From 6c99e76c9abd18df15b30a0bf6ec630842cd64c6 Mon Sep 17 00:00:00 2001 From: Jose Plana Date: Wed, 1 May 2019 01:03:25 +0200 Subject: [PATCH 1/3] Better error management in jwks token validation --- lemur/auth/views.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lemur/auth/views.py b/lemur/auth/views.py index 7a1bb34c..3a2a8c68 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -331,8 +331,9 @@ class Ping(Resource): ) jwks_url = current_app.config.get('PING_JWKS_URL') - validate_id_token(id_token, args['clientId'], jwks_url) - + result = validate_id_token(id_token, args['clientId'], jwks_url) + if result: + return result user, profile = retrieve_user(user_api_url, access_token) roles = create_user_roles(profile) update_user(user, profile, roles) @@ -380,7 +381,9 @@ class OAuth2(Resource): ) jwks_url = current_app.config.get('PING_JWKS_URL') - validate_id_token(id_token, args['clientId'], jwks_url) + result = validate_id_token(id_token, args['clientId'], jwks_url) + if result: + return result user, profile = retrieve_user(user_api_url, access_token) roles = create_user_roles(profile) From 47595e20737420b3311c0ad3ce49d9f3a67f8555 Mon Sep 17 00:00:00 2001 From: Jose Plana Date: Wed, 1 May 2019 01:21:54 +0200 Subject: [PATCH 2/3] Enable gulp server to proxy backend --- gulp/server.js | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/gulp/server.js b/gulp/server.js index 777100f6..6c61273e 100644 --- a/gulp/server.js +++ b/gulp/server.js @@ -6,31 +6,31 @@ var browserSync = require('browser-sync'); var httpProxy = require('http-proxy'); /* This configuration allow you to configure browser sync to proxy your backend */ -/* - var proxyTarget = 'http://localhost/context/'; // The location of your backend - var proxyApiPrefix = 'api'; // The element in the URL which differentiate between API request and static file request + + var proxyTarget = 'http://localhost:8000/'; // The location of your backend + var proxyApiPrefix = '/api/'; // The element in the URL which differentiate between API request and static file request var proxy = httpProxy.createProxyServer({ - target: proxyTarget + target: proxyTarget }); function proxyMiddleware(req, res, next) { - if (req.url.indexOf(proxyApiPrefix) !== -1) { - proxy.web(req, res); - } else { - next(); + if (req.url.indexOf(proxyApiPrefix) !== -1) { + proxy.web(req, res); + } else { + next(); + } } - } - */ function browserSyncInit(baseDir, files, browser) { browser = browser === undefined ? 'default' : browser; browserSync.instance = browserSync.init(files, { startPath: '/index.html', - server: { - baseDir: baseDir, - routes: { - '/bower_components': './bower_components' - } + server: { + middleware: [proxyMiddleware], + baseDir: baseDir, + routes: { + '/bower_components': './bower_components' + } }, browser: browser, ghostMode: false From 4e6e7edf271f0ef5bf4bb22d601f5b59c1d1554d Mon Sep 17 00:00:00 2001 From: Jose Plana Date: Tue, 7 May 2019 22:53:01 +0200 Subject: [PATCH 3/3] Rename return variable for better readability --- lemur/auth/views.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lemur/auth/views.py b/lemur/auth/views.py index 1ca27bf4..87f460f3 100644 --- a/lemur/auth/views.py +++ b/lemur/auth/views.py @@ -337,9 +337,9 @@ class Ping(Resource): ) jwks_url = current_app.config.get('PING_JWKS_URL') - result = validate_id_token(id_token, args['clientId'], jwks_url) - if result: - return result + error_code = validate_id_token(id_token, args['clientId'], jwks_url) + if error_code: + return error_code user, profile = retrieve_user(user_api_url, access_token) roles = create_user_roles(profile) update_user(user, profile, roles) @@ -387,9 +387,9 @@ class OAuth2(Resource): ) jwks_url = current_app.config.get('PING_JWKS_URL') - result = validate_id_token(id_token, args['clientId'], jwks_url) - if result: - return result + error_code = validate_id_token(id_token, args['clientId'], jwks_url) + if error_code: + return error_code user, profile = retrieve_user(user_api_url, access_token) roles = create_user_roles(profile)