def token(request): """Get an API token for the logged in user.""" if request.method == 'POST': # OAuth2 access token endpoint for name in [ 'client_id', 'client_secret', 'code', 'state' ]: if name not in request.params: msg = '%s "%s".' % (messages.MISSING_PARAMETER, name) raise HTTPBadRequest(msg) raise NotImplementedError('OAuth provider not implemented yet.') else: # Annotator token endpoint if not request.user: msg = messages.NOT_LOGGED_IN raise HTTPForbidden(msg) settings = request.registry.settings key = settings['api.key'] consumer = models.Consumer.get_by_key(key) assert(consumer) user_id = 'acct:%s@%s' % (request.user.user_name, request.host) message = { 'userId': user_id, 'consumerKey': str(consumer.key), 'ttl': consumer.ttl, } return auth.encode_token(message, consumer.secret)
def auth_token(): ac = 'Access-Control-' headers = {} if 'origin' in request.headers: headers[ac + 'Allow-Origin'] = request.headers['origin'] headers[ac + 'Allow-Credentials'] = 'true' headers[ac + 'Expose-Headers'] = 'Location, Content-Type, Content-Length' if request.method == 'OPTIONS': headers[ ac + 'Allow-Headers'] = 'X-Requested-With, Content-Type, Content-Length' headers[ac + 'Allow-Methods'] = 'GET, OPTIONS' headers[ac + 'Max-Age'] = '86400' if g.user: c = Consumer.fetch('annotateit') payload = { 'consumerKey': c.key, 'userId': g.user.username, 'ttl': c.ttl } if g.user.is_admin: payload['admin'] = True token = auth.encode_token(payload, c.secret) return Response(token, headers=headers, mimetype='text/plain') else: return Response('Please go to {0} to log in!'.format(request.host_url), status=401, headers=headers, mimetype='text/plain')
def setup(self): super(TestStoreAuthz, self).setup() self.user = MockUser() # alice self.anno_id = '123' self.permissions = { 'read': [self.user.id, 'bob'], 'update': [self.user.id, 'charlie'], 'admin': [self.user.id] } self.ctx = self.app.test_request_context() self.ctx.push() ann = Annotation(id=self.anno_id, user=self.user.id, consumer=self.user.consumer.key, text='Foobar', permissions=self.permissions) ann.save() for u in ['alice', 'bob', 'charlie']: token = auth.encode_token({'consumerKey': self.user.consumer.key, 'userId': u}, self.user.consumer.secret) setattr(self, '%s_headers' % u, {'x-annotator-auth-token': token})
def setup(self): super(TestStoreAuthz, self).setup() self.user = MockUser() # alice self.anno_id = '123' self.permissions = { 'read': [self.user.id, 'bob'], 'update': [self.user.id, 'charlie'], 'admin': [self.user.id] } self.ctx = self.app.test_request_context() self.ctx.push() ann = Annotation(id=self.anno_id, user=self.user.id, consumer=self.user.consumer.key, text='Foobar', permissions=self.permissions) ann.save() for u in ['alice', 'bob', 'charlie']: token = auth.encode_token( { 'consumerKey': self.user.consumer.key, 'userId': u }, self.user.consumer.secret) setattr(self, '%s_headers' % u, {'x-annotator-auth-token': token})
def test_reject_expired_token(self): tok = auth.encode_token({}, 'secret') self.time_travel(seconds=310) assert_raises(auth.TokenInvalid, auth.decode_token, tok, 'secret', ttl=300)
def create_token(self, request, refresh_token=False): client = request.client message = dict(consumerKey=client.client_id, ttl=client.ttl) message.update(request.extra_credentials or {}) token = { 'access_token': auth.encode_token(message, client.client_secret), 'expires_in': client.ttl, 'token_type': 'http://annotateit.org/api/token', } return token
def generate_token(request): message = { 'consumerKey': request.client.key, 'ttl': request.client.ttl, } if request.extra_credentials is not None: message.update(request.extra_credentials) return auth.encode_token(message, request.client.secret)
def token(self): token = { 'consumerKey': g.annotator_consumer_key, 'ttl': 86400, 'userId': c.author, 'userIsAnonymous': c.user is None } response.headers['content-type'] = 'text/plain' return auth.encode_token(token, g.annotator_consumer_secret)
def setup(self): super(TestStore, self).setup() self.user = MockUser() payload = {'consumerKey': self.user.consumer.key, 'userId': self.user.id} token = auth.encode_token(payload, self.user.consumer.secret) self.headers = {'x-annotator-auth-token': token} self.ctx = self.app.test_request_context() self.ctx.push()
def token_generator(request): """ Generate a token from a request. The request must have the ``client`` and `extra_credentials`` properties added by OAuthLib, and a ``user`` (possibly ``None``). """ client = request.client credentials = request.extra_credentials or {} credentials.setdefault('ttl', DEFAULT_TTL) credentials.setdefault('consumerKey', client.client_id) if request.user is not None: credentials.setdefault('userId', request.user) return encode_token(credentials, client.client_secret)
