OpenID Proper token

2024-03-30 19:19:57 +00:00 · 2024-03-30 19:19:57 +00:00 · f5b1038289
parent 23db9ed0fd
commit f5b1038289
1 changed files with 32 additions and 4 deletions
--- a/36
+++ b/36
@ -1,4 +1,5 @@
 #!/usr/bin/python3
+import jwt
 import os
 import sqlite3
 import time
@ -78,12 +79,26 @@ async def oauth2_token_refresh(openid, appId):
        conn = get_db_connection()

        # Fetch required data in a single query
-        login_data = conn.execute("SELECT nextcode, nextsecret FROM logins WHERE appId = ? AND openid = ?", (str(appId), str(openid))).fetchone()
+        login_data = conn.execute("SELECT nextcode, nextsecret, nextopenid FROM logins WHERE appId = ? AND openid = ?", (str(appId), str(openid))).fetchone()
+
+        datatemplate = {
+            "sub": user["username"],
+            "iss": "https://auth.hectabit.org",
+            "name": user["username"],
+            "aud": appId,
+            "exp": time.time() + 3600,
+            "iat": time.time(),
+            "auth_time": time.time(),
+            "nonce": str(secrets.token_hex(512))
+        }
+
+        jwt_token = jwt.encode(datatemplate, SECRET_KEY, algorithm='HS256')

        if login_data:
            nextcode = login_data[0]
            nextsecret = login_data[1]
-            conn.execute("UPDATE logins SET code = ?, nextcode = ?, secret = ?, nextsecret = ? WHERE appId = ? AND openid = ?", (nextcode, str(secrets.token_hex(512)), nextsecret, str(secrets.token_hex(512)), str(appId), str(openid)))
+            nextopenid = login_data[2]
+            conn.execute("UPDATE logins SET code = ?, nextcode = ?, secret = ?, nextsecret = ?, openid = ?, nextopenid = ? WHERE appId = ? AND openid = ?", (nextcode, str(secrets.token_hex(512)), nextsecret, str(secrets.token_hex(512)), nextopenid, str(jwt_token), str(appId), str(openid)))
            conn.commit()
            conn.close()
            await asyncio.sleep(3600)
@ -238,8 +253,21 @@ async def apiauthenticate():
        if not str(appidcheck) == str(appId):
            return {}, 401

-        conn.execute("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)", 
-                (str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(secrets.token_hex(512))))
+        datatemplate = {
+            "sub": user["username"],
+            "iss": "https://auth.hectabit.org",
+            "name": user["username"],
+            "aud": appId,
+            "exp": time.time() + 3600,
+            "iat": time.time(),
+            "auth_time": time.time(),
+            "nonce": str(secrets.token_hex(512))
+        }
+
+        jwt_token = jwt.encode(datatemplate, SECRET_KEY, algorithm='HS256')
+
+        conn.execute("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)",
+                (str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(jwt_token)))

        conn.commit()
        conn.close()