pypi · di · Aug 12, 2024 · Jun 18, 2024 · Jun 18, 2024 · Jul 9, 2024
@@ -59,10 +59,10 @@ def test_github_publisher_all_known_claims(self):
             "nbf",
             "exp",
             "aud",
+            "jti",
             # unchecked claims
             "actor",
             "actor_id",
-            "jti",
             "run_id",
             "run_number",
             "run_attempt",

@@ -57,6 +57,7 @@ def test_gitlab_publisher_all_known_claims(self):
             "nbf",
             "exp",
             "aud",
+            "jti",
             # unchecked claims
             "project_id",
             "namespace_id",
@@ -78,7 +79,6 @@ def test_gitlab_publisher_all_known_claims(self):
             "runner_environment",
             "ci_config_sha",
             "project_visibility",
-            "jti",
             "user_access_level",
             "groups_direct",
         }

@@ -9,6 +9,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import datetime
 
 import jwt
 import pretend
@@ -22,6 +23,7 @@
 
 from tests.common.db.oidc import GitHubPublisherFactory, PendingGitHubPublisherFactory
 from warehouse.oidc import errors, interfaces, services
+from warehouse.oidc.interfaces import SignedClaims
 
 
 def test_oidc_publisher_service_factory(metrics):
@@ -184,7 +186,7 @@ def test_find_publisher(self, metrics, monkeypatch):
             metrics=metrics,
         )
 
-        token = pretend.stub()
+        token = SignedClaims({})
 
         publisher = pretend.stub(verify_claims=pretend.call_recorder(lambda c: True))
         find_publisher_by_issuer = pretend.call_recorder(lambda *a, **kw: publisher)
@@ -253,7 +255,7 @@ def test_find_publisher_verify_claims_fails(self, metrics, monkeypatch):
             services, "find_publisher_by_issuer", find_publisher_by_issuer
         )
 
-        claims = pretend.stub()
+        claims = SignedClaims({})
         with pytest.raises(errors.InvalidPublisherError):
             service.find_publisher(claims)
         assert service.metrics.increment.calls == [
@@ -268,6 +270,125 @@ def test_find_publisher_verify_claims_fails(self, metrics, monkeypatch):
         ]
         assert publisher.verify_claims.calls == [pretend.call(claims)]
 
