diff options
author | John Estabrook <jestabro@vyos.io> | 2022-10-23 11:07:16 -0500 |
---|---|---|
committer | John Estabrook <jestabro@vyos.io> | 2022-10-25 10:35:48 -0500 |
commit | f76a6f68b08fce1feee2dbbb84658b8eede09655 (patch) | |
tree | 013baed425a22f499ac1a50ffd7c119247ed265d /src/services/api/graphql/libs/token_auth.py | |
parent | cbb72ad6d3f5f08ad23c40e29b9463087ca5cade (diff) | |
download | vyos-1x-f76a6f68b08fce1feee2dbbb84658b8eede09655.tar.gz vyos-1x-f76a6f68b08fce1feee2dbbb84658b8eede09655.zip |
graphql: T4574: add mutation for requesting JWT token
Diffstat (limited to 'src/services/api/graphql/libs/token_auth.py')
-rw-r--r-- | src/services/api/graphql/libs/token_auth.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/services/api/graphql/libs/token_auth.py b/src/services/api/graphql/libs/token_auth.py new file mode 100644 index 000000000..c53e354b1 --- /dev/null +++ b/src/services/api/graphql/libs/token_auth.py @@ -0,0 +1,38 @@ +import jwt +import uuid +import pam +from secrets import token_hex + +from .. import state + +def _check_passwd_pam(username: str, passwd: str) -> bool: + if pam.authenticate(username, passwd): + return True + return False + +def init_secret(): + secret = token_hex(16) + state.settings['secret'] = secret + +def generate_token(user: str, passwd: str, secret: str) -> dict: + if user is None or passwd is None: + return {} + if _check_passwd_pam(user, passwd): + app = state.settings['app'] + try: + users = app.state.vyos_token_users + except AttributeError: + app.state.vyos_token_users = {} + users = app.state.vyos_token_users + user_id = uuid.uuid1().hex + payload_data = {'iss': user, 'sub': user_id} + secret = state.settings.get('secret') + if secret is None: + return { + "success": False, + "errors": ['failed secret generation'] + } + token = jwt.encode(payload=payload_data, key=secret, algorithm="HS256") + + users |= {user_id: user} + return {'token': token} |