def test_extract_success(self):
body = {"foo": "bar"}
payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip("=")
jwt = "stuff." + payload + ".signature"
extracted = _extract_id_token(jwt)
self.assertEqual(body, extracted)
def test_extract_success(self):
body = {'foo': 'bar'}
payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
jwt = 'stuff.' + payload + '.signature'
extracted = _extract_id_token(jwt)
self.assertEqual(extracted, body)
def set_google_credentials(strategy,
details,
response,
user=None,
*args,
**kwargs):
"""
Saves google credentials to work with API
"""
if user:
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=int(response.get('expires_in')))
id_token = _extract_id_token(response.get('id_token'))
credential = OAuth2Credentials(
access_token=response.get('access_token'),
client_id=settings.GOOGLE_OAUTH2_CLIENT_ID,
client_secret=settings.GOOGLE_OAUTH2_CLIENT_SECRET,
refresh_token=response.get('refresh_token'),
token_expiry=token_expiry,
token_uri=GOOGLE_TOKEN_URI,
user_agent=None,
revoke_uri=GOOGLE_REVOKE_URI,
id_token=id_token,
token_response=response)
google_credential, is_created = GoogleCredentials.objects.get_or_create(
user=user)
google_credential.credential = credential
google_credential.save()
def test_extract_success(self):
body = {'foo': 'bar'}
payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=')
jwt = 'stuff.' + payload + '.signature'
extracted = _extract_id_token(jwt)
self.assertEqual(extracted, body)
def get_credentials(self, code, state, **kwargs):
'use callback data to get an access token'
if state != self.state:
return False # CSRF attack?!?
d = dict(code=code,
client_id=self.keys['client_id'],
client_secret=self.keys['client_secret'],
redirect_uri=self.keys['redirect_uri'],
grant_type='authorization_code')
r = requests.post(self.token_uri, data=d)
self.access_data = ad = r.json()
try:
token_expiry = datetime.utcnow() \
+ timedelta(seconds=int(ad['expires_in']))
except KeyError:
token_expiry = None
if 'id_token' in ad:
ad['id_token'] = _extract_id_token(ad['id_token'])
c = OAuth2Credentials(ad['access_token'],
d['client_id'],
d['client_secret'],
ad.get('refresh_token', None),
token_expiry,
self.token_uri,
self.user_agent,
id_token=ad.get('id_token', None))
self.credentials = c
return c
def _update(self,
rapt,
content,
access_token,
refresh_token=None,
expires_in=None,
id_token=None):
if rapt:
self.rapt_token = rapt
self.token_response = content
self.access_token = access_token
self.refresh_token = (refresh_token
if refresh_token else self.refresh_token)
if expires_in:
delta = datetime.timedelta(seconds=int(expires_in))
self.token_expiry = delta + client._UTCNOW()
else:
self.token_expiry = None
self.id_token_jwt = id_token
self.id_token = (client._extract_id_token(id_token)
if id_token else None)
self.invalid = False
if self.store:
self.store.locked_put(self)
def step2_exchange(self, code, http=None):
"""
Don't send scope in step2
"""
if not (isinstance(code, str) or isinstance(code, unicode)):
if 'code' not in code:
if 'error' in code:
error_msg = code['error']
else:
error_msg = 'No code was supplied in the query parameters.'
