def create_auth_server():
client_store = ClientStore()
client_store.add_client(
client_id="alexa.matsuoka",
client_secret="xxxx",
redirect_uris=[
"https://layla.amazon.com/api/skill/link/M2Q7FOC6AVxxxx",
"https://pitangui.amazon.com/api/skill/link/M2Q7FOC6AVxxxx",
"https://alexa.amazon.co.jp/api/skill/link/M2Q7FOC6AVxxxx"
])
token_store = TokenStore()
token_store.save_token(
AccessToken(client_id="alexa.matsuoka",
grant_type="authorization_code",
user_id="*****@*****.**",
token="xxxx"))
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=Uuid4(),
client_authentication_source=http_basic_auth)
provider.add_grant(
AuthorizationCodeGrant(site_adapter=TestSiteAdapter(),
unique_token=True))
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
],
debug=False)
return app
def run_auth_server():
try:
client_store = ClientStore()
client_store.add_client(
client_id="abc",
client_secret="xyz",
redirect_uris=["http://localhost:8081/callback"])
token_store = TokenStore()
auth_controller = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
site_adapter=TestSiteAdapter(),
token_generator=Uuid4())
auth_controller.add_grant(AuthorizationCodeGrant())
app = Wsgi(server=auth_controller)
httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler)
print(
"Starting implicit_grant oauth2 server on http://localhost:8080/..."
)
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def run_auth_server():
try:
client_store = ClientStore()
client_store.add_client(client_id="abc",
client_secret="xyz",
redirect_uris=["http://localhost:8081/"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=Uuid4())
provider.add_grant(ImplicitGrant(site_adapter=TestSiteAdapter()))
app = Application(provider=provider)
httpd = make_server('', 8080, app)
print(
"Starting implicit_grant oauth2 server on http://localhost:8080/..."
)
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def run_auth_server():
try:
client_store = ClientStore()
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=[])
token_store = TokenStore()
token_gen = Uuid4()
token_gen.expires_in['client_credentials'] = 3600
auth_controller = Provider(
access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=token_gen)
auth_controller.add_grant(ClientCredentialsGrant())
app = Application(provider=auth_controller)
httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler)
print("Starting implicit_grant oauth2 server on http://localhost:8080/...")
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
def run_auth_server():
client_store = ClientStore()
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=[],
authorized_grants=[oauth2.grant.ClientCredentialsGrant.grant_type])
token_store = TokenStore()
# Generator of tokens
token_generator = oauth2.tokengenerator.Uuid4()
token_generator.expires_in[oauth2.grant.ClientCredentialsGrant.grant_type] = 3600
provider = Provider(access_token_store=token_store,
auth_code_store=token_store, client_store=client_store,
token_generator=token_generator)
# provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
provider.add_grant(ClientCredentialsGrant())
try:
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
])
app.listen(8080)
print("Starting OAuth2 server on http://localhost:8080/...")
IOLoop.current().start()
except KeyboardInterrupt:
IOLoop.close()
def run_auth_server():
client_store = ClientStore()
# client_store.add_client(client_id="abc", client_secret="xyz",
# redirect_uris=["http://localhost:8081/callback"])
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=["http://localhost:8080/auth/realms/keycloak-express/broker/oidc/endpoint"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store, client_store=client_store,
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
try:
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
])
app.listen(8090)
print("Starting OAuth2 server on http://localhost:8090/...")
IOLoop.current().start()
except KeyboardInterrupt:
IOLoop.close()
def run_auth_server():
client_store = ClientStore()
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=["http://10.10.112.59:8081/callback"])
client_store.add_client(client_id="bcd", client_secret="fff",
redirect_uris=["http://10.10.112.59:50000/callback"])
client_store.add_client(client_id="9fdc2c7a1cee0cca54c150e3e0b822eb", client_secret="zzz",
redirect_uris=["http://10.10.112.59:8888/callback"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store, client_store=client_store,
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
settings = dict(
template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "static"),
cookie_secret='61oETzKXQAGaYdkL5gEmGEJJFuYh7EQnp2XdTP1o/Vo=',
)
try:
app = Application([
url(provider.authorize_path, OAuth2Handler, dict(provider=provider)),
url(provider.token_path, OAuth2Handler, dict(provider=provider)),
url("/", MainHandler),
], **settings)
app.listen(8080)
print "Starting OAuth2 server on http://10.10.112.59:8080/..."
