def store_credentials(gplus_id, test, credentials):
"""Stores credentials for the provide Google+ User ID to Datastore"""
if test is not None:
storage = StorageByKeyName(utils.TestUser, gplus_id, "credentials")
else:
storage = StorageByKeyName(utils.User, gplus_id, "credentials")
storage.put(credentials)
def test_delete_db_ndb_mixed(self):
# Start empty
storage_ndb = StorageByKeyName(
CredentialsNDBModel, 'foo', 'credentials')
storage = StorageByKeyName(
CredentialsModel, 'foo', 'credentials')
# First DB, then NDB
self.assertEqual(None, storage.get())
storage.put(self.credentials)
self.assertNotEqual(None, storage.get())
storage_ndb.delete()
self.assertEqual(None, storage.get())
# First NDB, then DB
self.assertEqual(None, storage_ndb.get())
storage_ndb.put(self.credentials)
storage.delete()
self.assertNotEqual(None, storage_ndb.get())
# NDB uses memcache and an instance cache (Context)
ndb.get_context().clear_cache()
memcache.flush_all()
self.assertEqual(None, storage_ndb.get())
def get(self):
gcp_cred_storage = StorageByKeyName(GcpCredentials,
self.user_bundle.user.user_id(),
'credentials')
gcp_creds = gcp_cred_storage.get()
if gcp_creds is None:
if ann_config.oauth_decorator.has_credentials():
gcp_creds = ann_config.oauth_decorator.credentials
gcp_cred_storage.put(gcp_creds)
else:
self.template_values.update({
"auth_url":
ann_config.oauth_decorator.authorize_url(),
})
path = os.path.join(
os.path.dirname(__file__),
'../templates/gcp_authorization_request.html')
self.response.write(template.render(path,
self.template_values))
return None
http = gcp_creds.authorize(httplib2.Http())
resp, content = http.request('http://www.google.com/cloudprint/search')
response_json = json.loads(content)
printers = response_json["printers"]
self.template_values.update({
"printers": printers,
})
path = os.path.join(os.path.dirname(__file__),
'../templates/printer_add.html')
self.response.write(template.render(path, self.template_values))
def store_credentials(gplus_id, test, credentials):
"""Stores credentials for the provide Google+ User ID to Datastore"""
if test is not None:
storage = StorageByKeyName(TestUser, gplus_id, "credentials")
else:
storage = StorageByKeyName(User, gplus_id, "credentials")
storage.put(credentials)
def get(self):
gcp_cred_storage = StorageByKeyName(GcpCredentials, self.user_bundle.user.user_id(), 'credentials')
gcp_creds = gcp_cred_storage.get()
if gcp_creds is None:
if ann_config.oauth_decorator.has_credentials():
gcp_creds = ann_config.oauth_decorator.credentials
gcp_cred_storage.put(gcp_creds)
else:
self.template_values.update({
"auth_url": ann_config.oauth_decorator.authorize_url(),
})
path = os.path.join(os.path.dirname(__file__), '../templates/gcp_authorization_request.html')
self.response.write(template.render(path, self.template_values))
return None
http = gcp_creds.authorize(httplib2.Http())
resp, content = http.request('http://www.google.com/cloudprint/search')
response_json = json.loads(content)
printers = response_json["printers"]
self.template_values.update({
"printers": printers,
})
path = os.path.join(os.path.dirname(__file__), '../templates/printer_add.html')
self.response.write(template.render(path, self.template_values))
def test_delete_db_ndb_mixed(self):
# Start empty
storage_ndb = StorageByKeyName(
CredentialsNDBModel, 'foo', 'credentials')
storage = StorageByKeyName(
CredentialsModel, 'foo', 'credentials')
# First DB, then NDB
self.assertEqual(None, storage.get())
storage.put(self.credentials)
self.assertNotEqual(None, storage.get())
storage_ndb.delete()
self.assertEqual(None, storage.get())
# First NDB, then DB
self.assertEqual(None, storage_ndb.get())
storage_ndb.put(self.credentials)
storage.delete()
self.assertNotEqual(None, storage_ndb.get())
