Merge pull request #948 from uc-cdis/feat/atlas-hacks

uc-cdis · Jul 29, 2021 · af05d68 · af05d68
2 parents 6ca09be + f891dd0
commit af05d68
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 39 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -7,6 +7,9 @@
     {
       "name": "AWSKeyDetector"
     },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
     {
       "name": "Base64HighEntropyString",
       "limit": 4.5
@@ -19,7 +22,7 @@
     },
     {
       "name": "HexHighEntropyString",
-      "limit": 3
+      "limit": 3.0
     },
     {
       "name": "IbmCloudIamDetector"
@@ -37,6 +40,9 @@
     {
       "name": "MailchimpDetector"
     },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
@@ -46,6 +52,9 @@
     {
       "name": "SoftlayerDetector"
     },
+    {
+      "name": "SquareOAuthDetector"
+    },
     {
       "name": "StripeDetector"
     },
@@ -116,6 +125,13 @@
         "hashed_secret": "98c144f5ecbb4dbe575147a39698b6be1a5649dd",
         "is_verified": false,
         "line_number": 66
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "fence/blueprints/storage_creds/other.py",
+        "hashed_secret": "98c144f5ecbb4dbe575147a39698b6be1a5649dd",
+        "is_verified": false,
+        "line_number": 66
       }
     ],
     "fence/config-default.yaml": [
@@ -149,7 +165,7 @@
         "filename": "fence/resources/google/utils.py",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_verified": false,
-        "line_number": 277
+        "line_number": 125
       }
     ],
     "fence/utils.py": [
@@ -159,43 +175,20 @@
         "hashed_secret": "8318df9ecda039deac9868adf1944a29a95c7114",
         "is_verified": false,
         "line_number": 105
-      }
-    ],
-    "openapis/swagger.yaml": [
-      {
-        "type": "Private Key",
-        "filename": "openapis/swagger.yaml",
-        "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
-        "is_verified": false,
-        "line_number": 1927
       },
       {
         "type": "Secret Keyword",
-        "filename": "openapis/swagger.yaml",
-        "hashed_secret": "bb8e48bd1e73662027a0f0b876b695d4c18f5ed4",
+        "filename": "fence/utils.py",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
         "is_verified": false,
-        "line_number": 1927
+        "line_number": 249
       },
       {
         "type": "Secret Keyword",
-        "filename": "openapis/swagger.yaml",
-        "hashed_secret": "7861ab65194de92776ab9cd06d4d7e7e1ec2c36d",
-        "is_verified": false,
-        "line_number": 2007
-      },
-      {
-        "type": "JSON Web Token",
-        "filename": "openapis/swagger.yaml",
-        "hashed_secret": "d6b66ddd9ea7dbe760114bfe9a97352a5e139134",
-        "is_verified": false,
-        "line_number": 2029
-      },
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "openapis/swagger.yaml",
-        "hashed_secret": "98c144f5ecbb4dbe575147a39698b6be1a5649dd",
+        "filename": "fence/utils.py",
+        "hashed_secret": "8954f53c9dc3f57137230a016d65bfaee24f8bc5",
         "is_verified": false,
-        "line_number": 2041
+        "line_number": 250
       }
     ],
     "tests/conftest.py": [
@@ -218,9 +211,23 @@
       {
         "type": "Secret Keyword",
         "filename": "tests/credentials/google/test_credentials.py",
-        "hashed_secret": "22afbfecd4124e2eb0e2a79fafdf62b207a8f8c7",
+        "hashed_secret": "a06bdb09c0106ab559bd6acab2f1935e19f7e939",
+        "is_verified": false,
+        "line_number": 381
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/credentials/google/test_credentials.py",
+        "hashed_secret": "93aa43c580f5347782e17fba5091f944767b15f0",
+        "is_verified": false,
+        "line_number": 474
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/credentials/google/test_credentials.py",
+        "hashed_secret": "768b7fe00de4fd233c0c72375d12f87ce9670144",
         "is_verified": false,
-        "line_number": 579
+        "line_number": 476
       }
     ],
     "tests/keys/2018-05-01T21:29:02Z/jwt_private_key.pem": [
@@ -247,7 +254,16 @@
         "filename": "tests/ras/test_ras.py",
         "hashed_secret": "d9db6fe5c14dc55edd34115cdf3958845ac30882",
         "is_verified": false,
-        "line_number": 327
+        "line_number": 92
+      }
+    ],
+    "tests/scripting/test_fence-create.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/scripting/test_fence-create.py",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 1120
       }
     ],
     "tests/test-fence-config.yaml": [
@@ -257,8 +273,15 @@
         "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
         "is_verified": false,
         "line_number": 31
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/test-fence-config.yaml",
+        "hashed_secret": "1627df13b5cd8b3521d02bd8eb2ca31334b3aef2",
+        "is_verified": false,
+        "line_number": 472
       }
     ]
   },
-  "generated_at": "2021-07-20T17:15:01Z"
+  "generated_at": "2021-07-28T16:10:55Z"
 }
diff --git a/docs/local_multi_fence.md b/docs/local_multi_fence.md
@@ -48,4 +48,3 @@ that right now you have main-Fence set up, but not other-Fence.
    For other-Fence your command will look something like this:
    `[poetry run] python run_other_way.py --config_path other-fence-config.yaml`
 1. Try: hit http://mainfence[/user]/login/fence
-
diff --git a/fence/blueprints/user.py b/fence/blueprints/user.py
@@ -24,6 +24,7 @@ def user_info():
         client_id = current_token["azp"]
     info = get_current_user_info()
     info["azp"] = client_id
+
     return flask.jsonify(info)
 
 

diff --git a/fence/jwt/keys.py b/fence/jwt/keys.py
@@ -188,7 +188,7 @@ def public_key_to_jwk(self):
             except AttributeError:
                 # there is no need to decode values that are already strings
                 pass
-        jwk_dict.update({"use": "sig", "key_ops": "verify", "kid": self.kid})
+        jwk_dict.update({"use": "sig", "key_ops": ["verify"], "kid": self.kid})
         return jwk_dict
 
 

diff --git a/fence/resources/user/__init__.py b/fence/resources/user/__init__.py
@@ -77,7 +77,7 @@ def get_user_info(current_session, username):
     groups = udm.get_user_groups(current_session, username)["groups"]
     info = {
         "user_id": user.id,  # TODO deprecated, use 'sub'
-        "sub": user.id,
+        "sub": str(user.id),
         # getattr b/c the identity_provider sqlalchemy relationship could not exists (be None)
         "idp": getattr(user.identity_provider, "name", ""),
         "username": user.username,  # TODO deprecated, use 'name'

diff --git a/tests/rfc7517/test_jwks.py b/tests/rfc7517/test_jwks.py
@@ -41,7 +41,7 @@ def test_response_values(app, client):
         assert key["alg"] == "RS256"
         assert key["kty"] == "RSA"
         assert key["use"] == "sig"
-        assert key["key_ops"] == "verify"
+        assert key["key_ops"] == ["verify"]
         assert key["kid"] in app_kids
         # Attempt to reproduce the public key from the JWK response.
         key_pem = jwk.construct(key).to_pem().decode("utf-8")