From b5cf0d7844615bc2fda029ea4d2ea25713fcf0f3 Mon Sep 17 00:00:00 2001 From: Randy Barlow Date: Thu, 3 May 2018 21:11:01 +0000 Subject: [PATCH] Correctly format the expiration time and issue time. Additionally: - Require at least one scope to be provided. - Print out a more descriptive usage of the SQL. Signed-off-by: Randy Barlow --- scripts/generate-oidc-token | 36 +++++++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/scripts/generate-oidc-token b/scripts/generate-oidc-token index dc692507bc..11ebff0d3b 100755 --- a/scripts/generate-oidc-token +++ b/scripts/generate-oidc-token @@ -20,6 +20,7 @@ database, and a token you can give to an application to authenticate against a s import base64 import json import os +import time import uuid import click @@ -28,23 +29,43 @@ import click secret = base64.urlsafe_b64encode(os.urandom(64))[:64] -template = """BEGIN; +template = """ +Run this SQL against Ipsilon's database: + +BEGIN; insert into token values ('{uuid}','username','{service_name}@service'); insert into token values ('{uuid}','security_check','{secret}'); insert into token values ('{uuid}','client_id','{service_name}'); -insert into token values ('{uuid}','expires_at','time.time()+{expiration}'); +insert into token values ('{uuid}','expires_at','{expiration}'); insert into token values ('{uuid}','type','Bearer'); -insert into token values ('{uuid}','issued_at','time.time()'); +insert into token values ('{uuid}','issued_at','{now}'); insert into token values ('{uuid}','scope','{scope}'); COMMIT; """ +def validate_scopes(ctx, param, scopes): + """ + Ensure that the user provided at least one scope. + + Args: + ctx(click.core.Context): Unused. + param (click.core.Option): Unused. + scopes (tuple): The scopes provided by the user that we are validating. + Raises: + click.BadParameter: If the length of the scopes tuple is less than 1. + """ + if len(scopes) < 1: + raise click.BadParameter('At least one scope must be provided.') + + return scopes + + @click.command() @click.argument('service_name') @click.option('--expiration', '-e', prompt='Number of days until expiration', type=int, help='The number of days from now until this token expires.') -@click.option('--scope', '-s', multiple=True, +@click.option('--scope', '-s', multiple=True, callback=validate_scopes, help='A scope to include for this token. May be supplied multiple times.') @click.option('--no-openid', is_flag=True, help='Do not use "openid" as the first item in scope.') def generate_token(service_name, expiration, scope, no_openid): @@ -55,7 +76,8 @@ def generate_token(service_name, expiration, scope, no_openid): """ identifier = uuid.uuid4() - expiration = expiration * 24 * 3600 + now = int(time.time()) + expiration = now + (expiration * 24 * 3600) scope = list(scope) if not no_openid: @@ -63,9 +85,9 @@ def generate_token(service_name, expiration, scope, no_openid): scope = json.dumps(scope) print template.format(uuid=identifier, service_name=service_name, secret=secret, - expiration=expiration, scope=scope) + expiration=expiration, scope=scope, now=now) - print "Token: {}_{}".format(identifier, secret) + print "Token: {}_{}\n".format(identifier, secret) if __name__ == '__main__':