def test_get_certificate_exception(self, oauth2_mock):
session_mock = oauth2_mock.return_value
session_mock.post = mock.Mock(side_effect=Exception)
with self.assertRaises(oauth2.OAuth2Error):
oauth2.get_certificate('token', 'state', 'http://test.com/refresh',
'http://test.com/certificate')
def test_get_certificate_status_code(self, oauth2_mock):
session_mock = oauth2_mock.return_value
session_mock.post = mock.Mock(return_value=mock.Mock(status_code=300))
with self.assertRaises(oauth2.OAuth2Error):
oauth2.get_certificate('token', 'state', 'http://test.com/refresh',
'http://test.com/certificate')
def oauth2_callback(request):
user = None
try:
openid_url = request.session.pop('openid')
oauth_state = request.session.pop('oauth_state')
logger.info('Handling OAuth2 callback for %r current state %r',
openid_url, oauth_state)
user = models.User.objects.get(auth__openid_url=openid_url)
logger.info('Discovering token and certificate services')
token_service, cert_service = openid.services(
openid_url, (URN_ACCESS, URN_RESOURCE))
request_url = '{}?{}'.format(settings.WPS_OAUTH2_CALLBACK,
request.META['QUERY_STRING'])
logger.info('Getting token from service')
token = oauth2.get_token(token_service.server_url, request_url,
oauth_state)
logger.info('Getting certificate from service')
cert, key, new_token = oauth2.get_certificate(token, oauth_state,
token_service.server_url,
cert_service.server_url)
logger.info('Updating user with token, certificate and state')
user.auth.update('oauth2', [cert, key],
token=new_token,
state=oauth_state)
except KeyError as e:
logger.exception('Missing %r key from session data', e)
return common.failed('Invalid OAuth state, report to server'
' administrator')
except (WPSError, oauth2.OAuth2Error) as e:
logger.exception('OAuth2 callback failed')
if user is not None:
extra = json.loads(user.auth.extra)
extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e))
user.auth.extra = json.dumps(extra)
user.auth.save()
logger.info('Finished handling OAuth2 callback, redirect to profile')
metrics.track_login(metrics.WPS_OAUTH_LOGIN_SUCCESS, user.auth.openid_url)
return redirect(settings.WPS_PROFILE_URL)
def refresh_certificate(user):
""" Refresh user certificate
Will try to refresh a users certificate if authenticated using OAuth2.
Args:
user: User object.
Return:
returns new certificate
"""
logger.info('Refreshing user certificate')
if user.auth.type == 'myproxyclient':
raise CertificateError(user, 'MyProxyClient certificate has expired')
url, services = discover.discoverYadis(user.auth.openid_url)
auth_service = openid.find_service_by_type(services, URN_AUTHORIZE)
cert_service = openid.find_service_by_type(services, URN_RESOURCE)
try:
extra = json.loads(user.auth.extra)
except ValueError as e:
raise WPSError(
'Missing OAuth2 state, try authenticating with OAuth2 again')
if 'token' not in extra:
raise WPSError(
'Missing OAuth2 token, try authenticating with OAuth2 again')
try:
cert, key, new_token = oauth2.get_certificate(extra['token'],
extra['state'],
auth_service.server_url,
cert_service.server_url,
refresh=True)
except KeyError as e:
raise WPSError('Missing OAuth2 {!r}', e)
logger.info('Retrieved certificate and new token')
extra['token'] = new_token
user.auth.extra = json.dumps(extra)
user.auth.cert = ''.join([cert, key])
user.auth.save()
return user.auth.cert
def test_get_certificate(self, oauth2_mock):
session_mock = oauth2_mock.return_value
session_mock.post = mock.Mock(
return_value=mock.Mock(status_code=200, text='certificate'))
result = oauth2.get_certificate('token', 'http://test.com/refresh',
'http://test.com/certificate')
self.assertIsInstance(result, tuple)
self.assertEqual(len(result), 3)
self.assertEqual(result[0], 'certificate')
self.assertEqual(result[2], 'token')
def oauth2_callback(request):
user = None
try:
openid_url = request.session.pop('openid')
oauth_state = request.session.pop('oauth_state')
user = models.User.objects.get(auth__openid_url=openid_url)
token_service, cert_service = openid.services(
openid_url, (URN_ACCESS, URN_RESOURCE))
request_url = '{}?{}'.format(settings.OAUTH2_CALLBACK,
request.META['QUERY_STRING'])
token = oauth2.get_token(token_service.server_url, request_url,
oauth_state)
logger.info('Retrieved OAuth2 token for OpenID {}'.format(openid_url))
cert, key, new_token = oauth2.get_certificate(token,
token_service.server_url,
cert_service.server_url)
logger.info('Retrieved Certificated for OpenID {}'.format(openid_url))
user.auth.update('oauth2', [cert, key], token=new_token)
except KeyError as e:
pass
except WPSError as e:
logger.exception('OAuth2 callback failed')
if user is not None:
extra = json.loads(user.auth.extra)
extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e))
user.auth.extra = json.dumps(extra)
user.auth.save()
finally:
return redirect(settings.PROFILE_URL)
