コード例 #1
0
 def save_request(self, user):
     try:
         db = AuthToken.objects.get(user=user, service=self.service)
     except AuthToken.DoesNotExist:
         db = AuthToken(user=user, service=self.service)
     db.save()
     return db.pk
コード例 #2
0
ファイル: oauth.py プロジェクト: ubilabs/where-do-you-go
  def _get_auth_token(self):
    """Get AuthorizationToken.

    Actually gets the authorization token and secret from the service. The
    token and secret are stored in our database, and the auth token is
    returned.
    """

    response = self.make_request(self.request_url)
    result = self._extract_credentials(response)

    auth_token = result["token"]
    auth_secret = result["secret"]

    # Save the auth token and secret in our database.
    auth = AuthToken(service=self.service_name,
                     token=auth_token,
                     secret=auth_secret)
    auth.put()

    # Add the secret to memcache as well.
    memcache.set(self._get_memcache_auth_key(auth_token), auth_secret,
                 time=20*60)

    return auth_token
コード例 #3
0
    def test_token_generation(self):
        from models import AuthToken

        # we want each token to be different as the same user can have more than one if they have multiple devices
        token = AuthToken.gen_token_string('[email protected]')
        same_token = AuthToken.gen_token_string('[email protected]')
        different_token = AuthToken.gen_token_string('[email protected]')

        self.assertIs(False, token == same_token)
        self.assertIs(False, token == different_token)
コード例 #4
0
ファイル: views.py プロジェクト: pybender/cloudml-ui
    def post(self, action=None, **kwargs):
        if action == 'get_auth_url':
            auth_url, oauth_token, oauth_token_secret =\
                User.get_auth_url()

            # TODO: Use redis?
            # app.db['auth_tokens'].insert({
            #     'oauth_token': oauth_token,
            #     'oauth_token_secret': oauth_token_secret,
            # })
            auth = AuthToken(oauth_token, oauth_token_secret)
            auth.save()

            logging.debug("User Auth: oauth token %s added", oauth_token)
            return self._render({'auth_url': auth_url})

        if action == 'authenticate':
            parser = reqparse.RequestParser()
            parser.add_argument('oauth_token', type=str)
            parser.add_argument('oauth_verifier', type=str)
            params = parser.parse_args()

            oauth_token = params.get('oauth_token')
            oauth_verifier = params.get('oauth_verifier')

            logging.debug("User Auth: trying to authenticate with token %s",
                          oauth_token)
            # TODO: Use redis?
            auth = AuthToken.get_auth(oauth_token)
            if not auth:
                logging.error('User Auth: token %s not found', oauth_token)
                return odesk_error_response(
                    500, 500, 'Wrong token: {0!s}'.format(oauth_token))

            oauth_token_secret = auth.get('oauth_token_secret')
            auth_token, user = User.authenticate(oauth_token,
                                                 oauth_token_secret,
                                                 oauth_verifier)

            logging.debug('User Auth: Removing token %s', oauth_token)
            AuthToken.delete(auth.get('oauth_token'))

            return self._render({'auth_token': auth_token, 'user': user})

        if action == 'get_user':
            user = getattr(request, 'user', None)
            if user:
                return self._render({'user': user})

            return odesk_error_response(401, 401, 'Unauthorized')

        logging.error('User Auth: invalid action %s', action)
        raise NotFound('Action not found')
コード例 #5
0
def my_ranking_weekly(request):
    from models import UserStats

    week = request.GET.get('week')
    token_param = request.GET.get('token')
    if not AuthToken.is_token_valid(token_param) and settings.DEBUG is False:
        return JsonResponse({'status': 'INVALID_TOKEN'})

    token = AuthToken.objects.get(token_string=token_param)

    if week:
        try:
            week = datetime.strptime(week, '%m-%d-%Y')
        except:
            return JsonResponse({'status': 'ILLEGAL_DATE_FORMAT'})