# NDB uses memcache and an instance cache (Context)
ndb.get_context().clear_cache()
memcache.flush_all()
self.assertEqual(None, storage_ndb.get())
def get(self):
devices = None
updated = 'Never'
linkkey = self.request.get('id')
fetcherror = 'Key not found'
domainname = None
if linkkey is not None:
customerlink = CustomerLink.get_by_id(int(linkkey))
if customerlink is not None:
domainname = customerlink.domainname
try:
authstorage = StorageByKeyName(CredentialsModel, customerlink.linkeduserid, 'credentials')
credentials = authstorage.get()
http = httplib2.Http()
http = credentials.authorize(http)
authstorage.put(credentials)
active_users = get_active_users(customerlink.customerid, http)
devices = get_devices(active_users, http)
updated = datetime.now().strftime('%a, %d %b %Y, %H:%M UTC')
fetcherror = None
except:
fetcherror = traceback.format_exc()
variables = {
'linkkey': linkkey,
'domainname': domainname,
'devices': devices,
'updated': updated,
'fetcherror': fetcherror
}
self.response.headers['Content-Type'] = 'application/json'
self.response.write(json.dumps(variables))
def acquireLatestCredentials(user_id):
"""Returns credentials, and refreshes them if necessary."""
storage = StorageByKeyName(CredentialsModel, user_id, 'credentials')
credentials = storage.get()
if credentials.access_token_expired:
logging.info('Credentials expired. Attempting to refresh...')
credentials.refresh(httplib2.Http())
storage.put(credentials)
logging.info('Successfully refreshed access token!')
return credentials
def get(self):
flow = flow_from_clientsecrets(CLIENTSECRETS_LOCATION,
scope=' '.join(SCOPES),
redirect_uri=REDIRECT_URI)
flow.params['access_type'] = 'offline'
credentials = flow.step2_exchange(self.request.get('code'))
storage = StorageByKeyName(AdminCredentialsModel, 'theadminaccount',
'credentials')
storage.put(credentials)
self.redirect('/')
def get(self):
flow = flow_from_clientsecrets(CLIENTSECRETS_LOCATION,
scope=' '.join(SCOPES),
redirect_uri=REDIRECT_URI)
flow.params['access_type'] = 'offline'
credentials = flow.step2_exchange(self.request.get('code'))
storage = StorageByKeyName(AdminCredentialsModel,
'theadminaccount',
'credentials')
storage.put(credentials)
self.redirect('/')
def _refresh_oauth2_token(credentials, userid):
"""
This updates the token via the OAuth2Credentials code and
modifies the httplib2.Http.request stuff. We store the updated
credentials for later.
"""
http = httplib2.Http()
http = credentials.authorize(http)
credentials.refresh(http)
storage = StorageByKeyName(CredentialsNDBModel, userid, 'credentials')
storage.put(credentials)
return credentials
def test_delete_ndb(self):
# Start empty
storage = StorageByKeyName(CredentialsNDBModel, "foo", "credentials")
self.assertEqual(None, storage.get())
# Add credentials to model with storage, and check equivalent w/o storage
storage.put(self.credentials)
credmodel = CredentialsNDBModel.get_by_id("foo")
self.assertEqual(credmodel.credentials.to_json(), self.credentials.to_json())
# Delete and make sure empty
storage.delete()
self.assertEqual(None, storage.get())
def test_delete_ndb(self):
# Start empty
storage = StorageByKeyName(CredentialsNDBModel, 'foo', 'credentials')
self.assertEqual(None, storage.get())
# Add credentials to model with storage, and check equivalent w/o storage
storage.put(self.credentials)
credmodel = CredentialsNDBModel.get_by_id('foo')
self.assertEqual(credmodel.credentials.to_json(),
self.credentials.to_json())
# Delete and make sure empty
storage.delete()
self.assertEqual(None, storage.get())
def test_get_and_put_set_store_on_cache_retrieval(self):
storage = StorageByKeyName(CredentialsModel, "foo", "credentials", cache=memcache)
self.assertEqual(None, storage.get())
self.credentials.set_store(storage)
storage.put(self.credentials)
