def test_store_credentials_fails_if_credentials_are_incorrects(self): token, credentials = get_hawk_credentials() del credentials['id'] self.assertRaises(AssertionError, self.db.store_credentials, token, credentials) token, credentials = get_hawk_credentials() del credentials['key'] self.assertRaises(AssertionError, self.db.store_credentials, token, credentials)
def get_token(request): if request.credentials_id: token = request.db.get_token(request.credentials_id) _, credentials = get_hawk_credentials(token) return {'token': token, 'credentials': credentials} else: return forbidden_view(request)
def get_token(request): if request.credentials_id: token = request.db.get_token(request.credentials_id) _, credentials = get_hawk_credentials(token) return {"token": token, "credentials": credentials} else: return forbidden_view(request)
def post_tokens(request): """Creates a new token and store it""" token, credentials = get_hawk_credentials() request.db.store_credentials(token, credentials) request.response.status = "201 Created" return { 'token': token, 'credentials': credentials }
def post_browserid(request): """Get or create a token for this Assertion""" db = request.registry.browserid_db if 'assertion' in request.POST: # Persona login assertion = request.POST['assertion'] elif 'Authorization' in request.headers and \ request.headers['Authorization'].lower().startswith('browserid'): assertion = request.headers['Authorization'].split()[1] else: return forbidden_view() audience = json.loads(decode_bytes(assertion.split('.')[3]))['aud'] if audience not in request.registry['browserid.audiences']: raise HTTPBadRequest('Invalid audience') r = requests.post(request.registry['browserid.verifier_url'], data=json.dumps({'assertion': assertion, 'audience': audience}), headers={'Content-Type': 'application/json'}) if r.status_code == 500: raise HTTPBadRequest('An error occured: %s' % r.content) data = r.json() print data if data['issuer'] not in request.registry['browserid.trusted_issuers']: raise HTTPBadRequest( '%s is not configured as a trusted issuer.' % data['issuer'] ) user_id = data['email'] is_new = False try: token = db.get_user_token(user_id) except UserIdNotFound: is_new = True token = None token, credentials = get_hawk_credentials(token) if is_new: db.store_user_token(user_id, token) request.db.store_token(token, credentials) request.response.status = "201 Created" return { 'token': token, 'credentials': credentials }
def setUp(self): self.app = webtest.TestApp("config:conf/tests.ini", relative_to='.') self.app.RequestClass = PrefixedRequestClass self.db = self.app.app.registry.backend self.indexer = self.app.app.registry.index token, self.credentials = get_hawk_credentials() self.db.store_credentials(token, self.credentials) auth_password = base64.b64encode( (u'%s:%s' % (self.credentials['id'], self.credentials['key'])).encode('ascii')) \ .strip().decode('ascii') self.headers = { 'Content-Type': 'application/json', 'Authorization': 'Basic {0}'.format(auth_password), }
def post_tokens(request): """Creates a new token and store it""" # If we have an authorization header with the Basic or Token realm # Use it to derive the key session_token = None if request.authorization and request.authorization[0] in ["Basic", "Token"]: session_token = hmac_digest(request.registry.tokenHmacKey, "%s %s" % request.authorization[:2]) token, credentials = get_hawk_credentials(session_token) try: request.db.store_credentials(token, credentials) except CredentialsAlreadyExist: request.response.status = "200 OK" else: request.response.status = "201 Created" return {"token": token, "credentials": credentials}
def post_tokens(request): """Creates a new token and store it""" # If we have an authorization header with the Basic or Token realm # Use it to derive the key session_token = None if request.authorization and \ request.authorization[0] in ["Basic", "Token"]: session_token = hmac_digest(request.registry.tokenHmacKey, "%s %s" % request.authorization[:2]) token, credentials = get_hawk_credentials(session_token) try: request.db.store_credentials(token, credentials) except CredentialsAlreadyExist: request.response.status = "200 OK" else: request.response.status = "201 Created" return {'token': token, 'credentials': credentials}
def test_store_credentials_success(self): token, credentials = get_hawk_credentials() self.db.store_credentials(token, credentials) self.assertEqual(self.db.get_token(credentials['id']), token) self.assertEqual(self.db.get_credentials_key(credentials['id']), credentials['key'])
def test_store_credentials_fails_if_already_exist(self): token, credentials = get_hawk_credentials() self.db.store_credentials(token, credentials) self.assertRaises(backend_exceptions.CredentialsAlreadyExist, self.db.store_credentials, token, credentials)
def trade_token(request): """Trade an OAuth code with an oauth bearer token.""" db = request.registry.fxa_oauth_db session_id = request.session_id code = request.validated['code'] state = request.validated['state'] try: stored_state = db.get_state(session_id) except StateNotFound: request.errors.add('body', 'session cookie', 'session cookie not found') request.errors.status = 404 return redirect_uri = db.get_redirect_uri(state) db.set_state(session_id) if stored_state != state: request.errors.add('body', 'state', 'invalid oauth state') return resp = requests.post( '%s/token' % request.registry['fxa-oauth.oauth_uri'], data=json.dumps({ "code": code, "client_id": request.registry['fxa-oauth.client_id'], "client_secret": request.registry['fxa-oauth.client_secret'] }), headers={'Content-Type': 'application/json'} ) if not 200 <= resp.status_code < 300: print "oops, fxa server isn't working" request.response.status = 503 return oauth_server_response = resp.json() token = oauth_server_response['access_token'] db.set_oauth_access_token(session_id, token) resp = requests.get( '%s/profile' % request.registry['fxa-oauth.profile_uri'], headers={ 'Authorization': 'Bearer %s' % token, 'Accept': 'application/json' } ) if not 200 <= resp.status_code < 300: print "oops, profile server isn't working" request.response.status = 503 return data = resp.json() email = data['email'] uid = data['uid'] uid_hmaced = hmac_digest(request.registry.tokenHmacKey, "%s:%s" % (redirect_uri, uid)) is_new = False try: token = db.get_user_token(uid_hmaced) except UserTokenNotFound: is_new = True token = None token, credentials = get_hawk_credentials(token) request.db.set_user_id(credentials['id'], email) if is_new: db.store_user_token(uid_hmaced, token) request.db.store_credentials(token, credentials) request.response.status = 201 return { 'token': token, 'credentials': credentials, 'profile': { 'uid': uid, 'email': email } }