def revoke_all_user_tokens(): page = auth.list_users() while page: for user in page.users: auth.revoke_refresh_tokens(user.uid) user = auth.get_user(user.uid) page = page.get_next_page()
def invalidate_session(request): try: FirebaseAuth.revoke_refresh_tokens(get_session_claims(request)["sub"]) finally: # Remove the session cookies. request.session.pop(SESSION_COOKIE, None) request.session.pop(SESSION_COOKIE_LASTCHECKED, None)
def test_verify_session_cookie_revoked(new_user, api_key): custom_token = auth.create_custom_token(new_user.uid) id_token = _sign_in(custom_token, api_key) session_cookie = auth.create_session_cookie( id_token, expires_in=datetime.timedelta(days=1)) time.sleep(1) auth.revoke_refresh_tokens(new_user.uid) claims = auth.verify_session_cookie(session_cookie, check_revoked=False) user = auth.get_user(new_user.uid) # verify_session_cookie succeeded because it didn't check revoked. assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp with pytest.raises(auth.AuthError) as excinfo: claims = auth.verify_session_cookie(session_cookie, check_revoked=True) assert excinfo.value.code == auth._SESSION_COOKIE_REVOKED assert str( excinfo.value) == 'The Firebase session cookie has been revoked.' # Sign in again, verify works. id_token = _sign_in(custom_token, api_key) session_cookie = auth.create_session_cookie( id_token, expires_in=datetime.timedelta(days=1)) claims = auth.verify_session_cookie(session_cookie, check_revoked=True) assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def test_revoke_refresh_tokens(new_user): user = auth.get_user(new_user.uid) old_valid_after = user.tokens_valid_after_timestamp time.sleep(1) auth.revoke_refresh_tokens(new_user.uid) user = auth.get_user(new_user.uid) new_valid_after = user.tokens_valid_after_timestamp assert new_valid_after > old_valid_after
def test_revoke_refresh_tokens(self, user_mgt_app): _, recorder = _instrument_user_manager(user_mgt_app, 200, '{"localId":"testuser"}') before_time = time.time() auth.revoke_refresh_tokens('testuser', app=user_mgt_app) after_time = time.time() request = json.loads(recorder[0].body.decode()) assert request['localId'] == 'testuser' assert int(request['validSince']) >= int(before_time) assert int(request['validSince']) <= int(after_time)
def logout(): oreo = request.cookies.get("uauuccu_oreo") try: profile = auth.verify_session_cookie(oreo) auth.revoke_refresh_tokens(profile["user_id"]) print("[Logged out]") except Exception as e: print(e) print("[Failed to log out]") return redirect("/")
def session_logout(): session_cookie = flask.request.cookies.get('session') try: decoded_claims = auth.verify_session_cookie(session_cookie) auth.revoke_refresh_tokens(decoded_claims['sub']) response = flask.make_response(flask.redirect('/login')) response.set_cookie('session', expires=0) return response except ValueError: return flask.redirect('/login')
def post(self): try: session_cookie = request.cookies.get('session') decoded_claims = auth.verify_session_cookie(session_cookie) auth.revoke_refresh_tokens(decoded_claims['sub']) response = jsonify({}) response.set_cookie('session', expires=0) return response except: return {'message': 'Session lost, just logout'}
def logout(): session_cookie = request.cookies.get('loggedInCookie') try: decoded_claims = auth.verify_session_cookie(session_cookie, app=firebase_app) auth.revoke_refresh_tokens(decoded_claims['sub'], app=firebase_app) response = flask.make_response(redirect('/login')) response.set_cookie('session', expires=0) return response except auth.InvalidSessionCookieError: return redirect('/login')
def revoke_super_admin_privileges(user_id: str) -> None: """Revokes the user's super admin privileges. Args: user_id: str. The Oppia user ID to revoke privileges from. """ auth_id = get_auth_id_from_user_id(user_id) if auth_id is None: raise ValueError('user_id=%s has no Firebase account' % user_id) firebase_auth.set_custom_user_claims(auth_id, None) # NOTE: Revoke session cookies and ID tokens of the user so they are forced # to log back in to obtain their updated privileges. firebase_auth.revoke_refresh_tokens(auth_id)
def logout(): # get session_cookie session_cookie = request.cookies.get(login_cookie_name) # get user user = auth.verify_session_cookie(session_cookie) print("user", user) # let user's seeein_cookie no use auth.revoke_refresh_tokens(user['sub']) # prepare response response = jsonify({"msg": "logout"}) # ley viewer's cookie expire response.set_cookie(login_cookie_name, expires=0) return response
async def logout(response: Response, session: str = Cookie(None)): if session is None: raise HTTPException(404, "cookie not found") try: verification = auth.verify_session_cookie(session) auth.revoke_refresh_tokens(verification["sub"]) except auth.InvalidSessionCookieError: raise HTTPException(401) response.delete_cookie("session") return True
def logout(): session_cookie = request.cookies.get('session') try: # revoke session with Firebase decoded_claims = auth.verify_session_cookie(session_cookie) auth.revoke_refresh_tokens(decoded_claims['sub']) # clear session cookie response = make_response(redirect(url_for('.login'))) response.set_cookie('session', expires=0) print(response) return response except auth.InvalidSessionCookieError: return redirect(url_for('.login'))
