def server(self): """All in one endpoints.""" app = self.get_app() expires_in = app.config.get('OAUTH_PROVIDER_TOKEN_EXPIRES_IN') if hasattr(self, '_validator'): return Server(self._validator, token_expires_in=expires_in) if hasattr(self, '_clientgetter') and \ hasattr(self, '_tokengetter') and \ hasattr(self, '_tokensetter') and \ hasattr(self, '_grantgetter') and \ hasattr(self, '_grantsetter'): usergetter = None if hasattr(self, '_usergetter'): usergetter = self._usergetter validator = OAuth2RequestValidator( clientgetter=self._clientgetter, tokengetter=self._tokengetter, grantgetter=self._grantgetter, usergetter=usergetter, tokensetter=self._tokensetter, grantsetter=self._grantsetter, ) return Server(validator, token_expires_in=expires_in) raise RuntimeError('application not bound to required getters')
def server(self): """ All in one endpoints. This property is created automaticly if you have implemented all the getters and setters. However, if you are not satisfied with the getter and setter, you can create a validator with :class:`OAuth2RequestValidator`:: class MyValidator(OAuth2RequestValidator): def validate_client_id(self, client_id): # do something return True And assign the validator for the provider:: oauth._validator = MyValidator() """ expires_in = self.app.config.get('OAUTH2_PROVIDER_TOKEN_EXPIRES_IN') token_generator = self.app.config.get( 'OAUTH2_PROVIDER_TOKEN_GENERATOR', None) if token_generator and not callable(token_generator): token_generator = import_string(token_generator) refresh_token_generator = self.app.config.get( 'OAUTH2_PROVIDER_REFRESH_TOKEN_GENERATOR', None) if refresh_token_generator and not callable(refresh_token_generator): refresh_token_generator = import_string(refresh_token_generator) if hasattr(self, '_validator'): return Server( self._validator, token_expires_in=expires_in, token_generator=token_generator, refresh_token_generator=refresh_token_generator, ) if hasattr(self, '_clientgetter') and \ hasattr(self, '_tokengetter') and \ hasattr(self, '_tokensetter') and \ hasattr(self, '_grantgetter') and \ hasattr(self, '_grantsetter'): usergetter = None if hasattr(self, '_usergetter'): usergetter = self._usergetter validator = OAuth2RequestValidator( clientgetter=self._clientgetter, tokengetter=self._tokengetter, grantgetter=self._grantgetter, usergetter=usergetter, tokensetter=self._tokensetter, grantsetter=self._grantsetter, ) self._validator = validator return Server( validator, token_expires_in=expires_in, token_generator=token_generator, refresh_token_generator=refresh_token_generator, ) raise RuntimeError('application not bound to required getters')
def test_unavailability(self): validator = RequestValidator() server = Server(validator) server.available = False h, b, s = server.create_authorization_response('https://example.com') self.assertIn("temporarily_unavailable", b) self.assertEqual(s, 503)
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) oauth2 = JSONOAuthLibCore(Server(OAuth2V1Validator())) uri, headers, body, status = oauth2.create_token_response(request) return Response(json.loads(body), status=status)
def test_error_catching(self): validator = RequestValidator() server = Server(validator) server.catch_errors = True h, b, s = server.create_authorization_response('https://example.com') self.assertIn("server_error", b) self.assertEqual(s, 500)
def setUp(self): super().setUp() self.oauth = BottleOAuth2(self.app) self.validator = mock.MagicMock() self.server = Server(self.validator) self.oauth.initialize(self.server) self.fake_response = ({}, "", "200 fooOK")
