def test_build_and_parse_state(self): state = appengine._build_state_value(MockRequestHandler(), UserMock()) self.assertEqual( 'https://example.org', appengine._parse_state_value(state, UserMock())) self.assertRaises(appengine.InvalidXsrfTokenError, appengine._parse_state_value, state[1:], UserMock())
def dispatch(self): """Wraps the dispatch method to add session handling.""" self.session_store = sessions.get_store(request=self.request) self.decorator = decorator # Add the user's credentials to the decorator if we have them. if self.me: self.decorator.credentials = self.decorator._storage_class( model=self.decorator._credentials_class, key_name='user:{}'.format(self.me.user_id()), property_name=self.decorator._credentials_property_name).get() else: # Create a session ID for the session if it does not have one already. # This is used to create an opaque string that can be passed to the OAuth2 # authentication server via the 'state' parameter. if not self.session.get('sid'): self.session['sid'] = security.generate_random_string(entropy=128) # Store the state for the session user in a parameter on the flow. # We only need to do this if we're not logged in. self.decorator._create_flow(self) session_user = SessionUser(self.session['sid']) logging.info(self.decorator.flow.params) self.decorator.flow.params['state'] = appengine._build_state_value( self, session_user) try: webapp2.RequestHandler.dispatch(self) finally: self.session_store.save_sessions(self.response)
def _apply_session_properties(self): # Create a session ID for the session if it does not have one already. # This is used to create an opaque string that can be passed to the OAuth2 # authentication server via the 'state' parameter. if self.session.get('sid', None) is None: self.session['sid'] = security.generate_random_string(entropy=128) # Add the user's credentials to the decorator if we have them. if self.me.registered: self.decorator.credentials = self.decorator._storage_class( self.decorator._credentials_class, None, self.decorator._credentials_property_name, user=self.me).get() else: # Store the state for the session user in a parameter on the flow. # We only need to do this if we're not logged in. self.decorator._create_flow(self) session_user = users.UserStub(self.session['sid']) self.decorator.flow.params['state'] = appengine._build_state_value( self, session_user)