From 505657ae20ad26b4854f400243ea8c8f53344645 Mon Sep 17 00:00:00 2001 From: Shahar Glazner Date: Tue, 15 Oct 2024 19:18:58 +0300 Subject: [PATCH] fix(api): default jwt secret (#2207) --- docs/deployment/configuration.mdx | 7 +++---- .../identity_managers/db/db_authverifier.py | 10 ++++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/deployment/configuration.mdx b/docs/deployment/configuration.mdx index 0785cd6a9..f4c1a1714 100644 --- a/docs/deployment/configuration.mdx +++ b/docs/deployment/configuration.mdx @@ -75,10 +75,9 @@ Authentication configuration determines how Keep verifies user identities and ma | Env var | Purpose | Required | Default Value | Valid options | |:-------------------:|:-------:|:----------:|:-------------:|:-------------:| | **AUTH_TYPE** | Specifies the authentication type | No | "noauth" | "auth0", "keycloak", "db", "noauth", "oauth2proxy" | -| **JWT_SECRET** | Secret key for JWT token generation and validation | Yes | None | Any strong secret string | -| **JWT_ALGORITHM** | Algorithm used for JWT | No | "HS256" | Any valid JWT algorithm | -| **KEEP_DEFAULT_USERNAME** | Default username for the admin user | No | "keep" | Any valid username string | -| **KEEP_DEFAULT_PASSWORD** | Default password for the admin user | No | "keep" | Any strong password string | +| **KEEP_JWT_SECRET** | Secret key for JWT token generation and validation (DB auth only) | Yes | None | Any strong secret string | +| **KEEP_DEFAULT_USERNAME** | Default username for the admin user (DB auth only) | No | "keep" | Any valid username string | +| **KEEP_DEFAULT_PASSWORD** | Default password for the admin user (DB auth only)| No | "keep" | Any strong password string | | **KEEP_FORCE_RESET_DEFAULT_PASSWORD** | Forces reset of default user password | No | "false" | "true" or "false" | | **KEEP_DEFAULT_API_KEYS** | Comma-separated list of default API keys to provision | No | "" | Format: "name:role:secret,name:role:secret" | diff --git a/keep/identitymanager/identity_managers/db/db_authverifier.py b/keep/identitymanager/identity_managers/db/db_authverifier.py index f2d3e5b9c..71a0f0f65 100644 --- a/keep/identitymanager/identity_managers/db/db_authverifier.py +++ b/keep/identitymanager/identity_managers/db/db_authverifier.py @@ -15,10 +15,12 @@ class DbAuthVerifier(AuthVerifierBase): def _verify_bearer_token(self, token: str) -> AuthenticatedEntity: # validate the token - jwt_secret = os.environ.get("KEEP_JWT_SECRET") - if not jwt_secret: - self.logger.warning("missing KEEP_JWT_SECRET environment variable") - raise HTTPException(status_code=401, detail="Missing JWT secret") + jwt_secret = os.environ.get("KEEP_JWT_SECRET", "jwtsecret") + # if default + if jwt_secret == "jwtsecret": + self.logger.warning( + "KEEP_JWT_SECRET environment variable is not set, using default value. Should be set in production." + ) try: payload = jwt.decode(