From 6b9885b387c4082a59145a242bc8935ba0df383d Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 10:22:07 +0000 Subject: [PATCH 01/16] updates on ghactions --- .github/workflows/test.yml | 12 ++++++++---- gh_actions/containerCreation.sh | 4 ++-- src/config/config.json | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fe963c6..0576914 100755 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,11 +32,15 @@ jobs: - name: Create python env run: python3 -m venv env - name: Activate environment + run: source env/bin/activate + - name: Install requirements + run: pip3 install -r src/requirements.txt + - name: Run mongo container + run: sudo docker run -p 27017:27017 -d mongo + - name: Run main run: | - source env/bin/activate - pip install -r src/requirements.txt - # - name: Run main - # run: python src/main.py + nohup python3 src/main.py & + sleep 1 # - name: Run tests Database # run: python tests/test_database.py # - name: Run tests PDP diff --git a/gh_actions/containerCreation.sh b/gh_actions/containerCreation.sh index cfd5f00..18d5676 100755 --- a/gh_actions/containerCreation.sh +++ b/gh_actions/containerCreation.sh @@ -13,7 +13,7 @@ buildTag=travis_$TRAVIS_BUILD_NUMBER # We use a temporary build number for taggi docker build -t eoepca/$1 . docker tag eoepca/$1 eoepca/$1:$buildTag -echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin +# echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin -docker push eoepca/$1:$buildTag # defaults to docker hub EOEPCA repo +# docker push eoepca/$1:$buildTag # defaults to docker hub EOEPCA repo diff --git a/src/config/config.json b/src/config/config.json index 18a81ea..d34d4b2 100644 --- a/src/config/config.json +++ b/src/config/config.json @@ -1 +1 @@ -{"realm": "eoepca", "auth_server_url": "https://test.eoepca.org", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false} +{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false} From 0b4d2b377f4f2fdfe65252efc6e5d7595e969041 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 11:02:12 +0000 Subject: [PATCH 02/16] updated main ghactions --- .github/workflows/test.yml | 4 ++-- src/main.py | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0576914..429481a 100755 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -41,7 +41,7 @@ jobs: run: | nohup python3 src/main.py & sleep 1 - # - name: Run tests Database - # run: python tests/test_database.py + - name: Run tests Database + run: python tests/testPEPResources.py # - name: Run tests PDP # run: python tests/um_pdp_test.py diff --git a/src/main.py b/src/main.py index 5bfd9cb..d9adeb9 100644 --- a/src/main.py +++ b/src/main.py @@ -32,15 +32,16 @@ import logging from handlers.log_handler import LogHandler +dir_path = os.path.dirname(os.path.realpath(__file__)) log_handler = LogHandler -log_handler.load_config("PEP", "./config/log_config.yaml") +log_handler.load_config("PEP", dir_path+"/config/log_config.yaml") logger = logging.getLogger("PEP_ENGINE") logger.info("==========Starting load config==========") ### INITIAL SETUP -g_config, g_wkh = get_config("config/config.json") +g_config, g_wkh = get_config(dir_path+"/config/config.json") #Load HTTP verb mapping -g_config = get_verb_config("config/verb_config.json", g_config) +g_config = get_verb_config(dir_path+"/config/verb_config.json", g_config) oidc_client = OIDCHandler(g_wkh, client_id = g_config["client_id"], @@ -82,11 +83,11 @@ def generateRSAKeyPair(): private_key = _rsakey.exportKey() public_key = _rsakey.publickey().exportKey() - file_out = open("config/private.pem", "wb+") + file_out = open(dir_path+"/config/private.pem", "wb+") file_out.write(private_key) file_out.close() - file_out = open("config/public.pem", "wb+") + file_out = open(dir_path+"/config/public.pem", "wb+") file_out.write(public_key) file_out.close() @@ -104,8 +105,8 @@ def generateRSAKeyPair(): # SWAGGER initiation SWAGGER_URL = '/swagger-ui' # URL for exposing Swagger UI (without trailing '/') API_URL = "" # Our local swagger resource for PEP. Not used here as 'spec' parameter is used in config -SWAGGER_SPEC_PROXY = json.load(open("./static/swagger_pep_proxy_ui.json")) -SWAGGER_SPEC_RESOURCES = json.load(open("./static/swagger_pep_resources_ui.json")) +SWAGGER_SPEC_PROXY = json.load(open(dir_path+"/static/swagger_pep_proxy_ui.json")) +SWAGGER_SPEC_RESOURCES = json.load(open(dir_path+"/static/swagger_pep_resources_ui.json")) SWAGGER_APP_NAME = "Policy Enforcement Point Interfaces" swaggerui_proxy_blueprint = get_swaggerui_blueprint( From e80cc3779aed48de91e448ffb1eff22076758ce9 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 11:12:03 +0000 Subject: [PATCH 03/16] updated relative paths ghactions --- src/main.py | 3 +++ tests/testPEPResources.py | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/main.py b/src/main.py index d9adeb9..ea633ac 100644 --- a/src/main.py +++ b/src/main.py @@ -39,6 +39,9 @@ logger.info("==========Starting load config==========") ### INITIAL SETUP +print(dir_path+"/config/config.json") +for x in os.listdir(dir_path+'/config/'): + print(x) g_config, g_wkh = get_config(dir_path+"/config/config.json") #Load HTTP verb mapping g_config = get_verb_config(dir_path+"/config/verb_config.json", g_config) diff --git a/tests/testPEPResources.py b/tests/testPEPResources.py index d3a1ee6..9b1584f 100644 --- a/tests/testPEPResources.py +++ b/tests/testPEPResources.py @@ -21,13 +21,14 @@ class PEPResourceTest(unittest.TestCase): @classmethod def setUpClass(cls): cls.g_config = {} - with open("../src/config/config.json") as j: + dir_path = os.path.dirname(os.path.realpath(__file__)) + with open(dir_path+"/../src/config/config.json") as j: cls.g_config = json.load(j) wkh = WellKnownHandler(cls.g_config["auth_server_url"], secure=False) cls.__TOKEN_ENDPOINT = wkh.get(TYPE_OIDC, KEY_OIDC_TOKEN_ENDPOINT) - _rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file("../src/config/private.pem")) + _rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file(dir_path+"/../src/config/private.pem")) _payload = { "iss": cls.g_config["client_id"], "sub": cls.g_config["client_id"], From ae1c974688415d5d4611ec365682951a669d9e14 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 11:16:03 +0000 Subject: [PATCH 04/16] fix save config relative path ghactions --- src/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config.py b/src/config.py index bc4cf8b..33a2f0c 100644 --- a/src/config.py +++ b/src/config.py @@ -121,7 +121,7 @@ def get_config(config_path: str): g_config["client_id"] = new_client["client_id"] g_config["client_secret"] = new_client["client_secret"] if use_env_var is False: - save_config("config/config.json", g_config) + save_config(config_path, g_config) else: os.environ["PEP_CLIENT_ID"] = new_client["client_id"] os.environ["PEP_CLIENT_SECRET"] = new_client["client_secret"] From 81bf4161b2a9bdc9119862393eea517e3fad14ea Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 11:34:19 +0000 Subject: [PATCH 05/16] updates on test resources ghactions --- tests/testPEPResources.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/testPEPResources.py b/tests/testPEPResources.py index 9b1584f..b7432e0 100644 --- a/tests/testPEPResources.py +++ b/tests/testPEPResources.py @@ -80,6 +80,9 @@ def createTestResource(self, id_token="filler"): payload = { "resource_scopes":[ self.scopes ], "icon_uri":"/"+self.resourceName, "name": self.resourceName } headers = { 'content-type': "application/json", "cache-control": "no-cache", "Authorization": "Bearer "+str(id_token) } res = requests.post(self.PEP_RES_HOST+"/resources", headers=headers, json=payload, verify=False) + print(res) + print(res.text) + print(self.PEP_RES_HOST+"/resources") if res.status_code == 200: return 200, res.text return 500, None From 6d600b4367b778df804e2f5d54ac528535e5f6f3 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 15:30:31 +0000 Subject: [PATCH 06/16] updated config ghactions --- src/config/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/config.json b/src/config/config.json index d34d4b2..96f249c 100644 --- a/src/config/config.json +++ b/src/config/config.json @@ -1 +1 @@ -{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false} +{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false} \ No newline at end of file From 1bb930cec2a76de2d1bae7571b6437da344bc5aa Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 15:44:08 +0000 Subject: [PATCH 07/16] update on config file ghactions --- src/config/config.json | 2 +- tests/testPEPResources.