# HG changeset patch # User drewp@bigasterisk.com # Date 1668906396 28800 # Node ID c538dc39b8513c63c2bea30a7fdb95c5da494ddc # Parent f3a15a72448322e8829f383b993269b4ec03de10 user login fixes diff -r f3a15a724483 -r c538dc39b851 get_agent.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/get_agent.py Sat Nov 19 17:06:36 2022 -0800 @@ -0,0 +1,25 @@ +import logging + +import bottle +import jwt +from rdflib import URIRef + +log = logging.getLogger(__name__) + +jwks_client = jwt.PyJWKClient(uri='https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json') + + +def bottleGetAgent() -> URIRef: + pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None) + + sk = jwks_client.get_signing_key_from_jwt(pomAssertion) + j = jwt.decode(pomAssertion, + key=sk.key, + algorithms=['ES256'], + audience="bigasterisk.com") + + foaf = { + 'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp', + 'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi', + }[j['email']] + return URIRef(foaf) diff -r f3a15a724483 -r c538dc39b851 lookup.py --- a/lookup.py Sat Nov 19 17:05:15 2022 -0800 +++ b/lookup.py Sat Nov 19 17:06:36 2022 -0800 @@ -34,8 +34,11 @@ def getUser(): - agent = bottle.request.headers.get('x-foaf-agent', None) - username = db['user'].find_one({'_id': agent})['username'] if agent else None + try: + agent = bottleGetAgent() + username = db['user'].find_one({'_id': str(agent)})['username'] if agent else None + except KeyError: + username = agent = None return username, agent @@ -169,7 +172,10 @@ @bottle.route('/', method='POST') def userAddLink(user): - if getUser()[0] != user: + u=getUser()[0] + if u is None: + raise ValueError('not logged in') + if u != user: raise ValueError("not logged in as %s" % user) print(repr(bottle.request.params.__dict__)) doc = links.fromPostdata(bottle.request.params, user, datetime.datetime.now(tzlocal()))