summaryrefslogtreecommitdiff
path: root/auth-server-poc
diff options
context:
space:
mode:
Diffstat (limited to 'auth-server-poc')
-rw-r--r--auth-server-poc/.gitignore104
-rw-r--r--auth-server-poc/Dockerfile29
-rw-r--r--auth-server-poc/LICENSE25
-rw-r--r--auth-server-poc/README.md19
-rw-r--r--auth-server-poc/config/nginx.conf23
-rw-r--r--auth-server-poc/config/nginx_app.conf17
-rw-r--r--auth-server-poc/config/supervisord_app.conf15
-rw-r--r--auth-server-poc/config/uwsgi.ini13
-rw-r--r--auth-server-poc/docker-compose.yml11
-rwxr-xr-xauth-server-poc/gen-jwt-cert.sh8
-rw-r--r--auth-server-poc/requirements.txt284
-rwxr-xr-xauth-server-poc/setup.sh50
-rw-r--r--auth-server-poc/src/app.py54
-rwxr-xr-xauth-server-poc/src/authn.py97
-rw-r--r--auth-server-poc/userdb.yaml29
15 files changed, 0 insertions, 778 deletions
diff --git a/auth-server-poc/.gitignore b/auth-server-poc/.gitignore
deleted file mode 100644
index 894a44c..0000000
--- a/auth-server-poc/.gitignore
+++ /dev/null
@@ -1,104 +0,0 @@
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-# Usually these files are written by a python script from a template
-# before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-.hypothesis/
-.pytest_cache/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# pyenv
-.python-version
-
-# celery beat schedule file
-celerybeat-schedule
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
diff --git a/auth-server-poc/Dockerfile b/auth-server-poc/Dockerfile
deleted file mode 100644
index b3344d2..0000000
--- a/auth-server-poc/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-FROM debian:bullseye-20221024-slim@sha256:76cdda8fe5eb597ef5e712e4c9a9f5f1fb119e69f353daaa7bd6d0f6e66e541d
-# FROM debian:buster
-
-RUN mkdir /opt/auth-server-poc
-COPY requirements.txt setup.sh /opt/auth-server-poc/
-RUN /opt/auth-server-poc/setup.sh
-
-# Prepare for supervisord, uwsgi, ngninx
-COPY config/uwsgi.ini /opt/auth-server-poc/
-#COPY config/.htpasswd /opt/auth-server-poc/.htpasswd
-COPY config/supervisord_app.conf /etc/supervisor/supervisord.conf
-COPY config/nginx_app.conf /etc/nginx/sites-available/
-COPY config/nginx.conf /etc/nginx/
-
-# Give nginx some special treatment
-RUN unlink /etc/nginx/sites-enabled/default
-RUN ln -s /etc/nginx/sites-available/nginx_app.conf /etc/nginx/sites-enabled/default
-RUN chown www-data:www-data /var/log/nginx
-RUN chown -R www-data:www-data /var/log/nginx/
-RUN chown -R www-data:www-data /var/lib/nginx
-RUN chown www-data:www-data /var/lib/nginx/
-RUN chown www-data:www-data /opt/auth-server-poc
-
-# Expose HTTP
-EXPOSE 80
-
-COPY ./ /opt/auth-server-poc/
-
-ENTRYPOINT supervisord -c /etc/supervisor/supervisord.conf
diff --git a/auth-server-poc/LICENSE b/auth-server-poc/LICENSE
deleted file mode 100644
index 8aad690..0000000
--- a/auth-server-poc/LICENSE
+++ /dev/null
@@ -1,25 +0,0 @@
-BSD 2-Clause License
-
-Copyright (c) 2019, SUNET
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
- list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/auth-server-poc/README.md b/auth-server-poc/README.md
deleted file mode 100644
index 37029c3..0000000
--- a/auth-server-poc/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
-# auth-server-poc
-
-This is a modified version of [SUNET/auth-server-poc](https://github.com/SUNET/auth-server-poc). More detailed information is available in the original README at this URL.
