def test_downloader_view_new_download(self):
self.assertTrue(self.login())
ci = 1
at = 5
newToken = AccessToken(id=at,
accessToken="testToken",
userID="0",
serviceType="google",
tokenTime=timezone.now(),
userInfo="noInfo",
cloudItem=CloudItem.objects.get(id=ci))
newToken.save()
#first get the normal page
r = self.client.get("/download/" + str(ci) + "/" + str(at) + "/",
secure=True)
self.assertContains(r, "No download have been started")
#take last download
d = Download.objects.latest("downTime")
self.assertEquals(at, d.tokenID.id)
#button has not been click
self.assertEquals(constConfig.THREAD_NOTCLICKED, d.threadStatus)
def post(self):
token = self.get_argument("access_token")
access_token = AccessToken(self.application.access_token_store).find_by_access_token(token)
data = access_token.verify()
self.set_header("Content-Type", "application/json")
self.write(json.dumps(data))
def _get_access_token(user, auth_code):
client_id = settings.CROPLET_API_CLIENT_ID
client_secret = settings.CROPLET_SECRET_API_KEY
post_data = {
'grant_type': 'authorization_code',
'code': auth_code,
'client_id': client_id,
'client_secret': client_secret,
'redirect_uri': 'http://localhost:8005/callback/'
}
response = requests.post('{cropr_url}/oauth2/token/'.format(cropr_url=settings.CROPR_URL), post_data)
if response.status_code != 200:
Grant.objects.filter(user=user).delete()
response = json.loads(response.text)
if (hasattr(user, "access_token")):
AccessToken.objects.filter(user=user).delete()
token = AccessToken(user=user)
access_token = response.get('access_token')
if access_token:
accessToken = AccessToken(user=user, access_token=access_token)
accessToken.save()
user.access_token = token
user.save()
def token(request):
# 验证应用端合法性
client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION'))
if not client:
response = HttpResponse('401 Unauthorized', status=401)
response['WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."'
return response
# 验证是否为令牌表单
form = TokenForm(request.POST)
if not form.is_valid():
return error_response('invalid_request')
grant_type = form.cleaned_data['grant_type']
code = form.cleaned_data['code']
redirect_uri = form.cleaned_data['redirect_uri']
# 处理authorization_code请求
if grant_type == 'authorization_code':
try:
code = AuthorizationCode.objects.filter(expire_time__gte=datetime.datetime.now()).get(client=client, code=UUID(bytes=urlsafe_base64_decode(code)), redirect_uri=redirect_uri)
except AuthorizationCode.DoesNotExist:
return error_response('invalid_grant')
try:
token = AccessToken(client=client, user=code.user, code=code.code, expire_time=datetime.datetime.now() + datetime.timedelta(hours=1))
token.save()
except IntegrityError:
AccessToken.objects.get(code=code.code).delete()
code.delete()
return error_response('invalid_grant')
return success_response(urlsafe_base64_encode(token.token.bytes))
else:
return error_response('unsupported_grant_type')
def callback(request):
client_id = settings.CROPLET_API_CLIENT_ID
client_secret = settings.CROPLET_SECRET_API_KEY
error = request.GET.get('error')
auth_code = request.GET.get('code')
if (error != None):
pass
elif (auth_code != None):
data = {'grant_type': 'authorization_code',
'code': auth_code,
'client_id': client_id,
'client_secret': client_secret}
response = requests.post(
'http://localhost:8000/oauth2/access_token/', data)
response = json.loads(response.text)
if hasattr(request.user, "access_token"):
AccessToken.objects.get(user=request.user).delete()
token = AccessToken(user=request.user)
access_token = response.get('access_token')
if access_token:
accessToken = AccessToken(user=request.user, access_token=access_token)
accessToken.save()
request.user.access_token = token
request.user.save()
return redirect(reverse('map'))
def save_access_token(self, client_key, access_token, request_token,
realm=None, secret=None):
token = AccessToken(access_token, secret=secret, realm=realm)
token.client = Client.query.filter_by(client_key=client_key).one()
req_token = RequestToken.query.filter_by(token=request_token).one()
token.resource_owner = req_token.resource_owner
token.realm = req_token.realm
db_session.add(token)
db_session.commit()
def test_verify(self):
user_id = '1'
access_token = AccessToken(self.access_token_store, user_id=user_id)
access_token.save()
fetched_data = access_token.verify()
assert fetched_data['client_id'] == user_id
assert 0 <= fetched_data['expires_in'] <= 3600
def post(self):
user = self.get_current_user()
