def request_token_call(self, secret=None, grant_type='authorization_code', assertion_type=None): ## process flow for oauth params = services.request_value_dict(['client_id', 'redirect_uri']) if grant_type is 'authorization_code': params['code'] = services.get_param('code') params['client_secret'] = services.get_param('shared_secret') elif grant_type is 'refresh_token': # todo implement pass else: ## assume its a bearer token flow params['assertion'] = secret params['grant_type'] = grant_type params['format'] = 'json' base_url = services.get_param('base_url') suffix_override = services.get_param('suffix_override') if suffix_override != None: suffix_override = base_url + '/' + suffix_override client = oauthclient(params['client_id'], services.get_param('shared_secret'), base_url) sending = client.toqueryparams(params) try: request_token = client.requestToken(suffix_override, params) request_token.update(params) if ('error' in request_token): request_token['error_description'] = setup.get_message( request_token['error']) except Exception as e: request_token = {} request_token.update(params) request_token[ 'error'] = "Error occured in oAuth Call ({0})".format(e) print(e) except ValueError as ve: request_token = {} request_token.update(params) request_token[ 'error'] = "Input Error occured in oAuth Call ({0})".format(ve) except: request_token = {} request_token.update(params) request_token['error'] = 'Unknown error' if suffix_override != None: request_token['url_used'] = suffix_override + '?' + sending else: request_token[ 'url_used'] = base_url + '/oauth/request_token?' + sending return request_token
def oauth2_bearerflow_submit(): ## clean out the values, hmm beaker might need to be invalidated services.session.clear_attr([ 'error', 'access_token', 'refresh_token', 'error_description', 'state', 'code' ]) values = dict(name='oauth 2 bearer submit flow') token_type = services.get_param('token_type') if token_type != None: client_id = services.get_param('client_id') username = services.get_param('username') audience = services.get_param('aud') callback = services.get_param('redirect_uri') keysign = services.get_param('keysign') keyname = services.get_param('keyname') privateKey = None publicKey = None if (keysign != None and keysign == 'on' and keyname != None): privateKeyFile = open( setup.keydir + '/' + keyname + '/private.pem', 'r') privateKey = privateKeyFile publicKeyFile = open(setup.keydir + '/' + keyname + '/public.pem', 'r') publicKey = publicKeyFile if token_type == 'jwt': tojson = {} tojson['iss'] = client_id tojson['prn'] = username tojson['aud'] = audience tojson['iat'] = round(time.time()) tojson['exp'] = round(time.time() + 300, 0) secret = json.dumps(tojson) key = services.get_param('shared_secret') algorithm = 'HS256' # RS256 if (privateKey != None): key = setup.keydir + '/' + keyname + '/private.pem' # setup.staticdir + '/mycert-private.pem' algorithm = 'RS256' secret = jwt.encode(tojson, key, algorithm) request_token = oauth2.service.request_token_call( secret, 'urn:ietf:params:oauth:grant-type:jwt-bearer', assertion_type='JWT') values.update(request_token) elif token_type == 'saml' and keysign: assertion = saml2.service.buildAssertion(username, audience, client_id, callback) secret = saml2.service.encodeAssertion( assertion, setup.keydir + '/' + keyname + '/private.pem', publicKey.read( )) #setup.keydir +'/' + keyname + '/public.pem') request_token = oauth2.service.request_token_call( secret, 'urn:ietf:params:oauth:grant-type:saml2-bearer', assertion_type='SAML') values.update(request_token) else: values = {"error": "No token type provided on form"} return values
def testauthorize(): ## process flow for oauth tostore = services.request_value_dict(['client_id','shared_secret','redirect_uri','base_url','state','suffix_override','token_type','scope']) params = services.dict_subset(tostore,['client_id','redirect_uri','state','scope']) params['response_type'] = 'code' services.session.store(tostore, False) if services.session.get_attr('state') is None: services.session.put('state',services.session.get_session().id) params['state'] = services.session.get_attr('state') consumer_key = services.get_param('client_id') shared_secret = services.get_param('shared_secret') base_url = services.get_param('base_url') oauthclient = oauth2.oauthclient(consumer_key, shared_secret, base_url) redirect_url = oauthclient.authorizeRedirect(params=params) return dict(link=redirect_url )