-
-```
-Start container:
-$ docker-compose up
-
-Generate JWT cert:
-$ docker exec auth-server-poc /opt/auth-server-poc/gen-jwt-cert.sh
-
-Create user accounts:
-(note that the -c flag is used to create the .htpasswd file and should only be used the first time)
-$ docker exec auth-server-poc htpasswd -c /opt/auth-server-poc/userdb/.htpasswd indy
-$ docker exec auth-server-poc htpasswd /opt/auth-server-poc/userdb/.htpasswd bob
-
-Get a token:
-$ curl http://localhost:8000/api/v1.0/auth -X POST -p -u indy
-```
diff --git a/auth-server-poc/config/nginx.conf b/auth-server-poc/config/nginx.conf
deleted file mode 100644
index 6b17bd0..0000000
--- a/auth-server-poc/config/nginx.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /tmp/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
- worker_connections 768;
-}
-
-http {
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- gzip on;
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-}
diff --git a/auth-server-poc/config/nginx_app.conf b/auth-server-poc/config/nginx_app.conf
deleted file mode 100644
index 7b1e6f9..0000000
--- a/auth-server-poc/config/nginx_app.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-server {
- listen 80;
- server_name auth-server-poc;
- client_max_body_size 200M;
-
- location / {
- limit_except OPTIONS {
- auth_basic "auth-server-poc static auth";
- auth_basic_user_file "/opt/auth-server-poc/userdb/.htpasswd";
- }
- uwsgi_pass unix:///tmp/uwsgi.sock;
- default_type application/json;
- include uwsgi_params;
- uwsgi_param REMOTE_USER $remote_user;
- uwsgi_param AUTH_TYPE Basic;
- }
-}
diff --git a/auth-server-poc/config/supervisord_app.conf b/auth-server-poc/config/supervisord_app.conf
deleted file mode 100644
index 3a03f32..0000000
--- a/auth-server-poc/config/supervisord_app.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-[supervisord]
-nodaemon=true
-user=www-data
-logfile=/tmp/supervisord.log
-loglevel=debug
-pidfile=/tmp/supervisord.pid
-childlogdir=/tmp
-
-[program:uwsgi]
-command = /usr/local/bin/uwsgi --ini /opt/auth-server-poc/uwsgi.ini
-autorestart=true
-
-[program:nginx]
-command=/usr/sbin/nginx -g "daemon off;"
-autorestart=true
diff --git a/auth-server-poc/config/uwsgi.ini b/auth-server-poc/config/uwsgi.ini
deleted file mode 100644
index 492b30c..0000000
--- a/auth-server-poc/config/uwsgi.ini
+++ /dev/null
@@ -1,13 +0,0 @@
-[uwsgi]
-uid=www-data
-gid=www-data
-chdir = /opt/auth-server-poc/src/
-callable = app
-module = app
-socket = /tmp/uwsgi.sock
-master = true
-# uwsgi websockets only allow max 1 process?
-processes = 1
-chmod-socket = 666
-enable-threads = true
-virtualenv = /opt/auth-server-poc
diff --git a/auth-server-poc/docker-compose.yml b/auth-server-poc/docker-compose.yml
deleted file mode 100644
index b73532c..0000000
--- a/auth-server-poc/docker-compose.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-version: '3.7'
-services:
- auth-server-poc:
- build: .
- ports:
- - 8000:80
- volumes:
- - ${DOCKER_JWT_PUBKEY_PATH}:/opt/auth-server-poc/cert/
- - ${DOCKER_JWT_HTPASSWD_PATH}:/opt/auth-server-poc/userdb/
- container_name: auth-server-poc
diff --git a/auth-server-poc/gen-jwt-cert.sh b/auth-server-poc/gen-jwt-cert.sh
deleted file mode 100755
index 8b23990..0000000
--- a/auth-server-poc/gen-jwt-cert.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-cd /opt/auth-server-poc/cert/
-openssl ecparam -genkey -name prime256v1 -noout -out private.pem
-openssl ec -in private.pem -pubout -out public.pem
-chgrp www-data private.pem
-chmod g+r private.pem
-killall uwsgi
diff --git a/auth-server-poc/requirements.txt b/auth-server-poc/requirements.txt
deleted file mode 100644
index fc8fc53..0000000
--- a/auth-server-poc/requirements.txt
+++ /dev/null
@@ -1,284 +0,0 @@
-#
