def delete(self, delete_message=None):
self.delete_message = delete_message
self._deleted = True
self._commit()
#update caches
Account._by_name(self.name, allow_deleted = True, _update = True)
#we need to catch an exception here since it will have been
#recently deleted
try:
Account._by_name(self.name, _update = True)
except NotFound:
pass
#remove from friends lists
q = Friend._query(Friend.c._thing2_id == self._id,
Friend.c._name == 'friend',
eager_load = True)
for f in q:
f._thing1.remove_friend(f._thing2)
q = Friend._query(Friend.c._thing2_id == self._id,
Friend.c._name == 'enemy',
eager_load=True)
for f in q:
f._thing1.remove_enemy(f._thing2)
# Remove OAuth2Client developer permissions. This will delete any
# clients for which this account is the sole developer.
from r2.models.token import OAuth2Client
for client in OAuth2Client._by_developer(self):
client.remove_developer(self)
def GET_refresh_token(self, *args, **kwargs): # pylint: disable=unused-argument
"""Generate a refresh token given a username"""
username = request.GET['username']
try:
account = Account._by_name(username)
except NotFound:
account = register(username, uuid4().hex, '127.0.0.1')
# subscribe the user now because reddit does not have consistency across
# its APIs on what it considers the user to be subscribed to
if not account.has_subscribed:
Subreddit.subscribe_defaults(account)
account.has_subscribed = True
account._commit()
client_id = g.secrets['generate_refresh_token_client_id']
client = OAuth2Client.get_token(client_id)
scope = OAuth2Scope(OAuth2Scope.FULL_ACCESS)
user_id = account._id36
refresh_token = OAuth2RefreshToken._new(
client_id=client._id,
user_id=user_id,
scope=scope,
)
access_token = OAuth2AccessToken._new(
client_id=client._id,
user_id=user_id,
scope=scope,
device_id='device',
)
return json.dumps(OAuth2AccessController._make_new_token_response(access_token, refresh_token))
def delete(self, delete_message=None):
self.delete_message = delete_message
self.delete_time = datetime.now(g.tz)
self._deleted = True
self._commit()
# update caches
Account._by_name(self.name, allow_deleted=True, _update=True)
# we need to catch an exception here since it will have been
# recently deleted
try:
Account._by_name(self.name, _update=True)
except NotFound:
pass
# remove from friends lists
q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == "friend", eager_load=True)
for f in q:
f._thing1.remove_friend(f._thing2)
q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == "enemy", eager_load=True)
for f in q:
f._thing1.remove_enemy(f._thing2)
# wipe out stored password data after a recovery period
TryLater.schedule("account_deletion", self._id36, delay=timedelta(days=90))
# Remove OAuth2Client developer permissions. This will delete any
# clients for which this account is the sole developer.
from r2.models.token import OAuth2Client
for client in OAuth2Client._by_developer(self):
client.remove_developer(self)
def run(self, client_id):
if not client_id:
return self.error()
client = OAuth2Client.get_token(client_id)
if client:
return client
else:
return self.error()
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
client_id, client_secret = parse_http_basic(auth)
client = OAuth2Client.get_token(client_id)
require(client)
require(constant_time_compare(client.secret, client_secret))
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
client_id, client_secret = parse_http_basic(auth)
client = OAuth2Client.get_token(client_id)
require(client)
require(constant_time_compare(client.secret, client_secret))
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def _get_client_auth(self):
auth = request.headers.get("Authorization")
try:
auth_scheme, auth_token = require_split(auth, 2)
require(auth_scheme.lower() == "basic")
try:
auth_data = base64.b64decode(auth_token)
except TypeError:
raise RequirementException
client_id, client_secret = require_split(auth_data, 2, ":")
client = OAuth2Client.get_token(client_id)
require(client)
require(client.secret == client_secret)
return client
except RequirementException:
abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def delete(self, delete_message=None):
self.delete_message = delete_message
self.delete_time = datetime.now(g.tz)
self._deleted = True
self._commit()
#update caches
Account._by_name(self.name, allow_deleted=True, _update=True)
#we need to catch an exception here since it will have been
#recently deleted
try:
Account._by_name(self.name, _update=True)
except NotFound:
pass
# Mark this account for scrubbing
amqp.add_item('account_deleted', self._fullname)
#remove from friends lists
q = Friend._query(Friend.c._thing2_id == self._id,
Friend.c._name == 'friend',
eager_load=True)
for f in q:
f._thing1.remove_friend(f._thing2)
q = Friend._query(Friend.c._thing2_id == self._id,
Friend.c._name == 'enemy',
eager_load=True)
for f in q:
f._thing1.remove_enemy(f._thing2)
# wipe out stored password data after a recovery period
TryLater.schedule("account_deletion",
self._id36,
delay=timedelta(days=90))
# Remove OAuth2Client developer permissions. This will delete any
# clients for which this account is the sole developer.
from r2.models.token import OAuth2Client
for client in OAuth2Client._by_developer(self):
client.remove_developer(self)
