Getting the redis stuff configured correctly.

Signed-off-by: Cliff Hill <clifford.hill@gsa.gov>
This commit is contained in:
Cliff Hill
2024-10-15 10:44:03 -04:00
parent d0cda995cf
commit da6882774b
4 changed files with 17 additions and 15 deletions

View File

@@ -1,17 +1,11 @@
import os
import secrets
from urllib.parse import unquote
from flask import (
abort,
current_app,
redirect,
render_template,
request,
url_for,
)
from flask import abort, current_app, redirect, render_template, request, url_for
from flask_login import current_user
from app import status_api_client, redis_client
from app import redis_client, status_api_client
from app.formatters import apply_html_class, convert_markdown_template
from app.main import main
from app.main.views.pricing import CURRENT_SMS_RATE
@@ -34,7 +28,8 @@ def index():
nonce = secrets.token_urlsafe()
redis_client.set(f"login-nonce-{token}", nonce)
redis_key = f"login-nonce-{unquote(token)}"
redis_client.set(redis_key, nonce)
if url is not None:
url = url.replace("NONCE", nonce)

View File

@@ -170,7 +170,7 @@ def set_up_your_profile():
request_json = request.json()
id_token = get_id_token(request_json)
nonce = id_token["nonce"]
stored_nonce = redis_client.get(f"login-nonce-{state}")
stored_nonce = redis_client.get(f"login-nonce-{state}").decode("utf8")
if nonce != stored_nonce:
current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}")
abort(403)

View File

@@ -2,6 +2,7 @@ import os
import secrets
import time
import uuid
from urllib.parse import unquote
import jwt
import requests
@@ -17,7 +18,7 @@ from flask import (
)
from flask_login import current_user
from app import login_manager, user_api_client, redis_client
from app import login_manager, redis_client, user_api_client
from app.main import main
from app.main.views.index import error
from app.main.views.verify import activate_user
@@ -65,7 +66,11 @@ def _get_access_token(code, state): # pragma: no cover
response_json = response.json()
id_token = get_id_token(response_json)
nonce = id_token["nonce"]
stored_nonce = redis_client.get(f"login-nonce-{state}")
redis_key = f"login-nonce-{state}"
stored_nonce = redis_client.get(redis_key).decode("utf8")
# 'login-nonce-IjEyNy4wLjAuMSI%2EZw51tw%2EWIkNwqJKjDsd_mAGc2Jgh39KnS4'
# 'login-nonce-IjEyNy4wLjAuMSI.Zw51tw.WIkNwqJKjDsd_mAGc2Jgh39KnS4'
if nonce != stored_nonce:
current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}")
@@ -209,7 +214,8 @@ def sign_in(): # pragma: no cover
url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL")
nonce = secrets.token_urlsafe()
redis_client.set(f"login-nonce-{token}", nonce)
redis_key = f"login-nonce-{unquote(token)}"
redis_client.set(redis_key, nonce)
# handle unit tests
if url is not None:

View File

@@ -46,7 +46,8 @@ class InviteApiClient(NotifyAdminAPIClient):
# make and store the nonce
nonce = secrets.token_urlsafe()
redis_client.set(f"login-nonce-{state}", nonce) # save the nonce to redis.
redis_key = f"login-nonce-{state}"
redis_client.set(f"{redis_key}", nonce) # save the nonce to redis.
data["nonce"] = nonce # This is passed to api for the invite url.
resp = self.post(url=f"/service/{service_id}/invite", data=data)