def test_scopes_default_to_profile(self, oauth_client, core_client): get_bearer_token("email", "password", client_id="543210789456", account_server_url="account_server_url", oauth_server_url="oauth_server_url") oauth_client().authorize_token.assert_called_with( 'abcd', 'profile', '543210789456')
def test_scopes_default_to_profile(self, oauth_client, core_client): get_bearer_token("email", "password", client_id="543210789456", account_server_url="account_server_url", oauth_server_url="oauth_server_url") oauth_client().authorize_token.assert_called_with( core_client.return_value.login.return_value, 'profile' )
def test_client_id_is_mandatory(self): try: get_bearer_token("email", "password", account_server_url="account_server_url", oauth_server_url="oauth_server_url") except ValueError as e: self.assertEqual("%s" % e, 'Please define a client_id.') else: self.fail("ValueError not raised")
def test_fxa_validate(): """Test the FxA validation routines. This requires the PyFxA 0.5.0 module. """ from fxa.tools.create_user import create_new_fxa_account from fxa.tools.bearer import get_bearer_token from fxa.constants import ENVIRONMENT_URLS token = os.environ.get("FXA_TOKEN") if not token: email, password = create_new_fxa_account( fxa_user_salt=None, account_server_url=ENVIRONMENT_URLS['stage']['authentication'], prefix='fxa', content_server_url=ENVIRONMENT_URLS['stage']['content'], ) token = get_bearer_token( email=email, password=password, scopes=["https://identity.mozilla.com/apps/pushbox/"], account_server_url=ENVIRONMENT_URLS['stage']['authentication'], oauth_server_url=ENVIRONMENT_URLS['stage']['oauth'], client_id="5882386c6d801776", ) print("Token: Bearer {}".format(token)) result = fxa_validate_read( { "type": 'TOKEN', "methodArn": ("arn:aws:execute-api:us-east-1:927034868273:3ksq" "xftunj/dev/POST/v1/store/fxa/e6bddbeae45048" "838e5a97eeba6633a7/11579fc58d0c5120329b5f7e0f7e" "7c3a"), "authorizationToken": "Bearer {}".format(token) }, None) assert (result == { 'principalId': 'user', 'policyDocument': { 'Version': '2012-10-17', 'Statement': [{ 'Action': 'execute-api:Invoke', 'Effect': 'Allow', 'Resource': ('arn:aws:execute-api:us-east-1:927034868273:' '3ksqxftunj/dev/POST/*') }] } }) print("Ok") return token
def create(self): session = self.client.create_account(self.acct.email, self.password) m = self.acct.wait_for_email(functools.partial(self._verify, session)) if m is None: raise RuntimeError("verification email did not arrive") self.token = get_bearer_token(self.acct.email, self.password, account_server_url=self.server + "/v1", oauth_server_url=self.oauth, scopes=['sync:addon_storage'], client_id=DEFAULT_CLIENT_ID)
def create_account_and_token(args): acct = TestEmailAccount() client = Client("https://api.accounts.firefox.com") session = client.create_account(acct.email, 'MySecretPassword') m = acct.wait_for_email(lambda m: "x-verify-code" in m["headers"]) if m is None: raise RuntimeError("verification email did not arrive") session.verify_email_code(m["headers"]["x-verify-code"]) _FXA['token'] = get_bearer_token( acct.email, 'MySecretPassword', account_server_url="https://api.accounts.firefox.com/v1", oauth_server_url="https://oauth.accounts.firefox.com/v1", scopes=['sync:addon_storage'], client_id=DEFAULT_CLIENT_ID) _FXA['acct'] = acct _FXA['client'] = client
def __call__(self, request): cache_key = get_cache_key( self.account_server_url, self.oauth_server_url, self.email, self.password, self.scopes, self.client_id) token = None if self.cache: token = self.cache.get(cache_key) if not token: token = get_bearer_token( self.email, self.password, self.scopes, client_id=self.client_id, account_server_url=self.account_server_url, oauth_server_url=self.oauth_server_url) if self.cache: self.cache.set(cache_key, token) request.headers["Authorization"] = "Bearer %s" % token return request
def main(args=None): """The main routine.""" if args is None: args = sys.argv[1:] parser = argparse.ArgumentParser(description="PyFxA commands") parser.add_argument('--bearer', help='Generate a Bearer token', dest='bearer', action='store_true') parser.add_argument('--browserid', '--bid', help='Generate a BrowserID assertion', dest='browserid', action='store_true') parser.add_argument('--create-user', '-c', help='Create a new user', dest='create', action='store_true') parser.add_argument('--auth', '-u', help='User credentials', dest='auth', required=False) parser.add_argument('--out', '-o', '-O', help='Output file', dest='output_file', required=False, default=None) parser.add_argument('--verbose', '-v', help='Display status', dest='verbose', action='store_true') # Creation args parser.add_argument('--user-salt', help=('Salt used to calculate the user credentials. ' '(Random by default)'), dest='fxa_user_salt', required=False) # FxA server configuration parser.add_argument('--env', help='The Firefox Account env to use', dest='env', choices=ENVIRONMENT_URLS.keys(), default=DEFAULT_ENV, required=False) parser.add_argument('--account-server', help='Firefox Account server URL', dest='account_server_url', required=False) parser.add_argument('--oauth-server', help='Firefox Account OAuth server URL', dest='oauth_server_url', required=False) parser.add_argument('--client-id', help='Firefox Account OAuth client id.', dest='client_id', required=False, default=DEFAULT_CLIENT_ID) parser.add_argument('--scopes', help='Firefox Account OAuth scopes.', dest='scopes', required=False, default='profile') parser.add_argument('--audience', help='Firefox BrowserID assertion audience.', dest='audience', required=False) parser.add_argument('--duration', help='Firefox BrowserID assertion duration.', dest='duration', required=False, default='3600') parser.add_argument('--user-email-prefix', '--prefix', help='Firefox Account user creation email prefix.', dest='prefix', required=False, default='fxa') args = vars(parser.parse_args()) create = args['create'] auth = args.get('auth') verbose = args['verbose'] if verbose: logger.setLevel(logging.INFO) fxa_env = args['env'] account_server_url = ENVIRONMENT_URLS[fxa_env]['authentication'] oauth_server_url = ENVIRONMENT_URLS[fxa_env]['oauth'] content_server_url = ENVIRONMENT_URLS[fxa_env]['content'] token_server_url = ENVIRONMENT_URLS[fxa_env]['token'] if args['account_server_url']: account_server_url = args['account_server_url'] if args['oauth_server_url']: oauth_server_url = args['oauth_server_url'] fd = sys.stdout # By default write to the standard output fd_is_to_close = False out = args.get('output_file') if out: out = os.path.abspath(out) file_path = os.path.dirname(out) if not os.path.exists(file_path): os.makedirs(file_path) fd = open(out, 'w') fd_is_to_close = True if auth: # Ask for the user password if needed auth = auth.split(':', 1) if len(auth) < 2: email = auth[0] password = getpass.getpass('Please enter a password for %s: ' % auth[0]) elif create: # Create a new user logger.info('Creating the account.') try: email, password = create_new_fxa_account( os.getenv('FXA_USER_SALT', args.get('fxa_user_salt')), account_server_url, args['prefix'], content_server_url) except (ClientError, ValueError) as e: logger.error(e) sys.exit(1) logger.info('Account created: %s' % email) if args['bearer']: # Generate a Bearer Token for the user and write it into a file. scopes = [ s.strip() for s in re.split(';|,|\t|\n', args['scopes']) if s.strip() ] client_id = args['client_id'] logger.info('Generating the Bearer Token.') try: token = get_bearer_token(email, password, scopes, account_server_url, oauth_server_url, client_id) except ClientError as e: logger.error(e) sys.exit(1) logger.info('Bearer Token generated.') print('# ---- BEARER TOKEN INFO ----', file=fd) print('# User: %s' % email, file=fd) print('# Scopes: %s' % ' '.join(scopes), file=fd) print('# Account: %s' % account_server_url, file=fd) print('# Oauth: %s' % oauth_server_url, file=fd) print('# Client ID: %s' % client_id, file=fd) print('# ---------------------------', file=fd) print('export OAUTH_BEARER_TOKEN="%s"\n' % token, file=fd) if args['browserid']: # Generate a BrowserID assertion for the user and write it into a file. audience = args['audience'] or token_server_url duration = int(args['duration']) logger.info('Creating the token.') try: bid_assertion, client_state = get_browserid_assertion( email, password, audience, account_server_url, duration) except ClientError as e: logger.error(e) sys.exit(1) logger.info('Token created.') print('# ---- BROWSER ID ASSERTION INFO ----', file=fd) print('# User: %s' % email, file=fd) print('# Audience: %s' % audience, file=fd) print('# Account: %s' % account_server_url, file=fd) print('# ------------------------------------', file=fd) print('export FXA_BROWSERID_ASSERTION="%s"' % bid_assertion, file=fd) print('export FXA_CLIENT_STATE="%s"\n' % client_state, file=fd) if fd_is_to_close: fd.close()