IOLoop.current().start()
except KeyboardInterrupt:
IOLoop.close()
def setUp(self):
self.access_token_data = {
"client_id": "myclient",
"token": "xyz",
"scopes": ["foo_read", "foo_write"],
"data": {
"name": "test"
},
"grant_type": "authorization_code"
}
self.auth_code = AuthorizationCode("myclient", "abc", 100,
"http://localhost",
["foo_read", "foo_write"],
{"name": "test"})
self.test_store = TokenStore()
def setUp(self):
self.access_token_data = {"client_id": "myclient",
"token": "xyz",
"scopes": ["foo_read", "foo_write"],
"data": {"name": "test"},
"grant_type": "authorization_code"}
self.auth_code = AuthorizationCode("myclient", "abc", 100,
"http://localhost",
["foo_read", "foo_write"],
{"name": "test"})
self.test_store = TokenStore()
class MemoryTokenStoreTestCase(unittest.TestCase):
def setUp(self):
self.access_token_data = {"client_id": "myclient",
"token": "xyz",
"scopes": ["foo_read", "foo_write"],
"data": {"name": "test"},
"grant_type": "authorization_code"}
self.auth_code = AuthorizationCode("myclient", "abc", 100,
"http://localhost",
["foo_read", "foo_write"],
{"name": "test"})
self.test_store = TokenStore()
def test_fetch_by_code(self):
with self.assertRaises(AuthCodeNotFound):
self.test_store.fetch_by_code("unknown")
def test_save_code_and_fetch_by_code(self):
success = self.test_store.save_code(self.auth_code)
self.assertTrue(success)
result = self.test_store.fetch_by_code(self.auth_code.code)
self.assertEqual(result, self.auth_code)
def test_save_token_and_fetch_by_token(self):
access_token = AccessToken(**self.access_token_data)
success = self.test_store.save_token(access_token)
self.assertTrue(success)
result = self.test_store.fetch_by_token(access_token.token)
self.assertEqual(result, access_token)
def run_auth_server(port=8282):
print("Starting OAuth2 server on port:" + str(port))
client_store = ClientStore()
client_store.add_client(client_id="abc",
client_secret="xyz",
redirect_uris=["http://0.0.0.0:5000/"])
token_store = TokenStore()
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=Uuid4())
provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
app = Application(provider=provider)
httpd = make_server('', port, app, handler_class=OAuthRequestHandler)
httpd.serve_forever()
def get(self):
try:
client_store = ClientStore()
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=[],
authorized_grants=[oauth2.grant.ClientCredentialsGrant.grant_type])
token_store = TokenStore()
# Generator of tokens
token_generator = oauth2.tokengenerator.Uuid4()
token_generator.expires_in[oauth2.grant.ClientCredentialsGrant.grant_type] = 3600
provider = Provider(access_token_store=token_store,
auth_code_store=token_store, client_store=client_store,
token_generator=token_generator)
# provider.add_grant(AuthorizationCodeGrant(site_adapter=TestSiteAdapter()))
provider.add_grant(ClientCredentialsGrant())
except Exception as e:
result = {"success":0,"return_code":unicode(e),"error_msg":utils.format_error()}
self.finish(result)
def run_auth_server():
try:
client_store = ClientStore()
client_store.add_client(client_id="abc", client_secret="xyz",
redirect_uris=["http://localhost:8081/callback"])
token_store = TokenStore()
provider = TestProvider(
access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=Uuid4())
app = OAuthApplication(provider=provider)
httpd = make_server('', 8080, app, handler_class=OAuthRequestHandler)
print("Starting OAuth2 server on http://localhost:8080/...")
