def save_request(self, user): try: db = AuthToken.objects.get(user=user, service=self.service) except AuthToken.DoesNotExist: db = AuthToken(user=user, service=self.service) db.save() return db.pk
def post(self, action=None, **kwargs): if action == 'get_auth_url': auth_url, oauth_token, oauth_token_secret =\ User.get_auth_url() # TODO: Use redis? # app.db['auth_tokens'].insert({ # 'oauth_token': oauth_token, # 'oauth_token_secret': oauth_token_secret, # }) auth = AuthToken(oauth_token, oauth_token_secret) auth.save() logging.debug("User Auth: oauth token %s added", oauth_token) return self._render({'auth_url': auth_url}) if action == 'authenticate': parser = reqparse.RequestParser() parser.add_argument('oauth_token', type=str) parser.add_argument('oauth_verifier', type=str) params = parser.parse_args() oauth_token = params.get('oauth_token') oauth_verifier = params.get('oauth_verifier') logging.debug("User Auth: trying to authenticate with token %s", oauth_token) # TODO: Use redis? auth = AuthToken.get_auth(oauth_token) if not auth: logging.error('User Auth: token %s not found', oauth_token) return odesk_error_response( 500, 500, 'Wrong token: {0!s}'.format(oauth_token)) oauth_token_secret = auth.get('oauth_token_secret') auth_token, user = User.authenticate(oauth_token, oauth_token_secret, oauth_verifier) logging.debug('User Auth: Removing token %s', oauth_token) AuthToken.delete(auth.get('oauth_token')) return self._render({'auth_token': auth_token, 'user': user}) if action == 'get_user': user = getattr(request, 'user', None) if user: return self._render({'user': user}) return odesk_error_response(401, 401, 'Unauthorized') logging.error('User Auth: invalid action %s', action) raise NotFound('Action not found')
def auth(request): token_param = request.GET.get('token') email_param = request.GET['email'] # device name/identifier device_param = request.GET.get('device') email_param = email_param.lower() if token_param is None: # register new token if not settings.ENABLE_REGISTRATION: return JsonResponse({'status': 'REGISTRATION_DISABLED'}) if not email.is_email_valid(email_param) or not email_param.endswith('europa.eu'): return JsonResponse({'status': 'INVALID_EMAIL'}) user_list = User.objects.filter(email=email_param) if not user_list: u = User(email=email_param) u.reset_public_name() u.save() else: u = user_list[0] if email.is_spamming(u.email): return JsonResponse({'status': 'CANCELED_BY_SPAM_PREVENTION'}) token = AuthToken(token_string=AuthToken.gen_token_string(email_param), user=u) token.gen_validation_key() token.save() token.send_validation_mail(public_url='https://' + request.META.get('HTTP_HOST', settings.PUBLIC_URL)) token.save() return JsonResponse({'token': token.token_string, 'status': 'OK'}) else: # actual auth token_list = AuthToken.objects.filter(token_string=token_param) if len(token_list) == 0: return JsonResponse({'status': 'TOKEN_NOT_FOUND'}) token = token_list[0] if token.valid is False: return JsonResponse({'status': 'TOKEN_NOT_ACTIVATED'}) if token.valid and email_param == token.user.email: return JsonResponse({'status': 'OK', 'public_name': token.user.public_name})
def save_token(token_data, request, *args, **kwargs): client = load_client(request.client.client_id) # make sure that every client has only one token existing_tokens = AuthToken.objects(client=client) for token in existing_tokens: token.delete() expires_in = token_data.pop('expires_in') expires = datetime.utcnow() + timedelta(seconds=expires_in) token = AuthToken() token.access_token = token_data['access_token'] #token.refresh_token=token_data['refresh_token'] token.token_type = token_data['token_type'] token._scopes = urllib.unquote_plus(token_data['scope']) token.expires = expires token.client = client token.save() return token
def authenticate(self, username=None, password=None): try: f = urllib2.urlopen(self.minecraft_login_url, urllib.urlencode([('user',username),('password',password),('version',self.minecraft_version)])) except: return None ret = f.readline().strip(); valid = ret != "Bad login" if valid: items = ret.split(':') if ret == "User not premium": uname = username else: uname = items[2] try: user = User.objects.get(username=uname) #user.set_password(password) except User.DoesNotExist: user = User(username=uname,password="******") user.save() if ret != "User not premium": try: token = user.authtoken except AuthToken.DoesNotExist: token = AuthToken(user=user) token.download_ticket = items[1] token.session_id = items[3] token.latest_version = items[0] token.save() return user return None
def test_token(self, delete_mock, get_mock, put_mock): TOKEN = '394c46b8902fb5e8fc9268f3cfd84539' SECRET = '394c46b8902fb5e8fc9268f3cfd84538' token_dict = dict(oauth_token=TOKEN, oauth_token_secret=SECRET, id=TOKEN) token = AuthToken(oauth_token=TOKEN, oauth_token_secret=SECRET) self.assertEquals(token.to_dict(), token_dict) token.save() put_mock.assert_called_with(token.TABLE_NAME, token_dict) get_mock.return_value = None self.assertEquals(AuthToken.get_auth('invalid'), None) # get_item get_mock.return_value = token_dict self.assertEquals(AuthToken.get_auth(TOKEN), token_dict) # delete AuthToken.delete(TOKEN) delete_mock.assert_called_with(token.TABLE_NAME, id=TOKEN) get_mock.return_value = None self.assertEquals(AuthToken.get_auth('invalid'), None)