introspect implemented

EGA-archive · Oct 30, 2023 · 3a5a324 · 3a5a324
1 parent ba7b8e7
commit 3a5a324
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 29 deletions.
diff --git a/beacon/request/handlers.py b/beacon/request/handlers.py
@@ -6,7 +6,7 @@
 from bson import json_util
 from beacon import conf
 import yaml
-import base64
+import jwt
 
 from beacon.request import ontologies
 from beacon.request.model import Granularity, RequestParams
@@ -184,9 +184,9 @@ async def wrapper(request: Request):
         qparams = RequestParams(**json_body).from_request(request)
 
         if access_token is not None:
-            tokenSplit = access_token.split(".")
-            payload_token = json.loads((base64.b64decode(tokenSplit[1])).decode("utf-8"))
-            token_username = payload_token['preferred_username']
+            decoded = jwt.decode(access_token, options={"verify_signature": False})
+            LOG.debug(decoded)
+            token_username = decoded['preferred_username']
             with open("/beacon/beacon/request/response_type.yml", 'r') as response_type_file:
                 response_type_dict = yaml.safe_load(response_type_file)
 
@@ -268,9 +268,9 @@ async def wrapper(request: Request):
             access_token = access_token[7:]  # cut out 7 characters: len('Bearer ')
 
 
-            tokenSplit = access_token.split(".")
-            payload_token = json.loads((base64.b64decode(tokenSplit[1])).decode("utf-8"))
-            LOG.debug(payload_token)
+            decoded = jwt.decode(access_token, options={"verify_signature": False})
+            LOG.debug(decoded)
+            token_username = decoded['preferred_username']
 
             authorized_datasets, authenticated = await resolve_token(access_token, search_datasets)
             LOG.debug(authorized_datasets)

diff --git a/permissions/auth.py b/permissions/auth.py
@@ -9,7 +9,7 @@
 For this implementation, we only implement contacting the userinfo endpoint.
 No JWT signature verification.
 """
-
+import json
 import logging
 
 from aiohttp import ClientSession, BasicAuth, FormData
@@ -21,8 +21,8 @@
 
 
 
-idp_client_id     = 'permissions'
-idp_client_secret = 'bcFFbN3N8bVDTStnyeTIszusq7pSoBrn'
+idp_client_id     = 'beacon'
+idp_client_secret = 'b26ca0f9-1137-4bee-b453-ee51eefbe7ba'
 #idp_user_info = 'http://localhost:8080/oidc/userinfo'
 #idp_user_info = 'http://ls-aai-mock:8080/oidc/userinfo'
 idp_user_info  = 'http://idp:8080/auth/realms/Beacon/protocol/openid-connect/userinfo'
@@ -44,31 +44,28 @@ async def get_user_info(access_token):
     '''
     LOG.debug('Token: %s', access_token)
 
-    user = None
-    async with ClientSession(trust_env=True) as session:
+    # Invalid access token
+
+    async with ClientSession() as session:
         headers = { 'Accept': 'application/json', 'Authorization': 'Bearer ' + access_token }
-        LOG.debug('Contacting %s', idp_user_info)
-        async with session.get(idp_user_info, headers=headers) as resp:
-            LOG.debug('Response %s', resp)
+        payload = {'client_id': idp_client_id, 'client_secret': idp_client_secret, 'token': access_token }
+        async with session.post(idp_introspection, headers=headers,
+                                data=payload
+        ) as resp:
+            LOG.debug('Response %s', resp.status)
+            #LOG.debug('Response %s', resp)
             if resp.status == 200:
-                user = await resp.json()
+                content = await resp.text()
+                dict_content = json.loads(content)
+                user = dict_content
                 return user
             else:
-                content = await resp.text()
                 LOG.error('Content: %s', content)
+                LOG.error('Invalid token')
+                raise web.HTTPUnauthorized()
+
+
 
-    # Invalid access token
-    LOG.error('Invalid token')
-    async with ClientSession() as session:
-        async with session.post(idp_introspection,
-                                auth=BasicAuth(idp_client_id, password=idp_client_secret),
-                                data=FormData({ 'token': access_token, 'token_type_hint': 'access_token' }, charset='UTF-8')
-        ) as resp:
-            LOG.debug('Response %s', resp.status)
-            #LOG.debug('Response %s', resp)
-            content = await resp.text()
-            LOG.debug('Content: %s', content)
-    raise web.HTTPUnauthorized()
 
 
 

diff --git a/requirements.txt b/requirements.txt
@@ -32,4 +32,5 @@ urllib3==1.26.13
 #torch==1.11.0
 obonet==0.3.1
 networkx==2.8.8
+PyJWT==2.7.0