def test_store_credentials_fails_if_credentials_are_incorrects(self):
token, credentials = get_hawk_credentials()
del credentials['id']
self.assertRaises(AssertionError, self.db.store_credentials, token, credentials)
token, credentials = get_hawk_credentials()
del credentials['key']
self.assertRaises(AssertionError, self.db.store_credentials, token, credentials)
def test_store_credentials_fails_if_credentials_are_incorrects(self):
token, credentials = get_hawk_credentials()
del credentials['id']
self.assertRaises(AssertionError, self.db.store_credentials, token,
credentials)
token, credentials = get_hawk_credentials()
del credentials['key']
self.assertRaises(AssertionError, self.db.store_credentials, token,
credentials)
def get_token(request):
if request.credentials_id:
token = request.db.get_token(request.credentials_id)
_, credentials = get_hawk_credentials(token)
return {'token': token, 'credentials': credentials}
else:
return forbidden_view(request)
def get_token(request):
if request.credentials_id:
token = request.db.get_token(request.credentials_id)
_, credentials = get_hawk_credentials(token)
return {"token": token, "credentials": credentials}
else:
return forbidden_view(request)
def post_tokens(request):
"""Creates a new token and store it"""
token, credentials = get_hawk_credentials()
request.db.store_credentials(token, credentials)
request.response.status = "201 Created"
return {
'token': token,
'credentials': credentials
}
def post_browserid(request):
"""Get or create a token for this Assertion"""
db = request.registry.browserid_db
if 'assertion' in request.POST:
# Persona login
assertion = request.POST['assertion']
elif 'Authorization' in request.headers and \
request.headers['Authorization'].lower().startswith('browserid'):
assertion = request.headers['Authorization'].split()[1]
else:
return forbidden_view()
audience = json.loads(decode_bytes(assertion.split('.')[3]))['aud']
if audience not in request.registry['browserid.audiences']:
raise HTTPBadRequest('Invalid audience')
r = requests.post(request.registry['browserid.verifier_url'],
data=json.dumps({'assertion': assertion,
'audience': audience}),
headers={'Content-Type': 'application/json'})
if r.status_code == 500:
raise HTTPBadRequest('An error occured: %s' % r.content)
data = r.json()
print data
if data['issuer'] not in request.registry['browserid.trusted_issuers']:
raise HTTPBadRequest(
'%s is not configured as a trusted issuer.' % data['issuer']
)
user_id = data['email']
is_new = False
try:
token = db.get_user_token(user_id)
except UserIdNotFound:
is_new = True
token = None
token, credentials = get_hawk_credentials(token)
if is_new:
db.store_user_token(user_id, token)
request.db.store_token(token, credentials)
request.response.status = "201 Created"
return {
'token': token,
'credentials': credentials
}
def setUp(self):
self.app = webtest.TestApp("config:conf/tests.ini", relative_to='.')
self.app.RequestClass = PrefixedRequestClass
self.db = self.app.app.registry.backend
self.indexer = self.app.app.registry.index
token, self.credentials = get_hawk_credentials()
self.db.store_credentials(token, self.credentials)
auth_password = base64.b64encode(
(u'%s:%s' % (self.credentials['id'],
self.credentials['key'])).encode('ascii')) \
.strip().decode('ascii')
self.headers = {
'Content-Type': 'application/json',
'Authorization': 'Basic {0}'.format(auth_password),
}
def post_tokens(request):
"""Creates a new token and store it"""
# If we have an authorization header with the Basic or Token realm
# Use it to derive the key
session_token = None
if request.authorization and request.authorization[0] in ["Basic", "Token"]:
session_token = hmac_digest(request.registry.tokenHmacKey, "%s %s" % request.authorization[:2])
token, credentials = get_hawk_credentials(session_token)
try:
request.db.store_credentials(token, credentials)
except CredentialsAlreadyExist:
request.response.status = "200 OK"
else:
request.response.status = "201 Created"
return {"token": token, "credentials": credentials}
def setUp(self):
self.app = webtest.TestApp("config:conf/tests.ini", relative_to='.')
