mgr/dashboard: fix issues related with PyJWT versions >=2.0.0

Fixes: https://tracker.ceph.com/issues/49574
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
(cherry picked from commit 4b96bb51e8f133badd7bc651bcb4dcd755b43d75)

 Conflicts:
	src/pybind/mgr/dashboard/services/auth.py
        - Addressed conflicts.

diff --git a/qa/tasks/mgr/dashboard/test_auth.py b/qa/tasks/mgr/dashboard/test_auth.py
index e1c9b8e63e62eb42aabd4271fb0784ff964d25bf..80deed97d379d706110826330a070eafeb11bba0 100644 (file)
--- a/qa/tasks/mgr/dashboard/test_auth.py
+++ b/qa/tasks/mgr/dashboard/test_auth.py
@@ -18,7 +18,7 @@ class AuthTest(DashboardTestCase):
         self.reset_session()
 
     def _validate_jwt_token(self, token, username, permissions):
-        payload = jwt.decode(token, verify=False)
+        payload = jwt.decode(token, options={'verify_signature': False})
         self.assertIn('username', payload)
         self.assertEqual(payload['username'], username)
 

diff --git a/src/pybind/mgr/dashboard/constraints.txt b/src/pybind/mgr/dashboard/constraints.txt
index 67b37078fc98205644dea73dd656c29e6ad410e8..f7a1f59d8234f8e2ef750c6cd2b757a1c429081f 100644 (file)
--- a/src/pybind/mgr/dashboard/constraints.txt
+++ b/src/pybind/mgr/dashboard/constraints.txt
@@ -1,7 +1,7 @@
 CherryPy==13.1.0
 enum34==1.1.6
 more-itertools==4.1.0
-PyJWT==1.6.4
+PyJWT==2.0.1
 bcrypt==3.1.4
 python3-saml==1.4.1
 requests==2.20.0

diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py
index d6dd12d6bda522eb8d00c56b888972269f4510ac..a657d0058e6fc26b0f384f9cca4de2802ac93e3a 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/auth.py
+++ b/src/pybind/mgr/dashboard/controllers/auth.py
@@ -41,7 +41,10 @@ class Auth(RESTController):
                 mgr.ACCESS_CTRL_DB.reset_attempt(username)
                 mgr.ACCESS_CTRL_DB.save()
                 token = JwtManager.gen_token(username)
-                token = token.decode('utf-8')
+
+                # For backward-compatibility: PyJWT versions < 2.0.0 return bytes.
+                token = token.decode('utf-8') if isinstance(token, bytes) else token
+
                 set_cookies(url_prefix, token)
                 return {
                     'token': token,

diff --git a/src/pybind/mgr/dashboard/services/auth.py b/src/pybind/mgr/dashboard/services/auth.py
index bbb8a2ecfe11c664663f3943982d383691c0c456..8e41675ef65ea9ca1a11d0853ee28f90e0b2422a 100644 (file)
--- a/src/pybind/mgr/dashboard/services/auth.py
+++ b/src/pybind/mgr/dashboard/services/auth.py
@@ -116,7 +116,7 @@ class JwtManager(object):
 
     @classmethod
     def blacklist_token(cls, token):
-        token = jwt.decode(token, verify=False)
+        token = cls.decode_token(token)
         blacklist_json = mgr.get_store(cls.JWT_TOKEN_BLACKLIST_KEY)
         if not blacklist_json:
             blacklist_json = "{}"

diff --git a/src/pybind/mgr/dashboard/tests/test_auth.py b/src/pybind/mgr/dashboard/tests/test_auth.py
new file mode 100644 (file)
index 0000000..6f1d2a0
--- /dev/null
+++ b/src/pybind/mgr/dashboard/tests/test_auth.py
@@ -0,0 +1,20 @@
+import unittest
+
+from .. import mgr
+from ..services.auth import JwtManager
+
+
+class JwtManagerTest(unittest.TestCase):
+
+    def test_generate_token_and_decode(self):
+        mgr.get_module_option.return_value = JwtManager.JWT_TOKEN_TTL
+        mgr.get_store.return_value = 'jwt_secret'
+
+        token = JwtManager.gen_token('my-username')
+        self.assertIsInstance(token, str)
+        self.assertTrue(token)
+
+        decoded_token = JwtManager.decode_token(token)
+        self.assertIsInstance(decoded_token, dict)
+        self.assertEqual(decoded_token['iss'], 'ceph-dashboard')
+        self.assertEqual(decoded_token['username'], 'my-username')