def persist_token_information(self, client_id, scope, access_token, token_type, expires_in, refresh_token, data): assert not refresh_token found = user.get_user(json.loads(data)["username"]) if not found: raise RuntimeError("Username must be in the data field") token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH] token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:] assert token_name assert token_code assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH oauth_app = OAuthApplication.get(client_id=client_id) expires_at = datetime.utcnow() + timedelta(seconds=expires_in) OAuthAccessToken.create( application=oauth_app, authorized_user=found, scope=scope, token_name=token_name, token_code=Credential.from_string(token_code), access_token="", token_type=token_type, expires_at=expires_at, data=data, )
def create_access_token_for_testing(user_obj, client_id, scope, access_token=None, expires_in=9000): access_token = access_token or random_string_generator(length=40)() token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH] token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:] assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH expires_at = datetime.utcnow() + timedelta(seconds=expires_in) application = get_application_for_client_id(client_id) created = OAuthAccessToken.create( application=application, authorized_user=user_obj, scope=scope, token_type="token", access_token="", token_code=Credential.from_string(token_code), token_name=token_name, expires_at=expires_at, data="", ) return created, access_token
def lookup_access_token_for_user(user_obj, token_uuid): try: return OAuthAccessToken.get( OAuthAccessToken.authorized_user == user_obj, OAuthAccessToken.uuid == token_uuid) except OAuthAccessToken.DoesNotExist: return None
def validate_access_token(access_token): assert isinstance(access_token, str) token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH] if not token_name: return None token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:] if not token_code: return None try: found = ( OAuthAccessToken.select(OAuthAccessToken, User) .join(User) .where(OAuthAccessToken.token_name == token_name) .get() ) if found.token_code is None or not found.token_code.matches(token_code): return None return found except OAuthAccessToken.DoesNotExist: pass return None
def lookup_access_token_for_user(user_obj, token_uuid): try: return (OAuthAccessToken.select( OAuthAccessToken, User).join(User).where( OAuthAccessToken.authorized_user == user_obj, OAuthAccessToken.uuid == token_uuid).get()) except OAuthAccessToken.DoesNotExist: return None
def list_access_tokens_for_user(user_obj): query = ( OAuthAccessToken.select() .join(OAuthApplication) .switch(OAuthAccessToken) .join(User) .where(OAuthAccessToken.authorized_user == user_obj) ) return query
def load_authorized_scope_string(self, client_id, username): found = (OAuthAccessToken.select().join(OAuthApplication).switch( OAuthAccessToken).join(User).where( OAuthApplication.client_id == client_id, User.username == username, OAuthAccessToken.expires_at > datetime.utcnow())) found = list(found) logger.debug('Found %s matching tokens.', len(found)) long_scope_string = ','.join([token.scope for token in found]) logger.debug('Computed long scope string: %s', long_scope_string) return long_scope_string
def validate_access_token(access_token): assert isinstance(access_token, basestring) token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH] if not token_name: return None token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:] if not token_code: return None try: found = (OAuthAccessToken.select( OAuthAccessToken, User).join(User).where( OAuthAccessToken.token_name == token_name).get()) if found.token_code is None or not found.token_code.matches( token_code): return None return found except OAuthAccessToken.DoesNotExist: pass # Legacy lookup. # TODO(remove-unenc): Remove this once migrated. if ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS): try: assert access_token found = (OAuthAccessToken.select( OAuthAccessToken, User).join(User).where( OAuthAccessToken.access_token == access_token).get()) return found except OAuthAccessToken.DoesNotExist: return None return None
def lookup_access_token_by_uuid(token_uuid): try: return OAuthAccessToken.get(OAuthAccessToken.uuid == token_uuid) except OAuthAccessToken.DoesNotExist: return None