def post(self, request, format=None): # We call clear_expired() here in order to removed expired refresh tokens from the database before # making the call to o/token, otherwise expired refresh tokens would be accepted clear_expired() try: app = CustomApplication.objects.get(name=request.data['app_name']) except CustomApplication.DoesNotExist: return Response("Application does not exist", status=status.HTTP_400_BAD_REQUEST) url = 'http://localhost:8000/o/token/' headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic ' + base64_client(app.client_id, app.client_secret)} payload = 'grant_type=refresh_token' + '&refresh_token=' + request.data['refresh_token'] try: user = RefreshToken.objects.get(token=request.data['refresh_token']).user except RefreshToken.DoesNotExist: return Response('Invalid refresh token', status=status.HTTP_401_UNAUTHORIZED) response = requests.post(url, data=payload, headers=headers) data = response.json() data['user'] = get_user_info_as_dict(user) scopes_for_list = get_perms(user, app) data['scopes_list'] = get_scopes_list(scopes_for_list) return Response(data)
def test_clear_expired_tokens_with_tokens_before_with_valid_refresh_tokens( self): self.client.login(username="******", password="******") app = Application.objects.create( name="test_app", redirect_uris= "http://localhost http://example.com http://example.org", user=self.user, client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, ) oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 0 access_token1 = AccessToken.objects.create( token="999", expires=timezone.now() - timedelta(days=30), scope=2, application=app, user=self.user, created=timezone.now() - timedelta(days=40), updated=timezone.now() - timedelta(days=40), ) RefreshToken.objects.create( token='refresh999', access_token=access_token1, application=app, user=self.user, ) access_token2 = AccessToken.objects.create( token="101010", expires=timezone.now() - timedelta(days=15), scope=2, application=app, user=self.user, created=timezone.now() - timedelta(days=20), updated=timezone.now() - timedelta(days=20), ) RefreshToken.objects.create( token='refresh101010', access_token=access_token2, application=app, user=self.user, ) access_token_count = AccessToken.objects.count() refresh_token_count = RefreshToken.objects.count() expired_token_count = AccessToken.objects.filter( expires__lte=timezone.now()).count() assert access_token_count == 4 assert refresh_token_count == 2 assert expired_token_count == 4 tokens_expired_before_date = timezone.now() - timedelta( days=20) # 20 days clear_expired(tokens_expired_before_date) expired_token_count = AccessToken.objects.filter( expires__lte=timezone.now()).count() refresh_token_count = RefreshToken.objects.count() assert expired_token_count == 4 assert refresh_token_count == 2
def test_clear_expired_tokens_with_tokens(self): self.client.login(username="******", password="******") oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 0 ttokens = AccessToken.objects.count() expiredt = AccessToken.objects.filter(expires__lte=dt.now()).count() assert ttokens == 2 assert expiredt == 2 clear_expired() expiredt = AccessToken.objects.filter(expires__lte=dt.now()).count() assert expiredt == 0
def test_clear_expired_tokens_with_tokens(self): self.oauth2_settings.CLEAR_EXPIRED_TOKENS_BATCH_SIZE = 10 self.oauth2_settings.CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL = 0.0 at_count = AccessToken.objects.count() assert at_count == 2 * self.num_tokens, f"{2 * self.num_tokens} access tokens should exist." rt_count = RefreshToken.objects.count() assert rt_count == self.num_tokens // 2, f"{self.num_tokens // 2} refresh tokens should exist." gt_count = Grant.objects.count() assert gt_count == self.num_tokens * 2, f"{self.num_tokens * 2} grants should exist." clear_expired() at_count = AccessToken.objects.count() assert at_count == self.num_tokens, "Half the access tokens should not have been deleted." rt_count = RefreshToken.objects.count() assert rt_count == self.num_tokens // 2, "Half of the refresh tokens should have been deleted." gt_count = Grant.objects.count() assert gt_count == self.num_tokens, "Half the grants should have been deleted."
def test_clear_expired_tokens_with_tokens_before_invalid_format(self): self.client.login(username="******", password="******") oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 0 app = Application.objects.create( name="test_app", redirect_uris= "http://localhost http://example.com http://example.org", user=self.user, client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, ) AccessToken.objects.create( token="777", expires=timezone.now() - timedelta(days=30), scope=2, application=app, user=self.user, created=timezone.now() - timedelta(days=40), updated=timezone.now() - timedelta(days=40), ) AccessToken.objects.create( token="888", expires=timezone.now() - timedelta(days=15), scope=2, application=app, user=self.user, created=timezone.now() - timedelta(days=20), updated=timezone.now() - timedelta(days=20), ) access_token_count = AccessToken.objects.count() expired_token_count = AccessToken.objects.filter( expires__lte=timezone.now()).count() assert access_token_count == 4 assert expired_token_count == 4 tokens_expired_before_date = 1728000 # 20 days invalid format, must be datetime object clear_expired(tokens_expired_before_date) expired_token_count = AccessToken.objects.filter( expires__lte=timezone.now()).count() assert expired_token_count == 4
def test_clear_expired_tokens_incorect_timetype(self): oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = "A" with pytest.raises(ImproperlyConfigured) as excinfo: clear_expired() result = excinfo.value.__class__.__name__ assert result == "ImproperlyConfigured"
def test_clear_expired_tokens(self): oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 60 assert clear_expired() is None
def clear_expired_tokens(): oauth2_models.clear_expired()
def clear_expired_tokens(): clear_expired()
def cleanup_token(): clear_expired()
def post(self, request): verify_via = request.data['verify_via'] client_id = request.data['client_id'] if client_id not in [ 'Zpl31xbBNu7m7dayEoNYmJZImo65YqXTK5x4OYFF', ]: message = {'message': 'Invalid client id'} return message if verify_via == 'google': token = request.data['id_token'] try: # Code to verify the id token idinfo = client.verify_id_token(token, self.CLIENT_ID) # Or, if multiple clients access the backend server: # idinfo = client.verify_id_token(token, None) # if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]: # raise crypt.AppIdentityError("Unrecognized client.") if idinfo['iss'] not in [ 'accounts.google.com', 'https://accounts.google.com' ]: raise crypt.AppIdentityError("Wrong issuer.") # If auth request is from a G Suite domain: # if idinfo['hd'] != GSUITE_DOMAIN_NAME: # raise crypt.AppIdentityError("Wrong hosted domain.") except crypt.AppIdentityError: raise crypt.AppIdentityError("Invalid token") # Invalid token user_id = idinfo['sub'] r = {'message': 'valid', 'user_id': user_id} return Response(r) elif verify_via == 'facebook': token = request.data['access_token'] app_access_token = request.data['app_access_token'] user_id = send_get_to_debug_token_fb(token, app_access_token) if user_id: r = {'message': 'valid', 'user_id': user_id} else: r = {'message': 'Invalid', 'user_id': user_id} return Response(r) elif verify_via == 'manually': if request.data['signup'] == "True": user_id = '' r = {'message': 'valid', 'user_id': user_id} return Response(r) token = request.data['access_token'] clear_expired() access_token = AccessToken.objects.get(token=token) if access_token: if not access_token.is_expired( ) and client_id == access_token.application.client_id: user = access_token.user user_id = user.id r = {'message': 'valid', 'user_id': user_id} return Response(r) else: r = {'message': 'Token has been expired'} return Response(r) else: r = {'message': 'Invalid'} return Response(r)