# Pre-bug 292 old_creds wouldn't have storage, and the _refresh wouldn't
# be able to store the updated cred back into the storage.
old_creds = storage.get()
self.assertEqual(old_creds.access_token, "foo")
old_creds.invalid = True
old_creds._refresh(_http_request)
new_creds = storage.get()
self.assertEqual(new_creds.access_token, "bar")
def test_get_and_put_set_store_on_cache_retrieval(self):
storage = StorageByKeyName(
CredentialsModel, 'foo', 'credentials', cache=memcache)
self.assertEqual(None, storage.get())
self.credentials.set_store(storage)
storage.put(self.credentials)
# Pre-bug 292 old_creds wouldn't have storage, and the _refresh wouldn't
# be able to store the updated cred back into the storage.
old_creds = storage.get()
self.assertEqual(old_creds.access_token, 'foo')
old_creds.invalid = True
old_creds._refresh(_http_request)
new_creds = storage.get()
self.assertEqual(new_creds.access_token, 'bar')
def oauth2callback(request):
user = users.get_current_user()
flow = pickle.loads(memcache.get(user.user_id()))
try:
credentials = flow.step2_exchange(request.GET)
request.session['credentials'] = credentials
storage = StorageByKeyName(CredentialsModel, user.user_id(), 'credentials')
storage.put(credentials)
redirect = request.session.get('redirect', '/')
return HttpResponseRedirect(redirect)
except FlowExchangeError:
logger.exception('Failed to authenticate')
return HttpResponseRedirect(reverse(settings.OAUTH_FAILED_REDIRECT))
def oauth2callback():
user = users.get_current_user()
if request.args.get('code'):
credentials = call.flow.step2_exchange(request.args.get('code'))
storage = StorageByKeyName(
CredentialsNDBModel, user.user_id(), 'credentials'
)
storage.put(credentials)
http = httplib2.Http()
http = credentials.authorize(http)
return "credentials successfully stored!"
elif request.args.get('error'):
return "User denied the request for credentials"
def oauth2callback():
user = users.get_current_user()
if request.args.get('code'):
credentials = call.flow.step2_exchange(request.args.get('code'))
storage = StorageByKeyName(
CredentialsNDBModel, user.user_id(), 'credentials'
)
storage.put(credentials)
http = httplib2.Http()
http = credentials.authorize(http)
flash(u'Signin complete.', 'info')
return redirect('/')
elif request.args.get('error'):
return "User denied the request for credentials"
def _refresh_oauth2_token(credentials, userid):
"""
This updates the token via the OAuth2Credentials code and
modifies the httplib2.Http.request stuff. We store the updated
credentials for later.
"""
from oauth2client.client import AccessTokenRefreshError
http = httplib2.Http()
http = credentials.authorize(http)
storage = StorageByKeyName(CredentialsNDBModel, userid, "credentials")
try:
credentials.refresh(http)
except AccessTokenRefreshError:
logging.info("AccessTokenRefreshError: lets delete the creds.")
