mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-12 09:24:15 -04:00
Nonce is working now for invites.
Signed-off-by: Cliff Hill <clifford.hill@gsa.gov>
This commit is contained in:
@@ -18,6 +18,7 @@ from notifications_utils.url_safe_token import generate_token
|
||||
def index():
|
||||
if current_user and current_user.is_authenticated:
|
||||
return redirect(url_for("main.choose_account"))
|
||||
|
||||
token = generate_token(
|
||||
str(request.remote_addr),
|
||||
current_app.config["SECRET_KEY"],
|
||||
@@ -26,9 +27,11 @@ def index():
|
||||
url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL")
|
||||
# handle unit tests
|
||||
|
||||
current_app.logger.warning(f"############### {str(request.remote_addr)}")
|
||||
|
||||
nonce = secrets.token_urlsafe()
|
||||
|
||||
redis_key = f"login-nonce-{unquote(token)}"
|
||||
redis_key = f"login-nonce-{unquote(nonce)}"
|
||||
redis_client.set(redis_key, nonce)
|
||||
|
||||
if url is not None:
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import base64
|
||||
import json
|
||||
from urllib.parse import unquote
|
||||
import uuid
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
@@ -167,14 +168,6 @@ def set_up_your_profile():
|
||||
if redis_client.get(f"invitedata-{state}") is None:
|
||||
access_token = sign_in._get_access_token(code, state)
|
||||
|
||||
request_json = request.json()
|
||||
id_token = get_id_token(request_json)
|
||||
nonce = id_token["nonce"]
|
||||
stored_nonce = redis_client.get(f"login-nonce-{state}").decode("utf8")
|
||||
if nonce != stored_nonce:
|
||||
current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}")
|
||||
abort(403)
|
||||
|
||||
debug_msg("Got the access token for login.gov")
|
||||
user_email, user_uuid = sign_in._get_user_email_and_uuid(access_token)
|
||||
debug_msg(
|
||||
|
||||
@@ -66,12 +66,9 @@ def _get_access_token(code, state): # pragma: no cover
|
||||
response_json = response.json()
|
||||
id_token = get_id_token(response_json)
|
||||
nonce = id_token["nonce"]
|
||||
redis_key = f"login-nonce-{state}"
|
||||
redis_key = f"login-nonce-{unquote(nonce)}"
|
||||
stored_nonce = redis_client.get(redis_key).decode("utf8")
|
||||
|
||||
# 'login-nonce-IjEyNy4wLjAuMSI%2EZw51tw%2EWIkNwqJKjDsd_mAGc2Jgh39KnS4'
|
||||
# 'login-nonce-IjEyNy4wLjAuMSI.Zw51tw.WIkNwqJKjDsd_mAGc2Jgh39KnS4'
|
||||
|
||||
if nonce != stored_nonce:
|
||||
current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}")
|
||||
abort(403)
|
||||
@@ -214,7 +211,8 @@ def sign_in(): # pragma: no cover
|
||||
url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL")
|
||||
|
||||
nonce = secrets.token_urlsafe()
|
||||
redis_key = f"login-nonce-{unquote(token)}"
|
||||
redis_key = f"-{unquote(nonce)}"
|
||||
current_app.logger.info(f"<<<<<<<<<<<<<<<<<<<<<<<< redis key: {redis_key}")
|
||||
redis_client.set(redis_key, nonce)
|
||||
|
||||
# handle unit tests
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
import base64
|
||||
import json
|
||||
import secrets
|
||||
from urllib.parse import unquote
|
||||
|
||||
from flask import current_app, request
|
||||
|
||||
from app import redis_client
|
||||
from app.notify_client import NotifyAdminAPIClient, _attach_current_user, cache
|
||||
@@ -46,7 +49,7 @@ class InviteApiClient(NotifyAdminAPIClient):
|
||||
|
||||
# make and store the nonce
|
||||
nonce = secrets.token_urlsafe()
|
||||
redis_key = f"login-nonce-{state}"
|
||||
redis_key = f"login-nonce-{unquote(nonce)}"
|
||||
redis_client.set(f"{redis_key}", nonce) # save the nonce to redis.
|
||||
data["nonce"] = nonce # This is passed to api for the invite url.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user