def request_token_call(self,
secret=None,
grant_type='authorization_code',
assertion_type=None):
## process flow for oauth
params = services.request_value_dict(['client_id', 'redirect_uri'])
if grant_type is 'authorization_code':
params['code'] = services.get_param('code')
params['client_secret'] = services.get_param('shared_secret')
elif grant_type is 'refresh_token':
# todo implement
pass
else:
## assume its a bearer token flow
params['assertion'] = secret
params['grant_type'] = grant_type
params['format'] = 'json'
base_url = services.get_param('base_url')
suffix_override = services.get_param('suffix_override')
if suffix_override != None:
suffix_override = base_url + '/' + suffix_override
client = oauthclient(params['client_id'],
services.get_param('shared_secret'), base_url)
sending = client.toqueryparams(params)
try:
request_token = client.requestToken(suffix_override, params)
request_token.update(params)
if ('error' in request_token):
request_token['error_description'] = setup.get_message(
request_token['error'])
except Exception as e:
request_token = {}
request_token.update(params)
request_token[
'error'] = "Error occured in oAuth Call ({0})".format(e)
print(e)
except ValueError as ve:
request_token = {}
request_token.update(params)
request_token[
'error'] = "Input Error occured in oAuth Call ({0})".format(ve)
except:
request_token = {}
request_token.update(params)
request_token['error'] = 'Unknown error'
if suffix_override != None:
request_token['url_used'] = suffix_override + '?' + sending
else:
request_token[
'url_used'] = base_url + '/oauth/request_token?' + sending
return request_token
def oauth2_bearerflow_submit():
## clean out the values, hmm beaker might need to be invalidated
services.session.clear_attr([
'error', 'access_token', 'refresh_token', 'error_description', 'state',
'code'
])
values = dict(name='oauth 2 bearer submit flow')
token_type = services.get_param('token_type')
if token_type != None:
client_id = services.get_param('client_id')
username = services.get_param('username')
audience = services.get_param('aud')
callback = services.get_param('redirect_uri')
keysign = services.get_param('keysign')
keyname = services.get_param('keyname')
privateKey = None
publicKey = None
if (keysign != None and keysign == 'on' and keyname != None):
privateKeyFile = open(
setup.keydir + '/' + keyname + '/private.pem', 'r')
privateKey = privateKeyFile
publicKeyFile = open(setup.keydir + '/' + keyname + '/public.pem',
'r')
publicKey = publicKeyFile
if token_type == 'jwt':
tojson = {}
tojson['iss'] = client_id
tojson['prn'] = username
tojson['aud'] = audience
tojson['iat'] = round(time.time())
tojson['exp'] = round(time.time() + 300, 0)
secret = json.dumps(tojson)
key = services.get_param('shared_secret')
algorithm = 'HS256' # RS256
if (privateKey != None):
key = setup.keydir + '/' + keyname + '/private.pem' # setup.staticdir + '/mycert-private.pem'
algorithm = 'RS256'
secret = jwt.encode(tojson, key, algorithm)
request_token = oauth2.service.request_token_call(
secret,
'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion_type='JWT')
values.update(request_token)
elif token_type == 'saml' and keysign:
assertion = saml2.service.buildAssertion(username, audience,
client_id, callback)
secret = saml2.service.encodeAssertion(
assertion, setup.keydir + '/' + keyname + '/private.pem',
publicKey.read(
)) #setup.keydir +'/' + keyname + '/public.pem')
request_token = oauth2.service.request_token_call(
secret,
'urn:ietf:params:oauth:grant-type:saml2-bearer',
assertion_type='SAML')
values.update(request_token)
else:
values = {"error": "No token type provided on form"}
return values
def testauthorize():
## process flow for oauth
tostore = services.request_value_dict(['client_id','shared_secret','redirect_uri','base_url','state','suffix_override','token_type','scope'])
params = services.dict_subset(tostore,['client_id','redirect_uri','state','scope'])
params['response_type'] = 'code'
services.session.store(tostore, False)
if services.session.get_attr('state') is None:
services.session.put('state',services.session.get_session().id)
params['state'] = services.session.get_attr('state')
consumer_key = services.get_param('client_id')
shared_secret = services.get_param('shared_secret')
base_url = services.get_param('base_url')
oauthclient = oauth2.oauthclient(consumer_key, shared_secret, base_url)
redirect_url = oauthclient.authorizeRedirect(params=params)
return dict(link=redirect_url )
def request_token_call(self,secret=None,grant_type='authorization_code',assertion_type=None):
## process flow for oauth
params = services.request_value_dict(['client_id','redirect_uri'])