-# This file is autogenerated by pip-compile with python 3.7
-# To update, run:
-#
-# pip-compile --generate-hashes requirements.txt
-#
-aniso8601==9.0.1 \
- --hash=sha256:1d2b7ef82963909e93c4f24ce48d4de9e66009a21bf1c1e1c85bdd0812fe412f \
- --hash=sha256:72e3117667eedf66951bb2d93f4296a56b94b078a8a95905a052611fb3f1b973
- # via
- # -r requirements.txt
- # flask-restful
-cffi==1.15.0 \
- --hash=sha256:00c878c90cb53ccfaae6b8bc18ad05d2036553e6d9d1d9dbcf323bbe83854ca3 \
- --hash=sha256:0104fb5ae2391d46a4cb082abdd5c69ea4eab79d8d44eaaf79f1b1fd806ee4c2 \
- --hash=sha256:06c48159c1abed75c2e721b1715c379fa3200c7784271b3c46df01383b593636 \
- --hash=sha256:0808014eb713677ec1292301ea4c81ad277b6cdf2fdd90fd540af98c0b101d20 \
- --hash=sha256:10dffb601ccfb65262a27233ac273d552ddc4d8ae1bf93b21c94b8511bffe728 \
- --hash=sha256:14cd121ea63ecdae71efa69c15c5543a4b5fbcd0bbe2aad864baca0063cecf27 \
- --hash=sha256:17771976e82e9f94976180f76468546834d22a7cc404b17c22df2a2c81db0c66 \
- --hash=sha256:181dee03b1170ff1969489acf1c26533710231c58f95534e3edac87fff06c443 \
- --hash=sha256:23cfe892bd5dd8941608f93348c0737e369e51c100d03718f108bf1add7bd6d0 \
- --hash=sha256:263cc3d821c4ab2213cbe8cd8b355a7f72a8324577dc865ef98487c1aeee2bc7 \
- --hash=sha256:2756c88cbb94231c7a147402476be2c4df2f6078099a6f4a480d239a8817ae39 \
- --hash=sha256:27c219baf94952ae9d50ec19651a687b826792055353d07648a5695413e0c605 \
- --hash=sha256:2a23af14f408d53d5e6cd4e3d9a24ff9e05906ad574822a10563efcef137979a \
- --hash=sha256:31fb708d9d7c3f49a60f04cf5b119aeefe5644daba1cd2a0fe389b674fd1de37 \
- --hash=sha256:3415c89f9204ee60cd09b235810be700e993e343a408693e80ce7f6a40108029 \
- --hash=sha256:3773c4d81e6e818df2efbc7dd77325ca0dcb688116050fb2b3011218eda36139 \
- --hash=sha256:3b96a311ac60a3f6be21d2572e46ce67f09abcf4d09344c49274eb9e0bf345fc \
- --hash=sha256:3f7d084648d77af029acb79a0ff49a0ad7e9d09057a9bf46596dac9514dc07df \
- --hash=sha256:41d45de54cd277a7878919867c0f08b0cf817605e4eb94093e7516505d3c8d14 \
- --hash=sha256:4238e6dab5d6a8ba812de994bbb0a79bddbdf80994e4ce802b6f6f3142fcc880 \
- --hash=sha256:45db3a33139e9c8f7c09234b5784a5e33d31fd6907800b316decad50af323ff2 \
- --hash=sha256:45e8636704eacc432a206ac7345a5d3d2c62d95a507ec70d62f23cd91770482a \
- --hash=sha256:4958391dbd6249d7ad855b9ca88fae690783a6be9e86df65865058ed81fc860e \
- --hash=sha256:4a306fa632e8f0928956a41fa8e1d6243c71e7eb59ffbd165fc0b41e316b2474 \
- --hash=sha256:57e9ac9ccc3101fac9d6014fba037473e4358ef4e89f8e181f8951a2c0162024 \
- --hash=sha256:59888172256cac5629e60e72e86598027aca6bf01fa2465bdb676d37636573e8 \
- --hash=sha256:5e069f72d497312b24fcc02073d70cb989045d1c91cbd53979366077959933e0 \
- --hash=sha256:64d4ec9f448dfe041705426000cc13e34e6e5bb13736e9fd62e34a0b0c41566e \
- --hash=sha256:6dc2737a3674b3e344847c8686cf29e500584ccad76204efea14f451d4cc669a \
- --hash=sha256:74fdfdbfdc48d3f47148976f49fab3251e550a8720bebc99bf1483f5bfb5db3e \
- --hash=sha256:75e4024375654472cc27e91cbe9eaa08567f7fbdf822638be2814ce059f58032 \
- --hash=sha256:786902fb9ba7433aae840e0ed609f45c7bcd4e225ebb9c753aa39725bb3e6ad6 \
- --hash=sha256:8b6c2ea03845c9f501ed1313e78de148cd3f6cad741a75d43a29b43da27f2e1e \
- --hash=sha256:91d77d2a782be4274da750752bb1650a97bfd8f291022b379bb8e01c66b4e96b \
- --hash=sha256:91ec59c33514b7c7559a6acda53bbfe1b283949c34fe7440bcf917f96ac0723e \
- --hash=sha256:920f0d66a896c2d99f0adbb391f990a84091179542c205fa53ce5787aff87954 \
- --hash=sha256:a5263e363c27b653a90078143adb3d076c1a748ec9ecc78ea2fb916f9b861962 \
- --hash=sha256:abb9a20a72ac4e0fdb50dae135ba5e77880518e742077ced47eb1499e29a443c \
- --hash=sha256:c2051981a968d7de9dd2d7b87bcb9c939c74a34626a6e2f8181455dd49ed69e4 \
- --hash=sha256:c21c9e3896c23007803a875460fb786118f0cdd4434359577ea25eb556e34c55 \
- --hash=sha256:c2502a1a03b6312837279c8c1bd3ebedf6c12c4228ddbad40912d671ccc8a962 \