def main(args=None): """The main routine.""" if args is None: args = sys.argv[1:] parser = argparse.ArgumentParser(description="PyFxA commands") parser.add_argument('--bearer', help='Generate a Bearer token', dest='bearer', action='store_true') parser.add_argument('--browserid', '--bid', help='Generate a BrowserID assertion', dest='browserid', action='store_true') parser.add_argument('--create-user', '-c', help='Create a new user', dest='create', action='store_true') parser.add_argument('--auth', '-u', help='User credentials', dest='auth', required=False) parser.add_argument('--out', '-o', '-O', help='Output file', dest='output_file', required=False, default=None) parser.add_argument('--verbose', '-v', help='Display status', dest='verbose', action='store_true') # Creation args parser.add_argument('--user-salt', help=('Salt used to calculate the user credentials. ' '(Random by default)'), dest='fxa_user_salt', required=False) # FxA server configuration parser.add_argument('--env', help='The Firefox Account env to use', dest='env', choices=ENVIRONMENT_URLS.keys(), default=DEFAULT_ENV, required=False) parser.add_argument('--account-server', help='Firefox Account server URL', dest='account_server_url', required=False) parser.add_argument('--oauth-server', help='Firefox Account OAuth server URL', dest='oauth_server_url', required=False) parser.add_argument('--client-id', help='Firefox Account OAuth client id.', dest='client_id', required=False, default=DEFAULT_CLIENT_ID) parser.add_argument('--scopes', help='Firefox Account OAuth scopes.', dest='scopes', required=False, default='profile') parser.add_argument('--audience', help='Firefox BrowserID assertion audience.', dest='audience', required=False) parser.add_argument('--duration', help='Firefox BrowserID assertion duration.', dest='duration', required=False, default='3600') parser.add_argument('--user-email-prefix', '--prefix', help='Firefox Account user creation email prefix.', dest='prefix', required=False, default='fxa') args = vars(parser.parse_args()) create = args['create'] auth = args.get('auth') verbose = args['verbose'] if verbose: logger.setLevel(logging.INFO) fxa_env = args['env'] account_server_url = ENVIRONMENT_URLS[fxa_env]['authentication'] oauth_server_url = ENVIRONMENT_URLS[fxa_env]['oauth'] content_server_url = ENVIRONMENT_URLS[fxa_env]['content'] token_server_url = ENVIRONMENT_URLS[fxa_env]['token'] if args['account_server_url']: account_server_url = args['account_server_url'] if args['oauth_server_url']: oauth_server_url = args['oauth_server_url'] fd = sys.stdout # By default write to the standard output fd_is_to_close = False out = args.get('output_file') if out: out = os.path.abspath(out) file_path = os.path.dirname(out) if not os.path.exists(file_path): os.makedirs(file_path) fd = open(out, 'w') fd_is_to_close = True if auth: # Ask for the user password if needed auth = auth.split(':', 1) if len(auth) < 2: email = auth[0] password = getpass.getpass('Please enter a password for %s: ' % auth[0]) elif create: # Create a new user logger.info('Creating the account.') try: email, password = create_new_fxa_account( os.getenv('FXA_USER_SALT', args.get('fxa_user_salt')), account_server_url, args['prefix'], content_server_url) except (ClientError, ValueError) as e: logger.error(e) sys.exit(1) logger.info('Account created: %s' % email) if args['bearer']: # Generate a Bearer Token for the user and write it into a file. scopes = [s.strip() for s in re.split(';|,|\t|\n', args['scopes']) if s.strip()] client_id = args['client_id'] logger.info('Generating the Bearer Token.') try: token = get_bearer_token(email, password, scopes, account_server_url, oauth_server_url, client_id) except ClientError as e: logger.error(e) sys.exit(1) logger.info('Bearer Token generated.') print('# ---- BEARER TOKEN INFO ----', file=fd) print('# User: %s' % email, file=fd) print('# Scopes: %s' % ' '.join(scopes), file=fd) print('# Account: %s' % account_server_url, file=fd) print('# Oauth: %s' % oauth_server_url, file=fd) print('# Client ID: %s' % client_id, file=fd) print('# ---------------------------', file=fd) print('export OAUTH_BEARER_TOKEN="%s"\n' % token, file=fd) if args['browserid']: # Generate a BrowserID assertion for the user and write it into a file. audience = args['audience'] or token_server_url duration = int(args['duration']) logger.info('Creating the token.') try: bid_assertion, client_state = get_browserid_assertion( email, password, audience, account_server_url, duration) except ClientError as e: logger.error(e) sys.exit(1) logger.info('Token created.') print('# ---- BROWSER ID ASSERTION INFO ----', file=fd) print('# User: %s' % email, file=fd) print('# Audience: %s' % audience, file=fd) print('# Account: %s' % account_server_url, file=fd) print('# ------------------------------------', file=fd) print('export FXA_BROWSERID_ASSERTION="%s"' % bid_assertion, file=fd) print('export FXA_CLIENT_STATE="%s"\n' % client_state, file=fd) if fd_is_to_close: fd.close()