def save_refresh_token(self, token, request, user):
refresh_token = Token(
code=token["refresh_token"],
expires_in=REFRESH_TOKEN_LIFESPAN,
scopes=list_to_scope(request.scopes),
)
# that elusive bug
msg = "saving refresh token with\ncode: {}\nexpires in: {}\nscopes: {}".format(
token["refresh_token"],
REFRESH_TOKEN_LIFESPAN,
list_to_scope(request.scopes),
)
current_app.logger.debug(msg)
db.session.add(refresh_token)
request.client.refresh_tokens.append(refresh_token)
user.refresh_token = refresh_token
db.session.commit()
msg = "Added new refresh token to client {} and user {}".format(
request.client.client_id, user.user_id)
current_app.logger.debug(msg)
return
def test_list_to_scope(self):
expected = 'foo bar baz'
string_list = ['foo', 'bar', 'baz']
self.assertEqual(list_to_scope(string_list), expected)
obj_list = [ScopeObject('foo'), ScopeObject('bar'), ScopeObject('baz')]
self.assertEqual(list_to_scope(obj_list), expected)
def init_clients(app, session, default_scopes=None):
scopes = default_scopes or ["ham", "eggs"]
client = models.Client(
name="BenwaOnline",
client_id=app.config["CLIENT_ID"],
client_secret=app.config["CLIENT_SECRET"],
grant_type="authorization_code",
response_type="code",
_redirect_uris="http://127.0.0.1:5000/authorize/callback",
default_scopes=list_to_scope(scopes),
allowed_scopes=list_to_scope(scopes),
)
session.add(client)
session.commit()
return
def test_list_to_scope(self):
expected = 'foo bar baz'
string_list = ['foo', 'bar', 'baz']
self.assertEqual(list_to_scope(string_list), expected)
string_tuple = ('foo', 'bar', 'baz')
self.assertEqual(list_to_scope(string_tuple), expected)
obj_list = [ScopeObject('foo'), ScopeObject('bar'), ScopeObject('baz')]
self.assertEqual(list_to_scope(obj_list), expected)
set_list = set(string_list)
set_scope = list_to_scope(set_list)
assert len(set_scope.split(' ')) == 3
for x in string_list:
assert x in set_scope
self.assertRaises(ValueError, list_to_scope, object())
def validate_scopes(self, client_id, scopes, client, request, *args,
**kwargs):
"""Check if requested scopes are in the client's allowed scopes.
Set the normalized set of scopes in the request object.
Returns:
True
"""
req_scopes = [
scope for scope in scopes if scope in client.allowed_scopes
]
request.scopes = list_to_scope(req_scopes)
return True
def prepare_request_uri(self, uri, scope=None, **kwargs):
if not is_secure_transport(uri):
raise InsecureTransportError()
scope = self.scope if scope is None else scope
params = [(('client_id', self.client_id)),
(('grant_type', self.grant_type))]
if self.client_secret is not None:
params.append(('client_secret', self.client_secret))
if scope:
params.append(('scope', list_to_scope(scope)))
for k in kwargs:
if kwargs[k]:
params.append((str(k), kwargs[k]))
return add_params_to_uri(uri, params)
def get_scope_string(**kwargs):
if 'scopes' in kwargs:
return utils.list_to_scope(kwargs.get('scopes'))
elif 'scope' in kwargs:
return kwargs.get('scope')
def update(client, permissions):
scopes = list_to_scope(permissions)
client.grant_type = "authorization_code"
client.response_type = "code"
client.default_scopes = scopes
client.allowed_scopes = scopes
def get_scope_string(**kwargs):
if 'scopes' in kwargs:
return utils.list_to_scope(kwargs.get('scopes'))
elif 'scope' in kwargs:
return kwargs.get('scope')