def get_oauthlib_core(): """ Utility function that take a request and returns an instance of `oauth2_provider.backends.OAuthLibCore` """ from oauthlib.oauth2 import Server server = Server(oauth2_settings.OAUTH2_VALIDATOR_CLASS()) return OAuthLibCore(server)
def get_oauthlib_core(): """ Utility function that take a request and returns an instance of `oauth2_provider.backends.OAuthLibCore` """ from oauth2_provider.oauth2_validators import OAuth2Validator from oauthlib.oauth2 import Server server = Server(OAuth2Validator()) return OAuthLibCore(server)
def _validate(request, *args, **kwargs): validator = OAuth2Validator() core = OAuthLibCore(Server(validator)) valid, oauthlib_req = core.verify_request(request, scopes = _scopes) if valid: request.client = oauthlib_req.client request.resource_owner = oauthlib_req.user return view_func(request, *args, **kwargs) return HttpResponseForbidden()
def test_error_catching(self): validator = RequestValidator() server = Server(validator) server.catch_errors = True h, b, s = server.create_token_response( 'https://example.com', body='grant_type=authorization_code&code=abc' ) self.assertIn("server_error", b) self.assertEqual(s, 500)
def get_response(self): oauth2 = JSONOAuthLibCore(Server(OAuth2V1Validator())) url, headers, body, status = oauth2.create_revocation_response( self.request) if status != 200: result = json.loads(body) else: result = {"detail": _("success logout")} return Response(result, status=status)
def setUp(self): self.validator = mock.MagicMock(spec=RequestValidator) self.validator.get_default_redirect_uri.return_value = TestScopeHandling.DEFAULT_REDIRECT_URI self.validator.authenticate_client.side_effect = self.set_client self.server = Server(self.validator) self.web = WebApplicationServer(self.validator) self.mobile = MobileApplicationServer(self.validator) self.legacy = LegacyApplicationServer(self.validator) self.backend = BackendApplicationServer(self.validator)
def setUp(self): self.validator = mock.MagicMock(spec=RequestValidator) self.validator.get_default_redirect_uri.return_value = TestClaimsHandling.DEFAULT_REDIRECT_URI self.validator.authenticate_client.side_effect = self.set_client self.validator.save_authorization_code.side_effect = self.save_claims_with_code self.validator.validate_code.side_effect = self.retrieve_claims_saved_with_code self.validator.save_token.side_effect = self.save_claims_with_bearer_token self.server = Server(self.validator)
def setUp(self): super().setUp() self.oauth = BottleOAuth2(self.app) self.validator = mock.MagicMock() self.server = Server(self.validator) self.oauth.initialize(self.server) self.fake_response = ({ "Content-Type": "application/x-www-form-urlencoded" }, "a=b&c=d", "200 FooOK")
def setUp(self): super().setUp() self.oauth = BottleOAuth2(self.app) self.validator = mock.MagicMock() self.server = Server(self.validator) self.oauth.initialize(self.server) self.fake_request = AttrDict(client="foo", user="******", scopes=['banana', 'pinapple'])
def _validate(request, *args, **kwargs): core = OAuthLibCore(Server(OAuth2Validator())) valid, oauthlib_req = core.verify_request(request, scopes=[]) if valid: # Note, resource_owner is not a very good name for this request.resource_owner = oauthlib_req.user request.oauth = oauthlib_req return view_func(request, *args, **kwargs) return build_error_response(401, 'The token authentication failed.')
