def save_bearer_token(self, token, request, *args, **kwargs):
"""Saves a generated bearer token for the authenticated user to the database."""
expires = utcnow() + datetime.timedelta(seconds=token["expires_in"])
refresh_token_expires = utcnow() + datetime.timedelta(
seconds=token["refresh_token_expires_in"]
)
del token[
"refresh_token_expires_in"
] # We don't want to render this in the response.
oauth_token = models.Token(
userid=request.user.userid,
value=token["access_token"],
refresh_token=token["refresh_token"],
expires=expires,
refresh_token_expires=refresh_token_expires,
authclient=request.client.authclient,
)
self.session.add(oauth_token)
# oauthlib does not provide a proper hook for this, so we need to call it ourselves here.
if request.grant_type == "refresh_token":
self.invalidate_refresh_token(request.refresh_token, request)
return oauth_token
def test_rename_updates_tokens(self, service, user, db_session, factories):
token = models.Token(userid=user.userid, value="foo")
db_session.add(token)
service.rename(user, "panda")
updated_token = (db_session.query(
models.Token).filter(models.Token.id == token.id).one())
assert updated_token.userid == user.userid
def save_bearer_token(self, token, request, *args, **kwargs):
"""Saves a generated bearer token for the authenticated user to the database."""
oauth_token = models.Token(userid=request.user.userid,
value=token['access_token'],
refresh_token=token['refresh_token'],
expires=(utcnow() + datetime.timedelta(seconds=token['expires_in'])),
authclient=request.client.authclient)
self.session.add(oauth_token)
return oauth_token
def test_it_returns_an_oauth_compliant_response(self, pyramid_request, oauth_service):
token = models.Token()
oauth_service.create_token.return_value = token
assert views.access_token(pyramid_request) == {
'access_token': token.value,
'token_type': 'bearer',
'expires_in': TOKEN_TTL.total_seconds(),
}
def test_rename_updates_tokens(self, service, user, db_session, factories):
token = models.Token(userid=user.userid, value='foo')
db_session.add(token)
service.rename(user, 'panda')
updated_token = db_session.query(models.Token) \
.filter(models.Token.id == token.id) \
.one()
assert updated_token.userid == user.userid
def post(self):
"""(Re-)generate the user's API token."""
token = models.Token.get_by_userid(self.request.authenticated_userid)
if token:
# The user already has an API token, regenerate it.
token.regenerate()
else:
# The user doesn't have an API token yet, generate one for them.
token = models.Token(self.request.authenticated_userid)
self.request.db.add(token)
return {'token': token.value}
def create(self, userid):
"""
Creates a developer token for the given userid.
:param userid: The userid for which the developer token gets created.
:type userid: unicode
:returns: a token instance
:rtype: h.models.Token
"""
token = models.Token(userid=userid, value=self._generate_token())
self.session.add(token)
return token
def create_token(self, user, authclient):
"""
Creates a token for the passed-in user without any additional
verification.
It is the caller's responsibility to verify the token request, e.g. with
``verify_token_request``.
:param assertion: the user for whom the token should be created.
:type assertion: h.models.User
:rtype: h.models.Token
"""
token = models.Token(userid=user.userid,
expires=(utcnow() + TOKEN_TTL),
authclient=authclient)
self.session.add(token)
return token
def create_token(self, user, authclient):
"""
Creates a token for the passed-in user without any additional
verification.
It is the caller's responsibility to verify the token request, e.g. with
``verify_token_request``.
:param assertion: the user for whom the token should be created.
:type assertion: h.models.User
:rtype: h.models.Token
"""
value = ACCESS_TOKEN_PREFIX + security.token_urlsafe()
refresh_token = REFRESH_TOKEN_PREFIX + security.token_urlsafe()
token = models.Token(userid=user.userid,
value=value,
expires=(utcnow() + TOKEN_TTL),
refresh_token=refresh_token,
authclient=authclient)
self.session.add(token)
return token
def token(self, db_session):
token = models.Token(userid='acct:[email protected]')
db_session.add(token)
db_session.flush()
return token
