From 06d5bda071a3545b87d32eea90130337f2c2af9f Mon Sep 17 00:00:00 2001 From: Akiff Manji Date: Wed, 15 Nov 2023 15:30:39 -0800 Subject: [PATCH] fix: traction auth decorator (#2308) * feat: devcontainer configuraton for vscode Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: issue credentials through Traction tenant Signed-off-by: Akiff Manji * refactor: app initialization workflow Signed-off-by: Akiff Manji * feat: use out-of-band invitation for connecting Signed-off-by: Akiff Manji * feat: use v2.0 for issuing credential Signed-off-by: Akiff Manji * feat: web socket implmentation with flask-socketio Signed-off-by: Akiff Manji * feat: db migration script to enable revocation Signed-off-by: Akiff Manji * feat: revocation endpoint Signed-off-by: Akiff Manji * feat: replace endpoints Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * chore: update requirements Signed-off-by: Akiff Manji * chore: update tests Signed-off-by: Akiff Manji * feat: traction token exchanger Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * refactor: ws cors setting is a config option Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * refactor: clean up init in digital credential service Signed-off-by: Akiff Manji * 18284: digital credentials (#2260) * feat: devcontainer configuraton for vscode Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: issue credentials through Traction tenant Signed-off-by: Akiff Manji * refactor: app initialization workflow Signed-off-by: Akiff Manji * feat: use out-of-band invitation for connecting Signed-off-by: Akiff Manji * feat: use v2.0 for issuing credential Signed-off-by: Akiff Manji * feat: web socket implmentation with flask-socketio Signed-off-by: Akiff Manji * feat: db migration script to enable revocation Signed-off-by: Akiff Manji * feat: revocation endpoint Signed-off-by: Akiff Manji * feat: replace endpoints Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * chore: update requirements Signed-off-by: Akiff Manji * chore: update tests Signed-off-by: Akiff Manji * feat: traction token exchanger Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * refactor: ws cors setting is a config option Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * refactor: clean up init in digital credential service Signed-off-by: Akiff Manji --------- Signed-off-by: Akiff Manji * feat: endpoints to reset credential offers Signed-off-by: Akiff Manji * feat: credential id lookup table Signed-off-by: Akiff Manji * feat: add business roles Signed-off-by: Akiff Manji * 18284 Add pre-fork server hook to gunicorn config (#2285) * chore: fix tests and linting Signed-off-by: Akiff Manji * chore: fix tests Signed-off-by: Akiff Manji * 18284 feat: digital credentials (#2281) * feat: devcontainer configuraton for vscode Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: issue credentials through Traction tenant Signed-off-by: Akiff Manji * refactor: app initialization workflow Signed-off-by: Akiff Manji * feat: use out-of-band invitation for connecting Signed-off-by: Akiff Manji * feat: use v2.0 for issuing credential Signed-off-by: Akiff Manji * feat: web socket implmentation with flask-socketio Signed-off-by: Akiff Manji * feat: db migration script to enable revocation Signed-off-by: Akiff Manji * feat: revocation endpoint Signed-off-by: Akiff Manji * feat: replace endpoints Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * chore: update requirements Signed-off-by: Akiff Manji * chore: update tests Signed-off-by: Akiff Manji * feat: traction token exchanger Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * refactor: ws cors setting is a config option Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * refactor: clean up init in digital credential service Signed-off-by: Akiff Manji * feat: endpoints to reset credential offers Signed-off-by: Akiff Manji * feat: credential id lookup table Signed-off-by: Akiff Manji * feat: add business roles Signed-off-by: Akiff Manji * chore: fix tests and linting Signed-off-by: Akiff Manji * chore: fix tests Signed-off-by: Akiff Manji --------- Signed-off-by: Akiff Manji * refactor: remove records from Traction on deletion Signed-off-by: Akiff Manji * Revert "feat: web socket implmentation with flask-socketio" This reverts commit 79a2631fb101222a55a2d8a226ab9ca2b166906a. Signed-off-by: Akiff Manji * fix: port so it doesnt overlap with airplay server on OSX Signed-off-by: Akiff Manji * Revert "fix: port so it doesnt overlap with airplay server on OSX" This reverts commit 9763a176f47f53eaf84982cd4aec5178c2a409cc. Signed-off-by: Akiff Manji * feat: digital credentials (#2287) * feat: devcontainer configuraton for vscode Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: hard code digital business card schema Signed-off-by: Akiff Manji * feat: issue credentials through Traction tenant Signed-off-by: Akiff Manji * refactor: app initialization workflow Signed-off-by: Akiff Manji * feat: use out-of-band invitation for connecting Signed-off-by: Akiff Manji * feat: use v2.0 for issuing credential Signed-off-by: Akiff Manji * feat: web socket implmentation with flask-socketio Signed-off-by: Akiff Manji * feat: db migration script to enable revocation Signed-off-by: Akiff Manji * feat: revocation endpoint Signed-off-by: Akiff Manji * feat: replace endpoints Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * chore: update requirements Signed-off-by: Akiff Manji * chore: update tests Signed-off-by: Akiff Manji * feat: traction token exchanger Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * chore: update workflow variables Signed-off-by: Akiff Manji * refactor: ws cors setting is a config option Signed-off-by: Akiff Manji * chore: fix linting errors Signed-off-by: Akiff Manji * refactor: clean up init in digital credential service Signed-off-by: Akiff Manji * feat: endpoints to reset credential offers Signed-off-by: Akiff Manji * feat: credential id lookup table Signed-off-by: Akiff Manji * feat: add business roles Signed-off-by: Akiff Manji * chore: fix tests and linting Signed-off-by: Akiff Manji * chore: fix tests Signed-off-by: Akiff Manji * refactor: remove records from Traction on deletion Signed-off-by: Akiff Manji * Revert "feat: web socket implmentation with flask-socketio" This reverts commit 79a2631fb101222a55a2d8a226ab9ca2b166906a. Signed-off-by: Akiff Manji * fix: port so it doesnt overlap with airplay server on OSX Signed-off-by: Akiff Manji * Revert "fix: port so it doesnt overlap with airplay server on OSX" This reverts commit 9763a176f47f53eaf84982cd4aec5178c2a409cc. Signed-off-by: Akiff Manji --------- Signed-off-by: Akiff Manji * fix: improved token validation in traction auth decorator Signed-off-by: Akiff Manji --------- Signed-off-by: Akiff Manji Co-authored-by: Argus Chiu --- legal-api/src/legal_api/decorators.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/legal-api/src/legal_api/decorators.py b/legal-api/src/legal_api/decorators.py index 0153b26316..4d48191030 100644 --- a/legal-api/src/legal_api/decorators.py +++ b/legal-api/src/legal_api/decorators.py @@ -14,6 +14,7 @@ """This module holds function decorators.""" import json +from datetime import datetime from functools import wraps import jwt @@ -43,7 +44,11 @@ def decorated_function(*args, **kwargs): if not hasattr(current_app, 'api_token'): raise jwt.ExpiredSignatureError - jwt.decode(current_app.api_token, options={'verify_signature': False}) + if not (decoded := jwt.decode(current_app.api_token, options={'verify_signature': False})): + raise jwt.ExpiredSignatureError + + if datetime.utcfromtimestamp(decoded['exp']) <= datetime.utcnow(): + raise jwt.ExpiredSignatureError except ExpiredSignatureError: current_app.logger.info('JWT token expired or is missing, requesting new token') response = requests.post(f'{traction_api_url}/multitenancy/tenant/{traction_tenant_id}/token',