-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds route to create test user for dev purposes
- Loading branch information
Showing
1 changed file
with
51 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| # SPDX-License-Identifier: MIT | ||
| # Copyright (c) 2024 Collegiate Cyber Defense Club | ||
| import logging | ||
| import os | ||
| import uuid | ||
| from typing import Optional | ||
| from urllib.parse import urlparse | ||
|
|
@@ -397,3 +398,53 @@ async def logout(request: Request): | |
| @app.get("/favicon.ico", include_in_schema=False) | ||
| async def favicon(): | ||
| return FileResponse("./app/static/favicon.ico") | ||
|
|
||
|
|
||
| # This check is a little hacky and needs to be documented in the dev environment set up | ||
| # If it's run under docker, the -e flag should set the env variable, but if its local you have to set it yourself | ||
| # Use 'export ENV=development' to set the env variable | ||
| if os.getenv("ENV") == "development": | ||
|
|
||
| @app.get("/dev/user") | ||
| async def create_dev_user(request: Request, session: Session = Depends(get_session)): | ||
| if request.client.host not in ["127.0.0.1", "localhost"]: | ||
| return Errors.generate( | ||
| request, | ||
| 403, | ||
| "Forbidden", | ||
| essay="This endpoint is only available on localhost.", | ||
| ) | ||
|
|
||
| # Generate random user data | ||
| user_id = uuid.uuid4() | ||
| discord_id = str(uuid.uuid4()) | ||
|
|
||
| user = UserModel( | ||
| id=user_id, | ||
| discord_id=discord_id, | ||
| ) | ||
|
|
||
| discord_user = DiscordModel(username=f"devuser-{user_id}", email=f"[email protected]", user_id=user_id, user=user) | ||
|
|
||
| session.add(user) | ||
| session.commit() | ||
| session.refresh(user) | ||
|
|
||
| session.add(discord_user) | ||
| session.commit() | ||
| session.refresh(discord_user) | ||
|
|
||
| # Create JWT token for the user | ||
| bearer = Authentication.create_jwt(user) | ||
| rr = RedirectResponse("/profile", status_code=status.HTTP_302_FOUND) | ||
| max_age = Settings().jwt.lifetime_sudo | ||
| rr.set_cookie( | ||
| key="token", | ||
| value=bearer, | ||
| httponly=True, | ||
| samesite="lax", | ||
| secure=False, | ||
| max_age=max_age, | ||
| ) | ||
|
Check warning Code scanning / CodeQL Failure to use secure cookies Medium
Cookie is added without the Secure attribute properly set.
|
||
|
|
||
| return rr | ||