+    def test_find_publisher_prevent_reuse_token(self, monkeypatch, mockredis, metrics):
+        service = services.OIDCPublisherService(
+            session=pretend.stub(),
+            publisher="fakepublisher",
+            issuer_url=pretend.stub(),
+            audience="fakeaudience",
+            cache_url="redis://fake.example.com",
+            metrics=metrics,
+        )
+
+        monkeypatch.setattr(services.redis, "StrictRedis", mockredis)
+
+        publisher = pretend.stub(verify_claims=pretend.call_recorder(lambda c: True))
+        find_publisher_by_issuer = pretend.call_recorder(lambda *a, **kw: publisher)
+        monkeypatch.setattr(
+            services, "find_publisher_by_issuer", find_publisher_by_issuer
+        )
+
+        expiration = int(
+            (
+                datetime.datetime.now(tz=datetime.UTC) + datetime.timedelta(minutes=15)
+            ).timestamp()
+        )
+        jwt_token_identifier = "6e67b1cb-2b8d-4be5-91cb-757edb2ec970"
+        service.store_jwt_identifier(jwt_token_identifier, expiration=expiration)
+
+        claims = SignedClaims(
+            {
+                "iss": "foo",
+                "iat": 1516239022,
+                "nbf": 1516239022,
+                "exp": expiration,
+                "aud": "pypi",
+                "jti": jwt_token_identifier,
+            }
+        )
+
+        with pytest.raises(errors.ReusedTokenError):
+            service.find_publisher(claims, pending=False)
+
+        assert (
+            pretend.call(
+                "warehouse.oidc.reused_token", tags=["publisher:fakepublisher"]
+            )
+            in metrics.increment.calls
+        )
+
+    def test_find_publisher_store_jti(self, monkeypatch, mockredis, metrics):
+        service = services.OIDCPublisherService(
+            session=pretend.stub(),
+            publisher="fakepublisher",
+            issuer_url=pretend.stub(),
+            audience="fakeaudience",
+            cache_url="redis://fake.example.com",
+            metrics=metrics,
+        )
+
+        monkeypatch.setattr(services.redis, "StrictRedis", mockredis)
+
+        publisher = pretend.stub(verify_claims=pretend.call_recorder(lambda c: True))
+        find_publisher_by_issuer = pretend.call_recorder(lambda *a, **kw: publisher)
+        monkeypatch.setattr(
+            services, "find_publisher_by_issuer", find_publisher_by_issuer
+        )
+
+        expiration = int(
+            (
+                datetime.datetime.now(tz=datetime.UTC) + datetime.timedelta(minutes=15)
+            ).timestamp()
+        )
+        jwt_token_identifier = "6e67b1cb-2b8d-4be5-91cb-757edb2ec970"
+        claims = SignedClaims(
+            {
+                "iss": "foo",
+                "iat": 1516239022,
+                "nbf": 1516239022,
+                "exp": expiration,
+                "aud": "pypi",
+                "jti": jwt_token_identifier,
+            }
+        )
+
+        service.find_publisher(claims, pending=False)
+        assert service.token_identifier_exists(jwt_token_identifier) is True
+
+    def test_find_publisher_jti_not_stored_if_pending(
+        self, monkeypatch, mockredis, metrics
+    ):
+        service = services.OIDCPublisherService(
+            session=pretend.stub(),
+            publisher="fakepublisher",
+            issuer_url=pretend.stub(),
+            audience="fakeaudience",
+            cache_url="redis://fake.example.com",
+            metrics=metrics,
+        )
+
+        monkeypatch.setattr(services.redis, "StrictRedis", mockredis)
+
+        publisher = pretend.stub(verify_claims=pretend.call_recorder(lambda c: True))
+        find_publisher_by_issuer = pretend.call_recorder(lambda *a, **kw: publisher)
+        monkeypatch.setattr(
+            services, "find_publisher_by_issuer", find_publisher_by_issuer
+        )
+        jwt_token_identifier = "6e67b1cb-2b8d-4be5-91cb-757edb2ec970"
+        claims = SignedClaims(
+            {
+                "iss": "foo",
+                "iat": 1516239022,
+                "nbf": 1516239022,
+                "exp": int(datetime.datetime.now(tz=datetime.UTC).timestamp()),
+                "aud": "pypi",
+                "jti": jwt_token_identifier,
+            }
+        )
+
+        service.find_publisher(claims, pending=True)
+        assert service.token_identifier_exists(jwt_token_identifier) is False
+
     def test_get_keyset_not_cached(self, monkeypatch, mockredis):
         service = services.OIDCPublisherService(
             session=pretend.stub(),
@@ -820,6 +941,7 @@ def test_find_publisher(self, monkeypatch):
             "nbf": 1516239022,
             "exp": 9999999999,
             "aud": "pypi",
+            "jti": "6e67b1cb-2b8d-4be5-91cb-757edb2ec970",
         }
 
         service = services.NullOIDCPublisherService(

@@ -361,6 +361,37 @@ def test_mint_token_trusted_publisher_lookup_fails(dummy_github_oidc_jwt):
     ]
 
 
+def test_mint_token_duplicate_token(dummy_github_oidc_jwt):
+    def find_publishers_mockup(_, pending: bool = False):
+        if pending is False:
+            raise errors.ReusedTokenError("some message")
+        else:
+            raise errors.InvalidPublisherError("some message")
+
+    claims = pretend.stub()
+    oidc_service = pretend.stub(
+        verify_jwt_signature=pretend.call_recorder(lambda token: claims),
+        find_publisher=find_publishers_mockup,
+    )
+    request = pretend.stub(
+        response=pretend.stub(status=None),
+        find_service=pretend.call_recorder(lambda cls, **kw: oidc_service),
+        flags=pretend.stub(disallow_oidc=lambda *a: False),
+    )
+
+    response = views.mint_token(oidc_service, dummy_github_oidc_jwt, request)
+    assert request.response.status == 422
+    assert response == {
+        "message": "Token request failed",
+        "errors": [
+            {
+                "code": "invalid-reuse-token",
+                "description": "valid token, but already used",
+            }
+        ],
+    }
+
+
 def test_mint_token_pending_publisher_project_already_exists(
     db_request, dummy_github_oidc_jwt
 ):

@@ -13,3 +13,7 @@
 
 class InvalidPublisherError(Exception):
     pass
+
+
+class ReusedTokenError(Exception):
+    pass
@@ -138,10 +138,18 @@ class GitHubPublisherMixin:
         "environment": _check_environment,
     }
 
+    __preverified_claims__ = {
+        "iss",
+        "iat",
+        "nbf",
+        "exp",
+        "aud",
+        "jti",
+    }
+
     __unchecked_claims__ = {
         "actor",
         "actor_id",
-        "jti",
         "run_id",
         "run_number",
         "run_attempt",

@@ -122,6 +122,15 @@ class GitLabPublisherMixin:
 