access_token = AccessToken(self.application.access_token_store,
user_id=user.id)
access_token.save()
data = {
"user": user,
"access_token": access_token,
}
self.render("mypage.pug", **data)
def token():
post_data = get_post_data()
is_invalid, error_message = _is_invalid_data(post_data)
if is_invalid:
abort(400, {'error': error_message })
app = ClientApplication.find_by_credentials(post_data['client_key'], post_data['client_secret'])
if app is None:
abort(400, {'error': APP_NOT_FOUND })
allowed_grant_types = app.grant_type.split(',')
if post_data['grant_type'] not in allowed_grant_types:
abort(400, {'error': GRANT_TYPE_NOT_ALLOWED })
today = datetime.datetime.now()
expires_at = today + datetime.timedelta(days=1)
a = AccessToken()
a.client_application = app.key
a.expires_at = expires_at
a.token = ah.generate_random_string()
a.token_type = post_data['grant_type']
if post_data['lead_token']:
a.lead_token = post_data['lead_token']
a.put()
time.sleep(1)
return jsonify(data=a.to_json()), 201
def test_find_by_access_token(self):
user_id = '1'
access_token = AccessToken(self.access_token_store, user_id=user_id)
access_token.save()
at = AccessToken(self.access_token_store).find_by_access_token(
access_token.access_token)
assert at.user_id == access_token.user_id
assert at.access_token == access_token.access_token
assert at.refresh_token == access_token.refresh_token
def test_revoke(self):
user_id = '1'
access_token = AccessToken(self.access_token_store, user_id=user_id)
access_token.save()
assert access_token.revoke()
failed_user_id = self.access_token_store.get_session(
access_token.access_token, 'user_id')
assert failed_user_id is None
def fresh_access_token():
try:
access_token = AccessToken.objects.get(id=1)
except AccessToken.DoesNotExist:
access_token = AccessToken()
url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=%s&appid=%s&secret=%s" \
% (grant_type, appID, appSecret)
r = requests.get(url)
message = r.json()
access_token.token = message['access_token']
access_token.expires_in = int(message['expires_in'])
access_token.save()
def save_access_token(self,
client_key,
access_token,
request_token,
realm=None,
secret=None):
token = AccessToken(access_token, secret=secret, realm=realm)
token.client = Client.query.filter_by(client_key=client_key).one()
req_token = RequestToken.query.filter_by(token=request_token).one()
token.resource_owner = req_token.resource_owner
token.realm = req_token.realm
db_session.add(token)
db_session.commit()
def save_access_token(self, client_key, access_token, request_token,
secret=None):
client = Client.query(Client.client_key == client_key).get()
req_token = RequestToken.query(
RequestToken.token == request_token).get()
if client and req_token:
token = AccessToken(
token=access_token,
secret=secret,
client=client.key,
resource_owner=req_token.resource_owner,
realm=req_token.realm)
token.put()
def save_access_token(self, client_key, access_token, request_token,
realm=None, secret=None):
client = Client.find_one({'client_key':client_key})
if client:
token = AccessToken(access_token, secret=secret, realm=realm)
token.client_id = client['_id']
req_token = RequestToken.find_one({'token':request_token})
if req_token:
token['resource_owner_id'] = req_token['resource_owner_id']
token['realm'] = req_token['realm']
AccessToken.insert(token)
def save_access_token(self,
client_key,
access_token,
request_token,
secret=None):
client = Client.query(Client.client_key == client_key).get()
req_token = RequestToken.query(
RequestToken.token == request_token).get()
if client and req_token:
token = AccessToken(token=access_token,
secret=secret,
client=client.key,
resource_owner=req_token.resource_owner,
realm=req_token.realm)
token.put()
def save_access_token(self,
client_key,
access_token,
request_token,
realm=None,
secret=None):
client = Client.find_one({'client_key': client_key})
if client:
req_token = RequestToken.find_one({'token': request_token},
as_obj=True)
if req_token:
if not req_token['user_id']:
req_token['user_id'] = current_user.get_id()
req_token.save()
token = AccessToken.find_or_create(
client_id=client['_id'],
user_id=req_token['user_id'], #current_user.get_id(),
realm=realm if realm else req_token['realm'])
token.secret = secret
token.token = access_token
token.save()
def edit_trigger_group(trigger_group_id=None):
received_token = request.headers.get('Authorization')
access_token = AccessToken.find(received_token)
if access_token is None:
