From e0eee8737094c4a3fa303d522df9cf5f7061b7dc Mon Sep 17 00:00:00 2001 From: darta Date: Tue, 24 May 2022 08:52:42 +0200 Subject: [PATCH] fix(admin): applied jwt token verification at ws and black/isort --- admin/src/admin/auth/authentication.py | 3 +- admin/src/admin/auth/tokens.py | 3 +- admin/src/admin/lib/admin.py | 29 +++++++------------ admin/src/admin/lib/api_exceptions.py | 3 +- admin/src/admin/lib/avatars.py | 3 +- admin/src/admin/lib/dashboard.py | 3 +- admin/src/admin/lib/events.py | 26 +++++++++-------- admin/src/admin/lib/legal.py | 7 +++++ admin/src/admin/lib/load_config.py | 3 +- admin/src/admin/lib/moodle.py | 3 +- admin/src/admin/lib/nextcloud.py | 1 - admin/src/admin/lib/postup.py | 2 -- admin/src/admin/views/ApiViews.py | 3 +- admin/src/admin/views/AppViews.py | 7 ++--- admin/src/admin/views/LoginViews.py | 3 +- admin/src/admin/views/WebViews.py | 21 +++++++------- admin/src/admin/views/WpViews.py | 3 +- admin/src/start.py | 34 ++++++++++++++++++++++- admin/src/tests/api.py | 8 ++---- docker/api/src/api/views/AvatarsViews.py | 11 ++------ docker/api/src/api/views/InternalViews.py | 3 +- docker/api/src/api/views/MenuViews.py | 3 +- 22 files changed, 96 insertions(+), 86 deletions(-) diff --git a/admin/src/admin/auth/authentication.py b/admin/src/admin/auth/authentication.py index cc2d632..729381e 100644 --- a/admin/src/admin/auth/authentication.py +++ b/admin/src/admin/auth/authentication.py @@ -1,8 +1,7 @@ import os -from flask_login import LoginManager, UserMixin - from admin import app +from flask_login import LoginManager, UserMixin """ OIDC TESTS """ # from flask_oidc import OpenIDConnect diff --git a/admin/src/admin/auth/tokens.py b/admin/src/admin/auth/tokens.py index 3f55578..a3c7b01 100644 --- a/admin/src/admin/auth/tokens.py +++ b/admin/src/admin/auth/tokens.py @@ -9,11 +9,10 @@ import os import traceback from functools import wraps +from admin import app from flask import request from jose import jwt -from admin import app - from ..lib.api_exceptions import Error diff --git a/admin/src/admin/lib/admin.py b/admin/src/admin/lib/admin.py index 4bd75f9..086eaea 100644 --- a/admin/src/admin/lib/admin.py +++ b/admin/src/admin/lib/admin.py @@ -6,19 +6,12 @@ from pprint import pprint from time import sleep import diceware - from admin import app from .avatars import Avatars -from .helpers import ( - filter_roles_list, - filter_roles_listofdicts, - get_gids_from_kgroup_ids, - get_group_from_group_id, - gid2kpath, - kpath2gid, - system_username, -) +from .helpers import (filter_roles_list, filter_roles_listofdicts, + get_gids_from_kgroup_ids, get_group_from_group_id, + gid2kpath, kpath2gid, system_username) from .keycloak_client import KeycloakClient from .moodle import Moodle from .nextcloud import Nextcloud @@ -31,16 +24,11 @@ options.num = 3 import secrets from .api_exceptions import Error -from .events import Events +from .events import Events, sio_event_send from .exceptions import UserExists, UserNotFound -from .helpers import ( - count_repeated, - get_group_with_childs, - get_kid_from_kpath, - kpath2gids, - kpath2kpaths, - rand_password, -) +from .helpers import (count_repeated, get_group_with_childs, + get_kid_from_kpath, kpath2gids, kpath2kpaths, + rand_password) MANAGER = os.environ["CUSTOM_ROLE_MANAGER"] TEACHER = os.environ["CUSTOM_ROLE_TEACHER"] @@ -396,6 +384,7 @@ class Admin: # return users_list def get_mix_users(self): + sio_event_send("get_users", {"you_win": "you got the users!"