def test_access_token_with_fetch_token(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth() token = get_bearer_token() oauth.init_app(app, fetch_token=lambda name: token) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize') def fake_send(sess, req, **kwargs): auth = req.headers['Authorization'] self.assertEqual(auth, 'Bearer {}'.format(token['access_token'])) resp = mock.MagicMock() resp.text = 'hi' resp.status_code = 200 return resp with app.test_request_context(): with mock.patch('requests.sessions.Session.send', fake_send): resp = client.get('/api/user') self.assertEqual(resp.text, 'hi') # trigger ctx.authlib_client_oauth_token resp = client.get('/api/user') self.assertEqual(resp.text, 'hi')
def test_init_app_params(self): app = Flask(__name__) oauth = OAuth() oauth.init_app(app, SimpleCache()) self.assertIsNotNone(oauth.cache) self.assertIsNone(oauth.update_token) oauth.init_app(app, update_token=lambda o: o) self.assertIsNotNone(oauth.update_token)
def get_oauth2_client(token): oauth2_client = OAuth() def fetch_token(name): return token oauth2_client.init_app(current_app, fetch_token=fetch_token) oauth2_client.register('principal') return oauth2_client
def test_init_app_later(self): app = Flask(__name__) app.config.update({ 'DEV_CLIENT_KEY': 'dev', 'DEV_CLIENT_SECRET': 'dev', }) oauth = OAuth() remote = oauth.register('dev') self.assertRaises(RuntimeError, lambda: oauth.dev.client_key) oauth.init_app(app) self.assertEqual(oauth.dev.client_key, 'dev') self.assertEqual(remote.client_key, 'dev')
def test_init_app_later(self): app = Flask(__name__) app.config.update({ 'DEV_CLIENT_ID': 'dev', 'DEV_CLIENT_SECRET': 'dev', }) oauth = OAuth() remote = oauth.register('dev') self.assertRaises(RuntimeError, lambda: oauth.dev.client_id) oauth.init_app(app) self.assertEqual(oauth.dev.client_id, 'dev') self.assertEqual(remote.client_id, 'dev') self.assertIsNone(oauth.cache) self.assertIsNone(oauth.fetch_token) self.assertIsNone(oauth.update_token)
class Federation: def __init__(self): self.clients = set() self._authlib_clients = OAuth() def register(self, client_name, **kwargs): self.clients.add(client_name) self._authlib_clients.register(client_name, **kwargs) def get(self, client_name): if client_name in self.clients: return self._authlib_clients.create_client(client_name) return None def init_app(self, app): self.register('solidsea', client_cls=OIDCClient, discovery_url=app.config['SOLIDSEA_DISCOVERY_URL']) self._authlib_clients.init_app(app)
class Federation: def __init__(self): self.clients = [] self._authlib_clients = OAuth() def register(self, client_name, **kwargs): self.clients.append(client_name) self._authlib_clients.register(client_name, **kwargs) def get(self, client_name): if client_name in self.clients: return self._authlib_clients.create_client(client_name) return None def init_app(self, app): for client_name in app.config['FEDERATION']: log.info('Registering client "{}"'.format(client_name)) module_name = app.config.get('{}_CLIENT_MODULE'.format( client_name.upper())) self.register(client_name, client_cls=get_client_cls(module_name)) self._authlib_clients.init_app(app)
def test_request_with_refresh_token(self): app = Flask(__name__) app.secret_key = '!' oauth = OAuth() expired_token = { 'token_type': 'Bearer', 'access_token': 'expired-a', 'refresh_token': 'expired-b', 'expires_in': '3600', 'expires_at': 1566465749, } oauth.init_app(app, fetch_token=lambda name: expired_token) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', refresh_token_url='https://i.b/token', authorize_url='https://i.b/authorize') def fake_send(sess, req, **kwargs): if req.url == 'https://i.b/token': auth = req.headers['Authorization'] self.assertIn('Basic', auth) resp = mock.MagicMock() resp.json = get_bearer_token resp.status_code = 200 return resp resp = mock.MagicMock() resp.text = 'hi' resp.status_code = 200 return resp with app.test_request_context(): with mock.patch('requests.sessions.Session.send', fake_send): resp = client.get('/api/user', token=expired_token) self.assertEqual(resp.text, 'hi')
