def test_login(self):
app = TestApp(M.app)
user_id = 'testuser'
apikey = self._add_api_key()
token = ApiToken.add(apikey.client_id, user_id)
app.get('/',
headers=dict(Authorization="Bearer %s" % token.token),
status=200)
def test_login(self):
app = TestApp(M.app)
user_id = 'testuser'
apikey = self._add_api_key()
token = ApiToken.add(apikey.client_id, user_id)
app.get('/',
headers=dict(Authorization="Bearer %s" % token.token),
status=200)
def __token_grant_by_password(apikey):
username = __check_request_required_var('username')
password = __check_request_required_var('password')
user = User.get_by_name(username)
if not DEVELOP_MODE and user and not user.validate_password(password):
raise InvalidRequest(err.username_password_mismatch)
token = ApiToken.add(apikey.client_id, username)
return json.dumps(token.token_dict())
def __token_grant_by_password(apikey):
username = __check_request_required_var('username')
password = __check_request_required_var('password')
user = User.get_by_name(username)
if not DEVELOP_MODE and user and not user.validate_password(password):
raise InvalidRequest(err.username_password_mismatch)
token = ApiToken.add(apikey.client_id, username)
return json.dumps(token.token_dict())
def __token_grant_by_refresh_token(apikey):
refresh_token = __check_request_required_var('refresh_token')
token = ApiToken.get_by_refresh_token(refresh_token)
if not token:
raise InvalidRequest(err.invalid_refresh_token, ext=refresh_token)
if datetime.now() > token.refresh_expire_time:
raise InvalidRequest(err.refresh_token_has_expired, ext=refresh_token)
new_token = token.refresh()
return json.dumps(new_token.token_dict())
def __token_grant_by_refresh_token(apikey):
refresh_token = __check_request_required_var('refresh_token')
token = ApiToken.get_by_refresh_token(refresh_token)
if not token:
raise InvalidRequest(err.invalid_refresh_token, ext=refresh_token)
if datetime.now() > token.refresh_expire_time:
raise InvalidRequest(err.refresh_token_has_expired, ext=refresh_token)
new_token = token.refresh()
return json.dumps(new_token.token_dict())
def __token_grant_by_authorization_code(apikey):
redirect_uri = __check_request_required_var('redirect_uri')
authorization_code = __check_request_required_var('code')
if apikey.status != ApiKey.STATUS_DEV:
if apikey.redirect_uri != redirect_uri:
raise InvalidRequest(err.redirect_uri_mismatch, ext=redirect_uri)
user_id = OAuthCode.check(apikey.client_id, authorization_code)
if not user_id:
raise InvalidRequest(err.invalid_authorization_code,
ext=authorization_code)
request.response.set_content_type('application/json; charset=utf8')
token = ApiToken.add(apikey.client_id, user_id)
return json.dumps(token.token_dict())
def __token_grant_by_authorization_code(apikey):
redirect_uri = __check_request_required_var('redirect_uri')
authorization_code = __check_request_required_var('code')
if apikey.status != ApiKey.STATUS_DEV:
if apikey.redirect_uri != redirect_uri:
raise InvalidRequest(err.redirect_uri_mismatch, ext=redirect_uri)
user_id = OAuthCode.check(apikey.client_id, authorization_code)
if not user_id:
raise InvalidRequest(
err.invalid_authorization_code, ext=authorization_code)
request.response.set_content_type('application/json; charset=utf8')
token = ApiToken.add(apikey.client_id, user_id)
return json.dumps(token.token_dict())
def check_auth(request):
auth_header = request.environ.get('HTTP_AUTHORIZATION')
# 无 Token 直接返回
if not auth_header:
return
# Token 格式是否正确
if not auth_header.startswith('Bearer '):
# raise OAuthError(*err.auth_access_token_is_missing)
# 考虑到需要兼容 qaci 使用 Basic auth 的场景,先不 raise
auth = AuthCode(auth_header)
if auth.confirm():
request.user = auth.user
return
oauth_token = auth_header[7:]
token = ApiToken.get_by_token(oauth_token)
# ApiToken 是否存在
if not token:
raise OAuthError(*err.auth_invalid_access_token)
# ApiKey 是否存在
if not token.key:
raise OAuthError(*err.auth_invalid_apikey)
# ApiKey 是否可用
if token.key.status == ApiKey.STATUS_BLOCKED:
raise OAuthError(*err.auth_apikey_blocked)
# ApiToken 是否过期
if datetime.now() > token.expire_time:
raise OAuthError(*err.auth_access_token_has_expired)
request.user = token.user
request.client_id = token.client_id
def _add_api_token(self, user_id):
apikey = self._add_api_key()
return ApiToken.add(apikey.client_id, user_id)
def _add_api_token(self):
apikey = self._add_api_key()
user_id = "testuser"
return ApiToken.add(apikey.client_id, user_id, datetime.now())
def test_get_token_by_refresh_token(self):
token = self._add_api_token()
target_token = ApiToken.get_by_refresh_token(token.refresh_token)
eq_(token, target_token)
def test_get_api_token(self):
token = self._add_api_token()
target_token = ApiToken.get(token.id)
eq_(token, target_token)
def test_get_token_by_refresh_token(self):
token = self._add_api_token()
target_token = ApiToken.get_by_refresh_token(token.refresh_token)
eq_(token, target_token)
def test_get_api_token(self):
token = self._add_api_token()
target_token = ApiToken.get(token.id)
eq_(token, target_token)
def _add_api_token(self):
apikey = self._add_api_key()
user_id = 'testuser'
return ApiToken.add(apikey.client_id, user_id, datetime.now())
def _add_api_token(self, user_id):
apikey = self._add_api_key()
return ApiToken.add(apikey.client_id, user_id)
