From e071b314d28b54910468ef4fb37a25be5dc80253 Mon Sep 17 00:00:00 2001 From: Mingfei Shao Date: Tue, 3 Aug 2021 23:21:43 -0500 Subject: [PATCH 1/3] fix: samesite lax cookies --- fence/blueprints/privacy.py | 2 +- fence/resources/user/user_session.py | 5 + poetry.lock | 227 +++++++++++++++------------ pyproject.toml | 5 +- tests/jwt/test_tokens.py | 2 +- tests/link/test_link.py | 54 +++++-- tests/link/test_link_id_token.py | 4 +- tests/login/test_google_login.py | 6 +- tests/rfc6749/test_revoke.py | 2 +- tests/session/test_session.py | 50 +++++- tests/test_logout.py | 6 +- 11 files changed, 238 insertions(+), 125 deletions(-) diff --git a/fence/blueprints/privacy.py b/fence/blueprints/privacy.py index 378cb20c0d..f8f2c6af58 100644 --- a/fence/blueprints/privacy.py +++ b/fence/blueprints/privacy.py @@ -18,7 +18,7 @@ import flask from markdown import Markdown -from werkzeug.contrib.cache import SimpleCache +from cachelib import SimpleCache from fence import config from fence.errors import NotFound diff --git a/fence/resources/user/user_session.py b/fence/resources/user/user_session.py index 8f3703b290..8a0a5731b2 100644 --- a/fence/resources/user/user_session.py +++ b/fence/resources/user/user_session.py @@ -193,6 +193,7 @@ def save_session(self, app, session, response): expires=self.get_expiration_time(app, session), httponly=True, domain=domain, + samesite="Lax", ) # try to get user, exception means they're not logged in try: @@ -210,6 +211,7 @@ def save_session(self, app, session, response): expires=0, httponly=True, domain=domain, + samesite="Lax", ) # check that the current user is the one from the session, # clear access token if not @@ -219,6 +221,7 @@ def save_session(self, app, session, response): expires=0, httponly=True, domain=domain, + samesite="Lax", ) # generate an access token and set in cookie if @@ -249,6 +252,7 @@ def save_session(self, app, session, response): expires=0, httponly=True, domain=domain, + samesite="Lax", ) @@ -327,6 +331,7 @@ def _create_access_token_cookie(app, session, response, user): expires=expiration, httponly=True, domain=domain, + samesite="Lax", ) return response diff --git a/poetry.lock b/poetry.lock index 5bd9975b55..232d618e31 100644 --- a/poetry.lock +++ b/poetry.lock @@ -81,7 +81,7 @@ fastapi = ["fastapi (>=0.54.1,<0.55.0)"] [[package]] name = "backoff" -version = "1.10.0" +version = "1.11.1" description = "Function decoration for backoff and retry" category = "main" optional = false @@ -146,6 +146,14 @@ category = "main" optional = false python-versions = "*" +[[package]] +name = "cachelib" +version = "0.2.0" +description = "A collection of cache libraries in the same API interface." +category = "main" +optional = false +python-versions = ">=3.6" + [[package]] name = "cachetools" version = "4.2.2" @@ -219,7 +227,7 @@ python-versions = "*" [[package]] name = "cffi" -version = "1.14.5" +version = "1.14.6" description = "Foreign Function Interface for Python calling C code." category = "main" optional = false @@ -229,12 +237,15 @@ python-versions = "*" pycparser = "*" [[package]] -name = "chardet" -version = "4.0.0" -description = "Universal encoding detector for Python 2 and 3" +name = "charset-normalizer" +version = "2.0.4" +description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=3.5.0" + +[package.extras] +unicode_backport = ["unicodedata2"] [[package]] name = "click" @@ -523,7 +534,7 @@ PyYAML = ">=5.1,<6.0" [[package]] name = "google-api-core" -version = "1.30.0" +version = "1.31.1" description = "Google API client core library" category = "main" optional = false @@ -561,7 +572,7 @@ uritemplate = ">=3.0.0,<4dev" [[package]] name = "google-auth" -version = "1.32.0" +version = "1.34.0" description = "Google Authentication Library" category = "main" optional = false @@ -593,7 +604,7 @@ six = "*" [[package]] name = "google-cloud-core" -version = "1.7.1" +version = "1.7.2" description = "Google Cloud API client core library" category = "main" optional = false @@ -609,16 +620,16 @@ grpc = ["grpcio (>=1.8.2,<2.0dev)"] [[package]] name = "google-cloud-storage" -version = "1.39.0" +version = "1.41.1" description = "Google Cloud Storage API client library" category = "main" optional = false python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*" [package.dependencies] -google-auth = ">=1.11.0,<2.0dev" -google-cloud-core = ">=1.4.1,<2.0dev" -google-resumable-media = ">=1.3.0,<2.0dev" +google-auth = {version = ">=1.24.0,<3.0dev", markers = "python_version >= \"3.6\""} +google-cloud-core = {version = ">=1.6.0,<3.0dev", markers = "python_version >= \"3.6\""} +google-resumable-media = {version = ">=1.3.0,<3.0dev", markers = "python_version >= \"3.6\""} requests = ">=2.18.0,<3.0.0dev" [[package]] @@ -637,7 +648,7 @@ testing = ["pytest"] [[package]] name = "google-resumable-media" -version = "1.3.1" +version = "1.3.3" description = "Utilities for Google Media Downloads and Resumable Uploads" category = "main" optional = false @@ -739,7 +750,7 @@ test = ["flake8 (>=3.8.4,<3.9.0)", "pycodestyle (>=2.6.0,<2.7.0)"] [[package]] name = "importlib-metadata" -version = "4.6.0" +version = "4.6.3" description = "Read metadata from Python packages" category = "main" optional = false @@ -885,11 +896,11 @@ six = ">=1.6.1" [[package]] name = "packaging" -version = "20.9" +version = "21.0" description = "Core utilities for Python packages" category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.6" [package.dependencies] pyparsing = ">=2.0.2" @@ -1094,7 +1105,7 @@ testing = ["fields", "hunter", "process-tests (==2.0.2)", "six", "pytest-xdist", [[package]] name = "pytest-flask" -version = "0.11.0" +version = "0.15.1" description = "A set of py.test fixtures to test Flask applications." category = "dev" optional = false @@ -1102,7 +1113,10 @@ python-versions = "*" [package.dependencies] Flask = "*" -pytest = "*" +pytest = [ + ">=3.6", + "*", +] Werkzeug = ">=0.7" [package.extras] @@ -1110,7 +1124,7 @@ docs = ["sphinx", "sphinx-rtd-theme"] [[package]] name = "python-dateutil" -version = "2.8.1" +version = "2.8.2" description = "Extensions to the standard Python datetime module" category = "main" optional = false @@ -1155,21 +1169,21 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" [[package]] name = "requests" -version = "2.25.1" +version = "2.26.0" description = "Python HTTP for Humans." category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" [package.dependencies] certifi = ">=2017.4.17" -chardet = ">=3.0.2,<5" -idna = ">=2.5,<3" +charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""} +idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""} urllib3 = ">=1.21.1,<1.27" [package.extras] -security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"] socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"] +use_chardet_on_py3 = ["chardet (>=3.0.2,<5)"] [[package]] name = "responses" @@ -1344,15 +1358,14 @@ sqlalchemy = ">=1.3.3,<1.4.0" [[package]] name = "werkzeug" -version = "0.16.1" +version = "1.0.1" description = "The comprehensive WSGI web application library." category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" [package.extras] -dev = ["pytest", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinx-issues"] -termcolor = ["termcolor"] +dev = ["pytest", "pytest-timeout", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinx-issues"] watchdog = ["watchdog"] [[package]] @@ -1365,7 +1378,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" [[package]] name = "zipp" -version = "3.4.1" +version = "3.5.0" description = "Backport of pathlib-compatible object wrapper for zip files" category = "main" optional = false @@ -1373,12 +1386,12 @@ python-versions = ">=3.6" [package.extras] docs = ["sphinx", "jaraco.packaging (>=8.2)", "rst.linker (>=1.9)"] -testing = ["pytest (>=4.6)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "pytest-enabler", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"] +testing = ["pytest (>=4.6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"] [metadata] lock-version = "1.1" python-versions = "^3.6" -content-hash = "c1df39f32735410e46cdeb76c15c6345cb46d299f304db3294bc4d9290c957c4" +content-hash = "ecbf6dd7c561d052cd3953c48fb208bfa5181233bf82882cd42a92f398a95ae1" [metadata.files] addict = [ @@ -1410,8 +1423,8 @@ authutils = [ {file = "authutils-6.0.2.tar.gz", hash = "sha256:709e4c1bb95ebe29c7bf3ec1d6b9a0dca030495cdab61afe74064e507cf70ae4"}, ] backoff = [ - {file = "backoff-1.10.0-py2.py3-none-any.whl", hash = "sha256:5e73e2cbe780e1915a204799dba0a01896f45f4385e636bcca7a0614d879d0cd"}, - {file = "backoff-1.10.0.tar.gz", hash = "sha256:b8fba021fac74055ac05eb7c7bfce4723aedde6cd0a504e5326bcb0bdd6d19a4"}, + {file = "backoff-1.11.1-py2.py3-none-any.whl", hash = "sha256:61928f8fa48d52e4faa81875eecf308eccfb1016b018bb6bd21e05b5d90a96c5"}, + {file = "backoff-1.11.1.tar.gz", hash = "sha256:ccb962a2378418c667b3c979b504fdeb7d9e0d29c0579e3b13b86467177728cb"}, ] bcrypt = [ {file = "bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl", hash = "sha256:c95d4cbebffafcdd28bd28bb4e25b31c50f6da605c81ffd9ad8a3d1b2ab7b1b6"}, @@ -1438,6 +1451,10 @@ cached-property = [ {file = "cached-property-1.5.2.tar.gz", hash = "sha256:9fa5755838eecbb2d234c3aa390bd80fbd3ac6b6869109bfc1b499f7bd89a130"}, {file = "cached_property-1.5.2-py2.py3-none-any.whl", hash = "sha256:df4f613cf7ad9a588cc381aaf4a512d26265ecebd5eb9e1ba12f1319eb85a6a0"}, ] +cachelib = [ + {file = "cachelib-0.2.0-py3-none-any.whl", hash = "sha256:ee28ffec3d5470314184030a475725b4e5b1b90775c55d34530e16bf7e3e1e11"}, + {file = "cachelib-0.2.0.tar.gz", hash = "sha256:dcb5fafe6b6b544aaa8d0cacb12d70bbf9bbf72c041f17fcad1618db7bedeada"}, +] cachetools = [ {file = "cachetools-4.2.2-py3-none-any.whl", hash = "sha256:2cc0b89715337ab6dbba85b5b50effe2b0c74e035d83ee8ed637cf52f12ae001"}, {file = "cachetools-4.2.2.tar.gz", hash = "sha256:61b5ed1e22a0924aed1d23b478f37e8d52549ff8a961de2909c69bf950020cff"}, @@ -1458,47 +1475,55 @@ certifi = [ {file = "certifi-2021.5.30.tar.gz", hash = "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee"}, ] cffi = [ - {file = "cffi-1.14.5-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991"}, - {file = "cffi-1.14.5-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1"}, - {file = "cffi-1.14.5-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa"}, - {file = "cffi-1.14.5-cp27-cp27m-win32.whl", hash = "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3"}, - {file = "cffi-1.14.5-cp27-cp27m-win_amd64.whl", hash = "sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5"}, - {file = "cffi-1.14.5-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482"}, - {file = "cffi-1.14.5-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6"}, - {file = "cffi-1.14.5-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045"}, - {file = "cffi-1.14.5-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa"}, - {file = "cffi-1.14.5-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406"}, - {file = "cffi-1.14.5-cp35-cp35m-win32.whl", hash = "sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369"}, - {file = "cffi-1.14.5-cp35-cp35m-win_amd64.whl", hash = "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315"}, - {file = "cffi-1.14.5-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892"}, - {file = "cffi-1.14.5-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058"}, - {file = "cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5"}, - {file = "cffi-1.14.5-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132"}, - {file = "cffi-1.14.5-cp36-cp36m-win32.whl", hash = "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53"}, - {file = "cffi-1.14.5-cp36-cp36m-win_amd64.whl", hash = "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813"}, - {file = "cffi-1.14.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73"}, - {file = "cffi-1.14.5-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06"}, - {file = "cffi-1.14.5-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1"}, - {file = "cffi-1.14.5-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49"}, - {file = "cffi-1.14.5-cp37-cp37m-win32.whl", hash = "sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62"}, - {file = "cffi-1.14.5-cp37-cp37m-win_amd64.whl", hash = "sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4"}, - {file = "cffi-1.14.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053"}, - {file = "cffi-1.14.5-cp38-cp38-manylinux1_i686.whl", hash = "sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0"}, - {file = "cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e"}, - {file = "cffi-1.14.5-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827"}, - {file = "cffi-1.14.5-cp38-cp38-win32.whl", hash = "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e"}, - {file = "cffi-1.14.5-cp38-cp38-win_amd64.whl", hash = "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396"}, - {file = "cffi-1.14.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea"}, - {file = "cffi-1.14.5-cp39-cp39-manylinux1_i686.whl", hash = "sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322"}, - {file = "cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c"}, - {file = "cffi-1.14.5-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee"}, - {file = "cffi-1.14.5-cp39-cp39-win32.whl", hash = "sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396"}, - {file = "cffi-1.14.5-cp39-cp39-win_amd64.whl", hash = "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d"}, - {file = "cffi-1.14.5.tar.gz", hash = "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c"}, -] -chardet = [ - {file = "chardet-4.0.0-py2.py3-none-any.whl", hash = "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5"}, - {file = "chardet-4.0.0.tar.gz", hash = "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa"}, + {file = "cffi-1.14.6-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:22b9c3c320171c108e903d61a3723b51e37aaa8c81255b5e7ce102775bd01e2c"}, + {file = "cffi-1.14.6-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:f0c5d1acbfca6ebdd6b1e3eded8d261affb6ddcf2186205518f1428b8569bb99"}, + {file = "cffi-1.14.6-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:99f27fefe34c37ba9875f224a8f36e31d744d8083e00f520f133cab79ad5e819"}, + {file = "cffi-1.14.6-cp27-cp27m-win32.whl", hash = "sha256:55af55e32ae468e9946f741a5d51f9896da6b9bf0bbdd326843fec05c730eb20"}, + {file = "cffi-1.14.6-cp27-cp27m-win_amd64.whl", hash = "sha256:7bcac9a2b4fdbed2c16fa5681356d7121ecabf041f18d97ed5b8e0dd38a80224"}, + {file = "cffi-1.14.6-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:ed38b924ce794e505647f7c331b22a693bee1538fdf46b0222c4717b42f744e7"}, + {file = "cffi-1.14.6-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:e22dcb48709fc51a7b58a927391b23ab37eb3737a98ac4338e2448bef8559b33"}, + {file = "cffi-1.14.6-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:aedb15f0a5a5949ecb129a82b72b19df97bbbca024081ed2ef88bd5c0a610534"}, + {file = "cffi-1.14.6-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:48916e459c54c4a70e52745639f1db524542140433599e13911b2f329834276a"}, + {file = "cffi-1.14.6-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:f627688813d0a4140153ff532537fbe4afea5a3dffce1f9deb7f91f848a832b5"}, + {file = "cffi-1.14.6-cp35-cp35m-win32.whl", hash = "sha256:f0010c6f9d1a4011e429109fda55a225921e3206e7f62a0c22a35344bfd13cca"}, + {file = "cffi-1.14.6-cp35-cp35m-win_amd64.whl", hash = "sha256:57e555a9feb4a8460415f1aac331a2dc833b1115284f7ded7278b54afc5bd218"}, + {file = "cffi-1.14.6-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:e8c6a99be100371dbb046880e7a282152aa5d6127ae01783e37662ef73850d8f"}, + {file = "cffi-1.14.6-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:19ca0dbdeda3b2615421d54bef8985f72af6e0c47082a8d26122adac81a95872"}, + {file = "cffi-1.14.6-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d950695ae4381ecd856bcaf2b1e866720e4ab9a1498cba61c602e56630ca7195"}, + {file = "cffi-1.14.6-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e9dc245e3ac69c92ee4c167fbdd7428ec1956d4e754223124991ef29eb57a09d"}, + {file = "cffi-1.14.6-cp36-cp36m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a8661b2ce9694ca01c529bfa204dbb144b275a31685a075ce123f12331be790b"}, + {file = "cffi-1.14.6-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b315d709717a99f4b27b59b021e6207c64620790ca3e0bde636a6c7f14618abb"}, + {file = "cffi-1.14.6-cp36-cp36m-win32.whl", hash = "sha256:80b06212075346b5546b0417b9f2bf467fea3bfe7352f781ffc05a8ab24ba14a"}, + {file = "cffi-1.14.6-cp36-cp36m-win_amd64.whl", hash = "sha256:a9da7010cec5a12193d1af9872a00888f396aba3dc79186604a09ea3ee7c029e"}, + {file = "cffi-1.14.6-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:4373612d59c404baeb7cbd788a18b2b2a8331abcc84c3ba40051fcd18b17a4d5"}, + {file = "cffi-1.14.6-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:f10afb1004f102c7868ebfe91c28f4a712227fe4cb24974350ace1f90e1febbf"}, + {file = "cffi-1.14.6-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:fd4305f86f53dfd8cd3522269ed7fc34856a8ee3709a5e28b2836b2db9d4cd69"}, + {file = "cffi-1.14.6-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6d6169cb3c6c2ad50db5b868db6491a790300ade1ed5d1da29289d73bbe40b56"}, + {file = "cffi-1.14.6-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5d4b68e216fc65e9fe4f524c177b54964af043dde734807586cf5435af84045c"}, + {file = "cffi-1.14.6-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:33791e8a2dc2953f28b8d8d300dde42dd929ac28f974c4b4c6272cb2955cb762"}, + {file = "cffi-1.14.6-cp37-cp37m-win32.whl", hash = "sha256:0c0591bee64e438883b0c92a7bed78f6290d40bf02e54c5bf0978eaf36061771"}, + {file = "cffi-1.14.6-cp37-cp37m-win_amd64.whl", hash = "sha256:8eb687582ed7cd8c4bdbff3df6c0da443eb89c3c72e6e5dcdd9c81729712791a"}, + {file = "cffi-1.14.6-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ba6f2b3f452e150945d58f4badd92310449876c4c954836cfb1803bdd7b422f0"}, + {file = "cffi-1.14.6-cp38-cp38-manylinux1_i686.whl", hash = "sha256:64fda793737bc4037521d4899be780534b9aea552eb673b9833b01f945904c2e"}, + {file = "cffi-1.14.6-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:9f3e33c28cd39d1b655ed1ba7247133b6f7fc16fa16887b120c0c670e35ce346"}, + {file = "cffi-1.14.6-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:26bb2549b72708c833f5abe62b756176022a7b9a7f689b571e74c8478ead51dc"}, + {file = "cffi-1.14.6-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:eb687a11f0a7a1839719edd80f41e459cc5366857ecbed383ff376c4e3cc6afd"}, + {file = "cffi-1.14.6-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d2ad4d668a5c0645d281dcd17aff2be3212bc109b33814bbb15c4939f44181cc"}, + {file = "cffi-1.14.6-cp38-cp38-win32.whl", hash = "sha256:487d63e1454627c8e47dd230025780e91869cfba4c753a74fda196a1f6ad6548"}, + {file = "cffi-1.14.6-cp38-cp38-win_amd64.whl", hash = "sha256:c33d18eb6e6bc36f09d793c0dc58b0211fccc6ae5149b808da4a62660678b156"}, + {file = "cffi-1.14.6-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:06c54a68935738d206570b20da5ef2b6b6d92b38ef3ec45c5422c0ebaf338d4d"}, + {file = "cffi-1.14.6-cp39-cp39-manylinux1_i686.whl", hash = "sha256:f174135f5609428cc6e1b9090f9268f5c8935fddb1b25ccb8255a2d50de6789e"}, + {file = "cffi-1.14.6-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:f3ebe6e73c319340830a9b2825d32eb6d8475c1dac020b4f0aa774ee3b898d1c"}, + {file = "cffi-1.14.6-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3c8d896becff2fa653dc4438b54a5a25a971d1f4110b32bd3068db3722c80202"}, + {file = "cffi-1.14.6-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4922cd707b25e623b902c86188aca466d3620892db76c0bdd7b99a3d5e61d35f"}, + {file = "cffi-1.14.6-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c9e005e9bd57bc987764c32a1bee4364c44fdc11a3cc20a40b93b444984f2b87"}, + {file = "cffi-1.14.6-cp39-cp39-win32.whl", hash = "sha256:eb9e2a346c5238a30a746893f23a9535e700f8192a68c07c0258e7ece6ff3728"}, + {file = "cffi-1.14.6-cp39-cp39-win_amd64.whl", hash = "sha256:818014c754cd3dba7229c0f5884396264d51ffb87ec86e927ef0be140bfdb0d2"}, + {file = "cffi-1.14.6.tar.gz", hash = "sha256:c9a875ce9d7fe32887784274dd533c57909b7b1dcadcc128a2ac21331a9765dd"}, +] +charset-normalizer = [ + {file = "charset-normalizer-2.0.4.tar.gz", hash = "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3"}, + {file = "charset_normalizer-2.0.4-py3-none-any.whl", hash = "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b"}, ] click = [ {file = "click-7.1.2-py2.py3-none-any.whl", hash = "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc"}, @@ -1652,28 +1677,28 @@ gen3users = [ {file = "gen3users-0.6.0.tar.gz", hash = "sha256:3b9b56798a7d8b34712389dbbab93c00b0f92524f890513f899c31630ea986da"}, ] google-api-core = [ - {file = "google-api-core-1.30.0.tar.gz", hash = "sha256:0724d354d394b3d763bc10dfee05807813c5210f0bd9b8e2ddf6b6925603411c"}, - {file = "google_api_core-1.30.0-py2.py3-none-any.whl", hash = "sha256:92cd9e9f366e84bfcf2524e34d2dc244906c645e731962617ba620da1620a1e0"}, + {file = "google-api-core-1.31.1.tar.gz", hash = "sha256:108cf94336aed7e614eafc53933ef02adf63b9f0fd87e8f8212acaa09eaca456"}, + {file = "google_api_core-1.31.1-py2.py3-none-any.whl", hash = "sha256:1d63e2b28057d79d64795c9a70abcecb5b7e96da732d011abf09606a39b48701"}, ] google-api-python-client = [ {file = "google-api-python-client-1.11.0.tar.gz", hash = "sha256:caf4015800ef1a18d06d117f47f0219c0c0641f21978f6b1bb5ede7912fab97b"}, {file = "google_api_python_client-1.11.0-py2.py3-none-any.whl", hash = "sha256:4f596894f702736da84cf89490a810b55ca02a81f0cddeacb3022e2900b11ec6"}, ] google-auth = [ - {file = "google-auth-1.32.0.tar.gz", hash = "sha256:e34e5f5de5610b202f9b40ebd9f8b27571d5c5537db9afed3a72b2db5a345039"}, - {file = "google_auth-1.32.0-py2.py3-none-any.whl", hash = "sha256:b3a67fa9ba5b768861dacf374c2135eb09fa14a0e40c851c3b8ea7abe6fc8fef"}, + {file = "google-auth-1.34.0.tar.gz", hash = "sha256:f1094088bae046fb06f3d1a3d7df14717e8d959e9105b79c57725bd4e17597a2"}, + {file = "google_auth-1.34.0-py2.py3-none-any.whl", hash = "sha256:bd6aa5916970a823e76ffb3d5c3ad3f0bedafca0a7fa53bc15149ab21cb71e05"}, ] google-auth-httplib2 = [ {file = "google-auth-httplib2-0.1.0.tar.gz", hash = "sha256:a07c39fd632becacd3f07718dfd6021bf396978f03ad3ce4321d060015cc30ac"}, {file = "google_auth_httplib2-0.1.0-py2.py3-none-any.whl", hash = "sha256:31e49c36c6b5643b57e82617cb3e021e3e1d2df9da63af67252c02fa9c1f4a10"}, ] google-cloud-core = [ - {file = "google-cloud-core-1.7.1.tar.gz", hash = "sha256:3bd1e679a3d38b9da93c5919ae56239dda91fb32a2d954b2cd830392337c1cc9"}, - {file = "google_cloud_core-1.7.1-py2.py3-none-any.whl", hash = "sha256:31e8c8596d3fbe2ecbe8708572b48741f8b247a78740aebfaf4da445487a1af5"}, + {file = "google-cloud-core-1.7.2.tar.gz", hash = "sha256:b1030aadcbb2aeb4ee51475426351af83c1072456b918fb8fdb80666c4bb63b5"}, + {file = "google_cloud_core-1.7.2-py2.py3-none-any.whl", hash = "sha256:5b77935f3d9573e27007749a3b522f08d764c5b5930ff1527b2ab2743e9f0c15"}, ] google-cloud-storage = [ - {file = "google-cloud-storage-1.39.0.tar.gz", hash = "sha256:e9ba9e0486b385fa0b9f16a0c3bfa4cbb7001a2285adb65374de4415588cdb2d"}, - {file = "google_cloud_storage-1.39.0-py2.py3-none-any.whl", hash = "sha256:89a5f5290e61990a5ae138d8ba8895bc3fe1e00fbc2e3b6beb7fb8378ca7a2f1"}, + {file = "google-cloud-storage-1.41.1.tar.gz", hash = "sha256:a81ecc0f382b8e4437cc7f152f74d77ef917c8280a5d1040f5dcfbd0502c7906"}, + {file = "google_cloud_storage-1.41.1-py2.py3-none-any.whl", hash = "sha256:cd4c9039eb0017fdc75c3f96b0b5ea57759ceefe3a0401d514bcf0111cd7a508"}, ] google-crc32c = [ {file = "google-crc32c-1.1.2.tar.gz", hash = "sha256:dff5bd1236737f66950999d25de7a78144548ebac7788d30ada8c1b6ead60b27"}, @@ -1707,8 +1732,8 @@ google-crc32c = [ {file = "google_crc32c-1.1.2-cp39-cp39-win_amd64.whl", hash = "sha256:78cf5b1bd30f3a6033b41aa4ce8c796870bc4645a15d3ef47a4b05d31b0a6dc1"}, ] google-resumable-media = [ - {file = "google-resumable-media-1.3.1.tar.gz", hash = "sha256:1a1eb743d13f782d1405437c266b2c815ef13c2b141ba40835c74a3317539d01"}, - {file = "google_resumable_media-1.3.1-py2.py3-none-any.whl", hash = "sha256:106db689574283a7d9d154d5a97ab384153c55a1195cecb8c01cad9e6e827628"}, + {file = "google-resumable-media-1.3.3.tar.gz", hash = "sha256:ce38555d250bd70b0c2598bf61e99003cb8c569b0176ec0e3f38b86f9ffff581"}, + {file = "google_resumable_media-1.3.3-py2.py3-none-any.whl", hash = "sha256:092f39153cd67a4e409924edf08129f43cc72e630a1eb22abec93e80155df4ba"}, ] googleapis-common-protos = [ {file = "googleapis-common-protos-1.53.0.tar.gz", hash = "sha256:a88ee8903aa0a81f6c3cec2d5cf62d3c8aa67c06439b0496b49048fb1854ebf4"}, @@ -1752,8 +1777,8 @@ immutables = [ {file = "immutables-0.15.tar.gz", hash = "sha256:3713ab1ebbb6946b7ce1387bb9d1d7f5e09c45add58c2a2ee65f963c171e746b"}, ] importlib-metadata = [ - {file = "importlib_metadata-4.6.0-py3-none-any.whl", hash = "sha256:c6513572926a96458f8c8f725bf0e00108fba0c9583ade9bd15b869c9d726e33"}, - {file = "importlib_metadata-4.6.0.tar.gz", hash = "sha256:4a5611fea3768d3d967c447ab4e93f567d95db92225b43b7b238dbfb855d70bb"}, + {file = "importlib_metadata-4.6.3-py3-none-any.whl", hash = "sha256:51c6635429c77cf1ae634c997ff9e53ca3438b495f10a55ba28594dd69764a8b"}, + {file = "importlib_metadata-4.6.3.tar.gz", hash = "sha256:0645585859e9a6689c523927a5032f2ba5919f1f7d0e84bd4533312320de1ff9"}, ] itsdangerous = [ {file = "itsdangerous-1.1.0-py2.py3-none-any.whl", hash = "sha256:b12271b2047cb23eeb98c8b5622e2e5c5e9abd9784a153e9d8ef9cb4dd09d749"}, @@ -1841,8 +1866,8 @@ oauth2client = [ {file = "oauth2client-3.0.0.tar.gz", hash = "sha256:5b5b056ec6f2304e7920b632885bd157fa71d1a7f3ddd00a43b1541a8d1a2460"}, ] packaging = [ - {file = "packaging-20.9-py2.py3-none-any.whl", hash = "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"}, - {file = "packaging-20.9.tar.gz", hash = "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5"}, + {file = "packaging-21.0-py3-none-any.whl", hash = "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14"}, + {file = "packaging-21.0.tar.gz", hash = "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7"}, ] paramiko = [ {file = "paramiko-2.7.2-py2.py3-none-any.whl", hash = "sha256:4f3e316fef2ac628b05097a637af35685183111d4bc1b5979bd397c2ab7b5898"}, @@ -1882,9 +1907,13 @@ protobuf = [ {file = "protobuf-3.17.