    ranking_list = []

    for ranking, user, total_steps, isUser in UserStats.get_weekly_ranking(token.user, week):
        all_time_stats = UserStats.get_all_time_stats(user)
        prestige, challenge_progress = divmod(all_time_stats.get('all_time_steps'), 100)

        ranking_list.append({'name': user.public_name,
                             'id': user.pk,
                             'prestige': prestige,
                             'total_steps': total_steps,
                             'isUser': isUser,
                             'ranking': ranking,
                             })

    return JsonResponse({'status': 'OK',
                         'ranking': ranking_list,
                         })
コード例 #6
0
def my_ranking_all_time(request):
    from models import UserStats

    token_param = request.GET.get('token')
    if not AuthToken.is_token_valid(token_param) and settings.DEBUG is False:
        return JsonResponse({'status': 'INVALID_TOKEN'})

    token = AuthToken.objects.get(token_string=token_param)

    ranking_list = []

    for ranking, user, total_steps, isUser in UserStats.get_all_time_ranking(token.user):
        prestige, challenge_progress = divmod(total_steps, 100)

        ranking_list.append({'name': user.public_name,
                             'id': user.pk,
                             'prestige': prestige,
                             'total_steps': total_steps,
                             'isUser': isUser,
                             'ranking': ranking,
                             })

    return JsonResponse({'status': 'OK',
                         'ranking': ranking_list,
                         })
コード例 #7
0
ファイル: views.py プロジェクト: memespring/habitat
def authorized():
    if request.method == 'POST':
        token = AuthToken.objects.get(id=request.form['revoke'])
        token.delete()
        #todo: delete client if no outstanding tokens

    tokens = AuthToken.objects()
    return render_template('authorized.html', tokens=tokens)
コード例 #8
0
ファイル: views.py プロジェクト: richardjpope/habitat
def authorized():
    if request.method == 'POST':
        token = AuthToken.objects.get(id=request.form['revoke'])
        token.delete()
        #todo: delete client if no outstanding tokens

    tokens = AuthToken.objects()
    return render_template('authorized.html', tokens=tokens)
コード例 #9
0
ファイル: app.py プロジェクト: connorwarnock/logbox
    def wrapper(*args, **kwargs):
        auth = request.headers.get('Authorization', None)
        if not auth:
            return not_authenticated()

        else:
            token = auth.split('Bearer ')[-1]
            if not AuthToken.verify(token):
                return not_authenticated()
            return f(*args, **kwargs)
コード例 #10
0
ファイル: api.py プロジェクト: gipsy86147/mytodolistapp
 def get(self):
     self.response.headers['Content-Type'] = 'application/json'
     auth = self.request.params.get('auth') or self.session.get('auth')
     if auth:
         auth_token = AuthToken.query(AuthToken.token == auth).get()
         auth_token.key.delete()
         if self.session.get('auth'):
             self.session['auth'] = None
         logging.info('removed auth token %s ' % auth)
     result = {'message': 'logout success'}
     self.response.out.write(json.dumps(result))
コード例 #11
0
ファイル: api.py プロジェクト: gipsy86147/mytodolistapp
 def post(self):
     self.response.headers['Content-Type'] = 'application/json'
     login_data = json.loads(self.request.body)
     username = login_data.get('username')
     password = login_data.get('password')
     account = Account.query(Account.username == username, Account.password == password).get()
     if account:
         self.session['auth'] = uuid.uuid1().hex
         token = AuthToken.query(AuthToken.account == account.key, ancestor=account.key).get()
         if token:
             token.token = self.session['auth']
         else:
             token = AuthToken(account=account.key, token=self.session['auth'], parent=account.key)
         token.put()
         result = {'auth': token.token, 'account_id': account.key.id(), 'username': account.username}
         self.response.out.write(json.dumps(result))
     else:
         result = {'error': 'Invalid credentials', 'message': 'Invalid credentials'}
         self.response.set_status(401, json.dumps(result))
         self.response.out.write(json.dumps(result))
コード例 #12
0
    def test_send_mail(self):
        from models import AuthToken, User
        from django.core import mail