return "Invalid token", 401
trigger_group = (TriggerGroup(
chat_id=access_token.chat_id) if trigger_group_id is None else
TriggerGroup.query.get(trigger_group_id))
trigger_group.save()
if trigger_group is None:
return "Not found", 404
if trigger_group.chat_id != access_token.chat_id:
return "Forbidden", 403
group_attrs = request.get_json()
trigger_group.update(
ignore_case=group_attrs['ignore_case'],
ignore_repeated_letters=group_attrs['ignore_repeated_letters'])
update_trigger_group_attrs(trigger_group, group_attrs['answers'],
group_attrs['triggers'])
return jsonify({
"saved": True,
"trigger_group_id": trigger_group.trigger_group_id
})
def add_access_token(user, token):
access_token = AccessToken(token=token,
provider='this',
created_when=datetime.datetime.now(),
expired_when=datetime.datetime.now() +
datetime.timedelta(days=1))
updated = user.update(access_token=access_token)
return updated, access_token
def access_for_refresh_token(token):
path = "/api/refreshtoken"
request = {"refreshToken": token}
response = requests.post(host + path, data=request)
data = json.loads(response.text)
return AccessToken.from_json(data)
def post(self):
username = self.request.get('username').strip().lower()
password = self.request.get('password')
try:
if '@' in username:
user_login = User.query(User.email_address == username).get()
if user_login != None:
username = user_login.username
u = self.auth.get_user_by_password(username, password)
token = AccessToken()
token.user = self.user_model.key
token.token = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(20))
token.put()
data = {}
data["token"] = token.token
self.response.out.write(json.dumps(data))
except( auth.InvalidAuthIdError, auth.InvalidPasswordError):
self.response.out.write(json.dumps(data))
def test_save(self):
user_id = '1'
access_token = AccessToken(self.access_token_store, user_id=user_id)
access_token.save()
fetched_user_id = self.access_token_store.get_session(
access_token.access_token, 'user_id')
fetched_refresh_token = self.access_token_store.get_session(
access_token.access_token, 'refresh_token')
fetched_access_token = self.access_token_store.get_session(
access_token.prefixed_for_refresh(access_token.refresh_token),
'access_token')
print(fetched_user_id, fetched_access_token, fetched_refresh_token)
assert user_id == fetched_user_id
assert access_token.refresh_token == fetched_refresh_token
assert access_token.refresh_token == fetched_refresh_token
def token(request):
# 验证应用端合法性
client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION'))
if not client:
response = HttpResponse('401 Unauthorized', status=401)
response[
'WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."'
return response
# 验证是否为令牌表单
form = TokenForm(request.POST)
if not form.is_valid():
return error_response('invalid_request')
grant_type = form.cleaned_data['grant_type']
code = form.cleaned_data['code']
redirect_uri = form.cleaned_data['redirect_uri']
# 处理authorization_code请求
if grant_type == 'authorization_code':
try:
code = AuthorizationCode.objects.filter(
expire_time__gte=datetime.datetime.now()).get(
client=client,
code=UUID(bytes=urlsafe_base64_decode(code)),
redirect_uri=redirect_uri)
except AuthorizationCode.DoesNotExist:
return error_response('invalid_grant')
try:
token = AccessToken(client=client,
user=code.user,
code=code.code,
expire_time=datetime.datetime.now() +
datetime.timedelta(hours=1))
token.save()
except IntegrityError:
AccessToken.objects.get(code=code.code).delete()
code.delete()
return error_response('invalid_grant')
return success_response(urlsafe_base64_encode(token.token.bytes))
else:
return error_response('unsupported_grant_type')
def validate_access_token(self, client_key, resource_owner_key):
token = None
client = Client.query(Client.client_key == client_key).get()
if client:
token = AccessToken.query(
AccessToken.client == client.key,
AccessToken.token == resource_owner_key).get()
return token is not None
def save_access_token(self,
client_key,
access_token,
request_token,
realm=None,
secret=None):
client = Client.find_one({'client_key': client_key})
if client:
token = AccessToken(access_token, secret=secret, realm=realm)
token.client_id = client['_id']
req_token = RequestToken.find_one({'token': request_token})
if req_token:
token['resource_owner_id'] = req_token['resource_owner_id']
token['realm'] = req_token['realm']
AccessToken.insert(token)
def validate_access_token(self, client_key, resource_owner_key):
