def setUp(self): # Hacky way of inserting requested_sources, but it seems django doesn't # want to read this from the test fixture self.member1_project = OAuth2DataRequestProject.objects.get(slug="abc") project_2 = DataRequestProject.objects.get(slug="abc-2") self.member1_project.requested_sources.add(project_2) self.member1_project.save() self.access_token = AccessToken( application=self.member1_project.application, user=self.member1.user, token="test-token-1", expires=timezone.now() + timedelta(days=1), scope="read", ) self.access_token.save() self.access_token_expired = AccessToken( application=self.member1_project.application, user=self.member1.user, token="test-token-2", expires=timezone.now() - timedelta(days=1), scope="read", ) self.access_token_expired.save()
def test_scopes_property(self): self.client.login(username="******", password="******") app = Application.objects.create( name="test_app", redirect_uris= "http://localhost http://example.com http://example.it", user=self.user, client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, ) access_token = AccessToken(user=self.user, scope='read write', expires=0, token='', application=app) access_token2 = AccessToken(user=self.user, scope='write', expires=0, token='', application=app) self.assertEqual(access_token.scopes, { 'read': 'Reading scope', 'write': 'Writing scope' }) self.assertEqual(access_token2.scopes, {'write': 'Writing scope'})
def setUpClass(cls): super(DirectSharingOAuth2Tests, cls).setUpClass() cls.authorize_url = ('/direct-sharing/projects/oauth2/authorize/' '?client_id=test-key&response_type=code') user1 = get_or_create_user('bacon') cls.member1, _ = Member.objects.get_or_create(user=user1) cls.member1_project = OAuth2DataRequestProject.objects.get(slug='abc') email1 = cls.member1.primary_email cls.access_token = AccessToken( application=cls.member1_project.application, user=user1, token='test-token-1', expires=datetime.now() + timedelta(days=1), scope='read') cls.access_token.save() cls.access_token_expired = AccessToken( application=cls.member1_project.application, user=user1, token='test-token-2', expires=datetime.now() - timedelta(days=1), scope='read') cls.access_token_expired.save() email1.verified = True email1.save()
def setUpClass(cls): super(DirectSharingOAuth2Tests2, cls).setUpClass() cls.authorize_url = ( "/direct-sharing/projects/oauth2/authorize/" "?client_id=test-key-2&response_type=code" ) user1 = get_or_create_user("bacon") cls.member1, _ = Member.objects.get_or_create(user=user1) cls.member1.save() cls.member1_project = OAuth2DataRequestProject.objects.get(slug="abc3") cls.member1_project.save() email1 = cls.member1.primary_email cls.access_token = AccessToken( application=cls.member1_project.application, user=user1, token="test-token-1", expires=timezone.now() + timedelta(days=1), scope="read", ) cls.access_token.save() email1.verified = True email1.save()
def get_user_token(user): """ Returns an access token for the given user. This function facilitates interactions with the bundle service. """ if user is None or not user.is_authenticated(): return None client = Application.objects.get(client_id=cli_client_id(user)) tokens = AccessToken.objects.filter(application_id=client.id, expires__gt=timezone.now() + timedelta(minutes=5)) access_token = None for token in tokens: if token.is_valid([]): access_token = token break if access_token is None: access_token = AccessToken( user=user, scope='', expires=timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS), token=generate_token(), application=client) access_token.save() return str(access_token.token)
def post(self, request, format=None): if request.method == "POST": ref_token = request.data.get("refresh_token") expires = timezone.now() + timedelta(seconds=3600000) application = Application.objects.get( client_id=mainSettings.OAUTH_CLIENTID) try: refTokenModel = RefreshToken.objects.get(token=ref_token) except RefreshToken.DoesNotExist: return Response({'error': 'Refresh token invalid'}, status=400) access_token = AccessToken(user=refTokenModel.user, scope='', expires=expires, token=common.generate_token(), application=application) access_token.save() #refresh_token = RefreshToken(token=ref_token, # application=application,access_token=access_token ) refTokenModel.access_token = access_token refTokenModel.save() return Response( { 'token': access_token.token, 'refresh_token': ref_token, "token_type": "Bearer" }, status=HTTPStatus.HTTP_200_OK) else: status_code = HTTPStatus.METHOD_NOT_ALLOWED response = JsonResponse({'success': 'false'}, status=status_code) return response
