def reverse_access_token(cls, access_token):
if not access_token:
raise InvalidAccessToken()
part = access_token.split('.')
if len(part) != 3:
raise InvalidAccessToken()
expire, info, check = part
expire_timestamp = int(base36_to_int(expire))
if CurrentTimestamp()() > expire_timestamp:
raise AccessTokenExpired()
part = decrypt_cbc(info, OAUTH2_SETTINGS.ACCESS_TOKEN_SECRET_KEY).split('.')
if len(part) != 6:
raise InvalidAccessToken()
client_pk, user_pk, expire2, scope, is_refreshable, checksum = base36_to_int(part[0]), base36_to_int(part[1]), \
part[2], part[3], part[4], part[5]
if expire2 != expire:
raise InvalidAccessToken()
user_secret_key = UserClientSecretKey.objects.get_cached(user_id=user_pk,
client=Client(pk=client_pk)).secret_key.encode('utf-8')
if checksum != decrypt_cbc(check, user_secret_key):
raise InvalidAccessToken()
return client_pk, user_pk, scope, is_refreshable, expire_timestamp, user_secret_key
def is_feed_available(cls, feed_pk, feed_token):
if not feed_token:
return False
part = feed_token.split('.')
if len(part) != 2:
return False
info, check = part
part = decrypt_cbc(info, SOCIAL_SETTINGS.FEED_TOKEN_SECRET_KEY).split('.')
if len(part) != 4:
return False
feed_token_pk, user_pk, checksum = base36_to_int(part[0]), base36_to_int(part[1]), part[3]
#TODO cache...
secret_key = FeedSecretKey.objects.get_or_create(feed_id=feed_pk)[0].secret_key.encode('utf-8')
if checksum != decrypt_cbc(check, secret_key):
return False
return int(feed_pk) == int(feed_token_pk)
def refresh_access_token(cls, refresh_token, old_access_token, expires_in):
if not old_access_token:
raise InvalidAccessToken()
part = old_access_token.split('.')
if len(part) != 3:
raise InvalidAccessToken()
expire, info, check = part
part = decrypt_cbc(info, OAUTH2_SETTINGS.ACCESS_TOKEN_SECRET_KEY).split('.')
client_pk, user_pk, expire2, scope, is_refreshable, checksum = base36_to_int(part[0]), base36_to_int(part[1]), \
part[2], part[3], part[4], part[5]
user_secret_key = UserClientSecretKey.objects.get_cached(user_id=user_pk,
client=Client(pk=client_pk)).secret_key.encode('utf-8')
if checksum != decrypt_cbc(check, user_secret_key):
raise InvalidAccessToken()
refresh_checksum, _unused = decrypt_cbc(refresh_token, user_secret_key).split('.')
if checksum != refresh_checksum:
raise InvalidRefreshToken()
return cls._generate_access_token(client_pk, user_pk, cls.str_to_scope(scope), expires_in, is_refreshable)
def check_code_and_decrypt_scope(cls, code, client, user):
#TODO make fancy for error handling
try:
client_pk, scope_str, user_pk, timestamp, checksum_unused \
= decrypt_cbc(code, OAUTH2_SETTINGS.CODE_SECRET_KEY).split('.')
if timestamp >= CurrentTimestamp() and str(client.pk) == str(client_pk) and str(user.pk) == str(user_pk):
return cls.str_to_scope(scope_str)
raise InvalidRequestError()
except OAuth2Error:
raise
except:
raise InvalidRequestError()