token = None
client = Client.query(Client.client_key == client_key).get()
if client:
token = AccessToken.query(
AccessToken.client == client.key,
AccessToken.token == resource_owner_key).get()
return token is not None
def test_downloader_view_new_download(self):
self.assertTrue(self.login())
ci = 1
at = 5
newToken = AccessToken(id=at,accessToken="testToken",userID="0",serviceType="google",tokenTime=timezone.now(),userInfo="noInfo",cloudItem=CloudItem.objects.get(id=ci))
newToken.save()
#first get the normal page
r = self.client.get("/download/"+str(ci)+"/"+str(at)+"/",secure=True)
self.assertContains(r,"No download have been started")
#take last download
d = Download.objects.latest("downTime")
self.assertEquals(at,d.tokenID.id)
#button has not been click
self.assertEquals(constConfig.THREAD_NOTCLICKED,d.threadStatus)
def validate_access_token(self, client_key, resource_owner_key):
token = None
client = Client.find_one({'client_key':client_key})
if client:
token = AccessToken.find_one(
{'token':resource_owner_key, 'client_id': client['_id']})
return token != None
def get_token_user(self):
authorization = self.request.headers.get('Authorization', None)
if authorization:
match = token_repatter.match(authorization)
if match:
token = match.groups()[0]
access_token = AccessToken(self.application.access_token_store).find_by_access_token(token)
if access_token.user_id:
user = User.get(id=access_token.user_id)
return user
return None
def validate_access_token(self, client_key, resource_owner_key):
token = None
client = Client.find_one({'client_key': client_key})
if client:
token = AccessToken.find_one({
'token': resource_owner_key,
'client_id': client['_id']
})
return token != None
def get_access_token(self, timeout=60):
assert self.authorization_code, 'You must first get the authorization code'
qd = {'grant_type': 'authorization_code',
'code': self.authorization_code,
'redirect_uri': self.redirect_uri,
'client_id': self.key,
'client_secret': self.secret}
response = requests.post(self.ACCESS_TOKEN_URL, data=qd, timeout=timeout)
raise_for_error(response)
response = response.json()
self.token = AccessToken(response['access_token'], response['expires_in'])
return self.token
def get_access_token_secret(self, client_key, resource_owner_key):
client = Client.query(Client.client_key == client_key).get()
if client:
token = AccessToken.query(
AccessToken.client == client.key,
AccessToken.token == resource_owner_key).get()
if token:
return token.secret
return None
def get_access_token_secret(self, client_key, resource_owner_key):
client = Client.find_one({'client_key':client_key})
if client:
token = AccessToken.find_one(
{'token':resource_owner_key,
'client_id': client['_id']})
if token:
return token['secret']
return None
def get_access_token_secret(self, client_key, resource_owner_key):
client = Client.query(Client.client_key == client_key).get()
if client:
token = AccessToken.query(
AccessToken.client == client.key,
AccessToken.token == resource_owner_key).get()
if token:
return token.secret
return None
def get_access_token_secret(self, client_key, resource_owner_key):
client = Client.find_one({'client_key': client_key})
if client:
token = AccessToken.find_one({
'token': resource_owner_key,
'client_id': client['_id']
})
if token:
return token['secret']
return None
def oauth_callback(request):
"""Accept the authorization from the server and store the data we use to communicate with the Weavr"""
token = request.REQUEST.get('oauth_token')
verifier = request.REQUEST.get('oauth_verifier')
confirmed = request.REQUEST.get('oauth_callback_confirmed')
# Make sure we have the required parameters
if (not verifier) or (not token):
return render_error("missing params")
if not confirmed:
return render_error("connection wasn't confirmed")
# Get the token and store the verifier
request_token = get_object_or_404(RequestToken, oauth_key=token)
if not request_token:
return render_error("invalid request token")
prosthetic = request_token.prosthetic
cls = prosthetic.get_class()
if not cls:
raise Exception("Can't get class for prosthtic")
# verify the token and create a local object
verified_token = oauth.OAuthToken(request_token.oauth_key,
request_token.oauth_secret)
access_token = request_token.prosthetic.wrangler().get_access_token(
verified_token, verifier)
access_object = AccessToken(oauth_key=access_token.key,
oauth_secret=access_token.secret,
prosthetic=request_token.prosthetic,
enabled=True)
