Beispiel #1
0
 def test_extract_params(self):
     with set_flask_request({'QUERY_STRING': 'test=foo&foo=bar'}):
         uri, http_method, body, headers = extract_params()
         self.assertEquals(uri, 'http://127.0.0.1/?test=foo&foo=bar')
         self.assertEquals(http_method, 'GET')
         self.assertEquals(body, {})
         self.assertEquals(headers, {'Host': '127.0.0.1'})
 def test_extract_params(self):
     with set_flask_request({'QUERY_STRING': 'test=foo&foo=bar'}):
         uri, http_method, body, headers = extract_params()
         self.assertEquals(uri, 'http://127.0.0.1/?test=foo&foo=bar')
         self.assertEquals(http_method, 'GET')
         self.assertEquals(body, {})
         self.assertEquals(headers, {'Host': '127.0.0.1'})
Beispiel #3
0
    def confirm_authorization_request(self):
        """When consumer confirm the authorization."""
        server = self.server
        scopes = request.args.get('scopes', 'email').split()
        credentials = dict(
            client_id=request.values.get('client_id'),
            redirect_uri=request.values.get('redirect_uri', None),
            response_type=request.values.get('response_type', None),
            state=request.values.get('state', None)
        )
        log.debug('Fetched credentials from request %r.', credentials)
        redirect_uri = credentials.get('redirect_uri')
        log.debug('Found redirect_uri %s.', redirect_uri)

        uri, http_method, body, headers = extract_params()
        try:
            ret = server.create_authorization_response(
                uri, http_method, body, headers, scopes, credentials)
            log.debug('Authorization successful.')
            return create_response(*ret)
        except oauth2.FatalClientError as e:
            log.debug('Fatal client error %r', e)
            raise
        except oauth2.OAuth2Error as e:
            log.debug('OAuth2Error: %r', e)
            raise
 def test_extract_params_with_urlencoded_json(self):
     wsgi_environ = {
         'QUERY_STRING': 'state=%7B%22t%22%3A%22a%22%2C%22i%22%3A%22l%22%7D'
     }
     with set_flask_request(wsgi_environ):
         uri, http_method, body, headers = extract_params()
         # Request constructor will try to urldecode the querystring, make
         # sure this doesn't fail.
         Request(uri, http_method, body, headers)
Beispiel #5
0
 def test_extract_params_with_urlencoded_json(self):
     wsgi_environ = {
         'QUERY_STRING': 'state=%7B%22t%22%3A%22a%22%2C%22i%22%3A%22l%22%7D'
     }
     with set_flask_request(wsgi_environ):
         uri, http_method, body, headers = extract_params()
         # Request constructor will try to urldecode the querystring, make
         # sure this doesn't fail.
         Request(uri, http_method, body, headers)
Beispiel #6
0
    def test_extract_params_with_json(self):
        data = {'test': 'foo', 'foo': 'bar'}
        json_payload = json.dumps(data).encode('utf-8')

        wsgi_environ = {
            'CONTENT_TYPE': 'application/json',
            'CONTENT_LENGHT': str(len(data))
        }
        with set_flask_request(wsgi_environ, data):
            uri, http_method, body, headers = extract_params()
            Request(uri, http_method, body, headers)
            self.assertEqual(body, {'test': 'foo', 'foo': 'bar'})
Beispiel #7
0
 def check_auth(self, token, allowed_roles, resource, method):
     logger.debug("check_auth(self, token, allowed_roles, resource, method)")
     valid, req = oauth.verify_request(['email'])
     uri, http_method, body, headers = extract_params()
     logger.debug(session)
     logger.debug(headers)
     if valid:
         logger.debug('### valid ###' + str(req.user.username))
         return True
     else:
         logger.debug('### not valid ### ' + req.error_message)
         raise werkzeug.exceptions.Unauthorized(description=req.error_message)
Beispiel #8
0
        def decorated(*args, **kwargs):
            # raise if server not implemented
            server = self.server
            uri, http_method, body, headers = extract_params()

            if request.method in ('GET', 'HEAD'):
                redirect_uri = request.args.get('redirect_uri', self.error_uri)
                log.debug('Found redirect_uri %s.', redirect_uri)
                try:
                    ret = server.validate_authorization_request(
                        uri, http_method, body, headers
                    )
                    scopes, credentials = ret
                    kwargs['scopes'] = scopes
                    kwargs.update(credentials)
                except oauth2.FatalClientError as e:
                    log.debug('Fatal client error %r', e)
                    raise
                except oauth2.OAuth2Error as e:
                    log.debug('OAuth2Error: %r', e)
                    raise

            else:
                redirect_uri = request.values.get(
                    'redirect_uri', self.error_uri
                )