def token(request): """Get an API token for the logged in user.""" # The response is a JSON Web Token signed with the application's consumer # key and secret. In the future, other applications may have their own # consumer keys. Although, most of this should go away in favor of more # traditional OAuth tools and the need for the token request might be # made to vanish when the iframe architecture settles and cross-domain # communication is handled at the browser runtime via postMessage. settings = request.registry.settings secret = settings.get('h.api_secret') key = settings.get('h.consumer_key') ttl = settings.get('h.api_ttl', auth.DEFAULT_TTL) # @@ make this deal with oid+realms, oauth etc better user_id = 'acct:%s@%s' % (request.user.users[0].login, request.host) message = {'userId': user_id, 'consumerKey': key, 'ttl': ttl} body = auth.encode_token(message, secret) return Response(body=body)
def __call__(self): request = self.request consumer = self.Consumer.get_by_key(self.settings['api.key']) assert (consumer) message = { 'consumerKey': str(consumer.key), 'ttl': consumer.ttl, } if request.user: parts = { 'username': request.user.username, 'provider': request.host } message['userId'] = 'acct:%(username)s@%(provider)s' % parts return auth.encode_token(message, consumer.secret)
def __call__(self): request = self.request consumer = self.Consumer.get_by_key(self.settings['api.key']) assert(consumer) message = { 'consumerKey': str(consumer.key), 'ttl': consumer.ttl, } if request.user: parts = { 'username': request.user.username, 'provider': request.server_name } message['userId'] = 'acct:%(username)s@%(provider)s' % parts return auth.encode_token(message, consumer.secret)
def token(request): """Get an API token for the logged in user.""" # The response is a JSON Web Token signed with the application's consumer # key and secret. In the future, other applications may have their own # consumer keys. Although, most of this should go away in favor of more # traditional OAuth tools and the need for the token request might be # made to vanish when the iframe architecture settles and cross-domain # communication is handled at the browser runtime via postMessage. settings = request.registry.settings secret = settings.get('h.api_secret') key = settings.get('h.consumer_key') ttl = settings.get('h.api_ttl', auth.DEFAULT_TTL) # @@ make this deal with oid+realms, oauth etc better user_id = 'acct:%s@%s' % (request.user.users[0].login, request.host) message = { 'userId': user_id, 'consumerKey': key, 'ttl': ttl } body = auth.encode_token(message, secret) return Response(body=body)
def auth_token(): ac = 'Access-Control-' headers = {} if 'origin' in request.headers: headers[ac + 'Allow-Origin'] = request.headers['origin'] headers[ac + 'Allow-Credentials'] = 'true' headers[ac + 'Expose-Headers'] = 'Location, Content-Type, Content-Length' if request.method == 'OPTIONS': headers[ac + 'Allow-Headers'] = 'X-Requested-With, Content-Type, Content-Length' headers[ac + 'Allow-Methods'] = 'GET, OPTIONS' headers[ac + 'Max-Age'] = '86400' if g.user: c = Consumer.fetch('annotateit') payload = {'consumerKey': c.key, 'userId': g.user.username, 'ttl': c.ttl} if g.user.is_admin: payload['admin'] = True token = auth.encode_token(payload, c.secret) return Response(token, headers=headers, mimetype='text/plain') else: return Response('Please go to {0} to log in!'.format(request.host_url), status=401, headers=headers, mimetype='text/plain')
def make_request(consumer, obj=None): obj = obj or {} obj.update({'consumerKey': consumer.key}) return MockRequest(Headers([ ('x-annotator-auth-token', auth.encode_token(obj, consumer.secret)) ]))
def test_decode_token_unicode(self): tok = auth.encode_token({}, 'secret') assert auth.decode_token( unicode(tok), 'secret'), "token should have been successfully decoded"
def test_reject_inauthentic_token(self): tok = auth.encode_token({'userId': 'alice'}, 'secret') tok += 'extrajunk' assert_raises(auth.TokenInvalid, auth.decode_token, tok, 'secret')
def test_reject_notyetvalid_token(self): tok = auth.encode_token({}, 'secret') self.time_travel(minutes=-1) assert_raises(auth.TokenInvalid, auth.decode_token, tok, 'secret')
def test_decode_token(self): tok = auth.encode_token({}, 'secret') assert auth.decode_token(tok, 'secret'), "token should have been successfully decoded"
def make_request(consumer, obj=None): obj = obj or {} obj.update({'consumerKey': consumer.key}) return MockRequest( Headers([('x-annotator-auth-token', auth.encode_token(obj, consumer.secret))]))