diff --git a/lemur/auth/service.py b/lemur/auth/service.py index d6e88ed7..a0d86887 100644 --- a/lemur/auth/service.py +++ b/lemur/auth/service.py @@ -8,11 +8,9 @@ .. moduleauthor:: Kevin Glisson """ -from __future__ import unicode_literals -from builtins import bytes +import sys import jwt import json -import base64 import binascii from functools import wraps @@ -34,19 +32,6 @@ from lemur.auth.permissions import CertificateCreatorNeed, \ AuthorityCreatorNeed, ViewRoleCredentialsNeed -def base64url_decode(data): - rem = len(data) % 4 - - if rem > 0: - data += '=' * (4 - rem) - - return base64.urlsafe_b64decode(bytes(data.encode('latin-1'))) - - -def base64url_encode(data): - return base64.urlsafe_b64encode(data).replace('=', '') - - def get_rsa_public_key(n, e): """ Retrieve an RSA public key based on a module and exponent as provided by the JWKS format. @@ -55,8 +40,13 @@ def get_rsa_public_key(n, e): :param e: :return: a RSA Public Key in PEM format """ - n = int(binascii.hexlify(base64url_decode(n)), 16) - e = int(binascii.hexlify(base64url_decode(e)), 16) + if sys.version_info >= (3, 0): + n = int(binascii.hexlify(jwt.utils.base64url_decode(bytes(n, 'utf-8'))), 16) + e = int(binascii.hexlify(jwt.utils.base64url_decode(bytes(e, 'utf-8'))), 16) + else: + n = int(binascii.hexlify(jwt.utils.base64url_decode(n)), 16) + e = int(binascii.hexlify(jwt.utils.base64url_decode(e, 'utf-8')), 16) + pub = RSAPublicNumbers(e, n).public_key(default_backend()) return pub.public_bytes( encoding=serialization.Encoding.PEM, @@ -138,13 +128,13 @@ def fetch_token_header(token): raise jwt.DecodeError('Not enough segments') try: - return json.loads(base64url_decode(header_segment)) + if sys.version_info >= (3, 0): + return json.loads(jwt.utils.base64url_decode(header_segment).decode('utf-8')) + else: + return json.loads(jwt.utils.base64url_decode(header_segment)) except TypeError as e: current_app.logger.exception(e) raise jwt.DecodeError('Invalid header padding') - except binascii.Error as e: - current_app.logger.exception(e) - raise jwt.DecodeError('Invalid header padding') @identity_loaded.connect diff --git a/lemur/auth/views.py b/lemur/auth/views.py index fe4aa505..1316810a 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -5,6 +5,7 @@ :license: Apache, see LICENSE for more details. .. moduleauthor:: Kevin Glisson """ +import sys import jwt import base64 import requests @@ -140,8 +141,14 @@ class Ping(Resource): user_api_url = current_app.config.get('PING_USER_API_URL') # the secret and cliendId will be given to you when you signup for the provider - basic = base64.b64encode('{0}:{1}'.format(args['clientId'], current_app.config.get("PING_SECRET"))) - headers = {'Authorization': 'Basic {0}'.format(basic)} + token = '{0}:{1}'.format(args['clientId'], current_app.config.get("PING_SECRET")) + + if sys.version_info >= (3, 0): + basic = base64.b64encode(bytes(token, 'utf-8')) + headers = {'authorization': 'basic {0}'.format(basic.decode('utf-8'))} + else: + basic = base64.b64encode(token, 'utf-8') + headers = {'authorization': 'basic {0}'.format(basic)} # exchange authorization code for access token. @@ -165,7 +172,10 @@ class Ping(Resource): # validate your token based on the key it was signed with try: - jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId']) + if sys.version_info >= (3, 0): + jwt.decode(id_token, secret.decode('utf-8'), algorithms=[algo], audience=args['clientId']) + else: + jwt.decode(id_token, secret, algorithms=[algo], audience=args['clientId']) except jwt.DecodeError: return dict(message='Token is invalid'), 403 except jwt.ExpiredSignatureError: