def test_authenticate_password(self):
obs = self.post(
'/qiita_db/authenticate/', {
'grant_type': 'password',
'client_id': 'DWelYzEYJYcZ4wlqUp0bHGXojrvZVz0CNBJvOqUKcrPQ5p4U'
'qE',
'username': '******',
'password': '******'
})
self.assertEqual(obs.code, 200)
obs_body = loads(obs.body)
exp = {
'access_token': 'placeholder',
'token_type': 'Bearer',
'expires_in': 3600
}
self.assertItemsEqual(obs_body.keys(), exp.keys())
self.assertEqual(obs_body['token_type'], exp['token_type'])
self.assertEqual(obs_body['expires_in'], exp['expires_in'])
self.assertEqual(len(obs_body['access_token']), 55)
self.assertEqual(type(obs_body['access_token']), unicode)
# Make sure token in system with proper ttl
token = r_client.hgetall(obs_body['access_token'])
self.assertNotEqual(token, {})
self.assertItemsEqual(token.keys(),
['timestamp', 'user', 'client_id', 'grant_type'])
self.assertEqual(token['user'], '*****@*****.**')
self.assertEqual(token['grant_type'], 'password')
self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_header(self):
# Authenticate using header
obs = self.post('/qiita_db/authenticate/', {'grant_type': 'client'}, {
'Authorization':
'Basic MTluZGtPM29NS3NvQ2hqVlZXbHVGN1FreEhSZl'
'loVEtTRmJBVnQ4SWhLN2daZ0RhTzQ6SjdGZlE3Q1FkT3'
'h1S2hRQWYxZW9HZ0JBRTgxTnM4R3UzRUthV0ZtM0lPMk'
'pLaEFtbUNXWnVhYmUwTzVNcDI4czE='
})
self.assertEqual(obs.code, 200)
obs_body = loads(obs.body)
exp = {
'access_token': 'token',
'token_type': 'Bearer',
'expires_in': 3600
}
self.assertItemsEqual(obs_body.keys(), exp.keys())
self.assertEqual(obs_body['token_type'], exp['token_type'])
self.assertEqual(obs_body['expires_in'], exp['expires_in'])
self.assertEqual(len(obs_body['access_token']), 55)
self.assertEqual(type(obs_body['access_token']), unicode)
# Make sure token in system with proper ttl
token = r_client.hgetall(obs_body['access_token'])
self.assertNotEqual(token, {})
self.assertItemsEqual(token.keys(),
['timestamp', 'client_id', 'grant_type'])
self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_post(self):
# Authenticate using post only
obs = self.post(
'/qiita_db/authenticate/', {
'grant_type':
'client',
'client_id':
'19ndkO3oMKsoChjVVWluF7QkxHRfYhTKSFbAVt8IhK7gZgDa'
'O4',
'client_secret':
'J7FfQ7CQdOxuKhQAf1eoGgBAE81Ns8Gu3EKaWFm3IO2J'
'KhAmmCWZuabe0O5Mp28s1'
})
self.assertEqual(obs.code, 200)
obs_body = loads(obs.body)
exp = {
'access_token': 'placeholder',
'token_type': 'Bearer',
'expires_in': 3600
}
self.assertItemsEqual(obs_body.keys(), exp.keys())
self.assertEqual(obs_body['token_type'], exp['token_type'])
self.assertEqual(obs_body['expires_in'], exp['expires_in'])
self.assertEqual(len(obs_body['access_token']), 55)
self.assertEqual(type(obs_body['access_token']), unicode)
# Make sure token in system with proper ttl
token = r_client.hgetall(obs_body['access_token'])
self.assertNotEqual(token, {})
self.assertItemsEqual(token.keys(),
['timestamp', 'client_id', 'grant_type'])
self.assertEqual(token['grant_type'], 'client')
self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_header(self):
# Authenticate using header
obs = self.post(
'/qiita_db/authenticate/', {'grant_type': 'client'}, {
'Authorization': 'Basic MTluZGtPM29NS3NvQ2hqVlZXbHVGN1FreEhSZl'
'loVEtTRmJBVnQ4SWhLN2daZ0RhTzQ6SjdGZlE3Q1FkT3'
'h1S2hRQWYxZW9HZ0JBRTgxTnM4R3UzRUthV0ZtM0lPMk'
'pLaEFtbUNXWnVhYmUwTzVNcDI4czE='})
self.assertEqual(obs.code, 200)
obs_body = loads(obs.body)
exp = {'access_token': 'token',
'token_type': 'Bearer',
'expires_in': 3600}
self.assertItemsEqual(obs_body.keys(), exp.keys())
self.assertEqual(obs_body['token_type'], exp['token_type'])
self.assertEqual(obs_body['expires_in'], exp['expires_in'])
self.assertEqual(len(obs_body['access_token']), 55)
self.assertEqual(type(obs_body['access_token']), unicode)
# Make sure token in system with proper ttl
token = r_client.hgetall(obs_body['access_token'])
self.assertNotEqual(token, {})
self.assertItemsEqual(token.keys(), ['timestamp', 'client_id',
'grant_type'])
self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_password(self):
obs = self.post(
'/qiita_db/authenticate/', {
'grant_type': 'password',
'client_id': 'DWelYzEYJYcZ4wlqUp0bHGXojrvZVz0CNBJvOqUKcrPQ5p4U'
'qE',
'username': '******',
'password': '******'})
self.assertEqual(obs.code, 200)
obs_body = loads(obs.body)
exp = {'access_token': 'placeholder',
'token_type': 'Bearer',
'expires_in': 3600}
self.assertItemsEqual(obs_body.keys(), exp.keys())
self.assertEqual(obs_body['token_type'], exp['token_type'])
self.assertEqual(obs_body['expires_in'], exp['expires_in'])
self.assertEqual(len(obs_body['access_token']), 55)
self.assertEqual(type(obs_body['access_token']), unicode)
# Make sure token in system with proper ttl
token = r_client.hgetall(obs_body['access_token'])
self.assertNotEqual(token, {})
self.assertItemsEqual(token.keys(), ['timestamp', 'user', 'client_id',
'grant_type'])
self.assertEqual(token['user'], '*****@*****.**')
self.assertEqual(token['grant_type'], 'password')
self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_post(self):
# Authenticate using post only
obs = self.post(
'/qiita_db/authenticate/', {
'grant_type': 'client',
'client_id': '19ndkO3oMKsoChjVVWluF7QkxHRfYhTKSFbAVt8IhK7gZgDa'
'O4',
'client_secret': 'J7FfQ7CQdOxuKhQAf1eoGgBAE81Ns8Gu3EKaWFm3IO2J'
'KhAmmCWZuabe0O5Mp28s1'})
self.assertEqual(obs.code, 200)
obs_body = loads(obs.body)
exp = {'access_token': 'placeholder',
'token_type': 'Bearer',
'expires_in': 3600}
self.assertItemsEqual(obs_body.keys(), exp.keys())
self.assertEqual(obs_body['token_type'], exp['token_type'])
self.assertEqual(obs_body['expires_in'], exp['expires_in'])
self.assertEqual(len(obs_body['access_token']), 55)
self.assertEqual(type(obs_body['access_token']), unicode)
# Make sure token in system with proper ttl
token = r_client.hgetall(obs_body['access_token'])
self.assertNotEqual(token, {})
self.assertItemsEqual(token.keys(), ['timestamp', 'client_id',
'grant_type'])
self.assertEqual(token['grant_type'], 'client')
self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def wrapper(handler, *args, **kwargs):
header = handler.request.headers.get('Authorization', None)
if header is None:
_oauth_error(handler, 'Oauth2 error: invalid access token',
'invalid_request')
return
token_info = header.split()
# Based on RFC6750 if reply is not 2 elements in the format of:
# ['Bearer', token] we assume a wrong reply
if len(token_info) != 2 or token_info[0] != 'Bearer':
_oauth_error(handler, 'Oauth2 error: invalid access token',
'invalid_grant')
return
token = token_info[1]
db_token = r_client.hgetall(token)
if not db_token:
# token has timed out or never existed
_oauth_error(handler, 'Oauth2 error: token has timed out',
'invalid_grant')
return
# Check daily rate limit for key if password style key
if db_token['grant_type'] == 'password':
limit_key = '%s_%s_daily_limit' % (db_token['client_id'],
db_token['user'])
limiter = r_client.get(limit_key)
if limiter is None:
# Set limit to 5,000 requests per day
r_client.setex(limit_key, 5000, 86400)
else:
r_client.decr(limit_key)
if int(r_client.get(limit_key)) <= 0:
_oauth_error(
handler, 'Oauth2 error: daily request limit reached',
'invalid_grant')
return
return f(handler, *args, **kwargs)