def test_accesstoken_create(self): """ Create an AccessToken and check for signal """ request = self.factory.get('/bluebutton/fhir/v1/ExplanationOfBenefit/') request.user = self.user # xwalk = Crosswalk.objects.get(user=self.user) app = self._create_application('ThePHR', user=request.user) # print("\nApp - prep for AccessToken:%s" % app.name) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = request.user a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = [ "patient/Patient.read", "patient/ExplanationOfBenefit.read" ] a_tkn.save() # print("\n================\nSaved %s" % a_tkn) self.assertEqual(True, True)
def save_bearer_token(self, token, request, *args, **kwargs): """ Check if an access_token exists for the couple user/application that is valid and authorized for the same scopes and ensures that no refresh token was used. If all the conditions are true the same access_token is issued. Otherwise a new one is created with the default strategy. """ # this queryset identifies all the valid access tokens # for the couple user/application. previous_valid_tokens = AccessToken.objects.filter( user=request.user, application=request.client, ).filter(expires__gt=timezone.now()).order_by('-expires') # if a refresh token was not used and a valid token exists we # can replace the new generated token with the old one. if not request.refresh_token and previous_valid_tokens.exists(): for access_token in previous_valid_tokens: # the previous access_token must allow access to the same scope # or bigger if access_token.allow_scopes(token['scope'].split()): token['access_token'] = access_token.token expires_in = access_token.expires - timezone.now() token['expires_in'] = expires_in.total_seconds() if hasattr(access_token, 'refresh_token'): token[ 'refresh_token'] = access_token.refresh_token.token # break the loop and exist because we found to old token return # default behaviour when no old token is found if request.refresh_token: # remove used refresh token try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert ( ) # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta(seconds=token['expires_in']) if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken(user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken(user=request.user, token=token['refresh_token'], application=request.client, access_token=access_token) refresh_token.save()
def save_bearer_token(self, token, request, *args, **kwargs): if request.refresh_token: try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert () # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken( user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], application=request.client, access_token=access_token ) refresh_token.save() if DEVICE_TOKEN_HEADER in request.headers: self.save_device(request=request, access_token=access_token, refresh_token=refresh_token) token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
def signup_client(request): serializer = SignupClientSerializer(data=request.data, context={'request': request}) serializer.is_valid() # print("serializer error: ", oauth2_settings) if serializer.errors: return Response(data=serializer.errors, status=status.HTTP_400_BAD_REQUEST) else: serializer.save() application = Application.objects.get(client_id=serializer.initial_data["client_id"]) expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) activated_user = User.objects.get(email=serializer.data["email"]) access_token = AccessToken( user=activated_user, scope='', expires=expires, token=common.generate_token(), application=application ) access_token.save() refresh_token = RefreshToken( user=activated_user, token=common.generate_token(), application=application, access_token=access_token ) refresh_token.save() return Response({"expires": expires, "access_token": access_token.token, "refresh_token": refresh_token.token}, status=200)
def save_bearer_token(self, token, request, *args, **kwargs): """ It's messy. It is 90% code from parent function. I didn't find a way to reduce it. I tried and I failed :'( Sin Count += 1 Save access and refresh token, If refresh token is issued, remove old refresh tokens as in rfc:`6` """ if request.refresh_token: # remove used refresh token # Copied as is from parent. I don't know why they're even caring to delete this! - Dheerendra try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert ( ) # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta( seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS if request.response_type == 'token': expires = timezone.now() + timedelta( seconds=settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS) token[ 'expires_in'] = settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken(user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], application=request.client, ) if request.grant_type == 'authorization_code': refresh_tokens = RefreshToken.objects.all().filter( user=request.user, application=request.client).order_by('-id') if len(refresh_tokens) > 0: refresh_token = refresh_tokens[0] # Delete the old access_token refresh_token.access_token.delete() if len(refresh_tokens) > 1: # Enforce 1 token pair. Delete all old refresh_tokens RefreshToken.objects.exclude( pk=refresh_token.id).delete() refresh_token.access_token = access_token refresh_token.save() token['refresh_token'] = refresh_token.token token['groups'] = request.user.groups
