Align auth token to flask version to prevent user-logout

This commit is contained in:
Matthias 2020-12-31 10:22:28 +01:00
parent 346542e5cd
commit eb20f6e7d0
3 changed files with 6 additions and 8 deletions

View File

@ -34,7 +34,7 @@ def get_user_from_token(token, secret_key: str, token_type: str = "access"):
) )
try: try:
payload = jwt.decode(token, secret_key, algorithms=[ALGORITHM]) payload = jwt.decode(token, secret_key, algorithms=[ALGORITHM])
username: str = payload.get("sub") username: str = payload.get("identity", {}).get('u')
if username is None: if username is None:
raise credentials_exception raise credentials_exception
if payload.get("type") != token_type: if payload.get("type") != token_type:
@ -81,7 +81,7 @@ def token_login(form_data: HTTPBasicCredentials = Depends(HTTPBasic()),
api_config=Depends(get_api_config)): api_config=Depends(get_api_config)):
if verify_auth(api_config, form_data.username, form_data.password): if verify_auth(api_config, form_data.username, form_data.password):
token_data = {'sub': form_data.username} token_data = {'identity': {'u': form_data.username}}
access_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret')) access_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'))
refresh_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'), refresh_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'),
token_type="refresh") token_type="refresh")
@ -101,7 +101,7 @@ def token_refresh(token: str = Depends(oauth2_scheme), api_config=Depends(get_ap
# Refresh token # Refresh token
u = get_user_from_token(token, api_config.get( u = get_user_from_token(token, api_config.get(
'jwt_secret_key', 'super-secret'), 'refresh') 'jwt_secret_key', 'super-secret'), 'refresh')
token_data = {'sub': u} token_data = {'identity': {'u': u}}
access_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'), access_token = create_token(token_data, api_config.get('jwt_secret_key', 'super-secret'),
token_type="access") token_type="access")
return {'access_token': access_token} return {'access_token': access_token}

View File

@ -34,8 +34,6 @@ class RPCManager:
# Enable local rest api server for cmd line control # Enable local rest api server for cmd line control
if config.get('api_server', {}).get('enabled', False): if config.get('api_server', {}).get('enabled', False):
logger.info('Enabling rpc.api_server') logger.info('Enabling rpc.api_server')
# from freqtrade.rpc.api_server import ApiServer
# TODO: Remove the above import
from freqtrade.rpc.api_server2 import ApiServer from freqtrade.rpc.api_server2 import ApiServer
self.registered_modules.append(ApiServer(self._rpc, config)) self.registered_modules.append(ApiServer(self._rpc, config))

View File

@ -91,9 +91,9 @@ def test_api_not_found(botclient):
def test_api_auth(): def test_api_auth():
with pytest.raises(ValueError): with pytest.raises(ValueError):
create_token({'sub': 'Freqtrade'}, 'secret1234', token_type="NotATokenType") create_token({'identity': {'u': 'Freqtrade'}}, 'secret1234', token_type="NotATokenType")
token = create_token({'sub': 'Freqtrade'}, 'secret1234') token = create_token({'identity': {'u': 'Freqtrade'}}, 'secret1234')
assert isinstance(token, bytes) assert isinstance(token, bytes)
u = get_user_from_token(token, 'secret1234') u = get_user_from_token(token, 'secret1234')
@ -101,7 +101,7 @@ def test_api_auth():
with pytest.raises(HTTPException): with pytest.raises(HTTPException):
get_user_from_token(token, 'secret1234', token_type='refresh') get_user_from_token(token, 'secret1234', token_type='refresh')
# Create invalid token # Create invalid token
token = create_token({'sub`': 'Freqtrade'}, 'secret1234') token = create_token({'identity': {'u1': 'Freqrade'}}, 'secret1234')
with pytest.raises(HTTPException): with pytest.raises(HTTPException):
get_user_from_token(token, 'secret1234') get_user_from_token(token, 'secret1234')