diff options
| author | Frederick Muriuki Muriithi | 2023-03-09 04:39:37 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-03-09 04:39:37 +0300 |
| commit | dee42dd14dc7786b1ccf9465bb28dfe74024166c (patch) | |
| tree | 31af463e825d03776ac46cd859e65610dfcc5457 /gn3/settings.py | |
| parent | a35d16f9a191afbb31e2c185e87e5eec5e23122f (diff) | |
| download | genenetwork3-dee42dd14dc7786b1ccf9465bb28dfe74024166c.tar.gz | |
auth: introspection: Protect introspection endpoint
The introspection endpoint could contain privileged information, thus requires that the endpoint be protected. This commit ensures that a user has authenticated to the system and that the client they are using be one of the allowed clients.
Diffstat (limited to 'gn3/settings.py')
| -rw-r--r-- | gn3/settings.py | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/gn3/settings.py b/gn3/settings.py index 1de4d27..1b4a105 100644 --- a/gn3/settings.py +++ b/gn3/settings.py @@ -1,7 +1,7 @@ """Configuration settings for this project""" - -import tempfile import os +import uuid +import tempfile BCRYPT_SALT = "$2b$12$mxLvu9XRLlIaaSeDxt8Sle" # Change this! DATA_DIR = "" @@ -70,3 +70,14 @@ MULTIPROCESSOR_PROCS = 6 # Number of processes to spawn AUTH_MIGRATIONS = "migrations/auth" AUTH_DB = os.environ.get( "AUTH_DB", f"{os.environ.get('HOME')}/genenetwork/gn3_files/db/auth.db") + +try: + # *** SECURITY CONCERN *** + # Clients with access to this privileges create a security concern. + # Be careful when adding to this configuration + OAUTH2_CLIENTS_WITH_INTROSPECTION_PRIVILEGE = tuple( + uuid.UUID(client_id) for client_id in + os.environ.get( + "OAUTH2_CLIENTS_WITH_INTROSPECTION_PRIVILEGE", "").split(",")) +except ValueError as _valerr: + OAUTH2_CLIENTS_WITH_INTROSPECTION_PRIVILEGE = tuple() |