raise FlowExchangeError(error_msg)
else:
code = code['code']
body = urllib.urlencode({
'grant_type': 'authorization_code',
'client_id': self.client_id,
'client_secret': self.client_secret,
'code': code,
'redirect_uri': self.redirect_uri,
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
}
if self.user_agent is not None:
headers['user-agent'] = self.user_agent
if http is None:
http = httplib2.Http()
resp, content = http.request(self.token_uri, method='POST', body=body,
headers=headers)
d = _parse_exchange_token_response(content)
if resp.status == 200 and 'access_token' in d:
access_token = d['access_token']
refresh_token = d.get('refresh_token', None)
token_expiry = None
if 'expires_in' in d:
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=int(d['expires_in']))
if 'id_token' in d:
d['id_token'] = _extract_id_token(d['id_token'])
logger.info('Successfully retrieved access token')
return OAuth2Credentials(access_token, self.client_id,
self.client_secret, refresh_token, token_expiry,
self.token_uri, self.user_agent,
id_token=d.get('id_token', None))
else:
logger.info('Failed to retrieve access token: %s' % content)
if 'error' in d:
# you never know what those providers got to say
error_msg = unicode(d['error'])
else:
error_msg = 'Invalid response: %s.' % str(resp.status)
raise FlowExchangeError(error_msg)
def test_extract_success(self):
body = {'foo': 'bar'}
body_json = json.dumps(body).encode('ascii')
payload = base64.urlsafe_b64encode(body_json).strip(b'=')
jwt = b'stuff.' + payload + b'.signature'
extracted = _extract_id_token(jwt)
self.assertEqual(extracted, body)
def test_extract_success(self):
body = {'foo': 'bar'}
body_json = json.dumps(body).encode('ascii')
payload = base64.urlsafe_b64encode(body_json).strip(b'=')
jwt = b'stuff.' + payload + b'.signature'
extracted = _extract_id_token(jwt)
self.assertEqual(extracted, body)
def test_extract_success(self):
body = {"foo": "bar"}
body_json = json.dumps(body).encode("ascii")
payload = base64.urlsafe_b64encode(body_json).strip(b"=")
jwt = b"stuff." + payload + b".signature"
extracted = _extract_id_token(jwt)
self.assertEqual(extracted, body)
def make_credentials(self, user):
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=int(user['expires_in']))
id_token = _extract_id_token(user['id_token'])
credential = OAuth2Credentials(
access_token=user['access_token'],
client_id=self.settings['google_oauth']['key'],
client_secret=self.settings['google_oauth']['secret'],
refresh_token=user['refresh_token'],
token_expiry=token_expiry,
token_uri=GOOGLE_TOKEN_URI,
user_agent=None,
revoke_uri=GOOGLE_REVOKE_URI,
id_token=id_token,
token_response=user)
return credential
def get(self):
logging.warning('Beginning')
args = dict(client_id=GOOGLE_CLIENT_ID,
redirect_uri=server + "/googleauth")
args['client_secret'] = GOOGLE_CLIENT_SECRET
args['code'] = self.request.get('code')
args['grant_type'] = 'authorization_code'
url = 'https://accounts.google.com/o/oauth2/token'
data = urllib.urlencode(args)
req = urllib.urlopen(url, data)
response = req.read()
# logging.warning(response)
# logging.warning('Going to try for id token')
id_token = client._extract_id_token(json.loads(response)["id_token"])
email = id_token["email"]
# access_token = crypt._urlsafe_b64decode(json.loads(response)["access_token"])
# logging.warning(access_token)
# logging.warning('Going to try for profile with' + access_token)
# profile_response = urllib.urlopen(
# "https://wwww.googleapis.com/oauth2/v1/userinfo?access_token=" +
# access_token).read()
# logging.warning(profile_response)
# profile = json.loads(profile_response)
# logging.warning('Going to try for email')
# email = profile["email"]
test_key = db.Key.from_path('User', email)
test_user = db.get(test_key)
# self.auth().unset_session()
if test_user == None:
newUser = User(key_name=email)
newUser.email = email
newUser.name = email
newUser.friends_list = []
newUser.event_key_list = []
newUser.auth_id = email
newUser.g_token = id_token
newUser.all_start = []
newUser.all_end = []
newUser.all_content = []
newUser.all_group = []
newUser.all_className = []
newUser.total_events = 0
newUser.put()
else:
newUser.g_token = id_token
user = {'user_id': email, 'email': email}
self.auth().set_session(user, User.create_auth_token(email))
self.redirect('/')
def make_credentials(self, user):
# return AccessTokenCredentials(user['access_token'], "juliabox")
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=int(user['expires_in']))
id_token = _extract_id_token(user['id_token'])
credential = OAuth2Credentials(
access_token=user['access_token'],
client_id=self.settings['google_oauth']['key'],
client_secret=self.settings['google_oauth']['secret'],
refresh_token=user['refresh_token'],
