mgr/dashboard: fix issues related with PyJWT versions >=2.0.0

author Alfonso Martínez <almartin@redhat.com>

Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)

committer Alfonso Martínez <almartin@redhat.com>

Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)
author Alfonso Martínez <almartin@redhat.com>
Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)
committer Alfonso Martínez <almartin@redhat.com>
Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)
diff --git a/qa/tasks/mgr/dashboard/test_auth.py b/qa/tasks/mgr/dashboard/test_auth.py

index f3df04c0a290596dcf058d66f37128d233aad199..df5485d4de5cca870fdf46b61ae291ee5f784f70 100644 (file)
--- a/qa/tasks/mgr/dashboard/test_auth.py
+++ b/qa/tasks/mgr/dashboard/test_auth.py
@@ -20,7 +20,7 @@ class AuthTest(DashboardTestCase):
          self.reset_session()
  
      def _validate_jwt_token(self, token, username, permissions):
-        payload = jwt.decode(token, verify=False)
+        payload = jwt.decode(token, options={'verify_signature': False})
          self.assertIn('username', payload)
          self.assertEqual(payload['username'], username)
  
diff --git a/src/pybind/mgr/dashboard/constraints.txt b/src/pybind/mgr/dashboard/constraints.txt

index 67b37078fc98205644dea73dd656c29e6ad410e8..f7a1f59d8234f8e2ef750c6cd2b757a1c429081f 100644 (file)
--- a/src/pybind/mgr/dashboard/constraints.txt
+++ b/src/pybind/mgr/dashboard/constraints.txt
@@ -1,7 +1,7 @@
  CherryPy==13.1.0
  enum34==1.1.6
  more-itertools==4.1.0
-PyJWT==1.6.4
+PyJWT==2.0.1
  bcrypt==3.1.4
  python3-saml==1.4.1
  requests==2.20.0
diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py

index 8452b6432e89ab68064ab3b74f589f62b68d9779..349b1c4ee72f3bae474d5330c6c8a579eaa163f4 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/auth.py
+++ b/src/pybind/mgr/dashboard/controllers/auth.py
@@ -29,7 +29,10 @@ class Auth(RESTController):
              url_prefix = 'https' if mgr.get_localized_module_option('ssl') else 'http'
              logger.debug('Login successful')
              token = JwtManager.gen_token(username)
-            token = token.decode('utf-8')
+
+            # For backward-compatibility: PyJWT versions < 2.0.0 return bytes.
+            token = token.decode('utf-8') if isinstance(token, bytes) else token
+
              set_cookies(url_prefix, token)
              return {
                  'token': token,
diff --git a/src/pybind/mgr/dashboard/requirements.txt b/src/pybind/mgr/dashboard/requirements.txt

index 3d63ef33d30d6f404620493d0399c23db70ddeb8..9a7c71f1ee33b519ecf575d3de2b4ca9b68d395a 100644 (file)
--- a/src/pybind/mgr/dashboard/requirements.txt
+++ b/src/pybind/mgr/dashboard/requirements.txt
@@ -18,7 +18,7 @@ portend==2.2
  py==1.5.2
  pycodestyle==2.4.0
  pycparser==2.18
-PyJWT==1.6.4
+PyJWT
  pyopenssl
  pytest==3.3.2
  pytest-cov==2.5.1
diff --git a/src/pybind/mgr/dashboard/services/auth.py b/src/pybind/mgr/dashboard/services/auth.py

index 79350bbddbd253c1c5b93d77bba753922d8de9ff..239efae816b0783043539f1ecc6ff53cd14528c7 100644 (file)
--- a/src/pybind/mgr/dashboard/services/auth.py
+++ b/src/pybind/mgr/dashboard/services/auth.py
@@ -97,7 +97,7 @@ class JwtManager(object):
  
      @classmethod
      def blacklist_token(cls, token):
-        token = jwt.decode(token, verify=False)
+        token = cls.decode_token(token)
          blacklist_json = mgr.get_store(cls.JWT_TOKEN_BLACKLIST_KEY)
          if not blacklist_json:
              blacklist_json = "{}"
diff --git a/src/pybind/mgr/dashboard/tests/test_auth.py b/src/pybind/mgr/dashboard/tests/test_auth.py

new file mode 100644 (file)

index 0000000..6f1d2a0
--- /dev/null
+++ b/src/pybind/mgr/dashboard/tests/test_auth.py
@@ -0,0 +1,20 @@
+import unittest
+
+from .. import mgr
+from ..services.auth import JwtManager
+
+
+class JwtManagerTest(unittest.TestCase):
+
+    def test_generate_token_and_decode(self):
+        mgr.get_module_option.return_value = JwtManager.JWT_TOKEN_TTL
+        mgr.get_store.return_value = 'jwt_secret'
+
+        token = JwtManager.gen_token('my-username')
+        self.assertIsInstance(token, str)
+        self.assertTrue(token)
+
+        decoded_token = JwtManager.decode_token(token)
+        self.assertIsInstance(decoded_token, dict)
+        self.assertEqual(decoded_token['iss'], 'ceph-dashboard')
+        self.assertEqual(decoded_token['username'], 'my-username')
author	Alfonso Martínez <almartin@redhat.com>
	Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)
committer	Alfonso Martínez <almartin@redhat.com>
	Fri, 5 Mar 2021 07:52:59 +0000 (08:52 +0100)
qa/tasks/mgr/dashboard/test_auth.py		patch \| blob \| history
src/pybind/mgr/dashboard/constraints.txt		patch \| blob \| history
src/pybind/mgr/dashboard/controllers/auth.py		patch \| blob \| history
src/pybind/mgr/dashboard/requirements.txt		patch \| blob \| history
src/pybind/mgr/dashboard/services/auth.py		patch \| blob \| history
src/pybind/mgr/dashboard/tests/test_auth.py	[new file with mode: 0644]	patch \| blob