def post(self, request, format=None):
# We call clear_expired() here in order to removed expired refresh tokens from the database before
# making the call to o/token, otherwise expired refresh tokens would be accepted
clear_expired()
try:
app = CustomApplication.objects.get(name=request.data['app_name'])
except CustomApplication.DoesNotExist:
return Response("Application does not exist", status=status.HTTP_400_BAD_REQUEST)
url = 'http://localhost:8000/o/token/'
headers = {'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic ' + base64_client(app.client_id, app.client_secret)}
payload = 'grant_type=refresh_token' + '&refresh_token=' + request.data['refresh_token']
try:
user = RefreshToken.objects.get(token=request.data['refresh_token']).user
except RefreshToken.DoesNotExist:
return Response('Invalid refresh token', status=status.HTTP_401_UNAUTHORIZED)
response = requests.post(url, data=payload, headers=headers)
data = response.json()
data['user'] = get_user_info_as_dict(user)
scopes_for_list = get_perms(user, app)
data['scopes_list'] = get_scopes_list(scopes_for_list)
return Response(data)
def test_clear_expired_tokens_with_tokens_before_with_valid_refresh_tokens(
self):
self.client.login(username="******", password="******")
app = Application.objects.create(
name="test_app",
redirect_uris=
"http://localhost http://example.com http://example.org",
user=self.user,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
)
oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 0
access_token1 = AccessToken.objects.create(
token="999",
expires=timezone.now() - timedelta(days=30),
scope=2,
application=app,
user=self.user,
created=timezone.now() - timedelta(days=40),
updated=timezone.now() - timedelta(days=40),
)
RefreshToken.objects.create(
token='refresh999',
access_token=access_token1,
application=app,
user=self.user,
)
access_token2 = AccessToken.objects.create(
token="101010",
expires=timezone.now() - timedelta(days=15),
scope=2,
application=app,
user=self.user,
created=timezone.now() - timedelta(days=20),
updated=timezone.now() - timedelta(days=20),
)
RefreshToken.objects.create(
token='refresh101010',
access_token=access_token2,
application=app,
user=self.user,
)
access_token_count = AccessToken.objects.count()
refresh_token_count = RefreshToken.objects.count()
expired_token_count = AccessToken.objects.filter(
expires__lte=timezone.now()).count()
assert access_token_count == 4
assert refresh_token_count == 2
assert expired_token_count == 4
tokens_expired_before_date = timezone.now() - timedelta(
days=20) # 20 days
clear_expired(tokens_expired_before_date)
expired_token_count = AccessToken.objects.filter(
expires__lte=timezone.now()).count()
refresh_token_count = RefreshToken.objects.count()
assert expired_token_count == 4
assert refresh_token_count == 2
def test_clear_expired_tokens_with_tokens(self):
self.client.login(username="******", password="******")
oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 0
ttokens = AccessToken.objects.count()
expiredt = AccessToken.objects.filter(expires__lte=dt.now()).count()
assert ttokens == 2
assert expiredt == 2
clear_expired()
expiredt = AccessToken.objects.filter(expires__lte=dt.now()).count()
assert expiredt == 0
def test_clear_expired_tokens_with_tokens(self):
self.oauth2_settings.CLEAR_EXPIRED_TOKENS_BATCH_SIZE = 10
self.oauth2_settings.CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL = 0.0
at_count = AccessToken.objects.count()
assert at_count == 2 * self.num_tokens, f"{2 * self.num_tokens} access tokens should exist."
rt_count = RefreshToken.objects.count()
assert rt_count == self.num_tokens // 2, f"{self.num_tokens // 2} refresh tokens should exist."
gt_count = Grant.objects.count()
assert gt_count == self.num_tokens * 2, f"{self.num_tokens * 2} grants should exist."
clear_expired()
at_count = AccessToken.objects.count()
assert at_count == self.num_tokens, "Half the access tokens should not have been deleted."
