def box_oauth_finish(auth, **kwargs):
"""View called when the Oauth flow is completed. Adds a new BoxUserSettings
record to the user and saves the user's access token and account info.
"""
user = auth.user
node = Node.load(session.data.pop('box_auth_nid', None))
# Handle request cancellations from Box's API
if request.args.get('error'):
flash('Box authorization request cancelled.')
if node:
return redirect(node.web_url_for('node_setting'))
return redirect(web_url_for('user_addons'))
result = finish_auth()
# If result is a redirect response, follow the redirect
if isinstance(result, BaseResponse):
return result
client = BoxClient(CredentialsV2(
result['access_token'],
result['refresh_token'],
settings.BOX_KEY,
settings.BOX_SECRET,
))
about = client.get_user_info()
oauth_settings = BoxOAuthSettings.load(about['id'])
if not oauth_settings:
oauth_settings = BoxOAuthSettings(user_id=about['id'], username=about['name'])
oauth_settings.save()
oauth_settings.refresh_token = result['refresh_token']
oauth_settings.access_token = result['access_token']
oauth_settings.expires_at = datetime.utcfromtimestamp(time.time() + 3600)
# Make sure user has box enabled
user.add_addon('box')
user.save()
user_settings = user.get_addon('box')
user_settings.oauth_settings = oauth_settings
user_settings.save()
flash('Successfully authorized Box', 'success')
if node:
# Automatically use newly-created auth
if node.has_addon('box'):
node_addon = node.get_addon('box')
node_addon.set_user_auth(user_settings)
node_addon.save()
return redirect(node.web_url_for('node_setting'))
return redirect(web_url_for('user_addons'))
def test_automatic_refresh(self):
credentials = CredentialsV2("access_token", "refresh_token", "client_id", "client_secret")
client = BoxClient(credentials)
requests_mock = flexmock(requests)
# The first attempt, which is denied
(
requests_mock.should_receive("request")
.with_args(
"get", "https://api.box.com/2.0/users/me", params=None, data=None, headers=client.default_headers
)
.and_return(mocked_response(status_code=401))
.once()
)
# The call to refresh the token
(
requests_mock.should_receive("post")
.with_args(
"https://www.box.com/api/oauth2/token",
{
"client_id": "client_id",
"client_secret": "client_secret",
"refresh_token": "refresh_token",
"grant_type": "refresh_token",
},
)
.and_return(mocked_response({"access_token": "new_access_token", "refresh_token": "new_refresh_token"}))
.once()
)
# The second attempt with the new access token
(
requests_mock.should_receive("request")
.with_args(
"get",
"https://api.box.com/2.0/users/me",
params=None,
data=None,
headers={"Authorization": "Bearer new_access_token"},
)
.and_return(mocked_response({"name": "bla"}))
.once()
)
result = client.get_user_info()
self.assertDictEqual(result, {"name": "bla"})
self.assertEqual(credentials._access_token, "new_access_token")
self.assertEqual(credentials._refresh_token, "new_refresh_token")
def test_automatic_refresh(self):
credentials = CredentialsV2("access_token", "refresh_token", "client_id", "client_secret")
client = BoxClient(credentials)
requests_mock = flexmock(requests)
# The first attempt, which is denied
(requests_mock
.should_receive('request')
.with_args("get",
'https://api.box.com/2.0/users/me',
params=None,
data=None,
headers=client.default_headers)
.and_return(mocked_response(status_code=401))
.once())
# The call to refresh the token
(requests_mock
.should_receive('post')
.with_args('https://www.box.com/api/oauth2/token', {
'client_id': 'client_id',
'client_secret': 'client_secret',
'refresh_token': 'refresh_token',
'grant_type': 'refresh_token',
})
.and_return(mocked_response({"access_token": "new_access_token",
"refresh_token": "new_refresh_token"}))\
.once())
# The second attempt with the new access token
(requests_mock
.should_receive('request')
.with_args("get",
'https://api.box.com/2.0/users/me',
params=None,
data=None,
headers={"Authorization": "Bearer new_access_token"})
.and_return(mocked_response({'name': 'bla'}))
.once())
result = client.get_user_info()
self.assertDictEqual(result, {'name': 'bla'})
self.assertEqual(credentials._access_token, "new_access_token")
self.assertEqual(credentials._refresh_token, "new_refresh_token")
def test_automatic_refresh(self):
credentials = CredentialsV2("access_token", "refresh_token", "client_id", "client_secret")
client = BoxClient(credentials)
requests_mock = flexmock(requests)
# The first attempt, which is denied
requests_mock \
.should_receive('request') \
.with_args("get",
'https://api.box.com/2.0/users/me',
params=None,
data=None,
headers=client.default_headers) \
.and_return(mocked_response(status_code=401)) \
.once()
# The call to refresh the token
requests_mock \
.should_receive('post')\
.with_args('https://www.box.com/api/oauth2/token', {
'client_id': 'client_id',
'client_secret': 'client_secret',
'refresh_token': 'refresh_token',
'grant_type': 'refresh_token',
})\
.and_return(mocked_response({"access_token": "new_access_token",
"refresh_token": "new_refresh_token"}))\
.once()
# The second attempt with the new access token
requests_mock \
.should_receive('request') \
.with_args("get",
'https://api.box.com/2.0/users/me',
params=None,
data=None,
headers={"Authorization": "Bearer new_access_token"}) \
.and_return(mocked_response({'name': 'bla'})) \
.once()
result = client.get_user_info()
self.assertDictEqual(result, {'name': 'bla'})
self.assertEqual(credentials._access_token, "new_access_token")
self.assertEqual(credentials._refresh_token, "new_refresh_token")
def handle_callback(self, response):
"""View called when the Oauth flow is completed. Adds a new BoxUserSettings
record to the user and saves the user's access token and account info.
"""
client = BoxClient(CredentialsV2(
response['access_token'],
response['refresh_token'],
settings.BOX_KEY,
settings.BOX_SECRET,
))
about = client.get_user_info()
return {
'provider_id': about['id'],
'display_name': about['name'],
'profile_url': 'https://app.box.com/profile/{0}'.format(about['id'])
}
