def discharge_macaroon(self, macaroon, token):
# Deserialize the macaroon with pymacaroons
macaroon = Macaroon.deserialize(macaroon, JsonSerializer())
# Extract the caveat we are interested in
caveat = self._extract_caveat_to_discharge(macaroon)
data = {"id64": caveat, "token64": token, "token-kind": "macaroon"}
response = self._request(method="POST",
url=f"{CANDID_API_URL}discharge",
data=data)
return Macaroon.deserialize(json.dumps(response.json()["Macaroon"]),
JsonSerializer())
def get_login_url(self, macaroon, callback_url, state):
"""
To initiate the login redirect the user's browser to the URL
specified in the LoginURL parameter. The redirect must be a GET
request and must include a "return_to" query parameter which must
be whitelisted in the candid server.
The redirect should also specify a "state" query parameter. This is
an opaque value that will be sent back to the relaying party in the
callback. This can be useful to verify that a login attempt was
started by the relaying party and can help guard against CSRF
attacks.
"""
# Deserialize the macaroon with pymacaroons
macaroon = Macaroon.deserialize(macaroon, JsonSerializer())
# Extract the caveat we are interested in
caveat = self._extract_caveat_to_discharge(macaroon)
response = self._request(
method="POST",
url=f"{CANDID_API_URL}discharge",
data={"id64": caveat},
)
data = response.json(
)["Info"]["InteractionMethods"]["browser-redirect"]
return f"{data['LoginURL']}?return_to={callback_url}&state={state}"
def get_serialized_bakery_macaroon(self, macaroon, candid_macaroon):
"""
Return a serialized string with the macaroons to consume the API
"""
# Deserialize the macaroon with pymacaroons
macaroon = Macaroon.deserialize(macaroon, JsonSerializer())
# Return a new discharge macaroon bound
bound_discharge_macaroon = macaroon.prepare_for_request(
candid_macaroon)
macaroon_json = macaroon.serialize(JsonSerializer())
bound_macaroon_json = bound_discharge_macaroon.serialize(
JsonSerializer())
macaroons = f"[{macaroon_json},{bound_macaroon_json}]".encode("utf-8")
return urlsafe_b64encode(macaroons).decode("ascii")
def extract_macaroons(headers):
''' Returns an array of any macaroons found in the given slice of cookies.
@param headers: dict of headers
@return: An array of array of mpy macaroons
'''
cookie_string = "\n".join(headers.get_all('Cookie', failobj=[]))
cs = SimpleCookie()
cs.load(cookie_string)
mss = []
for c in cs:
if not c.startswith('macaroon-'):
continue
data = base64.b64decode(cs[c].value)
data_as_objs = json.loads(data.decode('utf-8'))
ms = [
Macaroon.deserialize(json.dumps(x), serializer=JsonSerializer())
for x in data_as_objs
]
mss.append(ms)
return mss