- --hash=sha256:d4d692a89c5cf08a8557fdeb329b82e7bf609aadfaed6c0d79f5a449a3c7c023 \
- --hash=sha256:da5db4e883f1ce37f55c667e5c0de439df76ac4cb55964655906306918e7363c \
- --hash=sha256:e7022a66d9b55e93e1a845d8c9eba2a1bebd4966cd8bfc25d9cd07d515b33fa6 \
- --hash=sha256:ef1f279350da2c586a69d32fc8733092fd32cc8ac95139a00377841f59a3f8d8 \
- --hash=sha256:f54a64f8b0c8ff0b64d18aa76675262e1700f3995182267998c31ae974fbc382 \
- --hash=sha256:f5c7150ad32ba43a07c4479f40241756145a1f03b43480e058cfd862bf5041c7 \
- --hash=sha256:f6f824dc3bce0edab5f427efcfb1d63ee75b6fcb7282900ccaf925be84efb0fc \
- --hash=sha256:fd8a250edc26254fe5b33be00402e6d287f562b6a5b2152dec302fa15bb3e997 \
- --hash=sha256:ffaa5c925128e29efbde7301d8ecaf35c8c60ffbcd6a1ffd3a552177c8e5e796
- # via
- # -r requirements.txt
- # cryptography
-click==8.0.3 \
- --hash=sha256:353f466495adaeb40b6b5f592f9f91cb22372351c84caeb068132442a4518ef3 \
- --hash=sha256:410e932b050f5eed773c4cda94de75971c89cdb3155a72a0831139a79e5ecb5b
- # via
- # -r requirements.txt
- # flask
-cryptography==35.0.0 \
- --hash=sha256:07bb7fbfb5de0980590ddfc7f13081520def06dc9ed214000ad4372fb4e3c7f6 \
- --hash=sha256:18d90f4711bf63e2fb21e8c8e51ed8189438e6b35a6d996201ebd98a26abbbe6 \
- --hash=sha256:1ed82abf16df40a60942a8c211251ae72858b25b7421ce2497c2eb7a1cee817c \
- --hash=sha256:22a38e96118a4ce3b97509443feace1d1011d0571fae81fc3ad35f25ba3ea999 \
- --hash=sha256:2d69645f535f4b2c722cfb07a8eab916265545b3475fdb34e0be2f4ee8b0b15e \
- --hash=sha256:4a2d0e0acc20ede0f06ef7aa58546eee96d2592c00f450c9acb89c5879b61992 \
- --hash=sha256:54b2605e5475944e2213258e0ab8696f4f357a31371e538ef21e8d61c843c28d \
- --hash=sha256:7075b304cd567694dc692ffc9747f3e9cb393cc4aa4fb7b9f3abd6f5c4e43588 \
- --hash=sha256:7b7ceeff114c31f285528ba8b390d3e9cfa2da17b56f11d366769a807f17cbaa \
- --hash=sha256:7eba2cebca600a7806b893cb1d541a6e910afa87e97acf2021a22b32da1df52d \
- --hash=sha256:928185a6d1ccdb816e883f56ebe92e975a262d31cc536429041921f8cb5a62fd \
- --hash=sha256:9933f28f70d0517686bd7de36166dda42094eac49415459d9bdf5e7df3e0086d \
- --hash=sha256:a688ebcd08250eab5bb5bca318cc05a8c66de5e4171a65ca51db6bd753ff8953 \
- --hash=sha256:abb5a361d2585bb95012a19ed9b2c8f412c5d723a9836418fab7aaa0243e67d2 \
- --hash=sha256:c10c797ac89c746e488d2ee92bd4abd593615694ee17b2500578b63cad6b93a8 \
- --hash=sha256:ced40344e811d6abba00295ced98c01aecf0c2de39481792d87af4fa58b7b4d6 \
- --hash=sha256:d57e0cdc1b44b6cdf8af1d01807db06886f10177469312fbde8f44ccbb284bc9 \
- --hash=sha256:d99915d6ab265c22873f1b4d6ea5ef462ef797b4140be4c9d8b179915e0985c6 \
- --hash=sha256:eb80e8a1f91e4b7ef8b33041591e6d89b2b8e122d787e87eeb2b08da71bb16ad \
- --hash=sha256:ebeddd119f526bcf323a89f853afb12e225902a24d29b55fe18dd6fcb2838a76
- # via -r requirements.txt
-flask==2.0.2 \
- --hash=sha256:7b2fb8e934ddd50731893bdcdb00fc8c0315916f9fcd50d22c7cc1a95ab634e2 \
- --hash=sha256:cb90f62f1d8e4dc4621f52106613488b5ba826b2e1e10a33eac92f723093ab6a
- # via
- # -r requirements.txt
- # flask-cors
- # flask-jwt-extended
- # flask-restful
-flask-cors==3.0.10 \
- --hash=sha256:74efc975af1194fc7891ff5cd85b0f7478be4f7f59fe158102e91abb72bb4438 \
- --hash=sha256:b60839393f3b84a0f3746f6cdca56c1ad7426aa738b70d6c61375857823181de
- # via -r requirements.txt
-flask-jwt-extended==4.3.1 \
- --hash=sha256:ad6977b07c54e51c13b5981afc246868b9901a46715d9b9827898bfd916aae88 \
- --hash=sha256:c82c9e505bc96f4a5186de31c05262dbcde6fa10581e9aa46df8f99ca04be2c3
- # via -r requirements.txt
-flask-restful==0.3.9 \
- --hash=sha256:4970c49b6488e46c520b325f54833374dc2b98e211f1b272bd4b0c516232afe2 \
- --hash=sha256:ccec650b835d48192138c85329ae03735e6ced58e9b2d9c2146d6c84c06fa53e
- # via -r requirements.txt
-importlib-metadata==4.8.2 \
- --hash=sha256:53ccfd5c134223e497627b9815d5030edf77d2ed573922f7a0b8f8bb81a1c100 \