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/config/config.json b/src/config/config.json index 96f249c..8afaff9 100644 --- a/src/config/config.json +++ b/src/config/config.json @@ -1 +1 @@ -{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false} \ No newline at end of file +{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false, "client_id": "7a08eb39-5866-4a61-9f4e-a621a6e5bc33", "client_secret": "58fa394d-5bde-43e0-a1da-5dbfdd71f769"} \ No newline at end of file diff --git a/tests/testPEPResources.py b/tests/testPEPResources.py index b7432e0..b64cce2 100644 --- a/tests/testPEPResources.py +++ b/tests/testPEPResources.py @@ -82,6 +82,7 @@ def createTestResource(self, id_token="filler"): res = requests.post(self.PEP_RES_HOST+"/resources", headers=headers, json=payload, verify=False) print(res) print(res.text) + print('lo siguiente es tal + /resources') print(self.PEP_RES_HOST+"/resources") if res.status_code == 200: return 200, res.text From e7ed79f4a528997fcec8c5d4fd826e2c495c8f2e Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 16:08:31 +0000 Subject: [PATCH 08/16] test Mongo ghactions --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 429481a..e69fbb2 100755 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -42,6 +42,6 @@ jobs: nohup python3 src/main.py & sleep 1 - name: Run tests Database + run: python tests/testMongo.py + - name: Run tests PEP run: python tests/testPEPResources.py - # - name: Run tests PDP - # run: python tests/um_pdp_test.py From b1362b42d37e2125db9a8cab8bbc784073db476e Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 16:13:35 +0000 Subject: [PATCH 09/16] updated src path ghactions --- tests/testMongo.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/testMongo.py b/tests/testMongo.py index e6c147d..bab0005 100644 --- a/tests/testMongo.py +++ b/tests/testMongo.py @@ -1,6 +1,9 @@ #!/usr/bin/env python3 import pymongo from pymongo import MongoClient +sys.path.insert(0, '../src') +dir_path = os.path.dirname(os.path.realpath(__file__)) +sys.path.append(dir_path+'/../src/') from src.handlers.mongo_handler import Mongo_Handler import pytest import unittest From 3eb623eac7637ce54e0b6b89f1b649ca72f270ad Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 16:16:08 +0000 Subject: [PATCH 10/16] importing modules ghactions --- tests/testMongo.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/testMongo.py b/tests/testMongo.py index bab0005..43c0859 100644 --- a/tests/testMongo.py +++ b/tests/testMongo.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 import pymongo from pymongo import MongoClient +import os, sys sys.path.insert(0, '../src') dir_path = os.path.dirname(os.path.realpath(__file__)) sys.path.append(dir_path+'/../src/') From 417811cf1d50032dc4d683d5fe641c918d970768 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 16:18:29 +0000 Subject: [PATCH 11/16] importing modules ghact --- tests/testMongo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/testMongo.py b/tests/testMongo.py index 43c0859..76d1658 100644 --- a/tests/testMongo.py +++ b/tests/testMongo.py @@ -5,7 +5,7 @@ sys.path.insert(0, '../src') dir_path = os.path.dirname(os.path.realpath(__file__)) sys.path.append(dir_path+'/../src/') -from src.handlers.mongo_handler import Mongo_Handler +from handlers.mongo_handler import Mongo_Handler import pytest import unittest import mock From d6434623d2421ae8d382baad47621c4d00cfef32 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 16:42:59 +0000 Subject: [PATCH 12/16] importing modules ghaction --- src/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/requirements.txt b/src/requirements.txt index 67770e4..199d549 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -8,5 +8,6 @@ pyjwkest==1.4.2 pycrypto==2.6.1 pymongo mock +pytest==6.2.4 flask-swagger-ui==3.36.0 pyyaml \ No newline at end of file From ce68861b1c42546c37496021b6e358b37d1f1534 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Thu, 13 May 2021 16:47:03 +0000 Subject: [PATCH 13/16] testMongo update ghactions --- tests/testMongo.