diff --git a/gns3server/services/authentication.py b/gns3server/services/authentication.py index e9f7782c..77eadfc4 100644 --- a/gns3server/services/authentication.py +++ b/gns3server/services/authentication.py @@ -23,7 +23,6 @@ from passlib.context import CryptContext from typing import Optional from fastapi import HTTPException, status from gns3server.schemas.tokens import TokenData -from gns3server.controller.controller_error import ControllerError from gns3server.config import Config from pydantic import ValidationError @@ -32,6 +31,8 @@ log = logging.getLogger(__name__) pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") +DEFAULT_JWT_SECRET_KEY = "efd08eccec3bd0a1be2e086670e5efa90969c68d07e072d7354a76cea5e33d4e" + class AuthService: @@ -75,7 +76,8 @@ class AuthService: if secret_key is None: secret_key = self._server_config.get("jwt_secret_key", None) if secret_key is None: - raise ControllerError("No JWT secret key has been configured") + secret_key = DEFAULT_JWT_SECRET_KEY + log.error("A JWT secret key must be configured to secure the server, using default key...") algorithm = self._server_config.get("jwt_algorithm", "HS256") encoded_jwt = jwt.encode(to_encode, secret_key, algorithm=algorithm) return encoded_jwt @@ -91,7 +93,8 @@ class AuthService: if secret_key is None: secret_key = self._server_config.get("jwt_secret_key", None) if secret_key is None: - raise ControllerError("No JWT secret key has been configured") + secret_key = DEFAULT_JWT_SECRET_KEY + log.error("A JWT secret key must be configured to secure the server, using default key...") algorithm = self._server_config.get("jwt_algorithm", "HS256") payload = jwt.decode(token, secret_key, algorithms=[algorithm]) username: str = payload.get("sub") diff --git a/tests/api/routes/controller/test_users.py b/tests/api/routes/controller/test_users.py index faa65393..b8e6caca 100644 --- a/tests/api/routes/controller/test_users.py +++ b/tests/api/routes/controller/test_users.py @@ -25,6 +25,7 @@ from jose import jwt from sqlalchemy.ext.asyncio import AsyncSession from gns3server.db.repositories.users import UsersRepository from gns3server.services import auth_service +from gns3server.services.authentication import DEFAULT_JWT_SECRET_KEY from gns3server.config import Config from gns3server.schemas.users import User @@ -129,18 +130,16 @@ class TestAuthTokens: test_user: User ) -> None: - secret_key = auth_service._server_config.get("jwt_secret_key") token = auth_service.create_access_token(test_user.username) - payload = jwt.decode(token, secret_key, algorithms=["HS256"]) + payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"]) username = payload.get("sub") assert username == test_user.username async def test_token_missing_user_is_invalid(self, app: FastAPI, client: AsyncClient, config: Config) -> None: - secret_key = auth_service._server_config.get("jwt_secret_key") token = auth_service.create_access_token(None) with pytest.raises(jwt.JWTError): - jwt.decode(token, secret_key, algorithms=["HS256"]) + jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"]) async def test_can_retrieve_username_from_token( self, @@ -198,9 +197,8 @@ class TestUserLogin: assert res.status_code == status.HTTP_200_OK # check that token exists in response and has user encoded within it - secret_key = auth_service._server_config.get("jwt_secret_key") token = res.json().get("access_token") - payload = jwt.decode(token, secret_key, algorithms=["HS256"]) + payload = jwt.decode(token, DEFAULT_JWT_SECRET_KEY, algorithms=["HS256"]) assert "sub" in payload username = payload.get("sub") assert username == test_user.username diff --git a/tests/conftest.py b/tests/conftest.py index c41998dc..808a3cf1 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -39,6 +39,7 @@ if sys.platform.startswith("win") and sys.version_info < (3, 8): yield loop asyncio.set_event_loop(None) + # https://github.com/pytest-dev/pytest-asyncio/issues/68 # this event_loop is used by pytest-asyncio, and redefining it # is currently the only way of changing the scope of this fixture