crash.software
Projects
Pull Requests
Issues
Builds
GraphSpy
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY GraphSpy Commits 7875e43b
🤬

  • Allow to save access tokens for applications and take inconsistencies between access token claims into consideration

  • Loading...
  • RedByte1337 committed 2 months ago
    7875e43b
    1 parent 0cd62cc4
  • ■ ■ ■ ■ ■
    GraphSpy/GraphSpy.py
    skipped 88 lines
    89 89  
    90 90  def save_access_token(accesstoken, description):
    91 91   decoded_accesstoken = jwt.decode(accesstoken, options={"verify_signature": False})
     92 + user = "unknown"
     93 + # If the idtype is user, use the unique_name or upn
     94 + # If the idtype is app, use the app_displayname or appid
     95 + if "idtyp" in decoded_accesstoken and decoded_accesstoken["idtyp"] == "user":
     96 + user = decoded_accesstoken["unique_name"] if "unique_name" in decoded_accesstoken else decoded_accesstoken["upn"] if "upn" in decoded_accesstoken else "unknown"
     97 + elif "idtyp" in decoded_accesstoken and decoded_accesstoken["idtyp"] == "app":
     98 + user = decoded_accesstoken["app_displayname"] if "app_displayname" in decoded_accesstoken else decoded_accesstoken["appid"] if "appid" in decoded_accesstoken else "unknown"
    92 99  
    93 100   execute_db("INSERT INTO accesstokens (stored_at, issued_at, expires_at, description, user, resource, accesstoken) VALUES (?,?,?,?,?,?,?)",(
    94 101   f"{datetime.now()}".split(".")[0],
    95  - datetime.fromtimestamp(decoded_accesstoken["iat"]),
    96  - datetime.fromtimestamp(decoded_accesstoken["exp"]),
     102 + datetime.fromtimestamp(decoded_accesstoken["iat"]) if "iat" in decoded_accesstoken else "unknown",
     103 + datetime.fromtimestamp(decoded_accesstoken["exp"]) if "exp" in decoded_accesstoken else "unknown",
    97 104   description,
    98  - decoded_accesstoken["unique_name"],
    99  - decoded_accesstoken["aud"],
     105 + user,
     106 + decoded_accesstoken["aud"] if "aud" in decoded_accesstoken else "unknown",
    100 107   accesstoken
    101 108   )
    102 109   )
    skipped 44 lines
    147 154   access_token_id = query_db("SELECT id FROM accesstokens where accesstoken = ?",[access_token],one=True)[0]
    148 155   if store_refresh_token:
    149 156   decoded_accesstoken = jwt.decode(access_token, options={"verify_signature": False})
     157 + user = "unknown"
     158 + # If the idtype is user, use the unique_name or upn
     159 + # If the idtype is app, use the app_displayname or appid
     160 + if "idtyp" in decoded_accesstoken and decoded_accesstoken["idtyp"] == "user":
     161 + user = decoded_accesstoken["unique_name"] if "unique_name" in decoded_accesstoken else decoded_accesstoken["upn"] if "upn" in decoded_accesstoken else "unknown"
     162 + elif "idtyp" in decoded_accesstoken and decoded_accesstoken["idtyp"] == "app":
     163 + user = decoded_accesstoken["app_displayname"] if "app_displayname" in decoded_accesstoken else decoded_accesstoken["appid"] if "appid" in decoded_accesstoken else "unknown"
    150 164   save_refresh_token(
    151 165   response.json()["refresh_token"],
    152 166   f"Created using refresh token {refresh_token_id}",
    153  - decoded_accesstoken["unique_name"],
     167 + user,
    154 168   tenant_id,
    155  - response.json()["resource"],
    156  - response.json()["foci"]
     169 + response.json()["resource"] if "resource" in response.json() else "unknown",
     170 + response.json()["foci"] if "foci" in response.json() else 0
    157 171   )
    158 172   return access_token_id
    159 173   
    skipped 49 lines
    209 223   user_code = row["user_code"]
    210 224   save_access_token(access_token, f"Created using device code auth ({user_code})")
    211 225   decoded_accesstoken = jwt.decode(access_token, options={"verify_signature": False})
     226 + user = "unknown"
     227 + # If the idtype is user, use the unique_name or upn
     228 + # If the idtype is app, use the app_displayname or appid
     229 + if "idtyp" in decoded_accesstoken and decoded_accesstoken["idtyp"] == "user":
     230 + user = decoded_accesstoken["unique_name"] if "unique_name" in decoded_accesstoken else decoded_accesstoken["upn"] if "upn" in decoded_accesstoken else "unknown"
     231 + elif "idtyp" in decoded_accesstoken and decoded_accesstoken["idtyp"] == "app":
     232 + user = decoded_accesstoken["app_displayname"] if "app_displayname" in decoded_accesstoken else decoded_accesstoken["appid"] if "appid" in decoded_accesstoken else "unknown"
    212 233   save_refresh_token(
    213 234   response.json()["refresh_token"],
    214 235   f"Created using device code auth ({user_code})",
    215  - decoded_accesstoken["unique_name"],
    216  - decoded_accesstoken["tid"],
     236 + user,
     237 + decoded_accesstoken["tid"] if "tid" in decoded_accesstoken else "unknown",
    217 238   response.json()["resource"],
    218 239   int(response.json()["foci"]))
    219 240   execute_db("UPDATE devicecodes SET status = ? WHERE device_code = ?",("SUCCESS",row["device_code"]))
    skipped 386 lines
Please wait...
Page is in error, reload to recover