def request_token_call(self,secret=None,grant_type='authorization_code',assertion_type=None): ## process flow for oauth params = services.request_value_dict(['client_id','redirect_uri']) if grant_type is 'authorization_code': params['code'] = services.get_param('code') params['client_secret'] = services.get_param('shared_secret') elif grant_type is 'refresh_token': # todo implement pass else: ## assume its a bearer token flow params['assertion'] = secret params['grant_type'] = grant_type params['format'] = 'json' base_url = services.get_param('base_url') suffix_override = services.get_param('suffix_override') if suffix_override != None: suffix_override = base_url + '/' + suffix_override client = oauthclient(params['client_id'], services.get_param('shared_secret'), base_url) sending = client.toqueryparams(params) try: request_token = client.requestToken(suffix_override, params) request_token.update(params); if ('error' in request_token): request_token['error_description'] = setup.get_message(request_token['error']) except Exception as e: request_token = {} request_token.update(params) request_token['error'] = "Error occured in oAuth Call ({0})".format(e) print (e) except ValueError as ve: request_token = {} request_token.update(params) request_token['error'] = "Input Error occured in oAuth Call ({0})".format(ve) except: request_token = {} request_token.update(params) request_token['error'] = 'Unknown error' if suffix_override != None: request_token['url_used'] = suffix_override + '?' + sending else: request_token['url_used'] = base_url + '/oauth/request_token?' + sending return request_token
def testauthorize(): ## process flow for oauth tostore = services.request_value_dict([ 'client_id', 'shared_secret', 'redirect_uri', 'base_url', 'state', 'suffix_override', 'token_type', 'scope' ]) params = services.dict_subset( tostore, ['client_id', 'redirect_uri', 'state', 'scope']) params['response_type'] = 'code' services.session.store(tostore, False) if services.session.get_attr('state') is None: services.session.put('state', services.session.get_session().id) params['state'] = services.session.get_attr('state') consumer_key = services.get_param('client_id') shared_secret = services.get_param('shared_secret') base_url = services.get_param('base_url') oauthclient = oauth2.oauthclient(consumer_key, shared_secret, base_url) redirect_url = oauthclient.authorizeRedirect(params=params) return dict(link=redirect_url)
def oauth2_bearerflow_submit(): ## clean out the values, hmm beaker might need to be invalidated services.session.clear_attr(['error','access_token','refresh_token','error_description','state','code']) values = dict(name='oauth 2 bearer submit flow') token_type = services.get_param('token_type') if token_type != None: client_id = services.get_param('client_id') username = services.get_param('username') audience = services.get_param('aud') callback = services.get_param('redirect_uri') keysign = services.get_param('keysign') keyname = services.get_param('keyname') privateKey = None publicKey = None if(keysign != None and keysign == 'on' and keyname != None): privateKeyFile = open(setup.keydir +'/' + keyname + '/private.pem', 'r') privateKey = privateKeyFile publicKeyFile = open(setup.keydir +'/' + keyname + '/public.pem', 'r') publicKey = publicKeyFile if token_type == 'jwt': tojson = {} tojson['iss'] = client_id tojson['prn'] = username tojson['aud'] = audience tojson['iat'] = round(time.time()) tojson['exp'] = round(time.time() + 300,0) secret = json.dumps(tojson) key = services.get_param('shared_secret') algorithm = 'HS256' # RS256 if(privateKey != None): key = setup.keydir +'/' + keyname + '/private.pem' # setup.staticdir + '/mycert-private.pem' algorithm = 'RS256' secret = jwt.encode(tojson,key,algorithm ) request_token = oauth2.service.request_token_call(secret,'urn:ietf:params:oauth:grant-type:jwt-bearer',assertion_type='JWT') values.update(request_token) elif token_type == 'saml' and keysign: assertion = saml2.service.buildAssertion(username, audience, client_id, callback) secret = saml2.service.encodeAssertion(assertion,setup.keydir +'/' + keyname + '/private.pem', publicKey.read())#setup.keydir +'/' + keyname + '/public.pem') request_token = oauth2.service.request_token_call(secret,'urn:ietf:params:oauth:grant-type:saml2-bearer',assertion_type='SAML') values.update(request_token) else: values = {"error":"No token type provided on form"} return values
def certsave(): service = services.KeyService() name = services.get_param('name') service.addCert(name) list = service.list() return dict(name='add cert',certs=list)
def certsave(): service = services.KeyService() name = services.get_param('name') service.addCert(name) list = service.list() return dict(name='add cert', certs=list)