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/testMongo.py b/tests/testMongo.py index 76d1658..01875ae 100644 --- a/tests/testMongo.py +++ b/tests/testMongo.py @@ -59,7 +59,7 @@ def test_mongo(self, mock_test,raise_for_status=None): if raise_for_status: mock_resp.raise_for_status.side_effect = raise_for_status mongo = Mongo_Handler("resource_db", "resources") - self.assertEqual(str(mongo)[:-16], ' Date: Fri, 14 May 2021 08:34:02 +0000 Subject: [PATCH 14/16] update ghactions --- .github/workflows/documentation.yml | 2 +- .github/workflows/test.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index c465d5f..b8faef1 100755 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: PDP Engine Documentation +name: PEP Engine Documentation # Controls when the action will run. on: push diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e69fbb2..afc4dd5 100755 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: PDP Engine Test Workflow +name: PEP Engine Test Workflow # Controls when the action will run. on: push @@ -43,5 +43,5 @@ jobs: sleep 1 - name: Run tests Database run: python tests/testMongo.py - - name: Run tests PEP - run: python tests/testPEPResources.py + # - name: Run tests PEP + # run: python tests/testPEPResources.py From 6b10ba1dd10144597db1a566dae05e308f3a4386 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Tue, 18 May 2021 13:47:57 +0000 Subject: [PATCH 15/16] reversible changes ghactions --- src/blueprints/resources.py | 16 ++++++++++++++-- src/config.py | 4 +++- src/config/config.json | 2 +- src/config/default-resources.json | 4 +++- src/handlers/oidc_handler.py | 20 ++++++++++++++++++-- src/main.py | 2 +- src/requirements.txt | 1 + tests/testPEPResources.py | 7 +++++++ 8 files changed, 48 insertions(+), 8 deletions(-) diff --git a/src/blueprints/resources.py b/src/blueprints/resources.py index 4d4da7c..d12c51b 100644 --- a/src/blueprints/resources.py +++ b/src/blueprints/resources.py @@ -19,6 +19,8 @@ def get_resource_list(): logger.debug("Retrieving all registered resources...") #gets all resources registered on local DB custom_mongo = Mongo_Handler("resource_db", "resources") + + logger.info("==========No entiendo==========") resources = custom_mongo.get_all_resources() rpt = request.headers.get('Authorization') @@ -28,6 +30,7 @@ def get_resource_list(): uid = None try: head_protected = str(request.headers) + headers_protected = head_protected.split() uid = oidc_client.verify_uid_headers(headers_protected, "sub") if "NO TOKEN FOUND" in uid: @@ -42,6 +45,9 @@ def get_resource_list(): response.headers["Error"] = str(e) activity = {"Description":"No token found/error reading token: "+str(e)} logger.info(log_handler.format_message(subcomponent="RESOURCES",action_id="HTTP",action_type=request.method,log_code=2001,activity=activity)) + + activity = {"Error While passing the token: "+str(uid)} + logger.info(log_handler.format_message(subcomponent="RESOURCES",action_id="HTTP",action_type=request.method,log_code=2001,activity=activity)) return response if not uid: @@ -80,14 +86,20 @@ def get_resource_list(): def resource_creation(): logger.debug("Processing " + request.method + " resource request...") response = Response() + + logger.info("==========No entiendo==========") + uid = None #Inspect JWT token (UMA) or query OIDC userinfo endpoint (OAuth) for user id try: head_protected = str(request.headers) + logger.info("==========1 "+ head_protected+"==========") headers_protected = head_protected.split() - logger.debug(head_protected) + logger.info("==========2 "+ str(headers_protected)+" ==========") + uid = oidc_client.verify_uid_headers(headers_protected, "sub") - logger.debug(uid) + + logger.info("==========2 "+ uid+"==========") if "NO TOKEN FOUND" in uid: response.status_code = 401 response.headers["Error"] = 'no token passed!' diff --git a/src/config.py b/src/config.py index 33a2f0c..6f26873 100644 --- a/src/config.py +++ b/src/config.py @@ -139,11 +139,13 @@ def get_default_resources(path: str): Loads