def setUp(self): super().setUp() self.oauth = BottleOAuth2(self.app) self.validator = mock.MagicMock() self.server = Server(self.validator) self.oauth.initialize(self.server) self.fake_response = ({ "Content-Type": "application/json" }, "{'valid': true, 'foo': 'bar'}", "200 FooOK")
def authenticate(self, request): """ Authenticate the request """ server = Server(OAuthValidator()) handler = OAuthHandler(server) valid, r = handler.verify_request(request, scopes=[]) if valid: return r.user, r.access_token else: return None
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) data = self.request.data oauth2 = JSONOAuthLibCore(Server(OAuth2V1Validator())) uri, headers, body, status = oauth2.create_token_response(request) data = json.loads(body) if status != 200: raise ValidationError({'username': [data['error']]}) return Response(data, status=status)
def token_endpoint(request): validator = RequestValidator() server = Server(validator) uri, http_method, body, headers = extract_params(request) server_response = server.create_token_response( uri, http_method, body, headers, {}, ) return create_response(*server_response)
def validator(request, *args, **kwargs): from oauth2_provider.oauth2_validators import OAuth2Validator from oauth2_provider.oauth2_backends import OAuthLibCore from oauthlib.oauth2 import Server core = OAuthLibCore(Server(OAuth2Validator())) valid, oauthlib_req = core.verify_request(request, scopes=scopes) if valid: request.token = oauthlib_req.access_token return f(request, *args, **kwargs) return JsonResponseForbidden({ "error": "invalid token", "code": "INVALID_TOKEN" })
def verify_request(request, scopes): validator = RequestValidator() server = Server(validator) uri, http_method, body, headers = extract_params(request) valid, r = server.verify_request( uri, http_method, body, headers, scopes, ) if not valid: raise HTTPUnauthorized() return r.user
def test_server_metadata(self): endpoint = Server(None) metadata = MetadataEndpoint( [endpoint], { "issuer": 'https://foo.bar', "authorization_endpoint": "https://foo.bar/authorize", "introspection_endpoint": "https://foo.bar/introspect", "revocation_endpoint": "https://foo.bar/revoke", "token_endpoint": "https://foo.bar/token", "jwks_uri": "https://foo.bar/certs", "scopes_supported": ["email", "profile"] }) expected_claims = { "issuer": "https://foo.bar", "authorization_endpoint": "https://foo.bar/authorize", "introspection_endpoint": "https://foo.bar/introspect", "revocation_endpoint": "https://foo.bar/revoke", "token_endpoint": "https://foo.bar/token", "jwks_uri": "https://foo.bar/certs", "scopes_supported": ["email", "profile"], "grant_types_supported": [ "authorization_code", "password", "client_credentials", "refresh_token", "implicit" ], "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"], "response_types_supported": ["code", "token"], "response_modes_supported": ["query", "fragment"], "code_challenge_methods_supported": ["plain", "S256"], "revocation_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"], "introspection_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"] } def sort_list(claims): for k in claims.keys(): claims[k] = sorted(claims[k]) sort_list(metadata.claims) sort_list(expected_claims) self.assertEqual(sorted(metadata.claims.items()), sorted(expected_claims.items()))
def server(self): validator_key = '_validator' if hasattr(self, validator_key): return Server( getattr(self, validator_key), token_expires_in=self._token_expires_in, token_generator=self._token_generator, refresh_token_generator=self._refresh_token_generator, ) if hasattr(self, '_clientgetter') and \ hasattr(self, '_tokengetter') and \ hasattr(self, '_tokensetter') and \ hasattr(self, '_grantgetter') and \ hasattr(self, '_grantsetter'): usergetter = None if hasattr(self, '_usergetter'): usergetter = self._usergetter validator = self.oauth_validator( service=self.service, clientgetter=getattr(self, '_clientgetter'), tokengetter=getattr(self, '_tokengetter'), grantgetter=getattr(self, '_grantgetter'), usergetter=usergetter, tokensetter=getattr(self, '_tokensetter'), grantsetter=getattr(self, '_grantsetter')) setattr(self, validator_key, validator) return Server( validator, token_expires_in=self._token_expires_in, token_generator=self._token_generator, refresh_token_generator=self._refresh_token_generator, ) raise RuntimeError('application not bound to required getters')