self.app.RequestClass = PrefixedRequestClass
self.db = self.app.app.registry.backend
self.indexer = self.app.app.registry.index
token, self.credentials = get_hawk_credentials()
self.db.store_credentials(token, self.credentials)
auth_password = base64.b64encode(
(u'%s:%s' % (self.credentials['id'],
self.credentials['key'])).encode('ascii')) \
.strip().decode('ascii')
self.headers = {
'Content-Type': 'application/json',
'Authorization': 'Basic {0}'.format(auth_password),
}
def post_tokens(request):
"""Creates a new token and store it"""
# If we have an authorization header with the Basic or Token realm
# Use it to derive the key
session_token = None
if request.authorization and \
request.authorization[0] in ["Basic", "Token"]:
session_token = hmac_digest(request.registry.tokenHmacKey,
"%s %s" % request.authorization[:2])
token, credentials = get_hawk_credentials(session_token)
try:
request.db.store_credentials(token, credentials)
except CredentialsAlreadyExist:
request.response.status = "200 OK"
else:
request.response.status = "201 Created"
return {'token': token, 'credentials': credentials}
def test_store_credentials_success(self):
token, credentials = get_hawk_credentials()
self.db.store_credentials(token, credentials)
self.assertEqual(self.db.get_token(credentials['id']), token)
self.assertEqual(self.db.get_credentials_key(credentials['id']),
credentials['key'])
def test_store_credentials_fails_if_already_exist(self):
token, credentials = get_hawk_credentials()
self.db.store_credentials(token, credentials)
self.assertRaises(backend_exceptions.CredentialsAlreadyExist,
self.db.store_credentials, token, credentials)
def test_store_credentials_success(self):
token, credentials = get_hawk_credentials()
self.db.store_credentials(token, credentials)
self.assertEqual(self.db.get_token(credentials['id']), token)
self.assertEqual(self.db.get_credentials_key(credentials['id']),
credentials['key'])
def test_store_credentials_fails_if_already_exist(self):
token, credentials = get_hawk_credentials()
self.db.store_credentials(token, credentials)
self.assertRaises(backend_exceptions.CredentialsAlreadyExist,
self.db.store_credentials, token, credentials)
def trade_token(request):
"""Trade an OAuth code with an oauth bearer token."""
db = request.registry.fxa_oauth_db
session_id = request.session_id
code = request.validated['code']
state = request.validated['state']
try:
stored_state = db.get_state(session_id)
except StateNotFound:
request.errors.add('body', 'session cookie',
'session cookie not found')
request.errors.status = 404
return
redirect_uri = db.get_redirect_uri(state)
db.set_state(session_id)
if stored_state != state:
request.errors.add('body', 'state', 'invalid oauth state')
return
resp = requests.post(
'%s/token' % request.registry['fxa-oauth.oauth_uri'],
data=json.dumps({
"code": code,
"client_id": request.registry['fxa-oauth.client_id'],
"client_secret": request.registry['fxa-oauth.client_secret']
}),
headers={'Content-Type': 'application/json'}
)
if not 200 <= resp.status_code < 300:
print "oops, fxa server isn't working"
request.response.status = 503
return
oauth_server_response = resp.json()
token = oauth_server_response['access_token']
db.set_oauth_access_token(session_id, token)
resp = requests.get(
'%s/profile' % request.registry['fxa-oauth.profile_uri'],
headers={
'Authorization': 'Bearer %s' % token,
'Accept': 'application/json'
}
)
if not 200 <= resp.status_code < 300:
print "oops, profile server isn't working"
request.response.status = 503
return
data = resp.json()
email = data['email']
uid = data['uid']
uid_hmaced = hmac_digest(request.registry.tokenHmacKey,
"%s:%s" % (redirect_uri, uid))
is_new = False
try:
token = db.get_user_token(uid_hmaced)
except UserTokenNotFound:
is_new = True
token = None
token, credentials = get_hawk_credentials(token)
request.db.set_user_id(credentials['id'], email)
if is_new:
db.store_user_token(uid_hmaced, token)
request.db.store_credentials(token, credentials)
request.response.status = 201
return {
'token': token,
'credentials': credentials,
'profile': {
'uid': uid,
'email': email
}
}