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:2ae692bb6d1992afb6b74348e7bb648a75bb0d3565a3f5eea5bec8f62bd06d87"}, {file = "protobuf-3.17.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:99938f2a2d7ca6563c0ade0c5ca8982264c484fdecf418bd68e880a7ab5730b1"}, {file = "protobuf-3.17.3-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:6902a1e4b7a319ec611a7345ff81b6b004b36b0d2196ce7a748b3493da3d226d"}, + {file = "protobuf-3.17.3-cp38-cp38-win32.whl", hash = "sha256:59e5cf6b737c3a376932fbfb869043415f7c16a0cf176ab30a5bbc419cd709c1"}, + {file = "protobuf-3.17.3-cp38-cp38-win_amd64.whl", hash = "sha256:ebcb546f10069b56dc2e3da35e003a02076aaa377caf8530fe9789570984a8d2"}, {file = "protobuf-3.17.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:4ffbd23640bb7403574f7aff8368e2aeb2ec9a5c6306580be48ac59a6bac8bde"}, {file = "protobuf-3.17.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:26010f693b675ff5a1d0e1bdb17689b8b716a18709113288fead438703d45539"}, {file = "protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:e76d9686e088fece2450dbc7ee905f9be904e427341d289acbe9ad00b78ebd47"}, + {file = "protobuf-3.17.3-cp39-cp39-win32.whl", hash = "sha256:a38bac25f51c93e4be4092c88b2568b9f407c27217d3dd23c7a57fa522a17554"}, + {file = "protobuf-3.17.3-cp39-cp39-win_amd64.whl", hash = "sha256:85d6303e4adade2827e43c2b54114d9a6ea547b671cb63fafd5011dc47d0e13d"}, {file = "protobuf-3.17.3-py2.py3-none-any.whl", hash = "sha256:2bfb815216a9cd9faec52b16fd2bfa68437a44b67c56bee59bc3926522ecb04e"}, {file = "protobuf-3.17.3.tar.gz", hash = "sha256:72804ea5eaa9c22a090d2803813e280fb273b62d5ae497aaf3553d141c4fdd7b"}, ] @@ -2006,12 +2035,12 @@ pytest-cov = [ {file = "pytest_cov-2.9.0-py2.py3-none-any.whl", hash = "sha256:c87dfd8465d865655a8213859f1b4749b43448b5fae465cb981e16d52a811424"}, ] pytest-flask = [ - {file = "pytest-flask-0.11.0.tar.gz", hash = "sha256:b0014dbc87c9877effbc632dcbdab5228bc939bf8974ead8b083eb784461d69c"}, - {file = "pytest_flask-0.11.0-py2.py3-none-any.whl", hash = "sha256:fbf77a4ff2efdaa15d895af00625d8242f4bbdf10aceaefc9deb170bb7a45767"}, + {file = "pytest-flask-0.15.1.tar.gz", hash = "sha256:cbd8c5b9f8f1b83e9c159ac4294964807c4934317a5fba181739ac15e1b823e6"}, + {file = "pytest_flask-0.15.1-py2.py3-none-any.whl", hash = "sha256:9001f6128c5c4a0d243ce46c117f3691052828d2faf39ac151b8388657dce447"}, ] python-dateutil = [ - {file = "python-dateutil-2.8.1.tar.gz", hash = "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c"}, - {file = "python_dateutil-2.8.1-py2.py3-none-any.whl", hash = "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"}, + {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"}, + {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"}, ] python-jose = [ {file = "python-jose-2.0.2.tar.gz", hash = "sha256:391f860dbe274223d73dd87de25e4117bf09e8fe5f93a417663b1f2d7b591165"}, @@ -2053,8 +2082,8 @@ pyyaml = [ {file = "PyYAML-5.4.1.tar.gz", hash = "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"}, ] requests = [ - {file = "requests-2.25.1-py2.py3-none-any.whl", hash = "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e"}, - {file = "requests-2.25.1.tar.gz", hash = "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804"}, + {file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"}, + {file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"}, ] responses = [ {file = "responses-0.13.3-py2.py3-none-any.whl", hash = "sha256:b54067596f331786f5ed094ff21e8d79e6a1c68ef625180a7d34808d6f36c11b"}, @@ -2138,14 +2167,14 @@ userdatamodel = [ {file = "userdatamodel-2.3.3.tar.gz", hash = "sha256:b846b7efd2d002a653474fa3bd7bf2a2c964277ff5f8d9bde8e9d975aca8d130"}, ] werkzeug = [ - {file = "Werkzeug-0.16.1-py2.py3-none-any.whl", hash = "sha256:1e0dedc2acb1f46827daa2e399c1485c8fa17c0d8e70b6b875b4e7f54bf408d2"}, - {file = "Werkzeug-0.16.1.tar.gz", hash = "sha256:b353856d37dec59d6511359f97f6a4b2468442e454bd1c98298ddce53cac1f04"}, + {file = "Werkzeug-1.0.1-py2.py3-none-any.whl", hash = "sha256:2de2a5db0baeae7b2d2664949077c2ac63fbd16d98da0ff71837f7d1dea3fd43"}, + {file = "Werkzeug-1.0.1.tar.gz", hash = "sha256:6c80b1e5ad3665290ea39320b91e1be1e0d5f60652b964a3070216de83d2e47c"}, ] xmltodict = [ {file = "xmltodict-0.12.0-py2.py3-none-any.whl", hash = "sha256:8bbcb45cc982f48b2ca8fe7e7827c5d792f217ecf1792626f808bf41c3b86051"}, {file = "xmltodict-0.12.0.tar.gz", hash = "sha256:50d8c638ed7ecb88d90561beedbf720c9b4e851a9fa6c47ebd64e99d166d8a21"}, ] zipp = [ - {file = "zipp-3.4.1-py3-none-any.whl", hash = "sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098"}, - {file = "zipp-3.4.1.tar.gz", hash = "sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76"}, + {file = "zipp-3.5.0-py3-none-any.whl", hash = "sha256:957cfda87797e389580cb8b9e3870841ca991e2125350677b2ca83a0e99390a3"}, + {file = "zipp-3.5.0.tar.gz", hash = "sha256:f5812b1e007e48cff63449a5e9f4e7ebea716b4111f9c4f9a645f91d579bf0c4"}, ] diff --git a/pyproject.toml b/pyproject.toml index 869e9bc2f3..17992a52df 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -46,7 +46,8 @@ retry = "^0.9.2" sqlalchemy = "^1.3.3" storageclient = {git = "https://github.com/uc-cdis/storage-client", rev = "1.0.2"} userdatamodel = "^2.3.3" -werkzeug = "^0.16.0" +werkzeug = "^1.0.0" +cachelib = "^0.2.0" [tool.poetry.dev-dependencies] addict = "^2.2.1" @@ -57,7 +58,7 @@ mock = "^2.0.0" moto = "^1.1.24" pytest = "^3.2.3" pytest-cov = "^2.5.1" -pytest-flask = "^0.11.0" +pytest-flask = "^0.15.0" [tool.poetry.scripts] fence-create = 'bin.fence_create:main' diff --git a/tests/jwt/test_tokens.py b/tests/jwt/test_tokens.py index 99caafe056..db45fb9a56 100644 --- a/tests/jwt/test_tokens.py +++ b/tests/jwt/test_tokens.py @@ -26,7 +26,7 @@ def test_passport_access_token(app, kid, rsa_private_key, test_user_a): ["openid", "user", "ga4gh_passport_v1"], client_id="client_a", ) - payload = jwt.decode(jwt_token.token, verify=False) + payload = jwt.decode(jwt_token.token, algorithms="RS256", verify=False) # assert required fields exist assert payload["iss"] is not None or "" assert payload["sub"] is not None or "" diff --git a/tests/link/test_link.py b/tests/link/test_link.py index 5da229b92c..57e8bafbcc 100644 --- a/tests/link/test_link.py +++ b/tests/link/test_link.py @@ -177,7 +177,11 @@ def test_google_link_auth_return( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) # simulate successfully authed reponse with user email @@ -254,7 +258,11 @@ def test_patch_google_link( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) r = client.patch( @@ -354,7 +362,11 @@ def test_patch_google_link_account_not_in_token( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) r = client.patch( @@ -406,7 +418,11 @@ def test_patch_google_link_account_doesnt_exist( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) r = client.patch( @@ -471,7 +487,11 @@ def test_google_link_g_account_exists( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) # simulate successfully authed reponse with user email @@ -546,7 +566,11 @@ def test_google_link_g_account_access_extension( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) # simulate successfully authed reponse with user email @@ -629,7 +653,11 @@ def test_google_link_g_account_exists_linked_to_different_user( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) # simulate successfully authed reponse with user email @@ -693,7 +721,11 @@ def test_google_link_no_proxy_group( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) # simulate successfully authed reponse with user email @@ -775,7 +807,11 @@ def test_google_link_when_google_mocked( # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) headers = {"Authorization": "Bearer " + encoded_creds_jwt.jwt} diff --git a/tests/link/test_link_id_token.py b/tests/link/test_link_id_token.py index f20874701c..5ec867210a 100644 --- a/tests/link/test_link_id_token.py +++ b/tests/link/test_link_id_token.py @@ -14,7 +14,7 @@ def test_google_id_token_not_linked(oauth_test_client): data = {"confirm": "yes"} oauth_test_client.authorize(data=data) tokens = oauth_test_client.token() - id_token = jwt.decode(tokens.id_token, verify=False) + id_token = jwt.decode(tokens.id_token, algorithms="RS256", verify=False) assert id_token["context"]["user"].get("google") is None @@ -48,7 +48,7 @@ def test_google_id_token_linked(db_session, encoded_creds_jwt, oauth_test_client data = {"confirm": "yes"} oauth_test_client.authorize(data=data) tokens = oauth_test_client.token() - id_token = jwt.decode(tokens.id_token, verify=False) + id_token = jwt.decode(tokens.id_token, algorithms="RS256", verify=False) assert "google" in id_token["context"]["user"] assert ( diff --git a/tests/login/test_google_login.py b/tests/login/test_google_login.py index f6c8953126..17d4bb8bd1 100644 --- a/tests/login/test_google_login.py +++ b/tests/login/test_google_login.py @@ -27,7 +27,11 @@ def test_google_login_http_headers_are_less_than_4k_for_user_with_many_projects( }, ) client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) user_projects = { diff --git a/tests/rfc6749/test_revoke.py b/tests/rfc6749/test_revoke.py index 36de8bb858..2bd34a2375 100644 --- a/tests/rfc6749/test_revoke.py +++ b/tests/rfc6749/test_revoke.py @@ -13,7 +13,7 @@ def test_blacklisted_token(client, oauth_client, encoded_jwt_refresh_token): print(encoded_jwt_refresh_token) import jwt - print(jwt.decode(encoded_jwt_refresh_token, verify=False)) + print(jwt.decode(encoded_jwt_refresh_token, algorithms="RS256", verify=False)) assert response.status_code == 200, response.data assert is_token_blacklisted(encoded_jwt_refresh_token) diff --git a/tests/session/test_session.py b/tests/session/test_session.py index 4333c77147..2ef14082f0 100644 --- a/tests/session/test_session.py +++ b/tests/session/test_session.py @@ -59,7 +59,11 @@ def test_valid_session(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) with client.session_transaction() as session: assert session["username"] == username @@ -78,7 +82,11 @@ def test_valid_session_modified(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) with client.session_transaction() as session: @@ -105,7 +113,11 @@ def test_expired_session_lifetime(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) with client.session_transaction() as session: # make sure we don't have the username when opening @@ -134,7 +146,11 @@ def test_expired_session_timeout(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) with client.session_transaction() as session: # make sure we don't have the username when opening @@ -154,7 +170,11 @@ def test_session_cleared(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) with client.session_transaction() as session: session["username"] = username @@ -172,7 +192,11 @@ def test_invalid_session_cookie(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) with client.session_transaction() as session: # main test is that we haven't raised an exception by this point @@ -212,13 +236,18 @@ def test_valid_session_valid_access_token( with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) client.set_cookie( "localhost", config["ACCESS_TOKEN_COOKIE_NAME"], test_access_jwt, httponly=True, + samesite="Lax", ) response = client.get("/user") @@ -260,13 +289,18 @@ def test_valid_session_valid_access_token_diff_user( with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) client.set_cookie( "localhost", config["ACCESS_TOKEN_COOKIE_NAME"], test_access_jwt, httponly=True, + samesite="Lax", ) response = client.get("/user") diff --git a/tests/test_logout.py b/tests/test_logout.py index c802f6add2..172c353eb3 100644 --- a/tests/test_logout.py +++ b/tests/test_logout.py @@ -71,7 +71,11 @@ def test_logout_fence(app, client, user_with_fence_provider, monkeypatch): with mock.patch("fence.allowed_login_redirects", return_value={"some_site.com"}): # manually set cookie for initial session client.set_cookie( - "localhost", config["SESSION_COOKIE_NAME"], test_session_jwt, httponly=True + "localhost", + config["SESSION_COOKIE_NAME"], + test_session_jwt, + httponly=True, + samesite="Lax", ) r = client.get("/logout?next={}".format(redirect)) From 4bfeb01e4c0d22594587306e3c4dc2fe8f5d250c Mon Sep 17 00:00:00 2001 From: Mingfei Shao Date: Fri, 6 Aug 2021 13:37:38 -0500 Subject: [PATCH 2/3] test pipeline --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2449f81910..e1932ca0ff 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ #!groovy -@Library('cdis-jenkins-lib@master') _ +@Library('cdis-jenkins-lib@test/samesite') _ testPipeline { } From 36fbbc3f04d2abb2047efdd8792adc43f002e1e5 Mon Sep 17 00:00:00 2001 From: Mingfei Shao Date: Fri, 6 Aug 2021 16:29:24 -0500 Subject: [PATCH 3/3] clean --- tests/jwt/test_tokens.py | 2 +- tests/link/test_link_id_token.py | 4 ++-- tests/rfc6749/test_revoke.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/jwt/test_tokens.py b/tests/jwt/test_tokens.py index db45fb9a56..99caafe056 100644 --- a/tests/jwt/test_tokens.py +++ b/tests/jwt/test_tokens.py @@ -26,7 +26,7 @@ def test_passport_access_token(app, kid, rsa_private_key, test_user_a): ["openid", "user", "ga4gh_passport_v1"], client_id="client_a", ) - payload = jwt.decode(jwt_token.token, algorithms="RS256", verify=False) + payload = jwt.decode(jwt_token.token, verify=False) # assert required fields exist assert payload["iss"] is not None or "" assert payload["sub"] is not None or "" diff --git a/tests/link/test_link_id_token.py b/tests/link/test_link_id_token.py index 5ec867210a..f20874701c 100644 --- a/tests/link/test_link_id_token.py +++ b/tests/link/test_link_id_token.py @@ -14,7 +14,7 @@ def test_google_id_token_not_linked(oauth_test_client): data = {"confirm": "yes"} oauth_test_client.authorize(data=data) tokens = oauth_test_client.token() - id_token = jwt.decode(tokens.id_token, algorithms="RS256", verify=False) + id_token = jwt.decode(tokens.id_token, verify=False) assert id_token["context"]["user"].get("google") is None @@ -48,7 +48,7 @@ def test_google_id_token_linked(db_session, encoded_creds_jwt, oauth_test_client data = {"confirm": "yes"} oauth_test_client.authorize(data=data) tokens = oauth_test_client.token() - id_token = jwt.decode(tokens.id_token, algorithms="RS256", verify=False) + id_token = jwt.decode(tokens.id_token, verify=False) assert "google" in id_token["context"]["user"] assert ( diff --git a/tests/rfc6749/test_revoke.py b/tests/rfc6749/test_revoke.py index 2bd34a2375..36de8bb858 100644 --- a/tests/rfc6749/test_revoke.py +++ b/tests/rfc6749/test_revoke.py @@ -13,7 +13,7 @@ def test_blacklisted_token(client, oauth_client, encoded_jwt_refresh_token): print(encoded_jwt_refresh_token) import jwt - print(jwt.decode(encoded_jwt_refresh_token, algorithms="RS256", verify=False)) + print(jwt.decode(encoded_jwt_refresh_token, verify=False)) assert response.status_code == 200, response.data assert is_token_blacklisted(encoded_jwt_refresh_token)