Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge from master into feature branch #1122

Merged
merged 8 commits into from
Mar 6, 2025
Merged

Merge from master into feature branch #1122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d5bb2ae
Update authlib
cccs-rs Feb 8, 2025
74c34fd
Update code to use newer of authlib
cccs-rs Feb 8, 2025
9b9bed0
Handle cases where the value of `identity_id` was never assigned
cccs-rs Feb 9, 2025
a185fb8
Update setup.py
cccs-rs Feb 10, 2025
263cd7b
Merge pull request #1108 from CybercentreCanada/CVE-2024-37568
cccs-rs Feb 11, 2025
c1833f0
Merge pull request #1109 from CybercentreCanada/assemblyline/issues/315
cccs-rs Feb 11, 2025
6cda044
Update to use official Elasticsearch image for testing
cccs-rs Feb 19, 2025
561ce9e
Merge pull request #1115 from CybercentreCanada/update_pipelines
cccs-rs Feb 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions assemblyline_ui/api/v4/authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
from assemblyline_ui.security.saml_auth import get_attribute, get_roles, get_types
from authlib.integrations.base_client import OAuthError
from authlib.integrations.requests_client import OAuth2Session
from authlib.integrations.flask_client import OAuth, FlaskRemoteApp
from authlib.integrations.flask_client import OAuth, FlaskOAuth2App
from flask import current_app, redirect, request
from flask import session as flsk_session
from onelogin.saml2.auth import OneLogin_Saml2_Auth
Expand Down Expand Up @@ -671,7 +671,7 @@ def oauth_validate(**_):

if config.auth.oauth.enabled:
oauth: OAuth = current_app.extensions.get('authlib.integrations.flask_client')
provider: FlaskRemoteApp = oauth.create_client(oauth_provider)
provider: FlaskOAuth2App = oauth.create_client(oauth_provider)

if provider:
# noinspection PyBroadException
Expand Down Expand Up @@ -722,7 +722,7 @@ def oauth_validate(**_):

# Add user_data info from received token
if oauth_provider_config.jwks_uri:
user_data = provider.parse_id_token(token)
user_data = provider.parse_id_token(token, None)

# Add user data from app_provider endpoint
if app_provider and oauth_provider_config.app_provider.user_get:
Expand Down
6 changes: 3 additions & 3 deletions assemblyline_ui/api/v4/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,7 +355,7 @@ def add_user_account(username, **_):

# Check identity_id value
if not data.get('identity_id'):
data.pop('identity_id')
data.pop('identity_id', None)

if avatar is not None:
STORAGE.user_avatar.save(username, avatar)
Expand Down Expand Up @@ -425,7 +425,7 @@ def get_user_account(username, **kwargs):

user['roles'] = load_roles(user['type'], user.get('roles', None))
if ROLES.administration not in kwargs['user']['roles']:
user.pop('identity_id')
user.pop('identity_id', None)

return make_api_response(user)

Expand Down Expand Up @@ -525,7 +525,7 @@ def set_user_account(username, **kwargs):

# Check identity_id value
if not data.get('identity_id'):
data.pop('identity_id')
data.pop('identity_id', None)

ret_val = save_user_account(username, data, kwargs['user'])

Expand Down
2 changes: 1 addition & 1 deletion assemblyline_ui/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import logging
import os

from authlib.integrations.base_client.base_oauth import OAUTH_CLIENT_PARAMS
from authlib.integrations.base_client.registry import OAUTH_CLIENT_PARAMS
from authlib.integrations.flask_client import OAuth
from elasticapm.contrib.flask import ElasticAPM
from flask import Flask
Expand Down
4 changes: 2 additions & 2 deletions assemblyline_ui/helper/oauth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import re
import requests

from authlib.integrations.flask_client import FlaskRemoteApp
from authlib.integrations.flask_client import FlaskOAuth2App
from assemblyline.odm.models.config import OAuthProvider
from assemblyline.odm.models.user import load_roles, USER_TYPE_DEP
from assemblyline.common.random_user import random_user
Expand Down Expand Up @@ -211,7 +211,7 @@ def parse_profile(profile: dict, provider: OAuthProvider):
)


def fetch_avatar(url: str, provider: FlaskRemoteApp, provider_config:OAuthProvider):
def fetch_avatar(url: str, provider: FlaskOAuth2App, provider_config:OAuthProvider):
if url.startswith(provider_config.api_base_url):
resp = provider.get(url[len(provider_config.api_base_url):])
if resp.ok and resp.headers.get("content-type") is not None:
Expand Down
7 changes: 4 additions & 3 deletions pipelines/azure-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,12 @@ resources:
ports:
- 6379:6379
- container: elasticsearch
image: cccs/elasticsearch:8.10.2
image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
env:
xpack.security.enabled: true
discovery.type: single-node
ES_JAVA_OPTS: "-Xms256m -Xmx512m"
DISCOVERY_TYPE: "single-node"
ELASTIC_PASSWORD: "devpass"
ELASTIC_PASSWORD: devpass
ports:
- 9200:9200
- container: minio
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
'markdown',
'python-ldap',
'python3-saml',
'authlib<1.0.0',
'Authlib>=1.3.1',
'fido2<1.0.0',
'PyJWT',
'gunicorn',
Expand Down
3 changes: 3 additions & 0 deletions test/test_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,9 @@ def test_set_user(datastore, login_session):
u = random_model_obj(User).as_primitives()
u['uname'] = username

# Omit setting identity_id for user (API shouldn't crash if identity_id is missing)
u.pop('identity_id')

resp = get_api_data(session, f"{host}/api/v4/user/{username}/", method="POST", data=json.dumps(u))
assert resp['success']

Expand Down