            try:
                rv = f(*args, **kwargs)
            except oauth2.FatalClientError as e:
                log.debug('Fatal client error %r', e)
                raise
            except oauth2.OAuth2Error as e:
                log.debug('OAuth2Error: %r', e)
                raise

            if not isinstance(rv, bool):
                # if is a response or redirect
                return rv

            if not rv:
                # denied by user
                e = oauth2.AccessDeniedError()
                # return redirect(e.in_uri(redirect_uri))
                raise oauth2.OAuth2Error('You are not allowed to perform this action')
            return self.confirm_authorization_request()
Beispiel #9
0
        def decorated(*args, **kwargs):
            if 'apikey' in request.values:
                # API key authentication
                warnings.warn(
                    "API keys will be superseded by OAuth personal access "
                    "tokens",
                    PendingDeprecationWarning
                )

                from invenio.modules.apikeys.models import WebAPIKey
                from invenio.ext.login import login_user

                user_id = WebAPIKey.acc_get_uid_from_request()
                if user_id == -1:
                    restful.abort(401)

                login_user(user_id)
                resp = f(None, *args, **kwargs)
                session.clear()
                return resp
            else:
                # OAuth 2.0 Authentication
                for func in oauth2._before_request_funcs:
                    func()

                server = oauth2.server
                uri, http_method, body, headers = extract_params()
                valid, req = server.verify_request(
                    uri, http_method, body, headers, scopes
                )

                for func in oauth2._after_request_funcs:
                    valid, req = func(valid, req)

                if not valid:
                    return restful.abort(
                        401,
                        message="Unauthorized",
                        status=401,
                    )

                resp = f(req, *args, **kwargs)
                session.clear()
                return resp
            restful.abort(401)
Beispiel #10
0
def authorize(self, *args, **kwargs):
    """When consumer confirm the authorization."""

    server = oauth.server
    scope = request.values.get('scope') or ''
    scopes = scope.split()
    credentials = dict(
        client_id=request.values.get('client_id'),
        redirect_uri=request.values.get('redirect_uri', None),
        response_type=request.values.get('response_type', None),
        state=request.values.get('state', None)
    )

    uri, http_method, body, headers = extract_params()
    request.client_id = credentials['client_id']
    ret = server.create_authorization_response(
        uri, http_method, body, headers, scopes, credentials)
    return ret
Beispiel #11
0
            def decorated(*args, **kwargs):
                for func in self._before_request_funcs:
                    func()

                if hasattr(request, 'oauth') and request.oauth:
                    return f(*args, **kwargs)

                server = self.server
                uri, http_method, body, headers = extract_params()
                valid, req = server.verify_request(uri, http_method, body,
                                                   headers, scopes)

                for func in self._after_request_funcs:
                    valid, req = func(valid, req)

                if valid:
                    request.oauth = req
                return f(*args, **kwargs)
Beispiel #12
0
            def decorated(*args, **kwargs):
                for func in self._before_request_funcs:
                    func()

                if hasattr(request, 'oauth') and request.oauth:
                    return f(*args, **kwargs)

                server = self.server
                uri, http_method, body, headers = extract_params()
                valid, req = server.verify_request(
                    uri, http_method, body, headers, scopes
                )

                for func in self._after_request_funcs:
                    valid, req = func(valid, req)

                if valid:
                    request.oauth = req
                return f(*args, **kwargs)
Beispiel #13
0
            def decorated(*args, **kwargs):

              for func in self._before_request_funcs:
                  func()

              server = self.server
              uri, http_method, body, headers = extract_params()
              valid, req = server.verify_request(
                  uri, http_method, body, headers, scopes
              )

              for func in self._after_request_funcs:
                  valid, req = func(valid, req)

              if not kwargs.get('is_public', False):
                if not valid:
                  return abort(403)

              return f(*((req,) + args), **kwargs)
Beispiel #14
0
    def verify_request(self, scopes):
        """Verify current request, get the oauth data.

        If you can't use the ``require_oauth`` decorator, you can fetch
        the data in your request body::

            def your_handler():
                valid, req = oauth.verify_request(['email'])
                if valid:
                    return jsonify(user=req.user)
                return jsonify(status='error')
        """
        uri, http_method, body, headers = extract_params()
        import urllib, urlparse
        query = urlparse.urlparse(uri).query
        encoded_query = urllib.quote_plus(query)

        return self.server.verify_request(
            uri.replace(query, encoded_query), http_method, body, headers, scopes
        )
Beispiel #15
0
def access_token():
    uri, http_method, body, headers = extract_params()
    print('#################### /oauth/token' + str(uri))
    print(headers)
    print(body)
    return {}