Mercurial > code > home > repos > href
changeset 39:c538dc39b851
user login fixes
| author | drewp@bigasterisk.com |
|---|---|
| date | Sat, 19 Nov 2022 17:06:36 -0800 |
| parents | f3a15a724483 |
| children | 94181d521d6d |
| files | get_agent.py lookup.py |
| diffstat | 2 files changed, 34 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/get_agent.py Sat Nov 19 17:06:36 2022 -0800 @@ -0,0 +1,25 @@ +import logging + +import bottle +import jwt +from rdflib import URIRef + +log = logging.getLogger(__name__) + +jwks_client = jwt.PyJWKClient(uri='https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json') + + +def bottleGetAgent() -> URIRef: + pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None) + + sk = jwks_client.get_signing_key_from_jwt(pomAssertion) + j = jwt.decode(pomAssertion, + key=sk.key, + algorithms=['ES256'], + audience="bigasterisk.com") + + foaf = { + 'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp', + 'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi', + }[j['email']] + return URIRef(foaf)
--- a/lookup.py Sat Nov 19 17:05:15 2022 -0800 +++ b/lookup.py Sat Nov 19 17:06:36 2022 -0800 @@ -34,8 +34,11 @@ def getUser(): - agent = bottle.request.headers.get('x-foaf-agent', None) - username = db['user'].find_one({'_id': agent})['username'] if agent else None + try: + agent = bottleGetAgent() + username = db['user'].find_one({'_id': str(agent)})['username'] if agent else None + except KeyError: + username = agent = None return username, agent @@ -169,7 +172,10 @@ @bottle.route('/<user>', method='POST') def userAddLink(user): - if getUser()[0] != user: + u=getUser()[0] + if u is None: + raise ValueError('not logged in') + if u != user: raise ValueError("not logged in as %s" % user) print(repr(bottle.request.params.__dict__)) doc = links.fromPostdata(bottle.request.params, user, datetime.datetime.now(tzlocal()))