rt_count = RefreshToken.objects.count()
assert rt_count == self.num_tokens // 2, "Half of the refresh tokens should have been deleted."
gt_count = Grant.objects.count()
assert gt_count == self.num_tokens, "Half the grants should have been deleted."
def test_clear_expired_tokens_with_tokens_before_invalid_format(self):
self.client.login(username="******", password="******")
oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 0
app = Application.objects.create(
name="test_app",
redirect_uris=
"http://localhost http://example.com http://example.org",
user=self.user,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
)
AccessToken.objects.create(
token="777",
expires=timezone.now() - timedelta(days=30),
scope=2,
application=app,
user=self.user,
created=timezone.now() - timedelta(days=40),
updated=timezone.now() - timedelta(days=40),
)
AccessToken.objects.create(
token="888",
expires=timezone.now() - timedelta(days=15),
scope=2,
application=app,
user=self.user,
created=timezone.now() - timedelta(days=20),
updated=timezone.now() - timedelta(days=20),
)
access_token_count = AccessToken.objects.count()
expired_token_count = AccessToken.objects.filter(
expires__lte=timezone.now()).count()
assert access_token_count == 4
assert expired_token_count == 4
tokens_expired_before_date = 1728000 # 20 days invalid format, must be datetime object
clear_expired(tokens_expired_before_date)
expired_token_count = AccessToken.objects.filter(
expires__lte=timezone.now()).count()
assert expired_token_count == 4
def test_clear_expired_tokens_incorect_timetype(self):
oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = "A"
with pytest.raises(ImproperlyConfigured) as excinfo:
clear_expired()
result = excinfo.value.__class__.__name__
assert result == "ImproperlyConfigured"
def test_clear_expired_tokens(self):
oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 60
assert clear_expired() is None
def clear_expired_tokens():
oauth2_models.clear_expired()
def clear_expired_tokens():
clear_expired()
def cleanup_token():
clear_expired()
def post(self, request):
verify_via = request.data['verify_via']
client_id = request.data['client_id']
if client_id not in [
'Zpl31xbBNu7m7dayEoNYmJZImo65YqXTK5x4OYFF',
]:
message = {'message': 'Invalid client id'}
return message
if verify_via == 'google':
token = request.data['id_token']
try: # Code to verify the id token
idinfo = client.verify_id_token(token, self.CLIENT_ID)
# Or, if multiple clients access the backend server:
# idinfo = client.verify_id_token(token, None)
# if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
# raise crypt.AppIdentityError("Unrecognized client.")
if idinfo['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
raise crypt.AppIdentityError("Wrong issuer.")
# If auth request is from a G Suite domain:
# if idinfo['hd'] != GSUITE_DOMAIN_NAME:
# raise crypt.AppIdentityError("Wrong hosted domain.")
except crypt.AppIdentityError:
raise crypt.AppIdentityError("Invalid token") # Invalid token
user_id = idinfo['sub']
r = {'message': 'valid', 'user_id': user_id}
return Response(r)
elif verify_via == 'facebook':
token = request.data['access_token']
app_access_token = request.data['app_access_token']
user_id = send_get_to_debug_token_fb(token, app_access_token)
if user_id:
r = {'message': 'valid', 'user_id': user_id}
else:
r = {'message': 'Invalid', 'user_id': user_id}
return Response(r)
elif verify_via == 'manually':
if request.data['signup'] == "True":
user_id = ''
r = {'message': 'valid', 'user_id': user_id}
return Response(r)
token = request.data['access_token']
clear_expired()
access_token = AccessToken.objects.get(token=token)
if access_token:
if not access_token.is_expired(
) and client_id == access_token.application.client_id:
user = access_token.user
user_id = user.id
r = {'message': 'valid', 'user_id': user_id}
return Response(r)
else:
r = {'message': 'Token has been expired'}
return Response(r)
else:
r = {'message': 'Invalid'}
return Response(r)