        u = User()
        u.email = '*****@*****.**'
        u.save()

        auth = AuthToken()
        auth.user = u
        auth.token = AuthToken.gen_token_string('*****@*****.**')
        auth.gen_validation_key()

        auth.send_validation_mail(settings.PUBLIC_URL)
        self.assertEqual(len(mail.outbox),
                         1,
                         msg='is settings.EMAILS_ENABLED set to True ?')
コード例 #13
0
    def test_my_ranking_weekly(self):
        from models import User, AuthToken, UserStats
        from django.test import RequestFactory
        from django.core.urlresolvers import reverse
        from views import my_ranking_weekly

        users = []
        for i in range(10):
            u = User()
            u.email = '*****@*****.**' + str(i)
            u.public_name = 'TEST' + str(i)
            u.save()
            users.append(u)
            UserStats.record_stats(u, i * 100, datetime.date.today())

        auth = AuthToken()
        auth.token_string = AuthToken.gen_token_string('*****@*****.**')
        auth.user = users[9]
        auth.valid = True
        auth.save()

        factory = RequestFactory()

        rq = factory.get(reverse('my_ranking_weekly'),
                         data={'token': auth.token_string})

        response = my_ranking_weekly(rq)

        data = json.loads(response.content)

        self.assertEqual(data['status'], 'OK')
コード例 #14
0
    def test_update_profile(self):
        from models import User, AuthToken
        from django.test import RequestFactory
        from django.core.urlresolvers import reverse
        from views import update_profile

        u = User()
        u.email = '*****@*****.**'
        u.public_name = 'TEST'
        u.save()

        auth = AuthToken()
        auth.token_string = AuthToken.gen_token_string('*****@*****.**')
        auth.user = u
        auth.valid = True
        auth.save()

        factory = RequestFactory()

        rq = factory.get(reverse('update_profile'),
                         data={
                             'token': auth.token_string,
                             'nickname': 'El Nicknamo'
                         })
        response = update_profile(rq)
        data = json.loads(response.content)
        self.assertEqual(data['status'], 'OK')
        u = User.objects.get(pk=u.pk)
        self.assertEqual(u.public_name, 'El Nicknamo')
コード例 #15
0
ファイル: common.py プロジェクト: gipsy86147/mytodolistapp
 def inner(*args, **kwargs):
     handler = args[0]
     account_id = kwargs.get('account_id')
     auth = handler.request.params.get('auth') or handler.session.get('auth')
     if auth:
         account = Account.get_by_id(int(account_id))
         auth_token = AuthToken.query(AuthToken.token == auth, ancestor=account.key).get()
         if auth_token and auth_token.account.id() == int(account_id):
             ret = func(*args, **kwargs)
             return ret
     handler.response.headers['Content-Type'] = 'application/json'
     handler.response.set_status(401, 'Not Authenticated')
     handler.response.out.write(json.dumps({'error': 'Not Authenticated'}))
コード例 #16
0
def create(name, expiry):
    """Create a token for authentication to REST API."""
    try:
        token = AuthToken(name=name,
                          token=str(base64.urlsafe_b64encode(os.urandom(18)), "utf-8"),
                          expiration=datetime.datetime.utcnow() + datetime.timedelta(days=expiry))
        db.session.add(token)
        db.session.commit()
        print(f'NAME:\t {token.name:}')
        print(f'TOKEN:\t {token.token}')
        print(f'EXPIRY:\t {token.expiration}')
    except exc.IntegrityError:
        print(f'ERROR: Couldn\'t create token. Token with name {name!r} already exists.')
コード例 #17
0
ファイル: auth.py プロジェクト: richardjpope/habitat
def save_token(token_data, request, *args, **kwargs):

    client = load_client(request.client.client_id)

