def get_id_token(user, client_name):
"""Generates a JWT ID-Token, using or creating user's OAuth access token.
Arguments:
user (User Object): User for which we need to get JWT ID-Token
client_name (unicode): Name of the OAuth2 Client
Returns:
String containing the signed JWT value or raise the exception
'ImproperlyConfigured'
"""
# TODO: there's a circular import problem somewhere which is why we do the oidc import inside of this function.
import oauth2_provider.oidc as oidc
try:
client = Client.objects.get(name=client_name)
except Client.DoesNotExist:
raise ImproperlyConfigured(
"OAuth2 Client with name '%s' is not present in the DB" %
client_name)
access_tokens = AccessToken.objects.filter(
client=client, user__username=user.username,
expires__gt=now()).order_by('-expires')
if access_tokens:
access_token = access_tokens[0]
else:
access_token = AccessToken.objects.create(client=client, user=user)
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def get_scoped_token(self, user, client, scope):
obj = self.get(user=user, client=client, expires__gt=now())
obj_scopes = {s.name for s in obj.scope.all()}
req_scopes = {s.name for s in scope}
if set(req_scopes).issubset(obj_scopes):
return obj
raise AccessToken.DoesNotExist
def get_id_token(user, client_name):
"""Generates a JWT ID-Token, using or creating user's OAuth access token.
Arguments:
user (User Object): User for which we need to get JWT ID-Token
client_name (unicode): Name of the OAuth2 Client
Returns:
String containing the signed JWT value or raise the exception
'ImproperlyConfigured'
"""
# TODO: there's a circular import problem somewhere which is why we do the oidc import inside of this function.
import oauth2_provider.oidc as oidc
try:
client = Client.objects.get(name=client_name)
except Client.DoesNotExist:
raise ImproperlyConfigured("OAuth2 Client with name '%s' is not present in the DB" % client_name)
access_tokens = AccessToken.objects.filter(
client=client,
user__username=user.username,
expires__gt=now()
).order_by('-expires')
if access_tokens:
access_token = access_tokens[0]
else:
access_token = AccessToken.objects.create(client=client, user=user)
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def get_scoped_token(self, user, client, scope):
obj = self.get(user=user, client=client, expires__gt=now())
obj_scopes = {s.name for s in obj.scope.all()}
req_scopes = {s.name for s in scope}
if set(req_scopes).issubset(obj_scopes):
return obj
raise AccessToken.DoesNotExist
def authenticate(self, access_token=None, client=None):
try:
return AccessToken.objects.get(token=access_token,
expires__gt=now(),
client=client)
except AccessToken.DoesNotExist:
return None
def get_access_token(self, request, user, scope, client):
try:
# Attempt to fetch an existing access token.
at = AccessToken.objects.get(user=user,
client=client,
scope=scope,
expires__gt=now())
except AccessToken.DoesNotExist:
# None found... make a new one!
at = self.create_access_token(request, user, scope, client)
return at
def clean_code(self):
code = self.cleaned_data.get('code')
if not code:
raise OAuthValidationError({'error': 'invalid_request'})
try:
self.cleaned_data['grant'] = Grant.objects.get(
code=code, client=self.client, expires__gt=now())
except Grant.DoesNotExist:
raise OAuthValidationError({'error': 'invalid_grant'})
return code
def clean_code(self):
code = self.cleaned_data.get('code')
if not code:
raise OAuthValidationError({'error': 'invalid_request'})
try:
self.cleaned_data['grant'] = Grant.objects.get(
code=code, client=self.client, expires__gt=now())
except Grant.DoesNotExist:
raise OAuthValidationError({'error': 'invalid_grant'})
return code
def get_access_token(self, user):
client = Client.objects.get(name='shoutit-web')
scope = provider_scope.to_int('read', 'write')
try:
# Attempt to fetch an existing access token.
at = AccessToken.objects.get(user=user,
client=client,
scope=scope,
expires__gt=now())
except AccessToken.DoesNotExist:
# None found... make a new one!
at = self.create_access_token(user, scope, client)
self.create_refresh_token(at)
return at
def get_expire_delta(self, reference=None):
"""
Return the number of seconds until this token expires.
"""
if reference is None:
reference = now()
expiration = self.expires
if timezone:
if timezone.is_aware(reference) and timezone.is_naive(expiration):
# MySQL doesn't support timezone for datetime fields
# so we assume that the date was stored in the UTC timezone
expiration = timezone.make_aware(expiration, timezone.utc)
elif timezone.is_naive(reference) and timezone.is_aware(expiration):
reference = timezone.make_aware(reference, timezone.utc)
timedelta = expiration - reference
return timedelta.days*86400 + timedelta.seconds
def get_expire_delta(self, reference=None):
"""
Return the number of seconds until this token expires.
"""
if reference is None:
reference = now()
expiration = self.expires
if timezone:
if timezone.is_aware(reference) and timezone.is_naive(expiration):
# MySQL doesn't support timezone for datetime fields
# so we assume that the date was stored in the UTC timezone
expiration = timezone.make_aware(expiration, timezone.utc)
elif timezone.is_naive(reference) and timezone.is_aware(expiration):
reference = timezone.make_aware(reference, timezone.utc)
timedelta = expiration - reference
return timedelta.days * 86400 + timedelta.seconds
def get_id_token(user):
"""
Generates JWT ID-Token, using or creating user's OAuth access token.
"""
try:
client = Client.objects.get(name="edx-notes")
except Client.DoesNotExist:
raise ImproperlyConfigured(
"OAuth2 Client with name 'edx-notes' is not present in the DB")
try:
access_token = AccessToken.objects.get(client=client,
user=user,
expires__gt=now())
except AccessToken.DoesNotExist:
access_token = AccessToken(client=client, user=user)
access_token.save()
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def get_id_token(user):
"""
Generates JWT ID-Token, using or creating user's OAuth access token.
"""
try:
client = Client.objects.get(name="edx-notes")
except Client.DoesNotExist:
raise ImproperlyConfigured("OAuth2 Client with name 'edx-notes' is not present in the DB")
try:
access_token = AccessToken.objects.get(
client=client,
user=user,
expires__gt=now()
)
except AccessToken.DoesNotExist:
access_token = AccessToken(client=client, user=user)
access_token.save()
id_token = oidc.id_token(access_token)
secret = id_token.access_token.client.client_secret
return id_token.encode(secret)
def invalidate_grant(self, grant):
if constants.DELETE_EXPIRED:
grant.delete()
else:
grant.expires = now() - timedelta(days=1)
grant.save()
def invalidate_grant(self, grant):
if constants.DELETE_EXPIRED:
grant.delete()
else:
grant.expires = now() - timedelta(days=1)
grant.save()
def invalidate_access_token(self, at):
if constants.DELETE_EXPIRED:
at.delete()
else:
at.expires = now() - timedelta(days=1)
at.save()
def get_token(self, token):
return self.get(token=token, expires__gt=now())
def get_token(self, token):
return self.get(token=token, expires__gt=now())
def invalidate_access_token(self, at):
if constants.DELETE_EXPIRED:
at.delete()
else:
at.expires = now() - timedelta(milliseconds=1)
at.save()
def authenticate(self, access_token=None, client=None):
try:
return AccessToken.objects.get(token=access_token,
expires__gt=now(), client=client)
except AccessToken.DoesNotExist:
return None
