def setup(self): super(TestStoreAuthz, self).setup() self.app = annotator.app.test_client() self.anno_id = '123' self.permissions = { 'read': ['alice', 'bob'], 'update': ['alice', 'charlie'], 'admin': ['alice'] } ann = Annotation(id=self.anno_id, user='******', text='Foobar', permissions=self.permissions) ann.save() self.consumer = Consumer('test-consumer-key') save(self.consumer) self.user = '******' for u in ['alice', 'bob', 'charlie']: token = auth.generate_token(self.consumer.key, u) setattr(self, '%s_headers' % u, auth.headers_for_token(token))
def add_consumer(): _require_user() c = Consumer() g.user.consumers.append(c) db.session.commit() return redirect(url_for('.home'))
def setup(self): super(TestStore, self).setup() self.app = annotator.app.test_client() self.consumer = Consumer('test-consumer-key') save(self.consumer) self.user = '******' token = auth.generate_token(self.consumer.key, self.user) self.headers = auth.headers_for_token(token)
def generate_token(key, user_id): consumer = Consumer.fetch(key) if consumer is None: raise Exception, "Cannot generate token: invalid consumer key specified" issue_time = datetime.datetime.now(UTC).isoformat() token = hashlib.sha256(consumer.secret + user_id + issue_time).hexdigest() return dict(consumerKey=key, authToken=token, authTokenIssueTime=issue_time, authTokenTTL=consumer.ttl, userId=user_id)
def generate_token(key, user_id): consumer = Consumer.fetch(key) if consumer is None: raise Exception, "Cannot generate token: invalid consumer key specified" issue_time = datetime.datetime.now(UTC).isoformat() token = hashlib.sha256(consumer.secret + user_id + issue_time).hexdigest() return dict( consumerKey=key, authToken=token, authTokenIssueTime=issue_time, authTokenTTL=consumer.ttl, userId=user_id )
def verify_token(token, key, user_id, issue_time): consumer = Consumer.fetch(key) if consumer is None: return False # invalid account key computed_token = hashlib.sha256(consumer.secret + user_id + issue_time).hexdigest() if computed_token != token: return False # Token inauthentic: computed hash doesn't match. validity = iso8601.parse_date(issue_time) expiry = validity + datetime.timedelta(seconds=consumer.ttl) if validity > datetime.datetime.now(UTC): return False # Token not yet valid if expiry < datetime.datetime.now(UTC): return False # Token expired: issue_time + ttl > now return True
def test_key(self): c = Consumer(key='foo') save(c) c = Consumer.fetch('foo') h.assert_equal(c.key, 'foo')
def test_secret(self): c = Consumer(key='foo') save(c) assert c.secret, 'Consumer secret should be set!'
password = '' while not password: password = getpass("Admin password: "******"Primary consumer key [annotateit]: ").strip() if not ckey: ckey = 'annotateit' with annotator.app.test_request_context(): print("\nCreating admin user... ", end="") u = User(username, email, password) annotator.db.session.add(u) annotator.db.session.commit() print("done.") print("Creating primary consumer... ", end="") c = Consumer(ckey) c.user_id = u.id annotator.db.session.add(c) annotator.db.session.commit() print("done.\n") print("Primary consumer secret: %s" % c.secret)
password = "" while not password: password = getpass("Admin password: "******"Primary consumer key [annotateit]: ").strip() if not ckey: ckey = "annotateit" with annotator.app.test_request_context(): print("\nCreating admin user... ", end="") u = User(username, email, password) annotator.db.session.add(u) annotator.db.session.commit() print("done.") print("Creating primary consumer... ", end="") c = Consumer(ckey) c.user_id = u.id annotator.db.session.add(c) annotator.db.session.commit() print("done.\n") print("Primary consumer secret: %s" % c.secret)