if grant_type is 'authorization_code':
params['code'] = services.get_param('code')
params['client_secret'] = services.get_param('shared_secret')
elif grant_type is 'refresh_token':
# todo implement
pass
else:
## assume its a bearer token flow
params['assertion'] = secret
params['grant_type'] = grant_type
params['format'] = 'json'
base_url = services.get_param('base_url')
suffix_override = services.get_param('suffix_override')
if suffix_override != None:
suffix_override = base_url + '/' + suffix_override
client = oauthclient(params['client_id'], services.get_param('shared_secret'), base_url)
sending = client.toqueryparams(params)
try:
request_token = client.requestToken(suffix_override, params)
request_token.update(params);
if ('error' in request_token):
request_token['error_description'] = setup.get_message(request_token['error'])
except Exception as e:
request_token = {}
request_token.update(params)
request_token['error'] = "Error occured in oAuth Call ({0})".format(e)
print (e)
except ValueError as ve:
request_token = {}
request_token.update(params)
request_token['error'] = "Input Error occured in oAuth Call ({0})".format(ve)
except:
request_token = {}
request_token.update(params)
request_token['error'] = 'Unknown error'
if suffix_override != None:
request_token['url_used'] = suffix_override + '?' + sending
else:
request_token['url_used'] = base_url + '/oauth/request_token?' + sending
return request_token
def testauthorize():
## process flow for oauth
tostore = services.request_value_dict([
'client_id', 'shared_secret', 'redirect_uri', 'base_url', 'state',
'suffix_override', 'token_type', 'scope'
])
params = services.dict_subset(
tostore, ['client_id', 'redirect_uri', 'state', 'scope'])
params['response_type'] = 'code'
services.session.store(tostore, False)
if services.session.get_attr('state') is None:
services.session.put('state', services.session.get_session().id)
params['state'] = services.session.get_attr('state')
consumer_key = services.get_param('client_id')
shared_secret = services.get_param('shared_secret')
base_url = services.get_param('base_url')
oauthclient = oauth2.oauthclient(consumer_key, shared_secret, base_url)
redirect_url = oauthclient.authorizeRedirect(params=params)
return dict(link=redirect_url)
def oauth2_bearerflow_submit():
## clean out the values, hmm beaker might need to be invalidated
services.session.clear_attr(['error','access_token','refresh_token','error_description','state','code'])
values = dict(name='oauth 2 bearer submit flow')
token_type = services.get_param('token_type')
if token_type != None:
client_id = services.get_param('client_id')
username = services.get_param('username')
audience = services.get_param('aud')
callback = services.get_param('redirect_uri')
keysign = services.get_param('keysign')
keyname = services.get_param('keyname')
privateKey = None
publicKey = None
if(keysign != None and keysign == 'on' and keyname != None):
privateKeyFile = open(setup.keydir +'/' + keyname + '/private.pem', 'r')
privateKey = privateKeyFile
publicKeyFile = open(setup.keydir +'/' + keyname + '/public.pem', 'r')
publicKey = publicKeyFile
if token_type == 'jwt':
tojson = {}
tojson['iss'] = client_id
tojson['prn'] = username
tojson['aud'] = audience
tojson['iat'] = round(time.time())
tojson['exp'] = round(time.time() + 300,0)
secret = json.dumps(tojson)
key = services.get_param('shared_secret')
algorithm = 'HS256' # RS256
if(privateKey != None):
key = setup.keydir +'/' + keyname + '/private.pem' # setup.staticdir + '/mycert-private.pem'
algorithm = 'RS256'
secret = jwt.encode(tojson,key,algorithm )
request_token = oauth2.service.request_token_call(secret,'urn:ietf:params:oauth:grant-type:jwt-bearer',assertion_type='JWT')
values.update(request_token)
elif token_type == 'saml' and keysign:
assertion = saml2.service.buildAssertion(username, audience, client_id, callback)
secret = saml2.service.encodeAssertion(assertion,setup.keydir +'/' + keyname + '/private.pem', publicKey.read())#setup.keydir +'/' + keyname + '/public.pem')
request_token = oauth2.service.request_token_call(secret,'urn:ietf:params:oauth:grant-type:saml2-bearer',assertion_type='SAML')
values.update(request_token)
else:
values = {"error":"No token type provided on form"}
return values
def certsave():
service = services.KeyService()
name = services.get_param('name')
service.addCert(name)
list = service.list()
return dict(name='add cert',certs=list)
def certsave():
service = services.KeyService()
name = services.get_param('name')
service.addCert(name)
list = service.list()
return dict(name='add cert', certs=list)