# make an API call with the token before we save it.
configuration = access_object.get_json("/1/weavr/configuration")
access_object.weavr_name = configuration['name']
access_object.weavr_url = configuration['blog']
if "post_keyword" in configuration:
access_object.prosthetic.blog_keyword = configuration['post_keyword']
# everything worked. Save access token
access_object.save()
request_token.delete() # don't need this any more
# if the ptk wants to do something at this point, it is able to.
ptk = cls(access_object)
post_oauth_callback = ptk.post_oauth_callback()
if post_oauth_callback:
return post_oauth_callback
# show or hide user login
hide_usernav = True
return render_to_response("success.html",
locals(),
context_instance=RequestContext(request))
def get_token(self):
if self.token is not None:
return self.token
else:
token = AccessToken()
token.expire_in_2_weeks()
token.generate_token()
self.token = token
return token
def validate_realm(self, client_key, access_token, uri=None, required_realm=None):
if not required_realm:
return True
client = Client.query(Client.client_key == client_key).get()
if client:
token = AccessToken.query(
AccessToken.token == access_token,
AccessToken.client == client.key).get()
if token:
return token.realm in required_realm
return False
def validate_realm(self, client_key, access_token, uri=None, required_realm=None):
if not required_realm:
return True
# insert other check, ie on uri here
client = Client.find_one({'client_key':client_key})
if client:
token = AccessToken.find_one(
{'token':access_token, 'client_id': client['_id']})
if token:
return token['realm'] in required_realm
return False
def validate_realm(self,
client_key,
access_token,
uri=None,
required_realm=None):
if not required_realm:
return True
client = Client.query(Client.client_key == client_key).get()
if client:
token = AccessToken.query(AccessToken.token == access_token,
AccessToken.client == client.key).get()
if token:
return token.realm in required_realm
return False
def save_timestamp_and_nonce(self, client_key, timestamp, nonce,
request_token=None, access_token=None):
client = Client.find_one({'client_key':client_key})
if client:
nonce = Nonce(nonce, timestamp)
nonce.client_id = client['_id']
if request_token:
req_token = RequestToken.find_one({'token':request_token})
nonce.request_token_id = req_token['_id']
if access_token:
token = AccessToken.find_one({'token':access_token})
nonce.access_token_id = token['_id']
nonce.insert()
def post(self):
handle_type = self.get_argument("grant_type")
if handle_type == 'refresh_token':
refresh_token = self.get_argument("refresh_token")
client_id = self.get_argument("client_id")
client_secret = self.get_argument("client_secret")
access_token = AccessToken(self.application.access_token_store).refresh(refresh_token)
data = {
'token_type': 'Bearer',
'access_token': access_token.access_token,
'expires_in': access_token.access_token_store.options["expire"],
'refresh_token': access_token.refresh_token,
}
self.set_header("Content-Type", "application/json")
self.write(json.dumps(data))
def f(*args, **kvargs): if 'Authorization' in request.headers: token_type, token = slice_token(request.headers['Authorization']) access_token = AccessToken.find_by_active_token(token) if access_token is None: abort_auth_invalid_token() else: if access_token.token_type in roles or access_token.token_type == ROLE_ADMIN: if access_token.token_type == ROLE_LEAD: # todo: validates if the token_type x = 1 else: abort_auth_notauthorized() else: abort_auth_no_present() return action(*args, **kvargs)
def delete_trigger_group(trigger_group_id):
token = request.headers.get('Authorization')
access_token = AccessToken.find(token)
trigger_group = TriggerGroup.query.get(trigger_group_id)
if access_token is None:
return "Invalid", 401
if trigger_group is None:
return "Not found", 404
if trigger_group.chat_id != access_token.chat_id:
return "Forbidden", 403
delete_answers(trigger_group)
delete_triggers(trigger_group)
trigger_group.delete()
return jsonify({"deleted": True})
def save_access_token(token, req):
assert type(req) is oauthlib.common.Request, type(req)
client = req.client
assert type(client) is Client, type(client)
user = req.user
assert type(user) is User, "user = {!r}, of type: {}".format(
user, type(user))
at = token['oauth_token']
ats = token['oauth_token_secret']
raw_realms = token['oauth_authorized_realms']
assert isinstance(raw_realms,
str), "{!r}, of type {}".format(raw_realms,
type(raw_realms))
realms = raw_realms.split(' ')
assert isinstance(realms,
list), "{!r}, of type {}".format(realms, type(realms))
assert realms, realms
assert isinstance(realms[0], str), list(map(repr, realms))
t = AccessToken(client, user, realms, token=at, secret=ats)
access_tokens.append(t)
def oauth_callback(request):
"""Accept the authorization from the server and store the data we use to communicate with the Weavr"""
token = request.REQUEST.get("oauth_token")
verifier = request.REQUEST.get("oauth_verifier")
confirmed = request.REQUEST.get("oauth_callback_confirmed")
# Make sure we have the required parameters
if (not verifier) or (not token):
return render_error("missing params")
if not confirmed:
return render_error("connection wasn't confirmed")
# Get the token and store the verifier
request_token = get_object_or_404(RequestToken, oauth_key=token)
if not request_token:
return render_error("invalid request token")
prosthetic = request_token.prosthetic
cls = prosthetic.get_class()
if not cls:
raise Exception("Can't get class for prosthtic")
# verify the token and create a local object
verified_token = oauth.OAuthToken(request_token.oauth_key, request_token.oauth_secret)
access_token = request_token.prosthetic.wrangler().get_access_token(verified_token, verifier)
access_object = AccessToken(
oauth_key=access_token.key, oauth_secret=access_token.secret, prosthetic=request_token.prosthetic, enabled=True
)