def init_app(app): global oauth_registry # Reinitialize the Oauth registry. # In tests for instance, the app module is imported once, thus the registry # kept its _clients and _registry values. oauth_registry = OAuth() oauth_registry.init_app(app) if settings.MOCK_OAUTH: _logger.info("MOCK_OAUTH set, using Mock oauth client.") oauth_registry.register(settings.OAUTH_CLIENT_NAME, client_cls=MockClient) else: if not settings.OAUTH_JWKS_URL: raise Exception("Please set OAUTH_JWKS_URL.") _logger.info("Registering Auth0 oauth client") oauth_registry.register( settings.OAUTH_CLIENT_NAME, client_id=settings.OAUTH_CLIENT_ID, client_secret=settings.OAUTH_CLIENT_SECRET, api_base_url=settings.OAUTH_BASE_URL, access_token_url=settings.OAUTH_BASE_URL + "/oauth/token", authorize_url=settings.OAUTH_BASE_URL + "/authorize", client_kwargs={"scope": "openid profile"}, client_cls=Auth0Client, )
client_id=config.GOOGLE_CLIENT_ID, client_secret=config.GOOGLE_CLIENT_SECRET, access_token_url='https://accounts.google.com/o/oauth2/token', access_token_params=None, refresh_token_url=None, authorize_url='https://accounts.google.com/o/oauth2/auth', api_base_url='https://www.googleapis.com/oauth2/v1/', client_kwargs={ 'scope': 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile', 'token_endpoint_auth_method': 'client_secret_basic', 'token_placement': 'header', 'prompt': 'consent' }) oauth.init_app(app) # SuperAdmins super_admins = {'ahmedramzy160', 'josh777'} # Flask_Assets assets = Environment(app) js = Bundle('js/vendor/brainTree_1.14.1.js', 'js/vendor/jquery_3.2.1.js', 'js/vendor/popper_1.11.0.js', 'js/vendor/bootstrap_4.1.1.js', 'js/vendor/following_counter.js', filters='jsmin', output='gen/packed.%(version)s.js')
def init_webapp(config, test=False): """Initialize the web application. Initializes and configures the Flask web application. Call this method to make the web application and respective database engine usable. If initialized with `test=True` the application will use an in-memory SQLite database, and should be used for unit testing, but not much else. """ # Make app work with proxies (like nginx) that set proxy headers. app.wsgi_app = ProxyFix(app.wsgi_app) # logging.getLogger('flask_cors').level = logging.DEBUG # Note, this url namespace also exists for the Flask-Restless extension and # is where CRUD interfaces live, so be careful not to collide with model # names here. We could change this, but it's nice to have API live in the # same url namespace. app.register_blueprint(api, url_prefix='/api') # Initialize Flask configuration if test: app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://' else: app.config['SQLALCHEMY_DATABASE_URI'] = config['webapp'][ 'database_uri'] # FIXME: Port these over to configobj. app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'abc123') app.config['SECURITY_TOKEN_MAX_AGE'] = 60 app.config['SECURITY_TOKEN_AUTHENTICATION_HEADER'] = 'Auth-Token' app.config['SECURITY_PASSWORD_HASH'] = 'bcrypt' app.config['SECURITY_PASSWORD_SALT'] = os.environ.get('SALT', 'salt123') app.config['SECURITY_REGISTERABLE'] = True app.config['SECURITY_CONFIRMABLE'] = False app.config['SECURITY_SEND_REGISTER_EMAIL'] = False # This thing is a supreme PIA with API, and because we're using token based # authentication. app.config['WTF_CSRF_ENABLED'] = False # Initialize Flask-CORS CORS(app, supports_credentials=True) # CORS(app, supports_credentials=True, resources={r"/*": {"origins": "*"}}) # Initialize Flask-Bootstrap Bootstrap(app) # Initialize Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) Security(app, user_datastore) app.config['GOOGLE_CLIENT_ID'] = os.environ.get('GOOGLE_CLIENT_ID', 'abc123') app.config['GOOGLE_CLIENT_SECRET'] = os.environ.get( 'GOOGLE_CLIENT_SECRET', 'password') app.config[ 'GOOGLE_REFRESH_TOKEN_URL'] = 'https://www.googleapis.com/oauth2/v4/token' app.config['GOOGLE_CLIENT_KWARGS'] = dict(scope=' '.join([ 'openid', 'https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/calendar.readonly', ])) # Initialize Authlib. oauth = OAuth() oauth.init_app(app, fetch_token=authlib_fetch_token, update_token=authlib_update_token) google_blueprint = create_flask_blueprint(Google, oauth, authlib_handle_authorize) app.register_blueprint(google_blueprint, url_prefix='/google') # Save the oauth object in the app so handlers can use it to build clients. app.oauth = oauth # Initialize Flask-SQLAlchemy db.app = app db.init_app(app) # NOTE: You don't want to use this if you're using alembic, since alembic # is now in charge of creating/upgrading/downgrading your database. If you # choose to not use alembic, you can add this line here. # db.create_all() # Initialize Flask-Restless manager = APIManager( app, flask_sqlalchemy_db=db, preprocessors=dict(GET_MANY=[restless_api_auth_func]), ) # manager.create_api(TableName methods=['GET', 'POST', 'OPTIONS']) return app