Loading server_side/dockerfiles/Dockerfile.python +7 −6 Original line number Diff line number Diff line FROM ubuntu:18.04 AS no2fa FROM ubuntu:22.04 AS no2fa ARG DEBIAN_FRONTEND=noninteractive ENV TZ=Europe/Moscow RUN apt-get update && apt-get install -y ssh libpam-python curl python sudo vim python-dev build-essential libssl-dev RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py && python get-pip.py RUN apt-get update && apt-get install -y ssh libpam-python curl python2 sudo vim python2-dev build-essential libssl1.0 RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py && python2 get-pip.py RUN apt-get install -y libffi-dev RUN pip config set global.target /lib/python2.7 \ && pip install requests \ && pip install jwt RUN pip2 config set global.target /lib/python2.7 \ && pip2 install requests \ && pip2 install jwt==0.3.2 \ && pip2 install cryptography==2.3 RUN useradd test RUN mkhomedir_helper test Loading server_side/python/oidc-pam.py +5 −2 Original line number Diff line number Diff line Loading @@ -109,7 +109,10 @@ def verify_token_jwt(pamh, config, user, access_token): jwks_url = config['jwks_uri'] key_set = requests.get(jwks_url, timeout=5) key_id = jwt.get_unverified_header(access_token)['kid'] encoded_header, rest = access_token.split('.', 1) headerobj = json.loads(base64.b64_decode(encoded_header).decode('utf8')) key_id = headerobj['kid'] for key in key_set.json()['keys']: if key['kid'] == key_id: x5c = key['x5c'][0] Loading @@ -120,7 +123,7 @@ def verify_token_jwt(pamh, config, user, access_token): cert = load_der_x509_certificate(base64.b64decode(x5c), default_backend()) # Decode token (exp date is checked automatically) decoded_token = jwt_decode( decoded_token = jwt.decode( access_token, key=certificate.public_key(), algorithms=['RS256'], Loading Loading
server_side/dockerfiles/Dockerfile.python +7 −6 Original line number Diff line number Diff line FROM ubuntu:18.04 AS no2fa FROM ubuntu:22.04 AS no2fa ARG DEBIAN_FRONTEND=noninteractive ENV TZ=Europe/Moscow RUN apt-get update && apt-get install -y ssh libpam-python curl python sudo vim python-dev build-essential libssl-dev RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py && python get-pip.py RUN apt-get update && apt-get install -y ssh libpam-python curl python2 sudo vim python2-dev build-essential libssl1.0 RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py && python2 get-pip.py RUN apt-get install -y libffi-dev RUN pip config set global.target /lib/python2.7 \ && pip install requests \ && pip install jwt RUN pip2 config set global.target /lib/python2.7 \ && pip2 install requests \ && pip2 install jwt==0.3.2 \ && pip2 install cryptography==2.3 RUN useradd test RUN mkhomedir_helper test Loading
server_side/python/oidc-pam.py +5 −2 Original line number Diff line number Diff line Loading @@ -109,7 +109,10 @@ def verify_token_jwt(pamh, config, user, access_token): jwks_url = config['jwks_uri'] key_set = requests.get(jwks_url, timeout=5) key_id = jwt.get_unverified_header(access_token)['kid'] encoded_header, rest = access_token.split('.', 1) headerobj = json.loads(base64.b64_decode(encoded_header).decode('utf8')) key_id = headerobj['kid'] for key in key_set.json()['keys']: if key['kid'] == key_id: x5c = key['x5c'][0] Loading @@ -120,7 +123,7 @@ def verify_token_jwt(pamh, config, user, access_token): cert = load_der_x509_certificate(base64.b64decode(x5c), default_backend()) # Decode token (exp date is checked automatically) decoded_token = jwt_decode( decoded_token = jwt.decode( access_token, key=certificate.public_key(), algorithms=['RS256'], Loading
