3diy
/
moonraker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authorization: validate user data on startup 

This provides corrective action in the event that an
invalid user entry makes its way into the database.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Eric Callahan 2021-11-15 06:00:59 -05:00
parent 389e9c7e62
commit adb88fd8cf
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
moonraker/components/authorization.py
View File

@ -92,7 +92,30 @@ class Authorization:
self.public_jwks: Dict[str, Dict[str, Any]] = {} self.public_jwks: Dict[str, Dict[str, Any]] = {}
for username, user_info in list(self.users.items()): for username, user_info in list(self.users.items()):
if username == API_USER: if username == API_USER:
# Validate the API User
for item in ["username", "api_key", "created_on"]:
if item not in user_info:
self.users[API_USER] = {
'username': API_USER,
'api_key': self.api_key,
'created_on': time.time()
}
break
continue continue
else:
# validate created users
valid = True
for item in ["username", "password", "salt", "created_on"]:
if item not in user_info:
logging.info(
f"Authorization: User {username} does not "
f"contain field {item}, removing")
del self.users[username]
valid = False
break
if not valid:
continue
# generate jwks for valid users
if 'jwt_secret' in user_info: if 'jwt_secret' in user_info:
try: try:
priv_key = self._load_private_key(user_info['jwt_secret']) priv_key = self._load_private_key(user_info['jwt_secret'])