- --hash=sha256:75bdec14c397f528724c1bfd9709d660b33a4d2e77387a3358f20b848bb5e5fb
- # via
- # -r requirements.txt
- # click
-itsdangerous==2.0.1 \
- --hash=sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c \
- --hash=sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0
- # via
- # -r requirements.txt
- # flask
-jinja2==3.0.3 \
- --hash=sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8 \
- --hash=sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7
- # via
- # -r requirements.txt
- # flask
-markupsafe==2.0.1 \
- --hash=sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298 \
- --hash=sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64 \
- --hash=sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b \
- --hash=sha256:04635854b943835a6ea959e948d19dcd311762c5c0c6e1f0e16ee57022669194 \
- --hash=sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567 \
- --hash=sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff \
- --hash=sha256:0d4b31cc67ab36e3392bbf3862cfbadac3db12bdd8b02a2731f509ed5b829724 \
- --hash=sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74 \
- --hash=sha256:168cd0a3642de83558a5153c8bd34f175a9a6e7f6dc6384b9655d2697312a646 \
- --hash=sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35 \
- --hash=sha256:1f2ade76b9903f39aa442b4aadd2177decb66525062db244b35d71d0ee8599b6 \
- --hash=sha256:20dca64a3ef2d6e4d5d615a3fd418ad3bde77a47ec8a23d984a12b5b4c74491a \
- --hash=sha256:2a7d351cbd8cfeb19ca00de495e224dea7e7d919659c2841bbb7f420ad03e2d6 \
- --hash=sha256:2d7d807855b419fc2ed3e631034685db6079889a1f01d5d9dac950f764da3dad \
- --hash=sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26 \
- --hash=sha256:36bc903cbb393720fad60fc28c10de6acf10dc6cc883f3e24ee4012371399a38 \
- --hash=sha256:37205cac2a79194e3750b0af2a5720d95f786a55ce7df90c3af697bfa100eaac \
- --hash=sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7 \
- --hash=sha256:3dd007d54ee88b46be476e293f48c85048603f5f516008bee124ddd891398ed6 \
- --hash=sha256:4296f2b1ce8c86a6aea78613c34bb1a672ea0e3de9c6ba08a960efe0b0a09047 \
- --hash=sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75 \
- --hash=sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f \
- --hash=sha256:4dc8f9fb58f7364b63fd9f85013b780ef83c11857ae79f2feda41e270468dd9b \
- --hash=sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135 \
- --hash=sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8 \
- --hash=sha256:5855f8438a7d1d458206a2466bf82b0f104a3724bf96a1c781ab731e4201731a \
- --hash=sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a \
- --hash=sha256:5b6d930f030f8ed98e3e6c98ffa0652bdb82601e7a016ec2ab5d7ff23baa78d1 \
- --hash=sha256:5bb28c636d87e840583ee3adeb78172efc47c8b26127267f54a9c0ec251d41a9 \
- --hash=sha256:60bf42e36abfaf9aff1f50f52644b336d4f0a3fd6d8a60ca0d054ac9f713a864 \
- --hash=sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914 \
- --hash=sha256:6300b8454aa6930a24b9618fbb54b5a68135092bc666f7b06901f897fa5c2fee \
- --hash=sha256:63f3268ba69ace99cab4e3e3b5840b03340efed0948ab8f78d2fd87ee5442a4f \
- --hash=sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18 \
- --hash=sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8 \
- --hash=sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2 \
- --hash=sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d \
- --hash=sha256:6fcf051089389abe060c9cd7caa212c707e58153afa2c649f00346ce6d260f1b \
- --hash=sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b \
- --hash=sha256:89c687013cb1cd489a0f0ac24febe8c7a666e6e221b783e53ac50ebf68e45d86 \
- --hash=sha256:8d206346619592c6200148b01a2142798c989edcb9c896f9ac9722a99d4e77e6 \
- --hash=sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f \
- --hash=sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb \
