Align auth token to flask version to prevent user-logout

2020-12-31 10:22:28 +01:00 · 2020-12-31 10:22:28 +01:00 · eb20f6e7d0
parent 346542e5cd
commit eb20f6e7d0
3 changed files with 6 additions and 8 deletions
--- a/freqtrade/rpc/api_server2/api_auth.py
+++ b/freqtrade/rpc/api_server2/api_auth.py
@ -34,7 +34,7 @@ def get_user_from_token(token, secret_key: str, token_type: str = "access"):
    )
    try:
        payload = jwt.decode(token, secret_key, algorithms=[ALGORITHM])
-        username: str = payload.get("sub")
+        username: str = payload.get("identity", {}).get('u')
        if username is None:
            raise credentials_exception
        if payload.get("type") != token_type:
@ -81,7 +81,7 @@ def token_login(form_data: HTTPBasicCredentials = Depends(HTTPBasic()),
                api_config=Depends(get_api_config)):

    if verify_auth(api_config, form_data.username, form_data.password):
-        token_data = {'sub': form_data.username}
+        token_data = {'identity': {'u': form_data.username}}
        access_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'))
        refresh_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'),
                                     token_type="refresh")
@ -101,7 +101,7 @@ def token_refresh(token: str = Depends(oauth2_scheme), api_config=Depends(get_ap
    # Refresh token
    u = get_user_from_token(token, api_config.get(
        'jwt_secret_key', 'super-secret'), 'refresh')
-    token_data = {'sub': u}
+    token_data = {'identity': {'u': u}}
    access_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'),
                                token_type="access")
    return {'access_token': access_token}
--- a/freqtrade/rpc/rpc_manager.py
+++ b/freqtrade/rpc/rpc_manager.py
@ -34,8 +34,6 @@ class RPCManager:
        # Enable local rest api server for cmd line control
        if config.get('api_server', {}).get('enabled', False):
            logger.info('Enabling rpc.api_server')
-            # from freqtrade.rpc.api_server import ApiServer
-            # TODO: Remove the above import
            from freqtrade.rpc.api_server2 import ApiServer

            self.registered_modules.append(ApiServer(self._rpc, config))
--- a/tests/rpc/test_rpc_apiserver.py
+++ b/tests/rpc/test_rpc_apiserver.py
@ -91,9 +91,9 @@ def test_api_not_found(botclient):

 def test_api_auth():
    with pytest.raises(ValueError):
-        create_token({'sub': 'Freqtrade'}, 'secret1234', token_type="NotATokenType")
+        create_token({'identity': {'u': 'Freqtrade'}}, 'secret1234', token_type="NotATokenType")

-    token = create_token({'sub': 'Freqtrade'}, 'secret1234')
+    token = create_token({'identity': {'u': 'Freqtrade'}}, 'secret1234')
    assert isinstance(token, bytes)

    u = get_user_from_token(token, 'secret1234')
@ -101,7 +101,7 @@ def test_api_auth():
    with pytest.raises(HTTPException):
        get_user_from_token(token, 'secret1234', token_type='refresh')
    # Create invalid token
-    token = create_token({'sub`': 'Freqtrade'}, 'secret1234')
+    token = create_token({'identity': {'u1': 'Freqrade'}}, 'secret1234')
    with pytest.raises(HTTPException):
        get_user_from_token(token, 'secret1234')