def setUp(self): super(PollAPITestCaseOAuth2Provider, self).setUp() from provider.oauth2.models import AccessToken, Client from provider.constants import CONFIDENTIAL, READ, WRITE, READ_WRITE # Prepare OAuth2 Provider Access op_client = Client(user=self.user, name='Test Application', url='http://example.com', redirect_uri='http://example.com', client_type=CONFIDENTIAL) op_client.save() for scope in self.scopes + (None, ): options = { 'user': self.user, 'client': op_client, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'token': getattr(self, scope_attrbute_name), 'scope': locals()[scope.replace(" ", "_").upper()] }) op_access_token = AccessToken(**options) op_access_token.save() self.choice_url = self.urls['choice_provider'] self.poll_url = self.urls['poll_provider'] self.scoped_choice_url = self.urls['scoped_choice_provider'] self.scoped_poll_url = self.urls['scoped_poll_provider']
def create_user(self): # FIXME: Please refactor me! self.logout_url = reverse('accounts.logout') self.username = '******' self.password = '******' self.data = \ { 'first_name': 'Demo', 'last_name': 'Demo', 'email': '*****@*****.**', } # this is used to identify addresses created by allocate_wallets mock self.address_id_pattern = 'addr_id_' self._mock_rpc() self.create_main_user() self.client = NexchangeClient() success = self.client.login(username=self.username, password=self.password) expires = timezone.now() + timedelta(days=30) token = AccessToken(user=self.user, token='3HrghbVeDUQWaOriqrXYLZmCb4cEXB', expires=expires) token.save() assert success
def setUp(self): super(PollAPITestCaseOAuthToolkit, self).setUp() # Prepare OAuth Toolkit Access from oauth2_provider.models import AccessToken, Application ot_application = Application( user=self.user, redirect_uris='http://example.com', client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, name='Test Application') ot_application.save() for scope in self.scopes + (None, ): options = { 'user': self.user, 'application': ot_application, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'scope': scope, 'token': getattr(self, scope_attrbute_name) }) ot_access_token = AccessToken(**options) ot_access_token.save() self.choice_url = self.urls['choice_toolkit'] self.poll_url = self.urls['poll_toolkit'] self.scoped_choice_url = self.urls['scoped_choice_toolkit'] self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def _create_access_token(self, expires, request, token, source_refresh_token=None): access_token = AccessToken( user=request.user, scope=' '.join(request.user.scopes), expires=expires, token=token["access_token"], application=request.client, ) access_token.save() auth_cache = caches['auth'] cached_auth = { 'uid': access_token.user.id, 'scopes': access_token.user.scopes, 'token': access_token.token, } key = 'auth:access_token:{token}'.format(token=access_token.token) auth_cache.set(key, cached_auth, oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) return access_token
def setUp(self): super(PollAPITestCaseOAuthToolkit, self).setUp() call_command('loaddata', 'polls_api_testdata.json', verbosity=0) self.client = Client() self.poll_1 = Poll.objects.get(pk=1) self.poll_2 = Poll.objects.get(pk=2) self.urls = {} kwargs = {'api_name': 'v1'} apis = [ 'choice_toolkit', 'scoped_choice_toolkit', 'poll_toolkit', 'scoped_poll_toolkit', ] for api in apis: kwargs['resource_name'] = api self.urls[api] = reverse('api_dispatch_list', kwargs=kwargs) # Create a user. username = '******' email = '*****@*****.**' password = '******' self.user = User.objects.create_user(username, email, password) self.scopes = ("read", "write", "read write") for scope in self.scopes: scope_attrbute_name = "token_" + scope.replace(" ", "_") setattr(self, scope_attrbute_name, "TOKEN" + scope) self.token = 'TOKEN' self.scoped_token = self.token_read_write ot_application = Application( user=self.user, redirect_uris='http://example.com', client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, name='Test Application' ) ot_application.save() for scope in self.scopes + (None,): options = { 'user': self.user, 'application': ot_application, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'scope': scope, 'token': getattr(self, scope_attrbute_name) }) ot_access_token = AccessToken(**options) ot_access_token.save() self.choice_url = self.urls['choice_toolkit'] self.poll_url = self.urls['poll_toolkit'] self.scoped_choice_url = self.urls['scoped_choice_toolkit'] self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def _create_access_token(expires, request, token): access_token = AccessToken( user=request.user, scope=token["scope"], expires=expires, token=token["access_token"], application=request.client ) access_token.save() return access_token