- --hash=sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833 \
- --hash=sha256:99df47edb6bda1249d3e80fdabb1dab8c08ef3975f69aed437cb69d0a5de1e28 \
- --hash=sha256:9f02365d4e99430a12647f09b6cc8bab61a6564363f313126f775eb4f6ef798e \
- --hash=sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415 \
- --hash=sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902 \
- --hash=sha256:aca6377c0cb8a8253e493c6b451565ac77e98c2951c45f913e0b52facdcff83f \
- --hash=sha256:add36cb2dbb8b736611303cd3bfcee00afd96471b09cda130da3581cbdc56a6d \
- --hash=sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9 \
- --hash=sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d \
- --hash=sha256:baa1a4e8f868845af802979fcdbf0bb11f94f1cb7ced4c4b8a351bb60d108145 \
- --hash=sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066 \
- --hash=sha256:bf5d821ffabf0ef3533c39c518f3357b171a1651c1ff6827325e4489b0e46c3c \
- --hash=sha256:c47adbc92fc1bb2b3274c4b3a43ae0e4573d9fbff4f54cd484555edbf030baf1 \
- --hash=sha256:cdfba22ea2f0029c9261a4bd07e830a8da012291fbe44dc794e488b6c9bb353a \
- --hash=sha256:d6c7ebd4e944c85e2c3421e612a7057a2f48d478d79e61800d81468a8d842207 \
- --hash=sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f \
- --hash=sha256:d8446c54dc28c01e5a2dbac5a25f071f6653e6e40f3a8818e8b45d790fe6ef53 \
- --hash=sha256:deb993cacb280823246a026e3b2d81c493c53de6acfd5e6bfe31ab3402bb37dd \
- --hash=sha256:e0f138900af21926a02425cf736db95be9f4af72ba1bb21453432a07f6082134 \
- --hash=sha256:e9936f0b261d4df76ad22f8fee3ae83b60d7c3e871292cd42f40b81b70afae85 \
- --hash=sha256:f0567c4dc99f264f49fe27da5f735f414c4e7e7dd850cfd8e69f0862d7c74ea9 \
- --hash=sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5 \
- --hash=sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94 \
- --hash=sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509 \
- --hash=sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51 \
- --hash=sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872
- # via
- # -r requirements.txt
- # jinja2
-pycparser==2.21 \
- --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
- --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
- # via
- # -r requirements.txt
- # cffi
-pyjwt==2.3.0 \
- --hash=sha256:b888b4d56f06f6dcd777210c334e69c737be74755d3e5e9ee3fe67dc18a0ee41 \
- --hash=sha256:e0c4bb8d9f0af0c7f5b1ec4c5036309617d03d56932877f2f7a0beeb5318322f
- # via
- # -r requirements.txt
- # flask-jwt-extended
-pytz==2021.3 \
- --hash=sha256:3672058bc3453457b622aab7a1c3bfd5ab0bdae451512f6cf25f64ed37f5b87c \
- --hash=sha256:acad2d8b20a1af07d4e4c9d2e9285c5ed9104354062f275f3fcd88dcef4f1326
- # via
- # -r requirements.txt
- # flask-restful
-six==1.16.0 \
- --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
- --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
- # via
- # -r requirements.txt
- # flask-cors
- # flask-restful
-typing-extensions==3.10.0.2 \
- --hash=sha256:49f75d16ff11f1cd258e1b988ccff82a3ca5570217d7ad8c5f48205dd99a677e \
- --hash=sha256:d8226d10bc02a29bcc81df19a26e56a9647f8b0a6d4a83924139f4a8b01f17b7 \
- --hash=sha256:f1d25edafde516b146ecd0613dabcc61409817af4766fbbcfb8d1ad4ec441a34
- # via
- # -r requirements.txt
- # importlib-metadata
-werkzeug==2.0.2 \
- --hash=sha256:63d3dc1cf60e7b7e35e97fa9861f7397283b75d765afcaefd993d6046899de8f \
- --hash=sha256:aa2bb6fc8dee8d6c504c0ac1e7f5f7dc5810a9903e793b6f715a9f015bdadb9a
- # via
- # -r requirements.txt
- # flask
- # flask-jwt-extended
-zipp==3.6.0 \
- --hash=sha256:71c644c5369f4a6e07636f0aa966270449561fcea2e3d6747b8d23efaa9d7832 \
- --hash=sha256:9fe5ea21568a0a70e50f273397638d39b03353731e6cbbb3fd8502a33fec40bc
- # via
- # -r requirements.txt
- # importlib-metadata
-pyyaml==6.0 \
- --hash=sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293 \
