From da6882774beeafb0b98c1b5b71aae23801329597 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Tue, 15 Oct 2024 10:44:03 -0400 Subject: [PATCH] Getting the redis stuff configured correctly. Signed-off-by: Cliff Hill --- app/main/views/index.py | 15 +++++---------- app/main/views/register.py | 2 +- app/main/views/sign_in.py | 12 +++++++++--- app/notify_client/invite_api_client.py | 3 ++- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/app/main/views/index.py b/app/main/views/index.py index 6dd528e9a..e7226ad7d 100644 --- a/app/main/views/index.py +++ b/app/main/views/index.py @@ -1,17 +1,11 @@ import os import secrets +from urllib.parse import unquote -from flask import ( - abort, - current_app, - redirect, - render_template, - request, - url_for, -) +from flask import abort, current_app, redirect, render_template, request, url_for from flask_login import current_user -from app import status_api_client, redis_client +from app import redis_client, status_api_client from app.formatters import apply_html_class, convert_markdown_template from app.main import main from app.main.views.pricing import CURRENT_SMS_RATE @@ -34,7 +28,8 @@ def index(): nonce = secrets.token_urlsafe() - redis_client.set(f"login-nonce-{token}", nonce) + redis_key = f"login-nonce-{unquote(token)}" + redis_client.set(redis_key, nonce) if url is not None: url = url.replace("NONCE", nonce) diff --git a/app/main/views/register.py b/app/main/views/register.py index 5b69a7f84..475fa4578 100644 --- a/app/main/views/register.py +++ b/app/main/views/register.py @@ -170,7 +170,7 @@ def set_up_your_profile(): request_json = request.json() id_token = get_id_token(request_json) nonce = id_token["nonce"] - stored_nonce = redis_client.get(f"login-nonce-{state}") + stored_nonce = redis_client.get(f"login-nonce-{state}").decode("utf8") if nonce != stored_nonce: current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}") abort(403) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index a2dc36a2a..8cbc16aff 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -2,6 +2,7 @@ import os import secrets import time import uuid +from urllib.parse import unquote import jwt import requests @@ -17,7 +18,7 @@ from flask import ( ) from flask_login import current_user -from app import login_manager, user_api_client, redis_client +from app import login_manager, redis_client, user_api_client from app.main import main from app.main.views.index import error from app.main.views.verify import activate_user @@ -65,7 +66,11 @@ def _get_access_token(code, state): # pragma: no cover response_json = response.json() id_token = get_id_token(response_json) nonce = id_token["nonce"] - stored_nonce = redis_client.get(f"login-nonce-{state}") + redis_key = f"login-nonce-{state}" + stored_nonce = redis_client.get(redis_key).decode("utf8") + + # 'login-nonce-IjEyNy4wLjAuMSI%2EZw51tw%2EWIkNwqJKjDsd_mAGc2Jgh39KnS4' + # 'login-nonce-IjEyNy4wLjAuMSI.Zw51tw.WIkNwqJKjDsd_mAGc2Jgh39KnS4' if nonce != stored_nonce: current_app.logger.error(f"Nonce Error: {nonce} != {stored_nonce}") @@ -209,7 +214,8 @@ def sign_in(): # pragma: no cover url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") nonce = secrets.token_urlsafe() - redis_client.set(f"login-nonce-{token}", nonce) + redis_key = f"login-nonce-{unquote(token)}" + redis_client.set(redis_key, nonce) # handle unit tests if url is not None: diff --git a/app/notify_client/invite_api_client.py b/app/notify_client/invite_api_client.py index 9bff63f22..328a87e58 100644 --- a/app/notify_client/invite_api_client.py +++ b/app/notify_client/invite_api_client.py @@ -46,7 +46,8 @@ class InviteApiClient(NotifyAdminAPIClient): # make and store the nonce nonce = secrets.token_urlsafe() - redis_client.set(f"login-nonce-{state}", nonce) # save the nonce to redis. + redis_key = f"login-nonce-{state}" + redis_client.set(f"{redis_key}", nonce) # save the nonce to redis. data["nonce"] = nonce # This is passed to api for the invite url. resp = self.post(url=f"/service/{service_id}/invite", data=data)