storage.delete()
return
storage.put(credentials)
return credentials
def get_credentials(self, api_type, **params):
storage_ndb = StorageByKeyName(
CredentialsNDBModel, api_type, 'credentials')
credentials = storage_ndb.get()
if credentials is None:
# self.read_settings()
with open(join(dirname(abspath(__file__)), self.ApiSettings["private_key_file"])) as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(
self.ApiSettings["service_account_name"],
private_key,
# sub=self.ApiSettings["google_account_owner_email"], # before commenting this line,
# I got "AccessTokenRefreshError: unauthorized_client" error
**params
)
storage_ndb.put(credentials)
return credentials
def get(self):
if get_access_token():
# App is set up, we just want to check if user belongs to org
if not _user_is_org_member():
self.render('403')
self.error(403)
return
else:
# User is now logged in, send to app
self.session['logged_in'] = True
self.redirect('/')
return
# Get the code out of the url
code = _retrieve_code(self.request.url)
# Create a Credentials object which will hold the access token
flow = _create_flow_object()
credentials = flow.step2_exchange(code)
# Store the access token, app is now activated
storage = StorageByKeyName(CredentialsModel, 'token', 'credentials')
storage.put(credentials)
if not _user_is_org_admin():
# User is not an admin, bail
self.error(403)
self.render('not_admin')
return
# User is logged in
self.session['logged_in'] = True
context = {
"access_token": credentials.access_token,
"username": get_user_name(),
}
# Tell user that the app is activated
self.render('login', context)
def GetCurrentCredentials():
"""Fetch current user's credentials, refreshing if possible."""
user = users.get_current_user()
if not user:
return None
storage = StorageByKeyName(CredentialsModel, user.user_id(), 'credentials')
credentials = storage.get()
if not credentials or not credentials.access_token:
return None
if credentials.access_token_expired:
http = httplib2.Http()
try:
logging.info('Refreshing OAuth2 Access Token.')
credentials.refresh(http)
except AccessTokenRefreshError:
return None
storage.put(credentials)
return credentials
def get(self):
request = webapp2.get_request()
code = request.get('code')
state_string = request.get('state')
state = pickle.loads(state_string)
api_client = state['api_client']
version = state['version']
scope = state['scope']
key = api_client + version + scope
original_url = state['original_url'] # url of the original call
flow = OAuth2WebServerFlow(
client_id=google_credentials.CLIENT_ID,
client_secret=google_credentials.CLIENT_SECRET,
scope=scope,
redirect_uri=request.path_url,
access_type='offline')
credentials = flow.step2_exchange(code)
# store the credentials in the datastore
storage = StorageByKeyName(CredentialsModel, key, 'credentials')
storage.put(credentials)
return webapp2.redirect(original_url)
def GetCurrentCredentials():
"""Fetch current user's credentials, refreshing if possible."""
user = users.get_current_user()
if not user:
return None
storage = StorageByKeyName(CredentialsModel, user.user_id(), 'credentials')
credentials = storage.get()
if not credentials or not credentials.access_token:
return None
if credentials.access_token_expired:
http = httplib2.Http()
try:
logging.info('Refreshing OAuth2 Access Token.')
credentials.refresh(http)
except AccessTokenRefreshError:
return None
storage.put(credentials)
return credentials
def get(self):
request = webapp2.get_request()
code = request.get("code")
state_string = request.get("state")
state = pickle.loads(state_string)
api_client = state["api_client"]
version = state["version"]
scope = state["scope"]
key = api_client + version + scope
original_url = state["original_url"] # url of the original call
flow = OAuth2WebServerFlow(
client_id=google_credentials.CLIENT_ID,
client_secret=google_credentials.CLIENT_SECRET,
scope=scope,
redirect_uri=request.path_url,
access_type="offline",
)
credentials = flow.step2_exchange(code)
# store the credentials in the datastore
storage = StorageByKeyName(CredentialsModel, key, "credentials")
storage.put(credentials)
return webapp2.redirect(original_url)
def __storeCredentials(self, userid, propName): storage = StorageByKeyName(CredentialsModel, userid, propName) credentials = storage.get() storage.put(credentials)
def store_credentials(gplus_id, credentials):
storage = StorageByKeyName(utils.User, gplus_id, "credentials")
storage.put(credentials)
def store_sfdc_credentials_for_user_id(cls, user_id, credentials):
storage = StorageByKeyName(CredentialsModel, user_id+"sfdc", "credentials")
cached_credentials = storage.get()
if credentials.refresh_token or not cached_credentials or cached_credentials and not cached_credentials.refresh_token:
storage.put(credentials)
def store_credentials(gplus_id, credentials):
storage = StorageByKeyName(utils.User, gplus_id, "credentials")
storage.put(credentials)
