Beispiel #1
0
    def get_implicit_response(self, request, client):
        """
        Assumes validated and authorized request with a response_type that is
        associated with an implicit flow.
        """
        data = self.get_data(request)

        lookup_kwargs = {
            'user':
            request.user,
            'client':
            client,
            'scope':
            scope.to_int(*data.get('scope', constants.SCOPES[0][1]).split()),
            'reuse_existing_access_token':
            constants.SINGLE_ACCESS_TOKEN,
            'create_refresh_token':
            False
        }

        token, __ = self.get_access_and_refresh_tokens(request,
                                                       **lookup_kwargs)

        response_data = self.access_token_response_data(
            token, data['response_type'])

        basepath = data.get("redirect_uri")
        if not basepath:
            basepath = token.client.redirect_uri
        if len(data.get('state', '')) > 0:
            response_data['state'] = data.get('state')
        path = "{0}#{1}".format(basepath, urlencode(response_data))
        return HttpResponseRedirect(path)
Beispiel #2
0
    def create_access_token(self, request, user, scope, client):

        # Use client scope
        client_scope = client.apiv2_client.get_scope_display()
        # allowed_scopes = [requested_scope for requested_scope in to_names(scope) if requested_scope in client_scope]

        return AccessToken.objects.create(user=user, client=client, scope=to_int(*client_scope.split("+")))
Beispiel #3
0
    def create_access_token(self, request, user, scope, client):

        # Use client scope
        client_scope = client.apiv2_client.get_scope_display()
        #allowed_scopes = [requested_scope for requested_scope in to_names(scope) if requested_scope in client_scope]

        return AccessToken.objects.create(
            user=user, client=client, scope=to_int(*client_scope.split('+')))
Beispiel #4
0
def register_by_access_token(request, backend):
    if backend != 'facebook' and backend != 'google':
        return HttpResponse(status=400, reason='Backend ' + backend + ' not supported')
    token = request.GET.get('access_token')
    print 'token = ', token
    if backend == 'facebook':
        response = requests.get('https://graph.facebook.com/me?access_token=' + token)
    elif backend == 'google':
        response = requests.get('https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=' + token)
    data_json = response.content
    data_dict = json.loads(data_json)
    print 'data_dict = ', data_dict
    if response.status_code != 200:
        # if data_dict['error']['code'] == 190 and data_dict['error']['error_subcode'] == 463:
        #     return HttpResponse(status=400, reason='Facebook token expired')
        # else:
        return HttpResponse("Invalid access token")
    # try:
    #     e = data_dict['email']
    # except KeyError:
    #     return HttpResponse(status=400, reason="Facebook access token doesn't have email permissions")
    if backend == 'facebook':
        user = EmailUser.objects.filter(source=backend, facebook_id=data_dict['id'])
    elif backend == 'google':
        user = EmailUser.objects.filter(source=backend, google_id=data_dict['id'])
    if user.exists():
        user = user[0]
    else:
        if 'email' in data_dict:
            email = data_dict['email']
        else:
            email = None
        user = EmailUser(name=data_dict['name'],
            email=email, source = backend)
        if backend == 'facebook':
            user.image_url = 'https://graph.facebook.com/v2.3/' + data_dict['id'] + '/picture'
            user.facebook_id = data_dict['id']
        elif backend == 'google':
            user.image_url = data_dict['picture']
            user.google_id = data_dict['id']
        user.save()
    cl = Client(user = user, name = 'opinion', client_type=1, url = 'http://opinion.elasticbeanstalk.com')
    cl.save()
    print 'user = '******' ', user.name, ' ', user.facebook_id, ' ', user.google_id, ' ', user.image_url
    at = AccessTokenView().get_access_token(request, user, scope.to_int('read', 'write'), cl)
    user_data = {'token': at.token}
    user_data['id'] = user.id
    user_data['name'] = user.name
    user_data['email'] = user.email
    print "facebook_id = ", user.facebook_id
    user_data['image_url'] = user.image_url
    print "Serialize Issue: user_data = ", user_data
    if user:
        return HttpResponse(json.dumps(user_data), content_type="application/json")
    else:
        return HttpResponse('ERROR')
Beispiel #5
0
    def prepare_access_token_response(self, request, client, user):
        self.request.user = user
        scope = provider_scope.to_int('read', 'write')

        if provider_constants.SINGLE_ACCESS_TOKEN:
            at = self.get_access_token(request, user, scope, client)
        else:
            at = self.create_access_token(request, user, scope, client)
            # Public clients don't get refresh tokens
            if client.client_type == provider_constants.CONFIDENTIAL:
                self.create_refresh_token(request, user, scope, at, client)

        return self.access_token_response(at)
Beispiel #6
0
    def clean_scope(self):
        """
        The scope is assembled by combining all the set flags into a single
        integer value which we can later check again for set bits.

        If *no* scope is set, we return the default scope which is the first
        defined scope in :attr:`provider.constants.SCOPES`.

        """
        default = SCOPES[0][0]

        flags = self.cleaned_data.get('scope', [])

        return scope.to_int(default=default, *flags)
Beispiel #7
0
 def get_access_token(self, user):
     client = Client.objects.get(name='shoutit-web')
     scope = provider_scope.to_int('read', 'write')
     try:
         # Attempt to fetch an existing access token.
         at = AccessToken.objects.get(user=user,
                                      client=client,
                                      scope=scope,
                                      expires__gt=now())
     except AccessToken.DoesNotExist:
         # None found... make a new one!
         at = self.create_access_token(user, scope, client)
         self.create_refresh_token(at)
     return at
    def clean_scope(self):
        """
        The scope is assembled by combining all the set flags into a single 
        integer value which we can later check again for set bits.
        
        If *no* scope is set, we return the default scope which is the first
        defined scope in :attr:`provider.constants.SCOPES`.
        
        """
        default = SCOPES[0][0]
        
        flags = self.cleaned_data.get('scope', [])

        return scope.to_int(default=default, *flags)        
Beispiel #9
0
    def shoutit_signup(self, request, data, client):
        """
        Handle ``grant_type=shoutit_signup`` requests.
        """
        user = self.get_shoutit_signup_grant(request, data, client)
        self.request.user = user
        scope = provider_scope.to_int('read', 'write')

        if provider_constants.SINGLE_ACCESS_TOKEN:
            at = self.get_access_token(request, user, scope, client)
        else:
            at = self.create_access_token(request, user, scope, client)
            # Public clients don't get refresh tokens
            if client.client_type == provider_constants.CONFIDENTIAL:
                self.create_refresh_token(request, user, scope, at, client)

        return self.access_token_response(at)
Beispiel #10
0
 def test_get_scope_ints(self):
     self.assertEqual(constants.READ, scope.to_int('read'))
     self.assertEqual(constants.WRITE, scope.to_int('write'))
     self.assertEqual(constants.READ_WRITE, scope.to_int('read', 'write'))
     self.assertEqual(0, scope.to_int('invalid'))
     self.assertEqual(1, scope.to_int('invalid', default=1))
 def test_get_scope_ints(self):
     self.assertEqual(constants.READ, scope.to_int('read'))
     self.assertEqual(constants.READ_WRITE, scope.to_int('write'))
     self.assertEqual(constants.READ_WRITE, scope.to_int('read', 'write'))
     self.assertEqual(0, scope.to_int('invalid'))
     self.assertEqual(1, scope.to_int('invalid', default=1))