httpd.serve_forever()
except KeyboardInterrupt:
httpd.server_close()
class MemoryTokenStoreTestCase(unittest.TestCase):
def setUp(self):
self.access_token_data = {
"client_id": "myclient",
"token": "xyz",
"scopes": ["foo_read", "foo_write"],
"data": {
"name": "test"
},
"grant_type": "authorization_code"
}
self.auth_code = AuthorizationCode("myclient", "abc", 100,
"http://localhost",
["foo_read", "foo_write"],
{"name": "test"})
self.test_store = TokenStore()
def test_fetch_by_code(self):
with self.assertRaises(AuthCodeNotFound):
self.test_store.fetch_by_code("unknown")
def test_save_code_and_fetch_by_code(self):
success = self.test_store.save_code(self.auth_code)
self.assertTrue(success)
result = self.test_store.fetch_by_code(self.auth_code.code)
self.assertEqual(result, self.auth_code)
def test_save_token_and_fetch_by_token(self):
access_token = AccessToken(**self.access_token_data)
success = self.test_store.save_token(access_token)
self.assertTrue(success)
result = self.test_store.fetch_by_token(access_token.token)
self.assertEqual(result, access_token)
# -*- coding: utf-8 -*-
import cherrypy
from . import verify, client_credentials, password
from oauth2.tokengenerator import Uuid4
from oauth2.store.memory import ClientStore, TokenStore
tokens = TokenStore()
clients = ClientStore()
clients.add_client(client_id="novareto", client_secret="test",
redirect_uris=[])
tickets = Uuid4()
tickets.expires_in['client_credentials'] = 7200
def run():
cherrypy.config.update({
'server.socket_host': '0.0.0.0',
'server.socket_port': 8085,
})
cherrypy.tree.graft(
client_credentials.make_application(tokens, clients, tickets),
'/auth.client')
cherrypy.tree.graft(
password.make_application(tokens, clients, tickets),
'/auth.passwd')
cherrypy.tree.graft(
def __init__(self, dbconnection):
self.templates = os.path.join(os.path.dirname(__file__),
"../templates")
self.static = os.path.join(os.path.dirname(__file__), "../static")
# DataBase connection
self.dbconnection = dbconnection
##
# OAuth authentication service (token provider)
# Client Store (will be taken from db)
client_store = ClientStore()
client_store.add_client(client_id="abc",
client_secret="xyz",
redirect_uris=["http://localhost:8111"])
##
# OAuth Token Store (in memory)
token_store = TokenStore()
# Generator of tokens
token_generator = Uuid4()
#token_generator.expires_in[ClientCredentialsGrant.grant_type] = 3600
##
# OAuth Provider
provider = Provider(access_token_store=token_store,
auth_code_store=token_store,
client_store=client_store,
token_generator=token_generator)
#provider.token_path = '/oauth/token'
# Support for the authorization code grant
provider.add_grant(
AuthorizationCodeGrant(site_adapter=CodeGrant(self.templates)))
# provider.add_grant(
# ImplicitGrant(site_adapter=Authentication())
# )
logger.debug(provider.authorize_path)
logger.debug(provider.token_path)
##
# Auth handlers
auth_handlers = [
web.url(provider.authorize_path, OAuth2Handler,
dict(provider=provider)),
web.url(provider.token_path, OAuth2Handler,
dict(provider=provider))
]
##
# Web
web_handlers = [
web.url(r"/login", login.Index),
web.url(r"/logout", logout.Index),
web.url(r"/password/(.*)", password.Index),
web.url(r"/forgot_password", password.Forgot),
web.url(r"/registration", registration.Index),
web.url(r'/', home.Index),
web.url(r'/settings', home.User),
web.url(r'/projects', projects.Projects),
web.url(r'/slices/([a-z0-9\._\-]+)', slices.Slices),