token_expiry=token_expiry,
token_uri=GOOGLE_TOKEN_URI,
user_agent=None,
revoke_uri=GOOGLE_REVOKE_URI,
id_token=id_token,
token_response=user)
return credential
def make_credentials(self, user):
# return AccessTokenCredentials(user['access_token'], "juliabox")
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=int(user['expires_in']))
id_token = _extract_id_token(user['id_token'])
credential = OAuth2Credentials(
access_token=user['access_token'],
client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'],
client_secret=self.settings[self._OAUTH_SETTINGS_KEY]['secret'],
refresh_token=user['refresh_token'],
token_expiry=token_expiry,
token_uri=GOOGLE_TOKEN_URI,
user_agent=None,
revoke_uri=GOOGLE_REVOKE_URI,
id_token=id_token,
token_response=user)
return credential
def get(self):
logging.warning('Beginning')
args = dict(client_id=GOOGLE_CLIENT_ID, redirect_uri=server + "/googleauth")
args['client_secret'] = GOOGLE_CLIENT_SECRET
args['code'] = self.request.get('code')
args['grant_type'] = 'authorization_code'
url = 'https://accounts.google.com/o/oauth2/token'
data = urllib.urlencode(args)
req = urllib.urlopen(url,data)
response = req.read()
# logging.warning(response)
# logging.warning('Going to try for id token')
id_token = client._extract_id_token(json.loads(response)["id_token"])
email = id_token["email"]
# access_token = crypt._urlsafe_b64decode(json.loads(response)["access_token"])
# logging.warning(access_token)
# logging.warning('Going to try for profile with' + access_token)
# profile_response = urllib.urlopen(
# "https://wwww.googleapis.com/oauth2/v1/userinfo?access_token=" +
# access_token).read()
# logging.warning(profile_response)
# profile = json.loads(profile_response)
# logging.warning('Going to try for email')
# email = profile["email"]
test_key = db.Key.from_path('User',email)
test_user = db.get(test_key)
# self.auth().unset_session()
if test_user == None:
newUser = User(key_name = email)
newUser.email = email
newUser.name = email
newUser.friends_list = []
newUser.event_key_list = []
newUser.auth_id = email
newUser.g_token = id_token
newUser.all_start = []
newUser.all_end = []
newUser.all_content = []
newUser.all_group = []
newUser.all_className = []
newUser.total_events = 0
newUser.put()
else:
newUser.g_token = id_token
user = {'user_id':email, 'email':email}
self.auth().set_session(user,User.create_auth_token(email))
self.redirect('/')
def _do_refresh_request(self, http, rapt_refreshed=False):
"""Refresh the access_token using the refresh_token.
Args:
http: An object to be used to make HTTP requests.
rapt_refreshed: If we did or did not already refreshed the rapt
token.
Raises:
HttpAccessTokenRefreshError: When the refresh fails.
"""
body = self._generate_refresh_request_body()
headers = self._generate_refresh_request_headers()
logger.info('Refreshing access_token')
resp, content = transport.request(http,
self.token_uri,
method='POST',
body=body,
headers=headers)
content = _helpers._from_bytes(content)
if resp.status != http_client.OK:
self._handle_refresh_error(http, rapt_refreshed, resp, content)
return
d = json.loads(content)
self.token_response = d
self.access_token = d['access_token']
self.refresh_token = d.get('refresh_token', self.refresh_token)
if 'expires_in' in d:
delta = datetime.timedelta(seconds=int(d['expires_in']))
self.token_expiry = delta + client._UTCNOW()
else:
self.token_expiry = None
if 'id_token' in d:
self.id_token = client._extract_id_token(d['id_token'])
self.id_token_jwt = d['id_token']
else:
self.id_token = None
self.id_token_jwt = None
# On temporary refresh errors, the user does not actually have to
# re-authorize, so we unflag here.
self.invalid = False
if self.store:
self.store.locked_put(self)
def get_credentials(self, code, state, **kwargs):
'use callback data to get an access token'
if state != self.state:
return False # CSRF attack?!?
d = dict(code=code, client_id=self.keys['client_ID'],
client_secret=self.keys['client_secret'],
redirect_uri=self.keys['redirect_uri'],
grant_type='authorization_code')
r = requests.post(self.token_uri, data=d)
self.access_data = ad = r.json()
try:
token_expiry = datetime.utcnow() \
+ timedelta(seconds=int(ad['expires_in']))
except KeyError:
token_expiry = None
if 'id_token' in ad:
ad['id_token'] = _extract_id_token(ad['id_token'])
c = OAuth2Credentials(ad['access_token'], d['client_id'],
d['client_secret'],
ad.get('refresh_token', None), token_expiry,
self.token_uri, self.user_agent,
id_token=ad.get('id_token', None))
self.credentials = c
return c
def complete_login(self):
self.credentials = _extract_id_token(self.access_token)
return self.credentials
def step2_exchange(self, code, http=None):
"""Exhanges a code for OAuth2Credentials.