}) return self.internal["users"] def _get_mix_users(self): @@ -1674,6 +1663,7 @@ class Admin: ev.update_text("Syncing data from applications...") self.resync_data() ev.update_text("User deleted") + sio_event_send("delete_user", {"userid": userid}) return True def get_user(self, userid): @@ -1826,6 +1816,7 @@ class Admin: log.error(traceback.format_exc()) self.resync_data() + sio_event_send("new_user", u) return uid def add_group(self, g): diff --git a/admin/src/admin/lib/api_exceptions.py b/admin/src/admin/lib/api_exceptions.py index 3873f22..e332ac7 100644 --- a/admin/src/admin/lib/api_exceptions.py +++ b/admin/src/admin/lib/api_exceptions.py @@ -4,9 +4,8 @@ import logging as log import os import traceback -from flask import jsonify, request - from admin import app +from flask import jsonify, request content_type = {"Content-Type": "application/json"} ex = { diff --git a/admin/src/admin/lib/avatars.py b/admin/src/admin/lib/avatars.py index 65caab3..d12b08b 100644 --- a/admin/src/admin/lib/avatars.py +++ b/admin/src/admin/lib/avatars.py @@ -2,13 +2,12 @@ import logging as log import os from pprint import pprint +from admin import app from minio import Minio from minio.commonconfig import REPLACE, CopySource from minio.deleteobjects import DeleteObject from requests import get, post -from admin import app - class Avatars: def __init__(self): diff --git a/admin/src/admin/lib/dashboard.py b/admin/src/admin/lib/dashboard.py index cb5699d..89a2cff 100644 --- a/admin/src/admin/lib/dashboard.py +++ b/admin/src/admin/lib/dashboard.py @@ -7,11 +7,10 @@ from pprint import pprint import requests import yaml +from admin import app from PIL import Image from schema import And, Optional, Schema, SchemaError, Use -from admin import app - class Dashboard: def __init__( diff --git a/admin/src/admin/lib/events.py b/admin/src/admin/lib/events.py index ddcffe5..65e01b5 100644 --- a/admin/src/admin/lib/events.py +++ b/admin/src/admin/lib/events.py @@ -9,19 +9,21 @@ import traceback from time import sleep from uuid import uuid4 -from flask import Response, jsonify, redirect, render_template, request, url_for -from flask_socketio import ( - SocketIO, - close_room, - disconnect, - emit, - join_room, - leave_room, - rooms, - send, -) - from admin import app +from flask import (Response, jsonify, redirect, render_template, request, + url_for) +from flask_socketio import (SocketIO, close_room, disconnect, emit, join_room, + leave_room, rooms, send) + + +def sio_event_send(event, data): + app.socketio.emit( + event, + json.dumps(data), + namespace="/sio/events", + room="events", + ) + sleep(0.001) class Events: diff --git a/admin/src/admin/lib/legal.py b/admin/src/admin/lib/legal.py index ff02087..5595199 100644 --- a/admin/src/admin/lib/legal.py +++ b/admin/src/admin/lib/legal.py @@ -3,6 +3,13 @@ import os import traceback from admin import app +from pprint import pprint + +from admin import app +from minio import Minio +from minio.commonconfig import REPLACE, CopySource +from minio.deleteobjects import DeleteObject +from requests import get, post legal_path= os.path.join(app.root_path, "static/templates/pages/legal/") diff --git a/admin/src/admin/lib/load_config.py b/admin/src/admin/lib/load_config.py index ba193d8..a004004 100644 --- a/admin/src/admin/lib/load_config.py +++ b/admin/src/admin/lib/load_config.py @@ -7,9 +7,8 @@ import sys import traceback import yaml -from cerberus import Validator, rules_set_registry, schema_registry - from admin import app +from cerberus import Validator, rules_set_registry, schema_registry class AdminValidator(Validator): diff --git a/admin/src/admin/lib/moodle.py b/admin/src/admin/lib/moodle.py index 25190f7..3f062ef 100644 --- a/admin/src/admin/lib/moodle.py +++ b/admin/src/admin/lib/moodle.py @@ -2,9 +2,8 @@ import logging as log import traceback from pprint import pprint -from requests import get, post - from admin import app +from requests import get, post from .exceptions import UserExists, UserNotFound from .postgres import Postgres diff --git a/admin/src/admin/lib/nextcloud.py b/admin/src/admin/lib/nextcloud.py index e3d9d2e..6a8b573 100644 --- a/admin/src/admin/lib/nextcloud.py +++ b/admin/src/admin/lib/nextcloud.py @@ -10,7 +10,6 @@ import traceback import urllib import requests - # from ..lib.log import * from admin import app diff --git a/admin/src/admin/lib/postup.py b/admin/src/admin/lib/postup.py index f8b048b..db9e85d 100644 --- a/admin/src/admin/lib/postup.py +++ b/admin/src/admin/lib/postup.py @@ -4,7 +4,6 @@ import json import logging as log import os import random - # from .keycloak import Keycloak # from .moodle import Moodle import string @@ -14,7 +13,6 @@ from datetime import datetime, timedelta import psycopg2 import yaml - from admin import app from .postgres import Postgres diff --git a/admin/src/admin/views/ApiViews.py b/admin/src/admin/views/ApiViews.py index f095d18..cf76974 100644 --- a/admin/src/admin/views/ApiViews.py +++ b/admin/src/admin/views/ApiViews.py @@ -8,9 +8,8 @@ import sys import time import traceback -from flask import request - from admin import app +from flask import request from ..lib.api_exceptions import Error from .decorators import has_token diff --git a/admin/src/admin/views/AppViews.py b/admin/src/admin/views/AppViews.py index 2c13eae..447e612 100644 --- a/admin/src/admin/views/AppViews.py +++ b/admin/src/admin/views/AppViews.py @@ -6,17 +6,16 @@ import logging as log import os import re import sys - # import Queue import threading import time import traceback from uuid import uuid4 -from flask import Response, jsonify, redirect, render_template, request, url_for -from flask_login import current_user, login_required - from admin import app +from flask import (Response, jsonify, redirect, render_template, request, + url_for) +from flask_login import current_user, login_required from ..lib.helpers import system_group from .decorators import login_or_token diff --git a/admin/src/admin/views/LoginViews.py b/admin/src/admin/views/LoginViews.py index 61a9a9d..2194df8 100644 --- a/admin/src/admin/views/LoginViews.py +++ b/admin/src/admin/views/LoginViews.py @@ -1,10 +1,9 @@ import os +from admin import app from flask import flash, redirect, render_template, request, url_for from flask_login import current_user, login_required, login_user, logout_user -from admin import app - from ..auth.authentication import * diff --git a/admin/src/admin/views/WebViews.py b/admin/src/admin/views/WebViews.py index 1fbc8a4..d570195 100644 --- a/admin/src/admin/views/WebViews.py +++ b/admin/src/admin/views/WebViews.py @@ -11,18 +11,10 @@ from pprint import pprint from uuid import uuid4 import requests -from flask import ( - Response, - jsonify, - redirect, - render_template, - request, - send_file, - url_for, -) -from flask_login import login_required - from admin import app +from flask import (Response, jsonify, redirect, render_template, request, + send_file, url_for) +from flask_login import login_required from ..lib.avatars import Avatars from .decorators import is_admin @@ -137,3 +129,10 @@ def web_sysadmin_external(): return render_template( "pages/sysadmin/external.html", title="External", nav="External" ) + + +@app.route("/sockettest") +def web_sockettest(): + return render_template( + "pages/sockettest.html", title="Sockettest Users", nav="SysAdminUsers" + ) diff --git a/admin/src/admin/views/WpViews.py b/admin/src/admin/views/WpViews.py index 0c829dd..43e3d7a 100644 --- a/admin/src/admin/views/WpViews.py +++ b/admin/src/admin/views/WpViews.py @@ -8,9 +8,8 @@ import sys import time import traceback -from flask import request - from admin import app +from flask import request from .decorators import is_internal diff --git a/admin/src/start.py b/admin/src/start.py index df970d5..dedd1ef 