web.url(r'/users', users.Users),
web.url(r'/users/?(' + self.urn_regex + ')', users.Users),
web.url(r'/activity', activity.Index),
web.url(r'/confirm/(' + self.uuid_regex + ')?', confirm.Index),
web.url(r'/status', status.Index),
web.url(r'/static/(.*)', web.StaticFileHandler,
{'path': self.static}),
web.url(r'/test', test.Index),
web.url(r"/addOrganization", addOrganization.Index)
]
##
# REST API
rest_handlers = [
web.url(r'/api/v1/activity?([A-Za-z0-9-]+)?', ActivityHandler),
web.url(r'/api/v1/activity/(' + self.uuid_regex + ')?',
ActivityHandler),
web.url(r'/api/v1/confirm/(' + self.uuid_regex + ')?',
ConfirmHandler),
web.url(r'/api/v1/requests?([A-Za-z0-9-]+)?', RequestsHandler),
web.url(r'/api/v1/requests/(' + self.uuid_regex + ')?',
RequestsHandler),
web.url(r'/api/v1/usertoken?', UserTokenHandler),
web.url(r'/api/v1/login', LoginHandler),
web.url(r'/api/v1/password', PasswordHandler),
web.url(r'/api/v1/password/(.*)', PasswordHandler),
web.url(r'/api/v1/resources$', ResourcesHandler),
web.url(r'/api/v1/resources/(' + self.urn_regex + ')?$',
ResourcesHandler),
web.url(r'/api/v1/resources/(' + self.urn_regex + ')?/?(leases)?$',
ResourcesHandler),
web.url(r'/api/v1/resources/(' + self.urn_regex + ')?/?(slices)?$',
ResourcesHandler),
web.url(
r'/api/v1/resources/(' + self.urn_regex + ')?/?(testbeds)?$',
ResourcesHandler),
# leases
web.url(r'/api/v1/leases$', LeasesHandler),
web.url(r'/api/v1/leases/([A-Za-z0-9-]+)?', LeasesHandler),
web.url(r'/api/v1/profile$', ProfileHandler),
# testbeds
web.url(
r'/api/v1/testbeds/?(' + self.urn_regex + ')?/?(resources)?$',
TestbedsHandler),
web.url(r'/api/v1/testbeds/?(' + self.urn_regex + ')?/?(leases)?$',
TestbedsHandler),
# users
web.url(r'/api/v1/users$', UsersHandler),
web.url(r'/api/v1/users/(' + self.email_regex + ')$',
UsersHandler),
web.url(
r'/api/v1/users/?(' + self.urn_regex +
')?/?(authorities|projects|slices)?$', UsersHandler),
web.url(r'/api/v1/users/?(authorities|projects|slices)?$',
UsersHandler),
# authorities
web.url(r'/api/v1/authorities$', AuthoritiesHandler),
web.url(
r'/api/v1/authorities/?(' + self.urn_regex +
')?/?(users|projects)?$', AuthoritiesHandler),
# projects
web.url(
r'/api/v1/projects/?(' + self.urn_regex +
')?/?(users|slices)?$', ProjectsHandler),
# slices
web.url(
r'/api/v1/slices/?(' + self.hrn_regex +
')?/?(users|resources)?$', SlicesHandler),
web.url(
r'/api/v1/slices/?(' + self.urn_regex +
')?/?(users|resources)?$', SlicesHandler),
# F-Interop sessions
# security based on the slice id
web.url(
r'/api/v1/finterop/sessions/?(' + self.urn_regex +
')?/?(start|stop)?$', FinteropSessionsHandler),
web.url(
r'/api/v1/finterop/sessions/?(' + self.hrn_regex +
')?/?(start|stop)?$', FinteropSessionsHandler),
web.url(
r'/api/v1/finterop/sessions/?([a-zA-Z0-9]+)?/?(start|stop)?$',
FinteropSessionsHandler),
#web.url(r'/api/v1/finterop/sessions/?([a-zA-Z0-9]+)?/resources$', ResourceRepoHandler),
]
##
# Websockets API
# SockJSRouter: configure Websocket
WebsocketRouter = SockJSRouter(WebsocketsHandler, '/api/v1/live')
##
# URLs handlers
handlers = auth_handlers + web_handlers + rest_handlers + WebsocketRouter.urls
settings = dict(
cookie_secret=config.web["cookie_secret"],
login_url="/login",
token_secret=config.web["token_secret"],
template_path=self.templates,
static_path=self.static,
#xsrf_cookies=True,
debug=True)
web.Application.__init__(self, handlers, **settings)