Charts configuration file in addition with the alredy existent on the source path """ #Sets logger + dir_path = os.path.dirname(os.path.realpath(__file__)) + logger = logging.getLogger("PEP_ENGINE") g_config = {} # Global config objects g_config = load_config(path) - l_config = load_config("config/default-resources.json") + l_config = load_config(dir_path+"/config/default-resources.json") for k in l_config['default_resources']: if not any(d['resource_uri'] == k['resource_uri'] for d in g_config['default_resources']): g_config['default_resources'].append(k) diff --git a/src/config/config.json b/src/config/config.json index 8afaff9..dfba29b 100644 --- a/src/config/config.json +++ b/src/config/config.json @@ -1 +1 @@ -{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false, "client_id": "7a08eb39-5866-4a61-9f4e-a621a6e5bc33", "client_secret": "58fa394d-5bde-43e0-a1da-5dbfdd71f769"} \ No newline at end of file +{"realm": "eoepca", "auth_server_url": "https://test.185.52.193.87.nip.io/", "service_host": "0.0.0.0", "proxy_service_port": 5566, "resources_service_port": 5576, "s_margin_rpt_valid": 5, "check_ssl_certs": false, "use_threads": true, "debug_mode": true, "resource_server_endpoint": "http://eoepca-ades-core", "api_rpt_uma_validation": true, "rpt_limit_uses": 5, "pdp_url": "http://test.eoepca.org", "pdp_port": 5567, "pdp_policy_endpoint": "/policy/", "verify_signature": false, "default_resource_path": "config/default-resources.json", "client_id": "7a08eb39-5866-4a61-9f4e-a621a6e5bc33", "client_secret": "58fa394d-5bde-43e0-a1da-5dbfdd71f769"} \ No newline at end of file diff --git a/src/config/default-resources.json b/src/config/default-resources.json index 929bb6a..6226488 100644 --- a/src/config/default-resources.json +++ b/src/config/default-resources.json @@ -1,3 +1,5 @@ { - "default_resources": [] + "default_resources": [ + {"name": "Base Path", "description": "Base path for Open Access to PEP", "resource_uri": "/", "scopes": "public_access", "default_owner": "0000000000000"} + ] } diff --git a/src/handlers/oidc_handler.py b/src/handlers/oidc_handler.py index 40b25c5..412d704 100644 --- a/src/handlers/oidc_handler.py +++ b/src/handlers/oidc_handler.py @@ -7,6 +7,7 @@ from handlers.uma_handler import UMA_Handler, resource from handlers.uma_handler import rpt as class_rpt from config import load_config +import os, sys import logging import base64 import json @@ -50,6 +51,8 @@ def get_new_pat(self): def verify_JWT_token(self, token, key): try: + + self.logger.info("pues JWT decoding") header = str(token).split(".")[0] paddedHeader = header + '=' * (4 - len(header) % 4) decodedHeader = base64.b64decode(paddedHeader) @@ -64,12 +67,16 @@ def verify_JWT_token(self, token, key): decoded = decoded.decode('utf-8') decoded_str = json.loads(decoded) + self.logger.info("pues JWT decoding segundo check") if self.getVerificationConfig() == True: + self.logger.info("TRUE") if decoded_str_header['kid'] != "RSA1": + self.logger.info("TRUE2") verificator = JWT_Verification() result = verificator.verify_signature_JWT(token) else: #validate signature for rpt + self.logger.info("FALSE 2") rsajwk = RSAKey(kid="RSA1", key=import_rsa_key_from_file("config/public.pem")) dict_rpt_values = JWS().verify_compact(token, keys=[rsajwk], sigalg="RS256") @@ -83,7 +90,8 @@ def verify_JWT_token(self, token, key): raise Exception else: self.logger.debug("Signature verification is correct!") - + + self.logger.info("FALSE") user_value = None if decoded_str.get(key): user_value = decoded_str[key] @@ -114,6 +122,8 @@ def verify_OAuth_token(self, token, key): def verify_uid_headers(self, headers_protected, key): value = None token_protected = None + self.logger.info("entiendo? creo? wth") + #Retrieve the token from the headers for i in headers_protected: if 'Bearer' in str(i): @@ -122,8 +132,10 @@ def verify_uid_headers(self, headers_protected, key): if token_protected: #Compares between JWT id_token and OAuth access token to retrieve the requested key-value if len(str(token_protected))>40: + self.logger.info(str(token_protected)) value=self.verify_JWT_token(token_protected, key) else: + self.logger.info("entiendo? creo? what the fuuuck locl") value=self.verify_OAuth_token(token_protected, key) return value @@ -131,6 +143,10 @@ def verify_uid_headers(self, headers_protected, key): return 'NO TOKEN FOUND' def getVerificationConfig(self): - g_config = load_config("config/config.json") + self.logger.info("esto es el verify: ") + + dir_path = os.path.dirname(os.path.realpath(__file__)) + g_config = load_config(dir_path+"/../config/config.json") + self.logger.info("esto es el verify: "+ str(g_config['verify_signature'])) return g_config['verify_signature'] \ No newline at end of file diff --git a/src/main.py b/src/main.py index ea633ac..e2a0193 100644 --- a/src/main.py +++ b/src/main.py @@ -59,7 +59,7 @@ #Default behavior is open_access #Creation of default resources try: - path = g_config["default_resource_path"] + path = dir_path+"/"+ g_config["default_resource_path"] kube_resources= get_default_resources(path) for k in kube_resources['default_resources']: id_res="" diff --git a/src/requirements.txt b/src/requirements.txt index 199d549..97573e4 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -6,6 +6,7 @@ requests==2.23.0 Flask==1.1.2 pyjwkest==1.4.2 pycrypto==2.6.1 +PyCryptodome pymongo mock pytest==6.2.4 diff --git a/tests/testPEPResources.py b/tests/testPEPResources.py index b64cce2..343786d 100644 --- a/tests/testPEPResources.py +++ b/tests/testPEPResources.py @@ -52,7 +52,9 @@ def setUpClass(cls): _jws_ownership = JWS(_payload_ownership, alg="RS256") cls.jwt = _jws.sign_compact(keys=[_rsajwk]) + print(cls.jwt) cls.jwt_rotest = _jws_ownership.sign_compact(keys=[_rsajwk]) + print(cls.jwt_rotest) #cls.scopes = 'public_access' cls.scopes = 'protected_access' cls.resourceName = "TestResourcePEP" @@ -79,6 +81,7 @@ def getResourceList(self, id_token="filler"): def createTestResource(self, id_token="filler"): payload = { "resource_scopes":[ self.scopes ], "icon_uri":"/"+self.resourceName, "name": self.resourceName } headers = { 'content-type': "application/json", "cache-control": "no-cache", "Authorization": "Bearer "+str(id_token) } + print(headers) res = requests.post(self.PEP_RES_HOST+"/resources", headers=headers, json=payload, verify=False) print(res) print(res.text) @@ -174,6 +177,10 @@ def test_resource(self): id_token = self.getJWT() id_token_ro = self.getJWT_RO() + print('hmmmm') + print(id_token) + print(id_token_ro) + #Create resource status, self.resourceID = self.createTestResource(id_token) self.assertEqual(status, 200) From 7908ab9cbb5e44750e48b7820b13d93885d90f08 Mon Sep 17 00:00:00 2001 From: AlvaroVillanueva Date: Wed, 7 Jul 2021 15:04:08 +0000 Subject: [PATCH 16/16] updated Titles for the actions --- .github/workflows/container_creation.yml | 14 +++++++------- .github/workflows/main.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/container_creation.yml b/.github/workflows/container_creation.yml index f746f9a..2a9b42e 100755 --- a/.github/workflows/container_creation.yml +++ b/.github/workflows/container_creation.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: PEP Engine BB Workflow +name: PEP Container Creation # Controls when the action will run. on: push @@ -27,14 +27,14 @@ jobs: with: python-version: 3.6.9 # Runs a set of commands using the runners shell - - name: Testing - run: | - sudo apt-get install jq python3-venv - pip install -r ./src/requirements.txt + # - name: Testing + # run: | + # sudo apt-get install jq python3-venv + # pip install -r ./src/requirements.txt # python3 ./src/main.py # Uncomment below if wanted Dockerhub Publication - # - name: Container Creation and Publishing - # run: ./gh_actions/containerCreation.sh um-pep-engine + - name: Container Creation + run: ./gh_actions/containerCreation.sh um-pep-engine # - name: Smoke and Acceptance Test # run: ./gh_actions/acceptanceTest.sh um-pep-engine 8080 7000 # - name: Release Container diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 30e345d..953026e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,6 @@ # This is a basic workflow to help you get started with Actions -name: CI +name: Sonar Scanner # Controls when the action will run. on: