mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-09 02:44:10 -04:00
Getting the redis stuff configured correctly.
Signed-off-by: Cliff Hill <clifford.hill@gsa.gov>
This commit is contained in:
@@ -1,17 +1,11 @@
|
||||
import os
|
||||
import secrets
|
||||
from urllib.parse import unquote
|
||||
|
||||
from flask import (
|
||||
abort,
|
||||
current_app,
|
||||
redirect,
|
||||
render_template,
|
||||
request,
|
||||
url_for,
|
||||
)
|
||||
from flask import abort, current_app, redirect, render_template, request, url_for
|
||||
from flask_login import current_user
|
||||
|
||||
from app import status_api_client, redis_client
|
||||
from app import redis_client, status_api_client
|
||||
from app.formatters import apply_html_class, convert_markdown_template
|
||||
from app.main import main
|
||||
from app.main.views.pricing import CURRENT_SMS_RATE
|
||||
@@ -34,7 +28,8 @@ def index():
|
||||
|
||||
nonce = secrets.token_urlsafe()
|
||||
|
||||
redis_client.set(f"login-nonce-{token}", nonce)
|
||||
redis_key = f"login-nonce-{unquote(token)}"
|
||||
redis_client.set(redis_key, nonce)
|
||||
|
||||
if url is not None:
|
||||
url = url.replace("NONCE", nonce)
|
||||
|
||||
@@ -170,7 +170,7 @@ def set_up_your_profile():
|
||||
request_json = request.json()
|
||||
id_token = get_id_token(request_json)
|
||||
nonce = id_token["nonce"]
|
||||
stored_nonce = redis_client.get(f"login-nonce-{state}")
|
||||
stored_nonce = redis_client.get(f"login-nonce-{state}").decode("utf8")
|
||||
if nonce != stored_nonce:
|
||||
current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}")
|
||||
abort(403)
|
||||
|
||||
@@ -2,6 +2,7 @@ import os
|
||||
import secrets
|
||||
import time
|
||||
import uuid
|
||||
from urllib.parse import unquote
|
||||
|
||||
import jwt
|
||||
import requests
|
||||
@@ -17,7 +18,7 @@ from flask import (
|
||||
)
|
||||
from flask_login import current_user
|
||||
|
||||
from app import login_manager, user_api_client, redis_client
|
||||
from app import login_manager, redis_client, user_api_client
|
||||
from app.main import main
|
||||
from app.main.views.index import error
|
||||
from app.main.views.verify import activate_user
|
||||
@@ -65,7 +66,11 @@ def _get_access_token(code, state): # pragma: no cover
|
||||
response_json = response.json()
|
||||
id_token = get_id_token(response_json)
|
||||
nonce = id_token["nonce"]
|
||||
stored_nonce = redis_client.get(f"login-nonce-{state}")
|
||||
redis_key = f"login-nonce-{state}"
|
||||
stored_nonce = redis_client.get(redis_key).decode("utf8")
|
||||
|
||||
# 'login-nonce-IjEyNy4wLjAuMSI%2EZw51tw%2EWIkNwqJKjDsd_mAGc2Jgh39KnS4'
|
||||
# 'login-nonce-IjEyNy4wLjAuMSI.Zw51tw.WIkNwqJKjDsd_mAGc2Jgh39KnS4'
|
||||
|
||||
if nonce != stored_nonce:
|
||||
current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}")
|
||||
@@ -209,7 +214,8 @@ def sign_in(): # pragma: no cover
|
||||
url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL")
|
||||
|
||||
nonce = secrets.token_urlsafe()
|
||||
redis_client.set(f"login-nonce-{token}", nonce)
|
||||
redis_key = f"login-nonce-{unquote(token)}"
|
||||
redis_client.set(redis_key, nonce)
|
||||
|
||||
# handle unit tests
|
||||
if url is not None:
|
||||
|
||||
@@ -46,7 +46,8 @@ class InviteApiClient(NotifyAdminAPIClient):
|
||||
|
||||
# make and store the nonce
|
||||
nonce = secrets.token_urlsafe()
|
||||
redis_client.set(f"login-nonce-{state}", nonce) # save the nonce to redis.
|
||||
redis_key = f"login-nonce-{state}"
|
||||
redis_client.set(f"{redis_key}", nonce) # save the nonce to redis.
|
||||
data["nonce"] = nonce # This is passed to api for the invite url.
|
||||
|
||||
resp = self.post(url=f"/service/{service_id}/invite", data=data)
|
||||
|
||||
Reference in New Issue
Block a user