# make an API call with the token before we save it.
configuration = access_object.get_json("/1/weavr/configuration")
access_object.weavr_name = configuration["name"]
access_object.weavr_url = configuration["blog"]
if "post_keyword" in configuration:
access_object.prosthetic.blog_keyword = configuration["post_keyword"]
# everything worked. Save access token
access_object.save()
request_token.delete() # don't need this any more
# if the ptk wants to do something at this point, it is able to.
ptk = cls(access_object)
post_oauth_callback = ptk.post_oauth_callback()
if post_oauth_callback:
return post_oauth_callback
# show or hide user login
hide_usernav = True
return render_to_response("success.html", locals(), context_instance=RequestContext(request))
def save_timestamp_and_nonce(self, client_key, timestamp, nonce,
request_token=None, access_token=None):
client = Client.query(Client.client_key == client_key).get()
if client:
nonce = Nonce(
nonce=nonce,
timestamp=timestamp,
client=client.key)
if request_token:
req_token = RequestToken.query(
RequestToken.token == request_token).get()
nonce.request_token = req_token.key
if access_token:
token = AccessToken.query(
AccessToken.token == access_token).get()
nonce.access_token = token.key
nonce.put()
def save_timestamp_and_nonce(self,
client_key,
timestamp,
nonce,
request_token=None,
access_token=None):
client = Client.find_one({'client_key': client_key})
if client:
nonce = Nonce(nonce, timestamp)
nonce.client_id = client['_id']
if request_token:
req_token = RequestToken.find_one({'token': request_token})
nonce.request_token_id = req_token['_id']
if access_token:
token = AccessToken.find_one({'token': access_token})
nonce.access_token_id = token['_id']
nonce.insert()
def save_access_token(self, client_key, access_token, request_token,
realm=None, secret=None):
client = Client.find_one({'client_key':client_key})
if client:
req_token = RequestToken.find_one(
{'token':request_token}, as_obj = True)
if req_token:
if not req_token['user_id']:
req_token['user_id'] = current_user.get_id()
req_token.save()
token = AccessToken.find_or_create(
client_id = client['_id'],
user_id = req_token['user_id'],#current_user.get_id(),
realm = realm if realm else req_token['realm'])
token.secret = secret
token.token = access_token
token.save()
def save_timestamp_and_nonce(self,
client_key,
timestamp,
nonce,
request_token=None,
access_token=None):
client = Client.query(Client.client_key == client_key).get()
if client:
nonce = Nonce(nonce=nonce, timestamp=timestamp, client=client.key)
if request_token:
req_token = RequestToken.query(
RequestToken.token == request_token).get()
nonce.request_token = req_token.key
if access_token:
token = AccessToken.query(
AccessToken.token == access_token).get()
nonce.access_token = token.key
nonce.put()
def validate_realm(self,
client_key,
access_token,
uri=None,
required_realm=None):
if not required_realm:
return True
# insert other check, ie on uri here
client = Client.find_one({'client_key': client_key})
if client:
token = AccessToken.find_one({
'token': access_token,
'client_id': client['_id']
})
if token:
return token['realm'] in required_realm
return False
def delete(self):
token = AccessToken.delete_token(self.request.get('token'))
tokens = AccessToken.get_all()
self.render_template(tokens)
def user():
"""
Hakee, lisää ja poistaa käyttäjän seuraamia pelaajia/joukkueita.
Vaatii OAuth-allekirjoitetun pyynnön.
TODO välimuisti
"""
# Poimitaan oauth token HTTP-pyynnön Authorization-headerista:
auth_header = request.headers.get("Authorization", None)
if not auth_header:
abort(401) # Unauthorized
for param in auth_header.split():
if param.startswith("oauth_token"):
token = param.split("=")[-1][1:-2]
break
if not token:
abort(401)
# Haetaan tokenia vastaava käyttäjä:
try:
acc_token = AccessToken.query(AccessToken.token == token).get()
user = acc_token.resource_owner.get()
except KeyError: # Access tokenia tai käyttäjää ei löydy
abort(401)
# Poimitaan ids_only-parametri joko urlista tai post-parametreista:
if "ids_only" in request.form:
ids_only = request.form["ids_only"]
else:
ids_only = request.args.get("ids_only", "0")
try:
ids_only = int(ids_only)
except ValueError:
abort(400)
if request.method == "GET":
# Palautetaan käyttäjän seuraamat pelaajat ja joukkueet:
if ids_only:
# Palautetaan vain id:t:
ret = dict(players=user.players, teams=user.teams)
else:
# Jos ids_only == 1, palautetaan tunnusten lisäksi tilastoja:
ret = get_players_and_teams(user.players, user.teams)
ret["name"] = user.name
return jsonify(ret)
if request.method == "POST":
# Lisätään seurattava pelaaja tai joukkue:
if "pid" in request.form:
pid = request.form["pid"]
# Validoitaan pelaajan id:
if pid in user.players:
abort(400) # Pelaaja on jo seurattavien listassa
all_players = scraper.scrape_players()
if not pid in all_players:
abort(400) # pid:tä vastaavaa pelaajaa ei löydy
# Lisätään pid käyttäjän seurattavien pelaajien listalle:
user.players.append(pid)
user.put()
# Palautetaan päivittynyt seurantalista, kuten GET-pyynnössä:
if ids_only:
ret = dict(players=user.players, teams=user.teams)
else:
ret = get_players_and_teams(user.players, user.teams)
ret["name"] = user.name
return jsonify(ret)
if "team" in request.form:
team = request.form["team"].lower()
# Validoitaan joukkueen tunnus
if team in user.teams:
abort(400) # Joukkue on jo seurattavien listassa
if not team in scraper.TEAMS:
abort(400) # Epäkelpo joukkueen tunnus
# Lisätään joukkue käyttäjän seurattavien joukkueiden listalle:
user.teams.append(team)
user.put()
# Palautetaan päivittynyt seurantalista, kuten GET-pyynnössä:
if ids_only:
ret = dict(players=user.players, teams=user.teams)
else:
ret = get_players_and_teams(user.players, user.teams)
ret["name"] = user.name
return jsonify(ret)
else:
abort(400) # Lisättävä pelaaja tai joukkue tulee määrittää
if request.method == "DELETE":
# Poistetaan seurattava pelaaja tai joukkue:
pid = request.args.get("pid", None)
team = request.args.get("team", None)
if pid:
if not pid in user.players:
abort(400) # pelaajaa ei löydy seurattavien listasta
user.players.remove(pid)
elif team:
if not team in user.teams:
abort(400) # joukkuetta ei löydy seurattavien listasta
user.teams.remove(team)
else:
abort(400) # joko poistettava pelaaja tai joukkue tulee määrittää
user.put()
if ids_only:
ret = dict(players=user.players, teams=user.teams)
else:
ret = get_players_and_teams(user.players, user.teams)
ret["name"] = user.name
return jsonify(ret)
def protected_realm_view():
token = request.oauth.resource_owner_key
access_token = AccessToken.get_collection().find_one({'token':token})
user = User.find_one({'_id':access_token['resource_owner_id']})
return user['email']
def getaccesstoken(self):
for atk in AccessToken.all():
return atk
def create_token(user, client): access_token = AccessToken(user=user, client=client) access_token.generate_token() access_token.save() return access_token
def post(self):
AccessToken.generate_new_token()
tokens = AccessToken.get_all()
self.render_template(tokens)
def get(self):
tokens = AccessToken.get_all()
self.render_template(tokens)
