def save_refresh_token(self, token, request, user): refresh_token = Token( code=token["refresh_token"], expires_in=REFRESH_TOKEN_LIFESPAN, scopes=list_to_scope(request.scopes), ) # that elusive bug msg = "saving refresh token with\ncode: {}\nexpires in: {}\nscopes: {}".format( token["refresh_token"], REFRESH_TOKEN_LIFESPAN, list_to_scope(request.scopes), ) current_app.logger.debug(msg) db.session.add(refresh_token) request.client.refresh_tokens.append(refresh_token) user.refresh_token = refresh_token db.session.commit() msg = "Added new refresh token to client {} and user {}".format( request.client.client_id, user.user_id) current_app.logger.debug(msg) return
def test_list_to_scope(self): expected = 'foo bar baz' string_list = ['foo', 'bar', 'baz'] self.assertEqual(list_to_scope(string_list), expected) obj_list = [ScopeObject('foo'), ScopeObject('bar'), ScopeObject('baz')] self.assertEqual(list_to_scope(obj_list), expected)
def init_clients(app, session, default_scopes=None): scopes = default_scopes or ["ham", "eggs"] client = models.Client( name="BenwaOnline", client_id=app.config["CLIENT_ID"], client_secret=app.config["CLIENT_SECRET"], grant_type="authorization_code", response_type="code", _redirect_uris="http://127.0.0.1:5000/authorize/callback", default_scopes=list_to_scope(scopes), allowed_scopes=list_to_scope(scopes), ) session.add(client) session.commit() return
def test_list_to_scope(self): expected = 'foo bar baz' string_list = ['foo', 'bar', 'baz'] self.assertEqual(list_to_scope(string_list), expected) string_tuple = ('foo', 'bar', 'baz') self.assertEqual(list_to_scope(string_tuple), expected) obj_list = [ScopeObject('foo'), ScopeObject('bar'), ScopeObject('baz')] self.assertEqual(list_to_scope(obj_list), expected) set_list = set(string_list) set_scope = list_to_scope(set_list) assert len(set_scope.split(' ')) == 3 for x in string_list: assert x in set_scope self.assertRaises(ValueError, list_to_scope, object())
def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): """Check if requested scopes are in the client's allowed scopes. Set the normalized set of scopes in the request object. Returns: True """ req_scopes = [ scope for scope in scopes if scope in client.allowed_scopes ] request.scopes = list_to_scope(req_scopes) return True
def prepare_request_uri(self, uri, scope=None, **kwargs): if not is_secure_transport(uri): raise InsecureTransportError() scope = self.scope if scope is None else scope params = [(('client_id', self.client_id)), (('grant_type', self.grant_type))] if self.client_secret is not None: params.append(('client_secret', self.client_secret)) if scope: params.append(('scope', list_to_scope(scope))) for k in kwargs: if kwargs[k]: params.append((str(k), kwargs[k])) return add_params_to_uri(uri, params)
def get_scope_string(**kwargs): if 'scopes' in kwargs: return utils.list_to_scope(kwargs.get('scopes')) elif 'scope' in kwargs: return kwargs.get('scope')
def update(client, permissions): scopes = list_to_scope(permissions) client.grant_type = "authorization_code" client.response_type = "code" client.default_scopes = scopes client.allowed_scopes = scopes