diff options
-rw-r--r-- | gn3/auth/authentication/oauth2/models/oauth2client.py | 10 | ||||
-rw-r--r-- | main.py | 69 |
2 files changed, 78 insertions, 1 deletions
diff --git a/gn3/auth/authentication/oauth2/models/oauth2client.py b/gn3/auth/authentication/oauth2/models/oauth2client.py index 2ee7858..efaff54 100644 --- a/gn3/auth/authentication/oauth2/models/oauth2client.py +++ b/gn3/auth/authentication/oauth2/models/oauth2client.py @@ -34,7 +34,15 @@ class OAuth2Client(NamedTuple): @property def client_type(self) -> str: - """Return the token endpoint authorisation method.""" + """ + Return the token endpoint authorisation method. + + Acceptable client types: + * public: Unable to use registered client secrets, e.g. browsers, apps + on mobile devices. + * confidential: able to securely authenticate with authorisation server + e.g. being able to keep their registered client secret safe. + """ return self.client_metadata.get("client_type", "public") def check_endpoint_auth_method(self, method: str, endpoint: str) -> bool: @@ -1,9 +1,16 @@ """Main entry point for project""" +import json +from math import ceil +from datetime import datetime + +import bcrypt from yoyo import get_backend, read_migrations from gn3 import migrations from gn3.app import create_app +from gn3.auth import db + app = create_app() ##### BEGIN: CLI Commands ##### @@ -15,6 +22,68 @@ def apply_migrations(): get_backend(f'sqlite:///{app.config["AUTH_DB"]}'), read_migrations(app.config["AUTH_MIGRATIONS"])) +def __init_dev_users__(): + """Initialise dev users. Get's used in more than one place""" + dev_users_query = "INSERT INTO users VALUES (:user_id, :email, :name)" + dev_users_passwd = "INSERT INTO user_credentials VALUES (:user_id, :hash)" + dev_users = ({ + "user_id": "0ad1917c-57da-46dc-b79e-c81c91e5b928", + "email": "test@develpment.user", + "name": "Test Development User", + "password": "testpasswd"},) + + def __hash_passwd__(passwd): + return bcrypt.hashpw(passwd.encode("utf8"), bcrypt.gensalt()) + + with db.connection(app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor: + cursor.executemany(dev_users_query, dev_users) + cursor.executemany(dev_users_passwd, ( + {**usr, "hash": __hash_passwd__(usr["password"])} + for usr in dev_users)) + +@app.cli.command() +def init_dev_users(): + """ + Initialise development users for OAuth2 sessions. + + **NOTE**: You really should not run this in production/staging + """ + __init_dev_users__() + +@app.cli.command() +def init_dev_clients(): + """ + Initialise a development client for OAuth2 sessions. + + **NOTE**: You really should not run this in production/staging + """ + __init_dev_users__() + dev_clients_query = ( + "INSERT INTO oauth2_clients VALUES (" + ":client_id, :client_secret, :client_id_issued_at, " + ":client_secret_expires_at, :client_metadata, :user_id" + ")") + dev_clients = ({ + "client_id": "0bbfca82-d73f-4bd4-a140-5ae7abb4a64d", + "client_secret": "yadabadaboo", + "client_id_issued_at": ceil(datetime.now().timestamp()), + "client_secret_expires_at": 0, + "client_metadata": json.dumps({ + "client_name": "GN2 Dev Server", + "token_endpoint_auth_method": [ + "client_secret_post", "client_secret_basic"], + "client_type": "confidential", + "grant_types": ["password", "authorisation_code", "refresh_token"], + "default_redirect_uri": "http://localhost:5033/oauth2/code", + "redirect_uris": ["http://localhost:5033/oauth2/code"], + "response_type": "token", # choices: ["code", "token"] + "scope": ["profile", "resource", "register-client"] + }), + "user_id": "0ad1917c-57da-46dc-b79e-c81c91e5b928"},) + + with db.connection(app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor: + cursor.executemany(dev_clients_query, dev_clients) + ##### END: CLI Commands ##### if __name__ == '__main__': |