def get_auth_url(self, state=None, redirect_uri=None):
"""
Return url which end-user should visit to authorize at ESIA.
:param str or None state: identifier, will be returned as GET parameter in redirected request after auth.
:param str or None redirect_uri: uri, where browser will be redirected after authorization.
:return: url
:rtype: str
"""
params = {
'client_id': self.settings.esia_client_id,
'client_secret': '',
'redirect_uri': redirect_uri or self.settings.redirect_uri,
'scope': self.settings.esia_scope,
'response_type': 'code',
'state': state or str(uuid.uuid4()),
'timestamp': get_timestamp(),
'access_type': 'offline'
}
params = sign_params(params,
certificate_file=self.settings.certificate_file,
private_key_file=self.settings.private_key_file)
params = urlencode(sorted(params.items(
))) # sorted needed to make uri deterministic for tests.
return '{base_url}{auth_url}?{params}'.format(
base_url=self.settings.esia_service_url,
auth_url=self._AUTHORIZATION_URL,
params=params)
def get_auth_url(self, state=None):
"""
Return url which end-user should visit to authorize at ESIA.
:param str or None state: identifier, will be returned as GET parameter in redirected request after auth..
:return: url
:rtype: str
"""
params = {
'client_id': self.settings.esia_client_id,
'client_secret': '',
'redirect_uri': self.settings.redirect_uri,
'scope': self.settings.esia_scope,
'response_type': 'code',
'state': state or str(uuid.uuid4()),
'timestamp': get_timestamp(),
'access_type': 'offline'
}
params = sign_params(params,
certificate_file=self.settings.certificate_file,
private_key_file=self.settings.private_key_file)
params = urlencode(sorted(params.items())) # sorted needed to make uri deterministic for tests.
return '{base_url}{auth_url}?{params}'.format(base_url=self.settings.esia_service_url,
auth_url=self._AUTHORIZATION_URL,
params=params)
def test(self, datetime_mock):
datetime_mock.datetime.now.return_value = datetime.datetime(2015, 11, 2, 9, 52, 36, 615866, tzinfo=pytz.utc)
result = get_timestamp()
expected_result = '2015.11.02 09:52:36 +0000'
self.assertEqual(result, expected_result)
def complete_authorization(self,
code,
state,
validate_token=True,
redirect_uri=None):
"""
Exchanges received code and state to access token, validates token (optionally), extracts ESIA user id from
token and returns ESIAInformationConnector instance.
:type code: str
:type state: str
:param boolean validate_token: perform token validation
:param str or None redirect_uri: uri, where browser will be redirected after authorization.
:rtype: EsiaInformationConnector
:raises IncorrectJsonError: if response contains invalid json body
:raises HttpError: if response status code is not 2XX
:raises IncorrectMarkerError: if validate_token set to True and received token cannot be validated
"""
params = {
'client_id': self.settings.esia_client_id,
'code': code,
'grant_type': 'authorization_code',
'redirect_uri': redirect_uri or self.settings.redirect_uri,
'timestamp': get_timestamp(),
'token_type': 'Bearer',
'scope': self.settings.esia_scope,
'state': state,
}
params = sign_params(params,
certificate_file=self.settings.certificate_file,
private_key_file=self.settings.private_key_file)
url = '{base_url}{token_url}'.format(
base_url=self.settings.esia_service_url,
token_url=self._TOKEN_EXCHANGE_URL)
response_json = make_request(url=url, method='POST', data=params)
id_token = response_json['id_token']
if validate_token:
payload = self._validate_token(id_token)
else:
payload = self._parse_token(id_token)
return EsiaInformationConnector(
access_token=response_json['access_token'],
oid=self._get_user_id(payload),
settings=self.settings)
def complete_authorization(self, code, state, validate_token=True, redirect_uri=None):
"""
Exchanges received code and state to access token, validates token (optionally), extracts ESIA user id from
token and returns ESIAInformationConnector instance.
:type code: str
:type state: str
:param boolean validate_token: perform token validation
:param str or None redirect_uri: uri, where browser will be redirected after authorization.
:rtype: EsiaInformationConnector
:raises IncorrectJsonError: if response contains invalid json body
:raises HttpError: if response status code is not 2XX
:raises IncorrectMarkerError: if validate_token set to True and received token cannot be validated
"""
params = {
'client_id': self.settings.esia_client_id,
'code': code,
'grant_type': 'authorization_code',
'redirect_uri': redirect_uri or self.settings.redirect_uri,
'timestamp': get_timestamp(),
'token_type': 'Bearer',
'scope': self.settings.esia_scope,
'state': state,
}
params = sign_params(params,
certificate_file=self.settings.certificate_file,
private_key_file=self.settings.private_key_file)
url = '{base_url}{token_url}'.format(base_url=self.settings.esia_service_url,
token_url=self._TOKEN_EXCHANGE_URL)
response_json = make_request(url=url, method='POST', data=params)
id_token = response_json['id_token']
if validate_token:
payload = self._validate_token(id_token)
else:
payload = self._parse_token(id_token)
return EsiaInformationConnector(access_token=response_json['access_token'],
oid=self._get_user_id(payload),
settings=self.settings)
def get_auth_url(settings, state=None, redirect_uri=None):
params = {
'client_id': settings.get("mnemonic"),
'client_secret': '',
'redirect_uri': redirect_uri or settings.get("redirect_uri"),
'scope': settings.get("scope"),
'response_type': 'code',
'state': state or str(uuid.uuid4()),
'timestamp': get_timestamp(),
'access_type': 'online'
}
params = sign_params_gost(
params,
public_cert_file_path=settings.get("certificate_file"),
private_key_file_path=settings.get("private_key_file"))
params = urlencode(sorted(
params.items())) # sorted needed to make uri deterministic for tests.
return settings.get('esia_url') + AUTHORIZATION_URL + "?" + params
def complete_authorization(settings,
code,
state,
validate=True,
redirect_uri=None):
params = {
'client_id': settings.get("mnemonic"),
'code': code,
'grant_type': 'authorization_code',
'redirect_uri': redirect_uri or settings.get("redirect_uri"),
'timestamp': get_timestamp(),
'token_type': 'Bearer',
'scope': settings.get("scope"),
'state': state,
}
params = sign_params_gost(
params,
public_cert_file_path=settings.get("certificate_file"),
private_key_file_path=settings.get("private_key_file"))
url = settings.get('esia_url') + TOKEN_EXCHANGE_URL
response_json = make_request(url=url, method='POST', data=params)
# id_token = response_json['id_token']
id_token = response_json['access_token']
if validate:
payload = validate_token(settings, id_token)
else:
payload = utils.parse_token(id_token)
return {
"token": response_json['access_token'],
"user_id": get_user_from_token_params(payload)
}