     __required_unverifiable_claims__: set[str] = {"ref_path", "sha"}
 
+    __preverified_claims__ = {
+        "iss",
+        "iat",
+        "nbf",
+        "exp",
+        "aud",
+        "jti",
+    }
+
     __optional_verifiable_claims__: dict[str, CheckClaimCallable[Any]] = {
         "environment": _check_environment,
     }
@@ -149,7 +158,6 @@ class GitLabPublisherMixin:
         "runner_environment",
         "ci_config_sha",
         "project_visibility",
-        "jti",
         "user_access_level",
         "groups_direct",
     }

@@ -11,6 +11,7 @@
 # limitations under the License.
 
 import json
+import typing
 import warnings
 
 import jwt
@@ -21,7 +22,7 @@
 from zope.interface import implementer
 
 from warehouse.metrics.interfaces import IMetricsService
-from warehouse.oidc.errors import InvalidPublisherError
+from warehouse.oidc.errors import InvalidPublisherError, ReusedTokenError
 from warehouse.oidc.interfaces import IOIDCPublisherService, SignedClaims
 from warehouse.oidc.models import OIDCPublisher, PendingOIDCPublisher
 from warehouse.oidc.utils import find_publisher_by_issuer
@@ -219,6 +220,23 @@ def _get_key_for_token(self, token):
         unverified_header = jwt.get_unverified_header(token)
         return self._get_key(unverified_header["kid"])
 
+    def token_identifier_exists(self, jti: str) -> bool:
+        """
+        Check if a JWT Token Identifier has already been used.
+        """
+        with redis.StrictRedis.from_url(self.cache_url) as r:
+            return bool(r.exists(jti))
+
+    def store_jwt_identifier(self, jti: str, expiration: int) -> None:
+        """
+        Store the JTI with its expiration date if the key does not exist.
+        """
+        with redis.StrictRedis.from_url(self.cache_url) as r:
+            # Defensive: to prevent races, we expire the JTI slightly after
+            # the token expiration date. Thus, the lock will not be
+            # released before the token invalidation.
+            r.set(jti, exat=expiration + 1, value="placeholder", nx=True)
+
     def verify_jwt_signature(self, unverified_token: str) -> SignedClaims | None:
         try:
             key = self._get_key_for_token(unverified_token)
@@ -287,11 +305,30 @@ def find_publisher(
             publisher = find_publisher_by_issuer(
                 self.db, self.issuer_url, signed_claims, pending=pending
             )
+
+            jwt_token_identifier: str | None = signed_claims.get("jti", None)
+            # jti is in the __preverified_claims__ set, so if it was present,
+            # it was already checked
+            if pending is False and jwt_token_identifier:
+                if self.token_identifier_exists(jwt_token_identifier):
+                    self.metrics.increment(
+                        "warehouse.oidc.reused_token",
+                        tags=metrics_tags,
+                    )
+                    raise ReusedTokenError("JWT Token already used to mint a token.")
+
             publisher.verify_claims(signed_claims)
             self.metrics.increment(
                 "warehouse.oidc.find_publisher.ok",
                 tags=metrics_tags,
             )
+
+            if pending is False and jwt_token_identifier:
+                # Of note, exp is coming from a trusted source here,
+                # so we don't validate it
+                expiration = typing.cast(int, signed_claims.get("exp"))
+                self.store_jwt_identifier(jwt_token_identifier, expiration)
+
             return publisher
         except InvalidPublisherError as e:
             self.metrics.increment(

@@ -28,7 +28,7 @@
 from warehouse.macaroons.interfaces import IMacaroonService
 from warehouse.macaroons.services import DatabaseMacaroonService
 from warehouse.metrics.interfaces import IMetricsService
-from warehouse.oidc.errors import InvalidPublisherError
+from warehouse.oidc.errors import InvalidPublisherError, ReusedTokenError
 from warehouse.oidc.interfaces import IOIDCPublisherService
 from warehouse.oidc.models import OIDCPublisher, PendingOIDCPublisher
 from warehouse.oidc.services import OIDCPublisherService
@@ -238,6 +238,16 @@ def mint_token(
         publisher = oidc_service.find_publisher(claims, pending=False)
         # NOTE: assert to persuade mypy of the correct type here.
         assert isinstance(publisher, OIDCPublisher)
+    except ReusedTokenError:
+        return _invalid(
+            errors=[
+                {
+                    "code": "invalid-reuse-token",
+                    "description": "valid token, but already used",
+                }
+            ],
+            request=request,
+        )
     except InvalidPublisherError as e:
         return _invalid(
             errors=[
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,3 +13,7 @@ @@
     class InvalidPublisherError(Exception):
         pass
+    class ReusedTokenError(Exception):
+        pass