    # make sure that every client has only one token
    existing_tokens = AuthToken.objects(client=client)
    for token in existing_tokens:
        token.delete()

    expires_in = token_data.pop('expires_in')
    expires = datetime.utcnow() + timedelta(seconds=expires_in)

    token = AuthToken()
    token.access_token = token_data['access_token']
    #token.refresh_token=token_data['refresh_token']
    token.token_type = token_data['token_type']
    token._scopes = urllib.unquote_plus(token_data['scope'])
    token.expires = expires
    token.client = client

    token.save()

    return token
コード例 #18
0
ファイル: tests.py プロジェクト: pybender/cloudml-ui
    def test_token(self, delete_mock, get_mock, put_mock):
        TOKEN = '394c46b8902fb5e8fc9268f3cfd84539'
        SECRET = '394c46b8902fb5e8fc9268f3cfd84538'
        token_dict = dict(oauth_token=TOKEN,
                          oauth_token_secret=SECRET,
                          id=TOKEN)

        token = AuthToken(oauth_token=TOKEN, oauth_token_secret=SECRET)
        self.assertEquals(token.to_dict(), token_dict)
        token.save()
        put_mock.assert_called_with(token.TABLE_NAME, token_dict)

        get_mock.return_value = None
        self.assertEquals(AuthToken.get_auth('invalid'), None)

        # get_item
        get_mock.return_value = token_dict
        self.assertEquals(AuthToken.get_auth(TOKEN), token_dict)

        # delete
        AuthToken.delete(TOKEN)
        delete_mock.assert_called_with(token.TABLE_NAME, id=TOKEN)
        get_mock.return_value = None
        self.assertEquals(AuthToken.get_auth('invalid'), None)
コード例 #19
0
 def post(self):
     user = get_user_from_http_auth()
     if not user:
         logger.debug("no user returned: %s" % user)
         print "no user returned"
         abort(401)
     if not login_user(user):
         logger.debug("couldn't log user in: %s" % user)
         print "couldn't log user in"
         abort(401)
     token = AuthToken.create_token_for_user(user)
     base64_token = b64encode(token.token)
     resp = jsonify({'token': base64_token,
                     'newtoken': token.created,
                     'created': token.created,
                     'expires': token.expires})
     return resp
コード例 #20
0
ファイル: app.py プロジェクト: connorwarnock/logbox
    def post():
        if request.headers['Content-Type'] != 'application/octet-stream':
            return {'error': "Unsupported Media Type"}, 415

        now = datetime.datetime.now()

        auth = request.headers.get('Authorization', None)
        token = auth.split('Bearer ')[-1]
        source = AuthToken.verify(token)

        log = Log(source=source)
        log.save()

        path = destination_path(now, source)
        background.run(upload_log, (request.get_data(), path))
        response = log_schema.dump(log).data
        return response, 201
コード例 #21
0
    def test_token_validation(self):
        from models import AuthToken, User

        u = User()
        u.email = 'rururur'
        u.save()

        auth = AuthToken()
        auth.user = u
        auth.token = AuthToken.gen_token_string(email='[email protected]')

        auth.gen_validation_key()

        self.assertIsNotNone(auth.validation_key)
        self.assertFalse(auth.valid)

        self.assertIs(True, auth.validate(auth.validation_key))

        self.assertIs(True, auth.valid)
コード例 #22
0
def log_distance(request):
    from models import UserStats
    token_param = request.GET.get('token')
    if not AuthToken.is_token_valid(token_param) and settings.DEBUG is False:
        return JsonResponse({'status': 'INVALID_TOKEN'})

    steps = request.GET.get('steps')
    if not steps:
        HttpResponseBadRequest('steps parameter is required')

    steps = int(steps)

    token = AuthToken.objects.get(token_string=token_param)
    user = token.user

    UserStats.record_stats(user, steps)