- --hash=sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b \
- --hash=sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57 \
- --hash=sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b \
- --hash=sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4 \
- --hash=sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07 \
- --hash=sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba \
- --hash=sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9 \
- --hash=sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287 \
- --hash=sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513 \
- --hash=sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0 \
- --hash=sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0 \
- --hash=sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92 \
- --hash=sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f \
- --hash=sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2 \
- --hash=sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc \
- --hash=sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c \
- --hash=sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86 \
- --hash=sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4 \
- --hash=sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c \
- --hash=sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34 \
- --hash=sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b \
- --hash=sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c \
- --hash=sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb \
- --hash=sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737 \
- --hash=sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3 \
- --hash=sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d \
- --hash=sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53 \
- --hash=sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78 \
- --hash=sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803 \
- --hash=sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a \
- --hash=sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174 \
- --hash=sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5
diff --git a/auth-server-poc/setup.sh b/auth-server-poc/setup.sh
deleted file mode 100755
index 77aee9a..0000000
--- a/auth-server-poc/setup.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-
-set -e
-set -x
-
-export DEBIAN_FRONTEND noninteractive
-
-# /bin/sed -i s/deb.debian.org/ftp.se.debian.org/g /etc/apt/sources.list
-
-apt-get update && \
- apt-get -y dist-upgrade && \
- apt-get install -y \
- git \
- python3-venv \
- python3-pip \
- python3-yaml \
- iputils-ping \
- procps \
- bind9-host \
- netcat-openbsd \
- net-tools \
- curl \
- netcat \
- nginx \
- supervisor \
- libssl-dev \
- apache2-utils \
- && apt-get clean
-
-pip3 install uwsgi
-
-# Start venv
-python3 -m venv /opt/auth-server-poc
-cd /opt/auth-server-poc
-source bin/activate
-
-/opt/auth-server-poc/bin/pip install -U pip
-
-python3 -m pip install -r requirements.txt
-
-# Temporary for testing new branch
-#cd /opt/cnaas/venv/cnaas-nms/
-#git remote update
-#git fetch
-#git checkout --track origin/feature.websocket
-#python3 -m pip install -r requirements.txt
-
-#rm -rf /var/lib/apt/lists/*
-
-
diff --git a/auth-server-poc/src/app.py b/auth-server-poc/src/app.py
deleted file mode 100644
index 37a7030..0000000
--- a/auth-server-poc/src/app.py
+++ /dev/null
@@ -1,54 +0,0 @@
-from flask import Flask, request
-from flask_restful import Api, Resource
-from flask_jwt_extended import create_access_token, JWTManager
-from flask_cors import CORS
-
-import authn
-
-app = Flask(__name__)
-cors = CORS(
- app,
- resources={r"/api/*": {"origins": "*"}},
- expose_headers=["Content-Type", "Authorization", "X-Total-Count"],