Args:
code: string or dict, either the code as a string, or a dictionary
of the query parameters to the redirect_uri, which contains
the code.
http: httplib2.Http, optional http instance to use to do the fetch
Returns:
An OAuth2Credentials object that can be used to authorize requests.
Raises:
FlowExchangeError if a problem occured exchanging the code for a
refresh_token.
"""
if not (isinstance(code, str) or isinstance(code, unicode)):
if 'code' not in code:
if 'error' in code:
error_msg = code['error']
else:
error_msg = 'No code was supplied in the query parameters.'
raise FlowExchangeError(error_msg)
else:
code = code['code']
body = urllib.urlencode({
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': self.redirect_uri,
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
}
if self.user_agent is not None:
headers['user-agent'] = self.user_agent
if http is None:
http = httplib2.Http()
http.add_credentials(self.client_id, self.client_secret)
resp, content = http.request(self.token_uri, method='POST', body=body,
headers=headers)
d = _parse_exchange_token_response(content)
if resp.status == 200 and 'access_token' in d:
access_token = d['access_token']
refresh_token = d.get('refresh_token', None)
token_expiry = None
if 'expires_in' in d:
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=int(d['expires_in']))
if 'id_token' in d:
d['id_token'] = _extract_id_token(d['id_token'])
logger.info('Successfully retrieved access token')
return OAuth2Credentials(access_token, self.client_id,
self.client_secret, refresh_token, token_expiry,
self.token_uri, self.user_agent,
revoke_uri=self.revoke_uri,
id_token=d.get('id_token', None),
token_response=d)
else:
logger.info('Failed to retrieve access token: %s' % content)
if 'error' in d:
# you never know what those providers got to say
error_msg = unicode(d['error'])
else:
error_msg = 'Invalid response: %s.' % str(resp.status)
raise FlowExchangeError(error_msg)
def step2_exchange(self, code, http=None):
"""Exhanges a code for OAuth2Credentials.
Args:
code: string or dict, either the code as a string, or a dictionary
of the query parameters to the redirect_uri, which contains
the code.
http: httplib2.Http, optional http instance to use to do the fetch
Returns:
An OAuth2Credentials object that can be used to authorize requests.
Raises:
FlowExchangeError if a problem occured exchanging the code for a
refresh_token.
"""
if not (isinstance(code, str) or isinstance(code, unicode)):
if 'code' not in code:
if 'error' in code:
error_msg = code['error']
else:
error_msg = 'No code was supplied in the query parameters.'
raise FlowExchangeError(error_msg)
else:
code = code['code']
body = urllib.urlencode({
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': self.redirect_uri,
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
}
if self.user_agent is not None:
headers['user-agent'] = self.user_agent
if http is None:
http = httplib2.Http()
http.add_credentials(self.client_id, self.client_secret)
resp, content = http.request(self.token_uri,
method='POST',
body=body,
headers=headers)
d = _parse_exchange_token_response(content)
if resp.status == 200 and 'access_token' in d:
access_token = d['access_token']
refresh_token = d.get('refresh_token', None)
token_expiry = None
if 'expires_in' in d:
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=int(d['expires_in']))
if 'id_token' in d:
d['id_token'] = _extract_id_token(d['id_token'])
logger.info('Successfully retrieved access token')
return OAuth2Credentials(access_token,
self.client_id,
self.client_secret,
refresh_token,
token_expiry,
self.token_uri,
self.user_agent,
revoke_uri=self.revoke_uri,
id_token=d.get('id_token', None),
token_response=d)
else:
logger.info('Failed to retrieve access token: %s' % content)
if 'error' in d:
# you never know what those providers got to say
error_msg = unicode(d['error'])
else:
error_msg = 'Invalid response: %s.' % str(resp.status)
raise FlowExchangeError(error_msg)
def step2_exchange(self, code=None, http=None, device_flow_info=None):
"""
Exchanges a code for OAuth2Credentials without sending scope parameter
"""
if code is None and device_flow_info is None:
raise ValueError('No code or device_flow_info provided.')
