class SSOGrantViewSet(viewsets.ReadOnlyModelViewSet):
"""
A `Grant` represents a login attempt, where "application" is the client which was tried to log into.
"""
serializer_class = SSOGrantSerializer
queryset = get_grant_model().objects.all()
permission_classes = [TokenHasScopeOrSuperUser]
@action(detail=False, methods=["GET"])
def get_own(self, request):
queryset = get_grant_model().objects.filter(user=request.user)
serializer = self.get_serializer(queryset, many=True)
return Response(serializer.data)
def form_valid(self, form):
user = self.request.user
app_id = form.cleaned_data['app_id']
self.log.info('Revoking all oauth tokens for user %s, application %d',
user, app_id)
rt_model = oauth2_models.get_refresh_token_model()
at_model = oauth2_models.get_access_token_model()
gr_model = oauth2_models.get_grant_model()
rt_model.objects.filter(user=user, application=app_id).delete()
at_model.objects.filter(user=user, application=app_id).delete()
gr_model.objects.filter(user=user, application=app_id).delete()
return super().form_valid(form)
from urllib.parse import parse_qs, urlparse
import pytest
from django.contrib.auth import get_user_model
from django.core.exceptions import ImproperlyConfigured
from django.test import RequestFactory, TestCase
from django.urls import reverse
from oauth2_provider.models import get_access_token_model, get_application_model, get_grant_model
from oauth2_provider.views import ReadWriteScopedResourceView, ScopedProtectedResourceView
from .utils import get_basic_auth_header
Application = get_application_model()
AccessToken = get_access_token_model()
Grant = get_grant_model()
UserModel = get_user_model()
CLEARTEXT_SECRET = "1234567890abcdefghijklmnopqrstuvwxyz"
# mocking a protected resource view
class ScopeResourceView(ScopedProtectedResourceView):
required_scopes = ["scope1"]
def get(self, request, *args, **kwargs):
return "This is a protected resource"
class MultiScopeResourceView(ScopedProtectedResourceView):
required_scopes = ["scope1", "scope2"]
from django.utils import timezone
from oauthlib.oauth2.rfc6749 import errors as oauthlib_errors
from oauth2_provider.models import (
get_access_token_model, get_application_model,
get_grant_model, get_refresh_token_model
)
from oauth2_provider.settings import oauth2_settings
from oauth2_provider.views import ProtectedResourceView
from .utils import get_basic_auth_header
Application = get_application_model()
AccessToken = get_access_token_model()
Grant = get_grant_model()
RefreshToken = get_refresh_token_model()
UserModel = get_user_model()
# mocking a protected resource view
class ResourceView(ProtectedResourceView):
def get(self, request, *args, **kwargs):
return "This is a protected resource"
class BaseTest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.test_user = UserModel.objects.create_user("test_user", "*****@*****.**", "123456")
self.dev_user = UserModel.objects.create_user("dev_user", "*****@*****.**", "123456")
list_display = ("jti", "user", "application", "expires")
raw_id_fields = ("user", )
search_fields = ("user__email", ) if has_email else ()
list_filter = ("application", )
class RefreshTokenAdmin(admin.ModelAdmin):
list_display = ("token", "user", "application")
raw_id_fields = ("user", "access_token")
search_fields = ("token", ) + (("user__email", ) if has_email else ())
list_filter = ("application", )
application_model = get_application_model()
access_token_model = get_access_token_model()
grant_model = get_grant_model()
id_token_model = get_id_token_model()
refresh_token_model = get_refresh_token_model()
application_admin_class = get_application_admin_class()
access_token_admin_class = get_access_token_admin_class()
grant_admin_class = get_grant_admin_class()
id_token_admin_class = get_id_token_admin_class()
refresh_token_admin_class = get_refresh_token_admin_class()
admin.site.register(application_model, application_admin_class)
admin.site.register(access_token_model, access_token_admin_class)
admin.site.register(grant_model, grant_admin_class)
admin.site.register(id_token_model, id_token_admin_class)
admin.site.register(refresh_token_model, refresh_token_admin_class)
def get_own(self, request):
queryset = get_grant_model().objects.filter(user=request.user)
serializer = self.get_serializer(queryset, many=True)
return Response(serializer.data)
class Meta:
model = get_grant_model()
fields = ["id", "user", "application", "created"]
