From 9682ec6d09ae49c0cb1e23ce18a589371e01bb34 Mon Sep 17 00:00:00 2001 From: kompotkot Date: Thu, 10 Nov 2022 10:51:56 +0000 Subject: [PATCH 1/7] Update cli user web3 address --- brood/actions.py | 1 + brood/cli.py | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/brood/actions.py b/brood/actions.py index 24fd517..67d8fb0 100644 --- a/brood/actions.py +++ b/brood/actions.py @@ -218,6 +218,7 @@ def user_as_json_dict(user: User) -> Dict[str, Any]: "username": user.username, "email": user.email, "normalized_email": user.normalized_email, + "web3_address": user.web3_address, "verified": user.verified, "created_at": str(user.created_at), "updated_at": str(user.updated_at), diff --git a/brood/cli.py b/brood/cli.py index daeee82..943ef5e 100644 --- a/brood/cli.py +++ b/brood/cli.py @@ -7,6 +7,8 @@ from typing import List import uuid +from web3login.auth import to_checksum_address + from . import actions from . import data from . import exceptions @@ -79,6 +81,32 @@ def users_create_handler(args: argparse.Namespace) -> None: session.close() +def users_update_handler(args: argparse.Namespace) -> None: + """ + Handler for "user update" subcommand. + """ + if args.web3_address is None: + raise Exception("No arguments specified to update") + + session = SessionLocal() + try: + query = session.query(User).filter(User.id == args.id) + user = query.one_or_none() + if user is None: + raise Exception("User not found") + + if args.web3_address is not None: + web3_address = to_checksum_address(args.web3_address) + query.update({User.web3_address: web3_address}) + + session.commit() + print_user(user) + except Exception as e: + print(e) + finally: + session.close() + + def users_get_handler(args: argparse.Namespace) -> None: """ Handler for "users get" subcommand. @@ -723,6 +751,22 @@ def main() -> None: ) parser_users_create.set_defaults(func=users_create_handler) + parser_users_update = subcommands_users.add_parser( + "update", description="Update Brood user" + ) + parser_users_update.add_argument( + "-i", + "--id", + required=True, + help="ID of the user to update", + ) + parser_users_update.add_argument( + "-w", + "--web3_address", + help="Set new web3 address", + ) + parser_users_update.set_defaults(func=users_update_handler) + parser_users_get = subcommands_users.add_parser("get", description="Get Brood user") parser_users_get.add_argument( "-u", From 686297fbe7c97dfd9cd6716bea51ae8aa6ea782f Mon Sep 17 00:00:00 2001 From: kompotkot Date: Thu, 10 Nov 2022 11:11:06 +0000 Subject: [PATCH 2/7] Update web3 address only with verified access to keyfile --- brood/cli.py | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/brood/cli.py b/brood/cli.py index 943ef5e..359d9ed 100644 --- a/brood/cli.py +++ b/brood/cli.py @@ -2,27 +2,26 @@ Brood CLI """ import argparse -from distutils.util import strtobool +import base64 import json -from typing import List import uuid +from distutils.util import strtobool +from typing import List -from web3login.auth import to_checksum_address +from web3login.auth import to_checksum_address, verify +from web3login.exceptions import Web3VerificationError -from . import actions -from . import data -from . import exceptions -from . import subscriptions +from . import actions, data, exceptions, subscriptions from .db import SessionLocal from .models import ( - User, + Application, Group, + KVBrood, Role, - TokenType, Subscription, SubscriptionPlan, - KVBrood, - Application, + TokenType, + User, ) @@ -85,7 +84,7 @@ def users_update_handler(args: argparse.Namespace) -> None: """ Handler for "user update" subcommand. """ - if args.web3_address is None: + if args.web3_signature is None: raise Exception("No arguments specified to update") session = SessionLocal() @@ -95,8 +94,25 @@ def users_update_handler(args: argparse.Namespace) -> None: if user is None: raise Exception("User not found") - if args.web3_address is not None: - web3_address = to_checksum_address(args.web3_address) + if args.web3_signature is not None: + payload_json = base64.decodebytes(args.web3_signature.encode()).decode( + "utf-8" + ) + payload = json.loads(payload_json) + verified = verify( + authorization_payload=payload, + application_to_check=str(user.application_id) + if user.application_id is not None + else "", + ) + if not verified: + raise Web3VerificationError("Web3 registration verification error") + web3_address = payload.get("address") + if web3_address is None: + raise Exception( + f"Web3 address in payload could not be None for user with username: {user.username}" + ) + web3_address = to_checksum_address(web3_address) query.update({User.web3_address: web3_address}) session.commit() @@ -762,8 +778,8 @@ def main() -> None: ) parser_users_update.add_argument( "-w", - "--web3_address", - help="Set new web3 address", + "--web3_signature", + help="Set new web3 address with provided signature", ) parser_users_update.set_defaults(func=users_update_handler) From ffdf79969c2cd9ba1057f396598504d342d45061 Mon Sep 17 00:00:00 2001 From: kompotkot Date: Tue, 15 Nov 2022 14:01:07 +0000 Subject: [PATCH 3/7] Fix mypy requirements update --- brood/resources/actions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/brood/resources/actions.py b/brood/resources/actions.py index a39267a..e96831c 100644 --- a/brood/resources/actions.py +++ b/brood/resources/actions.py @@ -64,7 +64,7 @@ def acl_auth( def acl_check( acl: Dict[data.HolderType, List[str]], required_scopes: Set[data.ResourcePermissions], - check_type: data.HolderType = None, + check_type: Optional[data.HolderType] = None, ) -> None: """ Checks if provided permissions from handler intersect with existing permissions for user/group. From 8d18eccb045a53d181db7e5bea77d79528aa38d8 Mon Sep 17 00:00:00 2001 From: kompotkot Date: Tue, 15 Nov 2022 14:08:09 +0000 Subject: [PATCH 4/7] Mypy update is a hell --- brood/middleware.