def server(self): """ All in one endpoints. This property is created automaticaly if you have implemented all the getters and setters. However, if you are not satisfied with the getter and setter, you can create a validator with :class:`OAuth2RequestValidator`:: class MyValidator(OAuth2RequestValidator): def validate_client_id(self, client_id): # do something return True And assign the validator for the provider:: oauth._validator = MyValidator() """ if not self._server: if not self._validator: accessors = [ '_clientgetter', '_tokengetter', '_tokensetter', '_grantgetter', '_grantsetter' ] for accessor in accessors: if not hasattr(self, accessor): raise RuntimeError( 'Missing required accessor {}'.format(accessor)) self._validator = OAuthValidator( clientgetter=self._clientgetter, tokengetter=self._tokengetter, grantgetter=self._grantgetter, usergetter=self._usergetter, tokensetter=self._tokensetter, grantsetter=self._grantsetter, ) self._server = Server( self._validator, token_expires_in=self._expires_in, token_generator=self._token_generator, refresh_token_generator=self._refresh_token_generator, ) return self._server
def __call__(self, request): # 正式环境下要检查AccessToken if not settings.DEBUG: if "account_spider" in request.path: authorization = request.META.get("HTTP_AUTHORIZATION", "") token = request.GET.get("token", "") authorization_session = request.session.get("authorization") if token: request.META["HTTP_AUTHORIZATION"] = "Bearer %s" % token request.session['authorization'] = "Bearer %s" % token elif authorization: request.session['authorization'] = authorization elif authorization_session: request.META["HTTP_AUTHORIZATION"] = authorization_session validator = OAuth2Validator() core = OAuthLibCore(Server(validator)) valid, oauthlib_req = core.verify_request(request, scopes=[]) if not valid: return HttpResponseForbidden() request.resource_owner = oauthlib_req.user return self.get_response(request)
def server(self): """ All in one endpoints. This property is created automatically if you have implemented all the getters and setters. However, if you are not satisfied with the getter and setter, you can create a validator with :class:`OAuth2RequestValidator`:: class MyValidator(OAuth2RequestValidator): def validate_client_id(self, client_id): # do something return True And assign the validator for the provider:: oauth._validator = MyValidator() """ ctx = self.context cfg = ctx._config expires_in = cfg.get('OAUTH2_PROVIDER_TOKEN_EXPIRES_IN') token_generator = cfg.get('OAUTH2_PROVIDER_TOKEN_GENERATOR', None) if token_generator and not callable(token_generator): token_generator = import_string(token_generator) refresh_token_generator = cfg.get( 'OAUTH2_PROVIDER_REFRESH_TOKEN_GENERATOR', None) if refresh_token_generator and not callable(refresh_token_generator): refresh_token_generator = import_string(refresh_token_generator) _validator = ctx.get('_validator', None) if _validator is not None: return Server( _validator, token_expires_in=expires_in, token_generator=token_generator, refresh_token_generator=refresh_token_generator, ) _clientgetter = ctx.get('_clientgetter', None) _tokengetter = ctx.get('_tokengetter', None) _tokensetter = ctx.get('_tokensetter', None) _grantgetter = ctx.get('_grantgetter', None) _grantsetter = ctx.get('_grantsetter', None) if _clientgetter is not None and\ _tokengetter is not None and\ _tokensetter is not None and\ _grantgetter is not None and\ _grantsetter is not None: usergetter = ctx.get('_usergetter', None) validator_class = ctx._validator_class if validator_class is None: validator_class = OAuth2RequestValidator validator = validator_class( clientgetter=_clientgetter, tokengetter=_tokengetter, grantgetter=_grantgetter, usergetter=usergetter, tokensetter=_tokensetter, grantsetter=_grantsetter, ) ctx._validator = validator return Server( validator, token_expires_in=expires_in, token_generator=token_generator, refresh_token_generator=refresh_token_generator, ) raise RuntimeError( 'oauth2 provider plugin not bound to required getters and setters')
def __init__(self, request): self.request = request self.validator = RequestValidator() self.server = Server(self.validator)
def __init__(self, validator: OauthlibRequestValidator): self._server = Server(validator)
def __init__(self): validator = DjangoValidator() # TODO: this should probably be tunable through settings self._authorization_endpoint = Server(validator) self._error_uri = reverse('oauth2_error')