def test_user_recovery_for_access_token(logger, mongodb): """Test the recover a user's access_secret based on a given access_token. """ assert user.count() == 0 assert user.dump() == [] username = '******' access_token = ( "eyJleHBpcmVzIjogMTAsICJzYWx0IjogImMyNzZjMCIsICJpZGVudGl0eSI6ICJib2Iif" "QtSy56A7SfLFayHdmuWdwZDBZESKvDCVAIxwHmYqg1wd8LOn12djG_thZg26TTzknKVqT" "GmkOs5hs-B-zSfjVU=" ) access_secret = ( "cf25474cda623fe4cb9cebdbb0c328d44ec33d883d27b8e5dc7d62de2247296fe85e7" "3dc6fb2d6cfe19f2c107676b52070010b1f932c6f25f74f308fe19c09f3" ) data = [ { "username": username, "tokens": { access_token: { "access_secret": access_secret } }, "display_name": "Bobby", "phone": "12121212", "_id": "user-2719963b00964c01b42b5d81c998fd05", "email": "*****@*****.**", "password_hash": pwtools.hash_password('11amcoke') }, ] user.load(data) # Recover the user's secret given the access_token: found = user.secret_for_access_token(access_token) assert found == access_secret # If the token is unknown the nothing will be returned. assert user.secret_for_access_token('fake-token') is None
def secret_for_access_token(request): """Recover the secret token for a given access token. :returns: the secret token string or None if nothing was found. """ log = get_log("secret_for_access_token") access_token = request.matchdict['access_token'].strip() log.warn("Attempting to find secret for access '{}'.".format(access_token)) return user.secret_for_access_token(access_token)