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/brood/middleware.py b/brood/middleware.py index 9821e35..42788d8 100644 --- a/brood/middleware.py +++ b/brood/middleware.py @@ -39,7 +39,7 @@ async def get_current_user( """ Middleware returns user if its token or web3 signature verified. """ - authorization: str = request.headers.get("Authorization") + authorization: str = request.headers.get("Authorization") # type: ignore scheme_raw, _ = get_authorization_scheme_param(authorization) scheme = scheme_raw.lower() if token is None or token == "": @@ -135,7 +135,7 @@ async def get_current_user_with_groups( """ Middleware returns user with groups it belongs if its token or web3 signature verified. """ - authorization: str = request.headers.get("Authorization") + authorization: str = request.headers.get("Authorization") # type: ignore scheme_raw, _ = get_authorization_scheme_param(authorization) scheme = scheme_raw.lower() if token is None or token == "": @@ -253,7 +253,7 @@ async def is_token_restricted_or_installation( Because of oauth2_scheme_manual we could accept None for follow up Bugout header check. """ - authorization: str = request.headers.get("Authorization") + authorization: str = request.headers.get("Authorization") # type: ignore scheme_raw, _ = get_authorization_scheme_param(authorization) scheme = scheme_raw.lower() @@ -276,7 +276,7 @@ async def is_token_restricted( """ Check if user's token is restricted or not. """ - authorization: str = request.headers.get("Authorization") + authorization: str = request.headers.get("Authorization") # type: ignore scheme_raw, _ = get_authorization_scheme_param(authorization) scheme = scheme_raw.lower() From 3d9563cbbd31a6c15445e5d224470367cb1b0841 Mon Sep 17 00:00:00 2001 From: kompotkot Date: Tue, 15 Nov 2022 14:10:28 +0000 Subject: [PATCH 5/7] One more mypy fix --- brood/middleware.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/brood/middleware.py b/brood/middleware.py index 42788d8..22d4b84 100644 --- a/brood/middleware.py +++ b/brood/middleware.py @@ -45,7 +45,7 @@ async def get_current_user( if token is None or token == "": raise HTTPException(status_code=404, detail="Access token not found") - signature_application: str = request.headers.get(BUGOUT_APPLICATION_ID_HEADER) + signature_application: str = request.headers.get(BUGOUT_APPLICATION_ID_HEADER) # type: ignore application_id = None if signature_application is not None: try: @@ -141,7 +141,7 @@ async def get_current_user_with_groups( if token is None or token == "": raise HTTPException(status_code=404, detail="Access token not found") - signature_application: str = request.headers.get(BUGOUT_APPLICATION_ID_HEADER) + signature_application: str = request.headers.get(BUGOUT_APPLICATION_ID_HEADER) # type: ignore application_id = None if signature_application is not None: try: @@ -225,7 +225,7 @@ def autogenerated_user_token_check(request: Request) -> bool: is_autogenerated_user = False installation_token_header: Optional[str] = request.headers.get( BOT_INSTALLATION_TOKEN_HEADER, None - ) + ) # type: ignore if ( installation_token_header is not None and BOT_INSTALLATION_TOKEN == installation_token_header From b4b7466ce8729fccbee9e87bec06c08ed8fa3022 Mon Sep 17 00:00:00 2001 From: kompotkot Date: Tue, 15 Nov 2022 14:14:24 +0000 Subject: [PATCH 6/7] Hardcode uid for deployment --- deploy/deploy.monolith.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/deploy.monolith.bash b/deploy/deploy.monolith.bash index 88b58b6..e6944aa 100755 --- a/deploy/deploy.monolith.bash +++ b/deploy/deploy.monolith.bash @@ -57,5 +57,5 @@ echo echo -e "${PREFIX_INFO} Replacing existing Brood service definition with ${BROOD_SERVICE_FILE}" chmod 644 "${SCRIPT_DIR}/${BROOD_SOURCE_SERVICE_FILE}" cp "${SCRIPT_DIR}/${BROOD_SOURCE_SERVICE_FILE}" "/home/ubuntu/.config/systemd/user/${BROOD_SERVICE_FILE}" -XDG_RUNTIME_DIR="/run/user/$UID" systemctl --user daemon-reload -XDG_RUNTIME_DIR="/run/user/$UID" systemctl --user restart "${BROOD_SERVICE_FILE}" +XDG_RUNTIME_DIR="/run/user/1000" systemctl --user daemon-reload +XDG_RUNTIME_DIR="/run/user/1000" systemctl --user restart "${BROOD_SERVICE_FILE}" From 2fc1ff6bb7ecc787fb92ecbbaabe7c7c9b4c2741 Mon Sep 17 00:00:00 2001 From: kompotkot Date: Tue, 15 Nov 2022 14:17:19 +0000 Subject: [PATCH 7/7] Fix mypy one more time --- brood/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/brood/api.py b/brood/api.py index 27cd5da..dabc7da 100644 --- a/brood/api.py +++ b/brood/api.py @@ -275,7 +275,7 @@ async def delete_token_handler( - **target_token** (uuid, null): Token ID to revoke """ - authorization: str = request.headers.get("Authorization") + authorization: str = request.headers.get("Authorization") # type: ignore scheme_raw, _ = get_authorization_scheme_param(authorization) scheme = scheme_raw.lower() if scheme != "bearer":