From e7096f4662d84a4646623e930627deaa3ba8b8f5 Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Fri, 31 May 2024 16:15:51 -0700 Subject: [PATCH 1/6] allow replacement of idp values --- src/authx/auth.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/authx/auth.py b/src/authx/auth.py index 491762e..2ef03cf 100644 --- a/src/authx/auth.py +++ b/src/authx/auth.py @@ -506,7 +506,8 @@ def add_provider_to_opa(token, issuer, test_key=None): if status_code == 200: # check to see if it's already here: found = False - for s in response["keys"]: + for i in range(0, len(response["keys"])): + s = response["keys"][i] if s['iss'] == new_provider['iss']: found = True if 'test' in new_provider: @@ -515,10 +516,12 @@ def add_provider_to_opa(token, issuer, test_key=None): else: if s['test'] != new_provider['test']: found = False # not the same because they have different test keys + if found: + # replace with the new provider data + response["keys"][i] = new_provider + break if not found: response["keys"].append(new_provider) - else: - print(f"{issuer} is already a provider") else: response = { "keys": [new_provider] From a82726429b82158ce8685685b50df47514a4802d Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Fri, 31 May 2024 16:16:09 -0700 Subject: [PATCH 2/6] vault-s3-token is gone --- src/authx/auth.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/authx/auth.py b/src/authx/auth.py index 2ef03cf..7b9e8cb 100644 --- a/src/authx/auth.py +++ b/src/authx/auth.py @@ -12,7 +12,6 @@ KEYCLOAK_PUBLIC_URL = os.getenv('KEYCLOAK_PUBLIC_URL', None) OPA_URL = os.getenv('OPA_URL', None) VAULT_URL = os.getenv('VAULT_URL', None) -VAULT_S3_TOKEN = os.getenv('VAULT_S3_TOKEN', None) TYK_SECRET_KEY = os.getenv("TYK_SECRET_KEY") TYK_POLICY_ID = os.getenv("TYK_POLICY_ID") TYK_LOGIN_TARGET_URL = os.getenv("TYK_LOGIN_TARGET_URL") From a0deec1dbbc2037cb24d07bca85174068209a4e9 Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Fri, 31 May 2024 16:36:55 -0700 Subject: [PATCH 3/6] allow replacement of tyk values too, why not --- src/authx/auth.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/authx/auth.py b/src/authx/auth.py index 7b9e8cb..c9f6911 100644 --- a/src/authx/auth.py +++ b/src/authx/auth.py @@ -448,15 +448,17 @@ def add_provider_to_tyk_api(api_id, token, issuer, policy_id=TYK_POLICY_ID): api_json = response.json() # check to see if it's already here: found = False - for s in api_json['openid_options']['providers']: + for i in range(0, len(api_json['openid_options']['providers'])): + s = api_json['openid_options']['providers'][i] if json.dumps(s, sort_keys=True) == json.dumps(new_provider, sort_keys=True): found = True + api_json['openid_options']['providers'][i] = new_provider + break if not found: api_json['openid_options']['providers'].append(new_provider) response = requests.request("PUT", url, headers=headers, json=api_json) if response.status_code == 200: response = requests.request("GET", f"{TYK_LOGIN_TARGET_URL}/tyk/reload", params={"block": True}, headers=headers) - print("reloaded") return requests.request("GET", url, headers=headers) return response From 3033a506196bee35a1d5aab25bbbcc1d59a747f5 Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Fri, 31 May 2024 16:37:00 -0700 Subject: [PATCH 4/6] bump version --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 22baacc..b0ce3ac 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -3,7 +3,7 @@ requires = ["setuptools >= 61.0"] build-backend = "setuptools.build_meta" [project] -version = "v2.4.2" +version = "v2.4.3" name = "candigv2_authx" dependencies = [ "requests>=2.25.1", From db92d1c48fa02e8627acfe88680cb3ad17521825 Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Fri, 31 May 2024 16:54:02 -0700 Subject: [PATCH 5/6] allow get_user_id with token --- src/authx/auth.py | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/src/authx/auth.py b/src/authx/auth.py index c9f6911..25ddc75 100644 --- a/src/authx/auth.py +++ b/src/authx/auth.py @@ -196,29 +196,30 @@ def is_action_allowed_for_program(token, method=None, path=None, program=None, o return False -def get_user_id(request, opa_url=OPA_URL): +def get_user_id(request, token=None, opa_url=OPA_URL): """ Returns the ID (key defined in .env as CANDIG_USER_KEY) associated with the user. """ if opa_url is None: print("WARNING: AUTHORIZATION IS DISABLED; OPA_URL is not present") return None - if "Authorization" in request.headers: - token = get_auth_token(request) - headers = { - "Authorization": f"Bearer {token}" - } - response = requests.post( - opa_url + f"/v1/data/idp/user_key", - headers=headers, - json={ - "input": { - "token": token - } + if token is None: + if "Authorization" in request.headers: + token = get_auth_token(request) + headers = { + "Authorization": f"Bearer {token}" + } + response = requests.post( + opa_url + f"/v1/data/idp/user_key", + headers=headers, + json={ + "input": { + "token": token } - ) - if 'result' in response.json(): - return response.json()['result'] + } + ) + if 'result' in response.json(): + return response.json()['result'] return None From c2a70e26b4bc7a2ebee0c0597077ca9e5001b2d2 Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Fri, 31 May 2024 17:41:16 -0700 Subject: [PATCH 6/6] PUT in either case --- src/authx/auth.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/authx/auth.py b/src/authx/auth.py index 25ddc75..5886fd0 100644 --- a/src/authx/auth.py +++ b/src/authx/auth.py @@ -457,10 +457,10 @@ def add_provider_to_tyk_api(api_id, token, issuer, policy_id=TYK_POLICY_ID): break if not found: api_json['openid_options']['providers'].append(new_provider) - response = requests.request("PUT", url, headers=headers, json=api_json) - if response.status_code == 200: - response = requests.request("GET", f"{TYK_LOGIN_TARGET_URL}/tyk/reload", params={"block": True}, headers=headers) - return requests.request("GET", url, headers=headers) + response = requests.request("PUT", url, headers=headers, json=api_json) + if response.status_code == 200: + response = requests.request("GET", f"{TYK_LOGIN_TARGET_URL}/tyk/reload", params={"block": True}, headers=headers) + return requests.request("GET", url, headers=headers) return response