mgr/dashboard: fix issues related with PyJWT versions >=2.0.0

Fixes: https://tracker.ceph.com/issues/49574
Signed-off-by: Alfonso Martínez <almartin@redhat.com>

diff --git a/qa/tasks/mgr/dashboard/test_auth.py b/qa/tasks/mgr/dashboard/test_auth.py
index ca7a0cd82296912757a37b4ed843b4db7e9e4b80..8fc7cd1992e6dce79511411b91d1b6f9fafb479f 100644 (file)
--- a/qa/tasks/mgr/dashboard/test_auth.py
+++ b/qa/tasks/mgr/dashboard/test_auth.py
@@ -20,7 +20,7 @@ class AuthTest(DashboardTestCase):
         self.reset_session()
 
     def _validate_jwt_token(self, token, username, permissions):
-        payload = jwt.decode(token, verify=False)
+        payload = jwt.decode(token, options={'verify_signature': False})
         self.assertIn('username', payload)
         self.assertEqual(payload['username'], username)
 

diff --git a/src/pybind/mgr/dashboard/constraints.txt b/src/pybind/mgr/dashboard/constraints.txt
index 8284ec737efd7da71c7a901b2225be014c6ecbad..bd5ec4a0a729a3df24880113d6a56406404b2453 100644 (file)
--- a/src/pybind/mgr/dashboard/constraints.txt
+++ b/src/pybind/mgr/dashboard/constraints.txt
@@ -1,6 +1,6 @@
 CherryPy==13.1.0
 more-itertools==4.1.0
-PyJWT==1.6.4
+PyJWT==2.0.1
 bcrypt==3.1.4
 python3-saml==1.4.1
 requests==2.25.1

diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py
index cd50006e28d463446511fadb96d8574696f54ac9..03408572fffc6d8cae0ab1c189378b65a5c99b75 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/auth.py
+++ b/src/pybind/mgr/dashboard/controllers/auth.py
@@ -52,7 +52,10 @@ class Auth(RESTController):
                 mgr.ACCESS_CTRL_DB.reset_attempt(username)
                 mgr.ACCESS_CTRL_DB.save()
                 token = JwtManager.gen_token(username)
-                token = token.decode('utf-8')
+
+                # For backward-compatibility: PyJWT versions < 2.0.0 return bytes.
+                token = token.decode('utf-8') if isinstance(token, bytes) else token
+
                 set_cookies(url_prefix, token)
                 return {
                     'token': token,

diff --git a/src/pybind/mgr/dashboard/services/auth.py b/src/pybind/mgr/dashboard/services/auth.py
index a3f165430014bfd96a700e657583a4d6cd0bff19..55436afb6ad34f910520a806f12a66e204b38737 100644 (file)
--- a/src/pybind/mgr/dashboard/services/auth.py
+++ b/src/pybind/mgr/dashboard/services/auth.py
@@ -123,7 +123,7 @@ class JwtManager(object):
 
     @classmethod
     def blocklist_token(cls, token):
-        token = jwt.decode(token, verify=False)
+        token = cls.decode_token(token)
         blocklist_json = mgr.get_store(cls.JWT_TOKEN_BLOCKLIST_KEY)
         if not blocklist_json:
             blocklist_json = "{}"

diff --git a/src/pybind/mgr/dashboard/tests/test_auth.py b/src/pybind/mgr/dashboard/tests/test_auth.py
new file mode 100644 (file)
index 0000000..6f1d2a0
--- /dev/null
+++ b/src/pybind/mgr/dashboard/tests/test_auth.py
@@ -0,0 +1,20 @@
+import unittest
+
+from .. import mgr
+from ..services.auth import JwtManager
+
+
+class JwtManagerTest(unittest.TestCase):
+
+    def test_generate_token_and_decode(self):
+        mgr.get_module_option.return_value = JwtManager.JWT_TOKEN_TTL
+        mgr.get_store.return_value = 'jwt_secret'
+
+        token = JwtManager.gen_token('my-username')
+        self.assertIsInstance(token, str)
+        self.assertTrue(token)
+
+        decoded_token = JwtManager.decode_token(token)
+        self.assertIsInstance(decoded_token, dict)
+        self.assertEqual(decoded_token['iss'], 'ceph-dashboard')
+        self.assertEqual(decoded_token['username'], 'my-username')