def setUp(self): """ user_a -> admin user_b -> user2 user_a uploads shared file. We authenticate to the API with user_b. user_b subscribes to user_a's shake.] """ super(APIResourceRequests, self).setUp() self.user_a = User( name='admin', email='*****@*****.**', email_confirmed=1, is_paid=1, about="admin", website='https://mltshp.com') self.user_a.set_password('asdfasdf') self.user_a.save() self.sid = self.sign_in('admin', 'asdfasdf') self.xsrf = self.get_xsrf() self.test_file1_path = os.path.abspath("test/files/1.png") self.test_file1_sha1 = Sourcefile.get_sha1_file_key(self.test_file1_path) self.test_file1_content_type = "image/png" response = self.upload_file(file_path=self.test_file1_path, sha1=self.test_file1_sha1, content_type=self.test_file1_content_type, user_id=self.user_a.id, sid=self.sid, xsrf=self.xsrf) self.user_b = User(name='user2', email='*****@*****.**', email_confirmed=1, is_paid=1) self.user_b.set_password('asdfasdf') self.user_b.save() self.group_shake = self.user_b.create_group_shake(title='Group Shake', name='groupshake', description='This is a group shake.') self.group_shake_2 = self.user_a.create_group_shake(title='Another Group', name='anothergroup') # Add user_b to user_a's group shake, so we get it in user_b's /shakes endpoint. shake_manager = ShakeManager(user_id=self.user_b.id, shake_id=self.group_shake_2.id) shake_manager.save() self.app = App(user_id=self.user_a.id, title='An App', description='Nothing yet.', redirect_url='http://client.example.com/return') self.app.save() self.authorization = Authorizationcode.generate(self.app.id, self.app.redirect_url, self.user_b.id) self.access_token = Accesstoken.generate(self.authorization.id) extra_authorization = Authorizationcode.generate(self.app.id, self.app.redirect_url, self.user_b.id) self.ratelimited_access_token = Accesstoken.generate(extra_authorization.id) now_hour = datetime.utcnow().strftime('%Y-%m-%d %H:00:00') ratelimit = Apihit(accesstoken_id=self.ratelimited_access_token.id, hits=options.api_hits_per_hour - 2, hour_start=now_hour) ratelimit.save() #subscription self.user_b.subscribe(self.user_a.shake())
def post(self): grant_type = self.get_argument('grant_type', None) code = self.get_argument('code', None) redirect_url = self.get_argument('redirect_uri', None) client_secret = self.get_argument('client_secret', None) client_id = self.get_argument('client_id', None) username = self.get_argument('username', None) password = self.get_argument('password', None) if not grant_type or not client_id or not client_secret: self.set_status(400) return self.write({ 'error': 'invalid_request', 'error_description': "The grant_type, client_id, and client_secret parameters are required." }) if grant_type == 'password': pass elif grant_type == 'authorization_code': if not code or not redirect_url: self.set_status(400) return self.write({ 'error': 'invalid_request', 'error_description': "The code and redirect_url parameters are required." }) else: self.set_status(401) return self.write({'error': 'invalid_grant'}) app = App.by_key(client_id) if not app: self.set_status(401) return self.write({'error': 'invalid_client'}) if app.secret != client_secret: self.set_status(401) return self.write({'error': 'access_denied'}) auth_code = None if grant_type == 'password': #generating one in one fell swoop. #if user password match then make an auth_code check_user = User.authenticate(username, password) if check_user: auth_code = Authorizationcode.generate( app_id=app.id, redirect_url=app.redirect_url, user_id=check_user.id) else: self.set_status(401) return self.write({'error': 'invalid_request'}) else: auth_code = Authorizationcode.get( "code = %s and redirect_url = %s and expires_at > %s", code, redirect_url, datetime.utcnow()) if auth_code: self.set_header("Cache-Control", "no-store") access_token = Accesstoken.generate(auth_code.id) if access_token: response = { "access_token": access_token.consumer_key, "secret": access_token.consumer_secret, "token_type": "mac", "algorithm": "hmac-sha-1" } return self.write(response) else: self.set_status(401) return self.write({'error': 'invalid_grant'}) else: self.set_status(401) return self.write({'error': 'invalid_grant'})