeUTC.get_utc_offset() // 1000 if exp is not None \ "exp": exp + TimeUTC.get_utc_offset() // 1000 if exp is not None else get_jwt_exp(iat),
else iat // 1000 + config("JWT_EXPIRATION", cast=int) + TimeUTC.get_utc_offset() // 1000,
"iss": config("JWT_ISSUER"), "iss": config("JWT_ISSUER"),
"iat": iat // 1000, "iat": iat // 1000,
"aud": aud "aud": aud

18
ee/api/chalicelib/core/users.py
View file

@ -678,12 +678,12 @@ def auth_exists(user_id, tenant_id, jwt_iat, jwt_aud):
) )
r = cur.fetchone() r = cur.fetchone()
return r is not None \ return r is not None \
and r.get("jwt_iat") is not None \ and r.get("jwt_iat") is not None \
and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \ and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \
or (jwt_aud.startswith("plugin") \ or (jwt_aud.startswith("plugin") \
and (r["changed_at"] is None \ and (r["changed_at"] is None \
or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000))) or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000)))
) )
def change_jwt_iat(user_id): def change_jwt_iat(user_id):
@ -742,9 +742,9 @@ def authenticate(email, password, for_change_password=False):
return True return True
r = helper.dict_to_camel_case(r) r = helper.dict_to_camel_case(r)
jwt_iat = change_jwt_iat(r['userId']) jwt_iat = change_jwt_iat(r['userId'])
iat = TimeUTC.datetime_to_timestamp(jwt_iat)
return { return {
"jwt": authorizers.generate_jwt(r['userId'], r['tenantId'], "jwt": authorizers.generate_jwt(r['userId'], r['tenantId'], iat=iat,
TimeUTC.datetime_to_timestamp(jwt_iat),
aud=f"front:{helper.get_stage_name()}"), aud=f"front:{helper.get_stage_name()}"),
"email": email, "email": email,
**r **r
@ -776,7 +776,7 @@ def authenticate_sso(email, internal_id, exp=None):
r = helper.dict_to_camel_case(r) r = helper.dict_to_camel_case(r)
jwt_iat = TimeUTC.datetime_to_timestamp(change_jwt_iat(r['userId'])) jwt_iat = TimeUTC.datetime_to_timestamp(change_jwt_iat(r['userId']))
return authorizers.generate_jwt(r['userId'], r['tenantId'], return authorizers.generate_jwt(r['userId'], r['tenantId'],
jwt_iat, aud=f"front:{helper.get_stage_name()}", iat=jwt_iat, aud=f"front:{helper.get_stage_name()}",
exp=(exp + jwt_iat // 1000) if exp is not None else None) exp=(exp + jwt_iat // 1000) if exp is not None else None)
return None return None