[KNOWAGE-6060] Added jwt script validation

Knowage-Python/src/app/services/widget_resource.py

@@ -19,7 +19,7 @@
 from flask import Blueprint, request
 import base64
 import os
-from app.utilities import utils
+from app.utilities import security, utils
 import logging
 
 widget = Blueprint('widget', __name__)
@@ -30,12 +30,17 @@ def python_widget_execute(output_type):
     # retrieve input parameters
     try:
         request_body = request.get_json(force=True);
-        script, output_file = utils.get_widget_config(request_body)
+        token, output_file = utils.get_widget_config(request_body)
+        isAuthenticated, script = security.jwt_token_to_python_script(token)
         dataset_name, datastore = utils.get_dataset(request_body)
         drivers = utils.get_analytical_drivers(request_body)
     except Exception as e:
         return raise_error("Error during request decoding: {}".format(e), e)
 
+    if not isAuthenticated:
+        logging.error("Unauthorized access")
+        return "Unauthorized", 401
+
     # resolve analytical drivers
     for d in drivers:
         script = script.replace("$P{" + d + "}", "drivers_.get(\'" + d + "\')")

knowage-core/src/main/java/it/eng/knowage/functionscatalog/utils/CatalogFunctionTransformer.java

@@ -203,7 +203,7 @@ JSONObject initRequestBody() {
 		return toReturn;
 	}
 
-	String getScriptJwtToken() {
+	private String getScriptJwtToken() {
 		String script = function.getOnlineScript();
 		// replace keywords
 		for (String colName : inputColumns.keySet()) {
@@ -218,7 +218,7 @@ String getScriptJwtToken() {
 		Calendar calendar = Calendar.getInstance();
 		calendar.add(Calendar.MINUTE, 5);
 		Date expiresAt = calendar.getTime();
-		String jwtToken = JWTSsoService.catalogFunction2jwtToken(script, expiresAt);
+		String jwtToken = JWTSsoService.pythonScript2jwtToken(script, expiresAt);
 
 		return jwtToken;
 	}

knowageutils/src/main/java/it/eng/knowage/backendservices/rest/widgets/MLEngineUtils.java

@@ -18,6 +18,8 @@
 
 package it.eng.knowage.backendservices.rest.widgets;
 
+import java.util.Calendar;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -27,13 +29,14 @@
 import org.json.JSONArray;
 import org.json.JSONObject;
 
+import it.eng.spagobi.services.common.JWTSsoService;
 import it.eng.spagobi.utilities.exceptions.SpagoBIRuntimeException;
 
 public abstract class MLEngineUtils {
 
 	private static Logger logger = Logger.getLogger(MLEngineUtils.class);
 
-	public static String dataStore2DataFrame(String knowageDs) {
+	static String dataStore2DataFrame(String knowageDs) {
 		JSONObject oldDataset;
 		JSONArray newDataframe = new JSONArray();
 		try {
@@ -88,4 +91,12 @@ static JSONObject getWidgetConfFromTemplate(String base64template, String widget
 		}
 		throw new SpagoBIRuntimeException("Couldn't retrieve code from template for widgetId [" + widgetId + "]");
 	}
+
+	static String getScriptJwtToken(String script) {
+		Calendar calendar = Calendar.getInstance();
+		calendar.add(Calendar.MINUTE, 5);
+		Date expiresAt = calendar.getTime();
+		String jwtToken = JWTSsoService.pythonScript2jwtToken(script, expiresAt);
+		return jwtToken;
+	}
 }

knowageutils/src/main/java/it/eng/knowage/backendservices/rest/widgets/PythonUtils.java

@@ -48,7 +48,7 @@ public static String createPythonEngineRequestBody(String datastore, String dsLa
 		JSONObject jsonBody = new JSONObject();
 		try {
 			jsonBody.put("datastore", datastore);
-			jsonBody.put("script", script);
+			jsonBody.put("script", getScriptJwtToken(script));
 			jsonBody.put("output_variable", outputVariable);
 			jsonBody.put("dataset_label", dsLabel);
 			jsonBody.put("drivers", drivers);

knowageutils/src/main/java/it/eng/spagobi/services/common/JWTSsoService.java

@@ -154,20 +154,7 @@ public static String userId2jwtToken(String userId, Date expiresAt) {
 		return token;
 	}
 
-	public static String pythonDataset2jwtToken(String script, Date expiresAt) {
-		LogMF.debug(logger, "Python script in input is [{0}]", script);
-		LogMF.debug(logger, "JWT token will expire at [{0}]", expiresAt);
-		// @formatter:off
-		String token = JWT.create()
-				.withClaim(SsoServiceInterface.PYTHON_SCRIPT, script)
-				.withExpiresAt(expiresAt) // token will expire at the desired expire date
-				.sign(algorithm);
-		// @formatter:on
-		LogMF.debug(logger, "JWT token is [{0}]", token);
-		return token;
-	}
-
-	public static String catalogFunction2jwtToken(String script, Date expiresAt) {
+	public static String pythonScript2jwtToken(String script, Date expiresAt) {
 		LogMF.debug(logger, "Python script in input is [{0}]", script);
 		LogMF.debug(logger, "JWT token will expire at [{0}]", expiresAt);
 		// @formatter:off

knowageutils/src/main/java/it/eng/spagobi/tools/dataset/common/dataproxy/PythonDataProxy.java

@@ -98,7 +98,7 @@ private String buildBodyAsJson(String pythonScript, String dataframeName, String
 			Calendar calendar = Calendar.getInstance();
 			calendar.add(Calendar.MINUTE, 5);
 			Date expiresAt = calendar.getTime();
-			String jwtToken = JWTSsoService.pythonDataset2jwtToken(pythonScript, expiresAt);
+			String jwtToken = JWTSsoService.pythonScript2jwtToken(pythonScript, expiresAt);
 			json.put("script", jwtToken);
 			json.put("df_name", dataframeName);
 			if (parameters != null) {