Untitled
unknown
plain_text
2 years ago
4.8 kB
13
Indexable
import base64
from urllib.parse import urlencode
import http.cookies as cookies
import http.client
from jose import jwt
cognito_user_pool_id = "us-east-1_f1oN3uxu6"
cognito_client_id = "mi6m1p1j3c7q6hdfiapmar0cb"
cognito_client_secret = "1a877rudvu15nf90hm0v0j3rst3q4e9smhjlu9a16o603t291g1q"
def exchange_code_for_token(request) :
credentials = f"{cognito_client_id}:{cognito_client_secret}"
credentials_bytes = credentials.encode('utf-8')
credentials_base64 = base64.b64encode(credentials_bytes).decode('utf-8')
# print(credentials_base64)
headers = {
'content-type': 'application/x-www-form-urlencoded',
'authorization': 'Basic ' + credentials_base64
}
code = request['querystring'].split("=")[1]
data = {
'grant_type': 'authorization_code',
'redirect_uri': 'https://d38tpuisuaynq.cloudfront.net/parseauth',
'code': code
}
#print(code)
url = "stylcoggoogle.auth.us-east-1.amazoncognito.com"
conn = http.client.HTTPSConnection(url)
conn.request("POST", "/oauth2/token", urlencode(data), headers)
response = conn.getresponse()
response_data = response.read().decode('utf-8')
response_data = eval(response_data)
print("RESPONSE_DATA THAT GET ID_TOKEN : ", response_data)
my_cookie = cookies.SimpleCookie()
my_cookie['token'] = response_data['access_token']
my_cookie['token']['max-age'] = response_data['expires_in']
my_cookie['token']['path'] = '/'
my_cookie['token']['secure'] = True
set_cookie_value = my_cookie.output(header = '')
print("MY COOKIE VALUE : ", set_cookie_value)
final_response = {
'status': '302',
'statusDescription': 'Found',
'headers': {
'location': [{
'key': 'Location',
'value': 'https://d38tpuisuaynq.cloudfront.net/index.html'
}],
'set-cookie' : [{
'key': 'Set-Cookie',
'value' : set_cookie_value
}],
'cache-control': [{
'key': 'Cache-Control',
'value': 'no-cache'
}]
}
}
print("SET COOKIES SUCCESS, RETURN FINAL_RESPONSE ", final_response)
return final_response
def get_key(access_token):
url = "/us-east-1_f1oN3uxu6/.well-known/jwks.json"
host = "cognito-idp.us-east-1.amazonaws.com"
conn = http.client.HTTPSConnection(host)
conn.request("GET", url)
response = conn.getresponse().read().decode('utf-8')
# print(response)
jwks_data = eval(response)
header = jwt.get_unverified_header(access_token)
header_kid = header['kid']
for item in jwks_data['keys']:
if (item['kid'] == header_kid) : return item
# ------------------------------- VALIDATION METHOD ------------------------------- #
def verify_jwt_token(access_token) :
try :
key = get_key(access_token)
response = jwt.decode(
access_token, key,
options = {
"verify_iss": True,
"iss" : f"https://cognito-idp.us-east-1.amazonaws.com/{cognito_user_pool_id}",
"verify_signature": True,
"verify_exp": True
}
)
if (response['client_id'] == cognito_client_id) : return True
return False
except :
return False
def lambda_handler(event, context):
print("EVENT FROM CLOUDFRONT : ", event)
request = event['Records'][0]['cf']['request']
if (request['uri'].startswith('/parseauth')) :
return exchange_code_for_token(request)
cookie = None
if 'cookie' in request['headers'] : cookie = request['headers']['cookie'][0]['value'].split("=")[1]
print("COOKIE VALUE : ", cookie)
if verify_jwt_token(cookie) :
print("SUCCESSFUL VALIDATION !!!")
return request
else :
print("FAIL VALIDATION, UNAUTHORIZE ACCESS !!!! REDIRECT TO SIGN-IN PAGE.")
response = {
'status': '302',
'statusDescription': 'Found',
'headers': {
'location': [{
'key': 'Location',
'value': 'https://stylcoggoogle.auth.us-east-1.amazoncognito.com/login?client_id=mi6m1p1j3c7q6hdfiapmar0cb&response_type=code&scope=aws.cognito.signin.user.admin+email+openid&redirect_uri=https%3A%2F%2Fd38tpuisuaynq.cloudfront.net%2Fparseauth'
}]
}
}
print("REDIRECT RESPONSE TO COGNITO SIGN-IN : ", response)
return response
Editor is loading...