def setUp(self):
"""
user_a -> admin
user_b -> user2
user_a uploads shared file.
We authenticate to the API with user_b.
user_b subscribes to user_a's shake.]
"""
super(APIResourceRequests, self).setUp()
self.user_a = User(
name='admin',
email='*****@*****.**',
email_confirmed=1,
is_paid=1,
about="admin",
website='https://mltshp.com')
self.user_a.set_password('asdfasdf')
self.user_a.save()
self.sid = self.sign_in('admin', 'asdfasdf')
self.xsrf = self.get_xsrf()
self.test_file1_path = os.path.abspath("test/files/1.png")
self.test_file1_sha1 = Sourcefile.get_sha1_file_key(self.test_file1_path)
self.test_file1_content_type = "image/png"
response = self.upload_file(file_path=self.test_file1_path, sha1=self.test_file1_sha1,
content_type=self.test_file1_content_type, user_id=self.user_a.id, sid=self.sid, xsrf=self.xsrf)
self.user_b = User(name='user2', email='*****@*****.**', email_confirmed=1, is_paid=1)
self.user_b.set_password('asdfasdf')
self.user_b.save()
self.group_shake = self.user_b.create_group_shake(title='Group Shake', name='groupshake', description='This is a group shake.')
self.group_shake_2 = self.user_a.create_group_shake(title='Another Group', name='anothergroup')
# Add user_b to user_a's group shake, so we get it in user_b's /shakes endpoint.
shake_manager = ShakeManager(user_id=self.user_b.id, shake_id=self.group_shake_2.id)
shake_manager.save()
self.app = App(user_id=self.user_a.id, title='An App', description='Nothing yet.', redirect_url='http://client.example.com/return')
self.app.save()
self.authorization = Authorizationcode.generate(self.app.id, self.app.redirect_url, self.user_b.id)
self.access_token = Accesstoken.generate(self.authorization.id)
extra_authorization = Authorizationcode.generate(self.app.id, self.app.redirect_url, self.user_b.id)
self.ratelimited_access_token = Accesstoken.generate(extra_authorization.id)
now_hour = datetime.utcnow().strftime('%Y-%m-%d %H:00:00')
ratelimit = Apihit(accesstoken_id=self.ratelimited_access_token.id, hits=options.api_hits_per_hour - 2, hour_start=now_hour)
ratelimit.save()
#subscription
self.user_b.subscribe(self.user_a.shake())
def post(self):
grant_type = self.get_argument('grant_type', None)
code = self.get_argument('code', None)
redirect_url = self.get_argument('redirect_uri', None)
client_secret = self.get_argument('client_secret', None)
client_id = self.get_argument('client_id', None)
username = self.get_argument('username', None)
password = self.get_argument('password', None)
if not grant_type or not client_id or not client_secret:
self.set_status(400)
return self.write({
'error':
'invalid_request',
'error_description':
"The grant_type, client_id, and client_secret parameters are required."
})
if grant_type == 'password':
pass
elif grant_type == 'authorization_code':
if not code or not redirect_url:
self.set_status(400)
return self.write({
'error':
'invalid_request',
'error_description':
"The code and redirect_url parameters are required."
})
else:
self.set_status(401)
return self.write({'error': 'invalid_grant'})
app = App.by_key(client_id)
if not app:
self.set_status(401)
return self.write({'error': 'invalid_client'})
if app.secret != client_secret:
self.set_status(401)
return self.write({'error': 'access_denied'})
auth_code = None
if grant_type == 'password':
#generating one in one fell swoop.
#if user password match then make an auth_code
check_user = User.authenticate(username, password)
if check_user:
auth_code = Authorizationcode.generate(
app_id=app.id,
redirect_url=app.redirect_url,
user_id=check_user.id)
else:
self.set_status(401)
return self.write({'error': 'invalid_request'})
else:
auth_code = Authorizationcode.get(
"code = %s and redirect_url = %s and expires_at > %s", code,
redirect_url, datetime.utcnow())
if auth_code:
self.set_header("Cache-Control", "no-store")
access_token = Accesstoken.generate(auth_code.id)
if access_token:
response = {
"access_token": access_token.consumer_key,
"secret": access_token.consumer_secret,
"token_type": "mac",
"algorithm": "hmac-sha-1"
}
return self.write(response)
else:
self.set_status(401)
return self.write({'error': 'invalid_grant'})
else:
self.set_status(401)
return self.write({'error': 'invalid_grant'})