update format for tokenserver-auth file and hawk token script

mozilla-services · Aug 11, 2024 · eed85b1 · eed85b1
1 parent 3f555b7
commit eed85b1
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 50 deletions.
diff --git a/tokenserver-auth/src/oauth/verify.py b/tokenserver-auth/src/oauth/verify.py
@@ -1,8 +1,9 @@
-from fxa.oauth import Client
-from fxa.errors import ClientError, TrustError
 import json
 
-DEFAULT_OAUTH_SCOPE = 'https://identity.mozilla.com/apps/oldsync'
+from fxa.errors import ClientError, TrustError
+from fxa.oauth import Client
+
+DEFAULT_OAUTH_SCOPE = "https://identity.mozilla.com/apps/oldsync"
 
 
 class FxaOAuthClient:

diff --git a/tools/hawk/make_hawk_token.py b/tools/hawk/make_hawk_token.py
@@ -36,60 +36,44 @@
 # 10 years
 DURATION = timedelta(days=10 * 365).total_seconds()
 
-SALT = hexlify(os.urandom(3)).decode('ascii')
+SALT = hexlify(os.urandom(3)).decode("ascii")
 
 
 def get_args():
-    parser = argparse.ArgumentParser(
-        description="Create a hawk header for use in testing"
-        )
+    parser = argparse.ArgumentParser(description="Create a hawk header for use in testing")
     parser.add_argument(
-        '--uid', type=int, default=LEGACY_UID,
-        help="Legacy UID ({})".format(LEGACY_UID))
+        "--uid", type=int, default=LEGACY_UID, help="Legacy UID ({})".format(LEGACY_UID)
+    )
+    parser.add_argument("--uri", default=URI, help="URI path ({})".format(URI))
+    parser.add_argument("--method", default=METHOD, help="The HTTP Method ({})".format(METHOD))
+    parser.add_argument("--fxa_uid", default=FXA_UID, help="FxA User ID ({})".format(FXA_UID))
+    parser.add_argument("--fxa_kid", default=FXA_KID, help="FxA K ID ({})".format(FXA_KID))
     parser.add_argument(
-        '--uri', default=URI,
-        help="URI path ({})".format(URI))
+        "--device_id", default=DEVICE_ID, help="FxA Device ID ({})".format(DEVICE_ID)
+    )
+    parser.add_argument("--node", default=NODE, help="HTTP Host URI for node ({})".format(NODE))
     parser.add_argument(
-        '--method', default=METHOD,
-        help="The HTTP Method ({})".format(METHOD))
+        "--duration", type=int, default=DURATION, help="Hawk TTL ({})".format(DURATION)
+    )
+    parser.add_argument("--secret", default=SECRET, help="Shared HAWK secret ({})".format(SECRET))
+    parser.add_argument("--hmac_key", default=HMAC_KEY, help="HAWK HMAC key ({})".format(HMAC_KEY))
     parser.add_argument(
-        '--fxa_uid', default=FXA_UID,
-        help="FxA User ID ({})".format(FXA_UID))
-    parser.add_argument(
-        '--fxa_kid', default=FXA_KID,
-        help="FxA K ID ({})".format(FXA_KID))
-    parser.add_argument(
-        '--device_id', default=DEVICE_ID,
-        help="FxA Device ID ({})".format(DEVICE_ID))
-    parser.add_argument(
-        '--node', default=NODE,
-        help="HTTP Host URI for node ({})".format(NODE))
-    parser.add_argument(
-        '--duration', type=int, default=DURATION,
-        help="Hawk TTL ({})".format(DURATION))
-    parser.add_argument(
-        '--secret', default=SECRET,
-        help="Shared HAWK secret ({})".format(SECRET))
-    parser.add_argument(
-        '--hmac_key', default=HMAC_KEY,
-        help="HAWK HMAC key ({})".format(HMAC_KEY))
-    parser.add_argument(
-        '--as_header', action="store_true", default=False,
-        help="return only header (False)")
+        "--as_header", action="store_true", default=False, help="return only header (False)"
+    )
     return parser.parse_args()
 
 
 def create_token(args):
     expires = int(time.time()) + args.duration
     token_data = {
-        'uid': args.uid,
-        'node': args.node,
-        'expires': expires,
-        'fxa_uid': args.fxa_uid,
-        'fxa_kid': args.fxa_kid,
-        'hashed_fxa_uid': metrics_hash(args, args.fxa_uid),
-        'hashed_device_id': metrics_hash(args, args.device_id),
-        'salt': SALT,
+        "uid": args.uid,
+        "node": args.node,
+        "expires": expires,
+        "fxa_uid": args.fxa_uid,
+        "fxa_kid": args.fxa_kid,
+        "hashed_fxa_uid": metrics_hash(args, args.fxa_uid),
+        "hashed_device_id": metrics_hash(args, args.device_id),
+        "salt": SALT,
     }
     token = tokenlib.make_token(token_data, secret=args.secret)
     key = tokenlib.get_derived_secret(token, secret=args.secret)
@@ -99,18 +83,16 @@ def create_token(args):
 def metrics_hash(args, value):
     if isinstance(args.hmac_key, str):
         args.hmac_key = args.hmac_key.encode()
-    hasher = hmac.new(args.hmac_key, b'', sha256)
+    hasher = hmac.new(args.hmac_key, b"", sha256)
     # value may be an email address, in which case we only want the first part
-    hasher.update(value.encode('utf-8').split(b"@", 1)[0])
+    hasher.update(value.encode("utf-8").split(b"@", 1)[0])
     return hasher.hexdigest()
 
 
 def main():
     args = get_args()
     token, key, expires, salt = create_token(args)
-    path = "{node}{uri}".format(
-            node=args.node,
-            uri=args.uri)
+    path = "{node}{uri}".format(node=args.node, uri=args.uri)
     req = Request.blank(path)
     req.method = args.method
     header = hawkauthlib.sign_request(req, token, key)
@@ -123,5 +105,5 @@ def main():
         print("Authorization:", header)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()