authorization: validate user data on startup

This provides corrective action in the event that an invalid user entry makes its way into the database. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-11-15 06:00:59 -05:00 · 2021-11-15 06:00:59 -05:00 · adb88fd8cf
parent 389e9c7e62
commit adb88fd8cf
1 changed files with 23 additions and 0 deletions
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@ -92,7 +92,30 @@ class Authorization:
        self.public_jwks: Dict[str, Dict[str, Any]] = {}
        for username, user_info in list(self.users.items()):
            if username == API_USER:
+                # Validate the API User
+                for item in ["username", "api_key", "created_on"]:
+                    if item not in user_info:
+                        self.users[API_USER] = {
+                            'username': API_USER,
+                            'api_key': self.api_key,
+                            'created_on': time.time()
+                        }
+                        break
                continue
+            else:
+                # validate created users
+                valid = True
+                for item in ["username", "password", "salt", "created_on"]:
+                    if item not in user_info:
+                        logging.info(
+                            f"Authorization: User {username} does not "
+                            f"contain field {item}, removing")
+                        del self.users[username]
+                        valid = False
+                        break
+                if not valid:
+                    continue
+            # generate jwks for valid users
            if 'jwt_secret' in user_info:
                try:
                    priv_key = self._load_private_key(user_info['jwt_secret'])