def _get_oauth_access_token(self, user_id):
refresh_token = TokenStore.lookup(user_id, self.provider_name)
if refresh_token is None:
raise endpoints.BadRequestException("Fence account not linked")
access_token = self.fence_oauth_adapter.refresh_access_token(
refresh_token.token).get(FenceKeys.ACCESS_TOKEN_KEY)
return access_token
def test_lookup(self):
TokenStore.save(self.user_id, self.token_str, self.issued_at,
self.username, provider_name)
persisted_token = TokenStore.lookup(self.user_id, provider_name)
self.assertEqual(self.token_str, persisted_token.token)
self.assertEqual(self.issued_at, persisted_token.issued_at)
self.assertEqual(self.username, persisted_token.username)
def get_link_info(self, user_info):
"""
Get information about a account link
:param user_info: Information of the user who issued the request to Bond (not necessarily the same as
the username for whom the refresh token was issued by the OAuth provider)
:return: refresh_token
"""
user_id = self.sam_api.user_info(user_info.token)[SamKeys.USER_ID_KEY]
return TokenStore.lookup(user_id, self.provider_name)
def unlink_account(self, user_info):
"""
Revokes user's refresh token and deletes the linkage from the system
:param user_info:
:return:
"""
user_id = self.sam_api.user_info(user_info.token)[SamKeys.USER_ID_KEY]
refresh_token = TokenStore.lookup(user_id, self.provider_name)
if refresh_token:
self.fence_tvm.remove_service_account(user_id)
self.oauth_adapter.revoke_refresh_token(refresh_token.token)
TokenStore.delete(user_id, self.provider_name)
def test_revoke_link_exists(self):
token = str(uuid.uuid4())
TokenStore.save(self.user_id, token, datetime.now(), self.name, provider_name)
user_info = UserInfo(str(uuid.uuid4()), "", "", 30)
self.bond.fence_tvm.get_service_account_key_json(user_info)
self.assertIsNotNone(self.bond.fence_tvm._fence_service_account_key(self.user_id).get())
self.bond.unlink_account(user_info)
self.assertIsNone(self.bond.fence_tvm._fence_service_account_key(self.user_id).get())
self.assertIsNone(TokenStore.lookup(self.user_id, provider_name))
self.bond.oauth_adapter.revoke_refresh_token.assert_called_once()
self.bond.fence_api.delete_credentials_google.assert_called_once()
def generate_access_token(self, user_info):
"""
Given a user, lookup their refresh token and use it to generate a new refresh token from their OAuth
provider. If a refresh token cannot be found for the user_id provided, a MissingTokenError will be raised.
:param user_info: Information of the user who issued the request to Bond (not necessarily the same as
the username for whom the refresh token was issued by the OAuth provider)
:return: Two values: An Access Token string, datetime when that token expires
"""
user_id = self.sam_api.user_info(user_info.token)[SamKeys.USER_ID_KEY]
refresh_token = TokenStore.lookup(user_id, self.provider_name)
if refresh_token is not None:
token_response = self.oauth_adapter.refresh_access_token(refresh_token.token)
expires_at = datetime.fromtimestamp(token_response.get(FenceKeys.EXPIRES_AT_KEY))
return token_response.get("access_token"), expires_at
else:
raise Bond.MissingTokenError("Could not find refresh token for user")
def _get_oauth_access_token(self, user_id):
refresh_token = TokenStore.lookup(user_id, self.provider_name)
if refresh_token is None:
raise endpoints.BadRequestException("Fence account not linked")
access_token = self.fence_oauth_adapter.refresh_access_token(refresh_token.token).get(FenceKeys.ACCESS_TOKEN_KEY)
return access_token
def test_lookup(self):
TokenStore.save(self.user_id, self.token_str, self.issued_at, self.username, provider_name)
persisted_token = TokenStore.lookup(self.user_id, provider_name)
self.assertEqual(self.token_str, persisted_token.token)
self.assertEqual(self.issued_at, persisted_token.issued_at)
self.assertEqual(self.username, persisted_token.username)