if code is not None and device_flow_info is not None:
raise ValueError('Cannot provide both code and device_flow_info.')
if code is None:
code = device_flow_info.device_code
elif not isinstance(code, six.string_types):
if 'code' not in code:
raise FlowExchangeError(code.get(
'error', 'No code was supplied in the query parameters.'))
code = code['code']
post_data = {
'client_id': self.client_id,
'code': code,
#'scope': self.scope,
}
if self.client_secret is not None:
post_data['client_secret'] = self.client_secret
if device_flow_info is not None:
post_data['grant_type'] = 'http://oauth.net/grant_type/device/1.0'
else:
post_data['grant_type'] = 'authorization_code'
post_data['redirect_uri'] = self.redirect_uri
body = urllib.parse.urlencode(post_data)
headers = {
'content-type': 'application/x-www-form-urlencoded',
}
if self.authorization_header is not None:
headers['Authorization'] = self.authorization_header
if self.user_agent is not None:
headers['user-agent'] = self.user_agent
if http is None:
http = httplib2.Http()
resp, content = http.request(self.token_uri, method='POST', body=body,
headers=headers)
d = _parse_exchange_token_response(content)
if resp.status == 200 and 'access_token' in d:
access_token = d['access_token']
refresh_token = d.get('refresh_token', None)
token_expiry = None
if 'expires_in' in d:
token_expiry = (
datetime.datetime.utcnow() +
datetime.timedelta(seconds=int(d['expires_in'])))
extracted_id_token = None
if 'id_token' in d:
extracted_id_token = _extract_id_token(d['id_token'])
return OAuth2Credentials(
access_token, self.client_id, self.client_secret,
refresh_token, token_expiry, self.token_uri, self.user_agent,
revoke_uri=self.revoke_uri, id_token=extracted_id_token,
token_response=d, scopes=self.scope,
token_info_uri=self.token_info_uri)
else:
if 'error' in d:
# you never know what those providers got to say
error_msg = (str(d['error']) +
str(d.get('error_description', '')))
else:
error_msg = 'Invalid response: %s.' % str(resp.status)
raise FlowExchangeError(error_msg)
def step2_exchange(self, code, http=None):
"""
Don't send scope in step2
"""
if not (isinstance(code, str) or isinstance(code, unicode)):
if 'code' not in code:
if 'error' in code:
error_msg = code['error']
else:
error_msg = 'No code was supplied in the query parameters.'
raise FlowExchangeError(error_msg)
else:
code = code['code']
body = urllib.urlencode({
'grant_type': 'authorization_code',
'client_id': self.client_id,
'client_secret': self.client_secret,
'code': code,
'redirect_uri': self.redirect_uri,
})
headers = {
'content-type': 'application/x-www-form-urlencoded',
}
if self.user_agent is not None:
headers['user-agent'] = self.user_agent
if http is None:
http = httplib2.Http()
resp, content = http.request(self.token_uri,
method='POST',
body=body,
headers=headers)
d = _parse_exchange_token_response(content)
if resp.status == 200 and 'access_token' in d:
access_token = d['access_token']
refresh_token = d.get('refresh_token', None)
token_expiry = None
if 'expires_in' in d:
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=int(d['expires_in']))
if 'id_token' in d:
d['id_token'] = _extract_id_token(d['id_token'])
logger.info('Successfully retrieved access token')
return OAuth2Credentials(access_token,
self.client_id,
self.client_secret,
refresh_token,
token_expiry,
self.token_uri,
self.user_agent,
id_token=d.get('id_token', None))
else:
logger.info('Failed to retrieve access token: %s' % content)
if 'error' in d:
# you never know what those providers got to say
error_msg = unicode(d['error'])
else:
error_msg = 'Invalid response: %s.' % str(resp.status)
raise FlowExchangeError(error_msg)