100644 --- a/admin/src/start.py +++ b/admin/src/start.py @@ -6,6 +6,7 @@ monkey_patch() import json +<<<<<<< HEAD from flask_login import login_required from flask_socketio import ( SocketIO, @@ -18,7 +19,14 @@ from flask_socketio import ( send, ) +======= +>>>>>>> fix(admin): applied jwt token verification at ws and black/isort from admin import app +from admin.auth.tokens import get_token_payload +from admin.lib.api_exceptions import Error +from flask import request +from flask_socketio import (SocketIO, close_room, disconnect, emit, join_room, + leave_room, rooms, send) app.socketio = SocketIO(app) @@ -31,17 +39,41 @@ def socketio_connect(): "update", json.dumps("Joined admins room"), namespace="/sio", room="admin" ) + @app.socketio.on("disconnect", namespace="/sio") def socketio_disconnect(): None +@app.socketio.on("connect", namespace="/sio/events") +def socketio_connect(): + try: + jwt = get_token_payload(request.args.get("jwt")) + except: + return Error("bad_request", "Missing websocket jwt authorization bearer token") + + payload = get_token_payload(jwt) + + join_room("events") + app.socketio.emit( + "update", + json.dumps("Joined events room"), + namespace="/sio/events", + room="events", + ) + + +@app.socketio.on("disconnect", namespace="/sio/events") +def socketio_events_disconnect(): + None + + if __name__ == "__main__": app.socketio.run( app, host="0.0.0.0", port=9000, - debug=True, + debug=False, ) # ssl_context="adhoc", # async_mode="threading", diff --git a/admin/src/tests/api.py b/admin/src/tests/api.py index 422c897..6ec7ac3 100644 --- a/admin/src/tests/api.py +++ b/admin/src/tests/api.py @@ -3,12 +3,11 @@ import os import secrets import time import traceback +from datetime import datetime, timedelta from pprint import pprint -from datetime import datetime -from datetime import timedelta -from jose import jwt import requests +from jose import jwt ## SETUP domain = "admin.[YOURDOMAIN]" @@ -18,7 +17,7 @@ secret = "[your API_SECRET]" auths = {} dbconn = None -base = "https://"+domain+"/ddapi" +base = "https://" + domain + "/ddapi" raw_jwt_data = { "exp": datetime.utcnow() + timedelta(minutes=5), @@ -422,4 +421,3 @@ else: + " DESCRIPTION: " + json.loads(response.text)["description"] ) - diff --git a/docker/api/src/api/views/AvatarsViews.py b/docker/api/src/api/views/AvatarsViews.py index 56e1654..a0c481b 100644 --- a/docker/api/src/api/views/AvatarsViews.py +++ b/docker/api/src/api/views/AvatarsViews.py @@ -9,15 +9,8 @@ import traceback from uuid import uuid4 from api import app -from flask import ( - Response, - jsonify, - redirect, - render_template, - request, - send_from_directory, - url_for, -) +from flask import (Response, jsonify, redirect, render_template, request, + send_from_directory, url_for) from ..lib.avatars import Avatars diff --git a/docker/api/src/api/views/InternalViews.py b/docker/api/src/api/views/InternalViews.py index 6a2ad46..5a63843 100644 --- a/docker/api/src/api/views/InternalViews.py +++ b/docker/api/src/api/views/InternalViews.py @@ -3,7 +3,8 @@ import os from api import app -from flask import Response, jsonify, redirect, render_template, request, url_for +from flask import (Response, jsonify, redirect, render_template, request, + url_for) from .decorators import is_internal diff --git a/docker/api/src/api/views/MenuViews.py b/docker/api/src/api/views/MenuViews.py index 2ba9a7f..30eb261 100644 --- a/docker/api/src/api/views/MenuViews.py +++ b/docker/api/src/api/views/MenuViews.py @@ -9,7 +9,8 @@ import traceback from uuid import uuid4 from api import app -from flask import Response, jsonify, redirect, render_template, request, url_for +from flask import (Response, jsonify, redirect, render_template, request, + url_for) from ..lib.menu import Menu