def test_access_token_signal_update(self): """ Create AccessToken check for update to user/app consent """ usr = self.user app = self._create_application('ThePHR', user=usr) # xwalk = Crosswalk.objects.get(user=usr) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = [ "patient/Patient.read", "patient/ExplanationOfBenefit.read" ] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) # print("\nConsent:%s" % f_c) # print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "1") a_tkn.delete() a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = [ "patient/Patient.read", "patient/ExplanationOfBenefit.read" ] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) # print("\nUpdated Consent:%s" % f_c) # print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "2")
def create(self, request, *args, **kwargs): """ """ data = request.data data = dict(data.items()) serializer = UserCreateSerializer(data=data) host = request.META['HTTP_HOST'] if serializer.is_valid(): user = get_user_model().objects.create_user(**serializer.data) user.set_password(data.get('password')) user.is_active = False user.save() # here generating the activation key activation_key = str(uuid.uuid4()) user.activation_key = activation_key user.save() profile = Profile(user=user) profile.save() mail_user_activation_key(user, host=host) # getting application application = Application.objects.get(name="mmb") # creating access token access_token = AccessToken(user=user, expires=expires, token=generate_token(), application=application) access_token.save() refresh_token = RefreshToken.objects.create( user=user, token=generate_token(), access_token=access_token, application=application) response = { 'access_token': access_token.token, 'token_type': 'Bearer', 'expires_in': settings.OAUTH2_PROVIDER['ACCESS_TOKEN_EXPIRE_SECONDS'], 'refresh_token': refresh_token.token } return Response(response, status=status.HTTP_200_OK) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def access_tokens(users): access_tokens_list = [ AccessToken( user_id=1, token="test_access_token", expires=datetime.now() ) ] with freeze_time("2020-05-28 10:06:23"): AccessToken.objects.bulk_create(access_tokens_list) access_tokens_objs = AccessToken.objects.all() return access_tokens_objs
def callback(request): # Could not authorize twitch app if 'error' in request.GET: # todo: handle appropriately error_message = _('You denied access to your Twitch account') \ if request.GET['error'] == 'access_denied' else _('Error while authentication via Twitch API') messages.error(request, error_message) logger.error( '[Twitch Auth] %s: %s' % (request.META['REMOTE_ADDR'], request.GET['error_description'])) return HttpResponseRedirect('/') # get redirection url # todo: make dynamic or username state based => setup/home/etc redirect_to = settings.FRONTEND_URL + settings.FRONTEND_CALLBACK code = request.GET['code'] state = request.GET['state'] logger.error(f"{code}, {state}") # if user is already logged in, redirect to that url # if request.user.is_authenticated: # return HttpResponseRedirect(redirect_to) # authenticate with backend user = authenticate(request, code=request.GET['code']) if user and user.is_active: # auth_login(request, user) # todo: create oauth2 token try: expires = timezone.now() + timedelta( seconds=settings.ACCESS_TOKEN_EXPIRE_SECONDS) temporary_token = TemporaryToken.objects.get(identifier=state) application = temporary_token.application access_token = AccessToken(user=user, scope='', expires=expires, token=common.generate_token(), application=application) access_token.save() temporary_token.token = access_token temporary_token.approved = True temporary_token.save() except TemporaryToken.DoesNotExist: print("Yo we couldnt find this") # messages.success(request, _('You successfully logged in')) return HttpResponseRedirect(redirect_to) else: print("not an existing user... complete setup") # messages.error(request, _('Cannot authenticate you')) return HttpResponseRedirect('/')
def create_access_token(self, user: "******") -> AccessToken: """Create an access token.""" expires = timezone.now() + timedelta(seconds=self.token_expire) access_token = AccessToken( user=user, scope="read write groups", expires=expires, token=common.generate_token(), application=self.jwt_app, ) access_token.save() return access_token