def grant_super_admin_privileges(user_id: str) -> None: """Grants the user super admin privileges. Args: user_id: str. The Oppia user ID to promote to super admin. """ auth_id = get_auth_id_from_user_id(user_id) if auth_id is None: raise ValueError('user_id=%s has no Firebase account' % user_id) custom_claims = '{"role":"%s"}' % feconf.FIREBASE_ROLE_SUPER_ADMIN firebase_auth.set_custom_user_claims(auth_id, custom_claims) # NOTE: Revoke session cookies and ID tokens of the user so they are forced # to log back in to obtain their updated privileges. firebase_auth.revoke_refresh_tokens(auth_id)
def logout(request): """ Remove the user session data and make the user to unauthenticated user. """ if save: # save changes in profile before logout if valid session request.user.save(request) try: decoded_claims = auth.verify_session_cookie( request.session[FIREBASE_SESSION_COOKIES]) auth.revoke_refresh_tokens(decoded_claims['sub']) except auth.InvalidSessionCookieError: pass request.session.flush() request.user = User()
def revoke_refresh_token_uid(): cred = credentials.Certificate('path/to/service.json') default_app = firebase_admin.initialize_app(cred) # [START revoke_tokens] # Revoke tokens on the backend. auth.revoke_refresh_tokens(uid) user = auth.get_user(uid) # Convert to seconds as the auth_time in the token claims is in seconds. revocation_second = user.tokens_valid_after_timestamp / 1000 print('Tokens revoked at: {0}'.format(revocation_second)) # [END revoke_tokens] # [START save_revocation_in_db] metadata_ref = firebase_admin.db.reference("metadata/" + uid) metadata_ref.set({'revokeTime': revocation_second}) # [END save_revocation_in_db] print(uid) firebase_admin.delete_app(default_app)
def logout(): # 取得session cookie session_cookie = request.cookies.get(cookie_name) # 取得登入者 user = auth.verify_session_cookie(session_cookie) # 取得user_id user_id = user['user_id'] print(user_id) # 通知firebase 此 session cookie作廢 # user_id會顯示在firebase裡authentication的UID auth.revoke_refresh_tokens(user_id) # 準備回應,不可以已讀不回不然會bad request res = jsonify({'msg': '已登出'}) # 在瀏覽器作廢 session cookie (作廢就是讓cookie過期),寫到cookie要用expires res.set_cookie(cookie_name, expires=0) # 回應前端 return res
def test_verify_id_token_revoked(new_user, api_key): custom_token = auth.create_custom_token(new_user.uid) id_token = _sign_in(custom_token, api_key) claims = auth.verify_id_token(id_token) assert claims['iat'] * 1000 >= new_user.tokens_valid_after_timestamp time.sleep(1) auth.revoke_refresh_tokens(new_user.uid) claims = auth.verify_id_token(id_token, check_revoked=False) user = auth.get_user(new_user.uid) # verify_id_token succeeded because it didn't check revoked. assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp with pytest.raises(auth.RevokedIdTokenError) as excinfo: claims = auth.verify_id_token(id_token, check_revoked=True) assert str(excinfo.value) == 'The Firebase ID token has been revoked.' # Sign in again, verify works. id_token = _sign_in(custom_token, api_key) claims = auth.verify_id_token(id_token, check_revoked=True) assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def firebase(self, config, data): """{ 'iss': 'https://securetoken.google.com/...', 'name': '...', 'picture': '...', 'aud': '...', 'auth_time': 1536947307, 'user_id': '...', 'sub': '...', 'iat': 1536947882, 'exp': 1536951482, 'email': '...', 'email_verified': False, 'uid': '...' }""" decodedToken = auth.verify_id_token(data) if "one-time-token" in config and config["one-time-token"] == True: # Feature: token may used only once. auth.revoke_refresh_tokens(decodedToken["uid"]) if abs(time.time() - decodedToken["auth_time"]) > self.TIMEOUT_FIREBASE: auth.revoke_refresh_tokens(decodedToken["uid"]) raise Exception("Token timed out. Relogin required.") if not decodedToken["email"] in config["users"]: raise Exception("User is not allowed to access.") return True
def logout(decoded_claims: dict = Depends(APICookieCustom(name="session"))): response = JSONResponse(content={'message': 'deslogado com sucesso'}) auth.revoke_refresh_tokens(decoded_claims['sub']) response.set_cookie('session', expires=0) return response
def refresh_custom_token(uid): auth.revoke_refresh_tokens(uid, app=app) return create_custom_token(uid)
def revoke_session_cookie(session_cookie): """Revoke a session cookie.""" decoded_claims = decode_claims(session_cookie) auth.revoke_refresh_tokens(decoded_claims['sub'])
def revoke_refresh_tokens(uid): auth.revoke_refresh_tokens(uid, app=app)
def revoke_user_token(uid): auth.revoke_refresh_tokens(uid) user = auth.get_user(uid)
def revoke_token(user): auth.revoke_refresh_tokens(user.uid)
def logout(): if pb_auth.current_user: uid = pb_auth.current_user['user_id'] auth.revoke_refresh_tokens(uid) return render_template('Login.html')
def revoke_refresh_tokens(token: str): """Revoke a user's refresh token. Args: token (str): The refresh token to authenticate a user. """ auth.revoke_refresh_tokens(token)
def logout(self): auth.revoke_refresh_tokens(self.session['current_user']['uid']) self.session = dict() return redirect(url_for('login'))