-)
-api = Api(app, prefix="/api/v1.0")
-jwt = JWTManager(app)
-
-PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem"
-PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem"
-USERDB_YAML = "/opt/auth-server-poc/userdb/userdb.yaml"
-
-app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read()
-app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read()
-app.config["JWT_ALGORITHM"] = "ES256"
-app.config["JWT_IDENTITY_CLAIM"] = "sub"
-app.config["JWT_ACCESS_TOKEN_EXPIRES"] = False
-
-
-class AuthApi(Resource):
- def post(self):
-
- identity = request.environ.get("REMOTE_USER")
- db = authn.UserDB(USERDB_YAML)
- additional_claims = {
- "type": "access",
- "read": db.read_perms(identity),
- "write": db.write_perms(identity),
- }
-
- access_token = create_access_token(
- identity=identity,
- additional_claims=additional_claims,
- )
-
- return {"access_token": access_token}, 200
-
-
-@app.route("/")
-def index():
- return "<p>Username: {}</p><p>Auth type: {}</p>".format(
- request.environ.get("REMOTE_USER"), request.environ.get("AUTH_TYPE")
- )
-
-
-api.add_resource(AuthApi, "/auth")
diff --git a/auth-server-poc/src/authn.py b/auth-server-poc/src/authn.py
deleted file mode 100755
index 8b32cdc..0000000
--- a/auth-server-poc/src/authn.py
+++ /dev/null
@@ -1,97 +0,0 @@
-#! /usr/bin/env python3
-
-import yaml
-
-
-class Authz:
- def __init__(self, org, perms):
- self._org = org
- self._perms = perms
-
- def dump(self):
- return "{}: {}".format(self._org, self._perms)
-
- def read_p(self):
- return "r" in self._perms
-
- def write_p(self):
- return "w" in self._perms
-
-
-class User:
- def __init__(self, username, authz):
- self._username = username
- self._authz = {}
- for org, perms in authz.items():
- self._authz[org] = Authz(org, perms)
-
- def dump(self):
- return [
- "{}: {}".format(self._username, auth.dump())
- for auth in self._authz.values()
- ]
-
- def orgnames(self):
- return [x for x in self._authz.keys()]
-
- def read_perms(self):
- acc = []
- for k, v in self._authz.items():
- if v.read_p():
- acc.append(k)
- return acc
-
- def write_perms(self):
- acc = []
- for k, v in self._authz.items():
- if v.write_p():
- acc.append(k)
- return acc
-
-
-class UserDB:
- def __init__(self, yamlfile):
- self._users = {}
- for u, d in yaml.safe_load(open(yamlfile)).items():
- self._users[u] = User(u, d["authz"])
-
- def dump(self):
- return [u.dump() for u in self._users.values()]
-
- def orgs_for_user(self, username):
- return self._users.get(username).orgnames()
-
- def read_perms(self, username):
- user = self._users.get(username)
- if not user:
- return None
- return user.read_perms()
-
- def write_perms(self, username):
- user = self._users.get(username)
- if not user:
- return None
- return user.write_perms()
-
-
-def self_test():
- db = UserDB("userdb.yaml")
- print(db.dump())
-
- orgs = db.orgs_for_user("user3")
- assert "sunet.se" in orgs
- assert "su.se" in orgs
- assert len(orgs) == 2
-
- rp = db.read_perms("user3", "pw3")
- assert len(rp) == 2
- assert "sunet.se" in rp
- assert "su.se" in rp
-
- wp = db.write_perms("user3", "pw3")
- assert len(wp) == 1
- assert "sunet.se" in wp
-
-
-if __name__ == "__main__":
- self_test()
diff --git a/auth-server-poc/userdb.yaml b/auth-server-poc/userdb.yaml
deleted file mode 100644
index 937328c..0000000
--- a/auth-server-poc/userdb.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-usr:
- authz:
- sunet.se: rw
- su.se: rw
- kth.se: rw
-
-user1:
- authz:
- sunet.se: r
- su.se: r
- kth.se: r
-
-user2:
- authz:
- sunet.se: w
- su.se: w
- kth.se: w
-
-user3:
- authz:
- sunet.se: rw
- su.se: rw
- kth.se: rw
-
-user4:
- authz:
- sunet.se: rw
- su.se: r
- kth.se: w
generated by cgit v1.1 at 2024-10-06 12:27:16 +0000