def _create_bearer_token(self, user): app, created = Application.objects.get_or_create( user=user, client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_PASSWORD, name=user.username) expires_in = settings.ACCESS_TOKEN_EXPIRE_SECONDS expires = timezone.now() + timedelta(seconds=expires_in) token = AccessToken(user=user, token=generate_token(), application=app, expires=expires) token.save()
def test_profile(client, settings, monkeypatch, mock_response) -> None: user = get_user_model()(username="******") user.save() one_day_hence = timezone.now() + timedelta(days=1) AccessToken(user=user, token='secretstring', expires=one_day_hence, scope='read').save() response = client.get(reverse('djangito_server:profile'), **{'Authorization': f'Bearer secretstring'}) assert response.status_code == 200 json_response = response.content.decode('utf-8') assert json.loads(json_response)['username'] == 'pandichef'
def setup_user_token(): # create user user = User.objects.create_user('hongzhi', password='******') # create oauth application app = Application() app.user = user app.save() token = AccessToken() token.user = user token.expires = timezone.now().replace(year=timezone.now().year + 1) token.application = app token.token = '987654321' token.save() return user, token.token
def send_email(request): """ Send an email related to a user password reset. TODO: move to /users; fix HttpResponse --- parameters: - name: email paramType: form - name: user paramType: form """ email = request.POST.get('email') name = request.POST.get('user') user = User.objects.get(username=name) if user.email != email: return HttpResponse(status.HTTP_403_FORBIDDEN) uidb64 = base64.urlsafe_b64encode(force_bytes(user.pk)) token = AccessToken( user=user, application=Application.objects.get( client_id='aHD4NUa4IRjA1OrPD2kJLXyz34c06Bi5eVX8O94p'), expires=timezone.now() + timezone.timedelta(minutes=5), token=generate_token()) token.save() email_config = { 'email': email, 'domain': request.META['HTTP_HOST'], 'site_name': 'TRAC', 'uid': uidb64, 'user': user, 'token': str(token), 'protocol': 'https://', } url = "/".join((email_config['domain'], 'UserSettings', email_config['uid'], email_config['token'], '')) email_body = loader.render_to_string( '../templates/email_templates/email_template.html', email_config) send_mail('Reset Password Request', email_body, '*****@*****.**', (email_config['email'], ), fail_silently=False) return HttpResponse(status.HTTP_200_OK)
def create_access_token(self, user_id, application_id, scopes, expiry_in_seconds): import datetime from oauth2_provider.models import AccessToken access_token = self._generate_access_token() expires = datetime.datetime.now() + datetime.timedelta( seconds=expiry_in_seconds) access_token_object = AccessToken(user_id=user_id, token=access_token, application_id=application_id, expires=expires, scope=scopes) access_token_object.save() from common.dtos import AccessTokenDTO return AccessTokenDTO(access_token_id=access_token_object.id, token=access_token_object.token, expires=expires)
def generate_access_token(user): '''获取 accesstoken, 由于微信小程序无法使用session, 所以采用oauth的机制''' application = Application.objects.get( client_id=settings.ORIGINAL_OAUTH2_CLIENT_ID, client_secret=settings.ORIGINAL_OAUTH2_CLIENT_SECRET, ) expires = arrow.now().shift(years=1).datetime token = common.generate_token() scopes = ['read', 'write'] access_token = AccessToken( user=user, scope=scopes, expires=expires, token=token, application=application, source_refresh_token=None, ) access_token.save() return access_token
def archive_bearer_token(self): # During testing, you will probably have to copy access tokens from prod for this to work try: app = Application.objects.get(name='Archive') except Application.DoesNotExist: logger.error( 'Archive application not found. Oauth applications need to be populated.' ) return '' access_token = AccessToken.objects.filter( user=self.user, application=app, expires__gt=timezone.now()).last() if not access_token: access_token = AccessToken(user=self.user, application=app, token=uuid.uuid4().hex, expires=timezone.now() + timedelta(days=30)) access_token.save() return access_token.token
def post(self,request): message = {} serializer = serializers.ConvertTokenSerializer(data=request.data) if serializer.is_valid(): application = Application.objects.all()[0] token = Token.objects.get(key=serializer.data['key']) expires = datetime.now() + timedelta(seconds=100000000) access_token = AccessToken( user=token.user, scope='write read', expires=expires, token=common.generate_token(), application=application ) access_token.save() message['token'] = access_token.token message['name'] = access_token.user.nome message['email'] = access_token.user.email return Response(message,200) else: message['status'] = 'error' return Response(message, 500)