    return JsonResponse({'status': 'OK'})
コード例 #23
0
    def test_log_distance(self):
        from models import User, AuthToken, Level, StairWell
        from django.test import RequestFactory
        from django.core.urlresolvers import reverse
        from views import log_distance, distance, profile

        u = User()
        u.email = '*****@*****.**'
        u.public_name = 'TEST'
        u.save()

        auth = AuthToken()
        auth.token_string = AuthToken.gen_token_string('*****@*****.**')
        auth.user = u
        auth.valid = True
        auth.save()

        sw = StairWell(building='ASP', shaft='south')
        sw.save()
        level1 = Level(stairwell=sw, floorNumber=1)
        level1.save()
        level2 = Level(stairwell=sw, floorNumber=2)
        level2.save()

        factory = RequestFactory()

        rq = factory.get(reverse('distance'),
                         data={
                             'qr_id_1': level1.pk,
                             'qr_id_2': level2.pk
                         })

        response = distance(rq)

        data = json.loads(response.content)
        self.assertEqual(data['distance'], 18)

        rq = factory.get(reverse('log_distance'),
                         data={
                             'token': auth.token_string,
                             'steps': 18
                         })
        response = log_distance(rq)
        data = json.loads(response.content)
        self.assertEqual(data['status'], 'OK')

        rq = factory.get(reverse('profile'), data={'token': auth.token_string})
        response = profile(rq)
        data = json.loads(response.content)
        self.assertEqual(data['status'], 'OK')
コード例 #24
0
def weekly_stat(request):
    week = request.GET.get('week')
    token_param = request.GET.get('token')
    if not AuthToken.is_token_valid(token_param) and settings.DEBUG is False:
        return JsonResponse({'status': 'INVALID_TOKEN'})

    if week:
        try:
            week = datetime.strptime(week, '%m-%d-%Y')
        except:
            return JsonResponse({'status': 'ILLEGAL_DATE_FORMAT'})

    from models import UserStats
    token = AuthToken.objects.get(token_string=token_param)
    weekly_stats = UserStats.get_weekly_stats(token.user, week)

    return JsonResponse({'status': 'OK',
                         'week_of': week - datetime.timedelta(days=week.weekday()),
                         'weekly_stats': weekly_stats,
                         })
コード例 #25
0
def profile(request):
    token_param = request.GET.get('token')
    if not AuthToken.is_token_valid(token_param) and settings.DEBUG is False:
        return JsonResponse({'status': 'INVALID_TOKEN'})

    from models import UserStats
    token = AuthToken.objects.get(token_string=token_param)
    weekly_stats = UserStats.get_weekly_stats(token.user)
    all_time_stats = UserStats.get_all_time_stats(token.user)
    prestige, challenge_progress = divmod(all_time_stats.get('all_time_steps'), 100)
    return JsonResponse({'status': 'OK',
                         'nick_name': token.user.public_name,
                         'all_time_stats': all_time_stats,
                         'weekly_stats': weekly_stats,
                         'current_challenge': {
                             'id': '1',
                             'prestige': prestige,
                             'name': 'mount_europa',
                             'total_steps': '100',
                             'current_steps': challenge_progress,
                         },
                         })
コード例 #26
0
ファイル: oauth.py プロジェクト: ubilabs/where-do-you-go
  def get_credentials(self, auth_token, auth_verifier=""):
    """Gets credentials

    Exchanges the auth token for an access token and returns it for storage elsewhere.
    """

    auth_token = urlunquote(auth_token)
    auth_verifier = urlunquote(auth_verifier)

    auth_secret = memcache.get(self._get_memcache_auth_key(auth_token))

    if not auth_secret:
      result = AuthToken.gql("""
        WHERE
          service = :1 AND
          token = :2
        LIMIT
          1
      """, self.service_name, auth_token).get()

      if not result:
        logging.error("The auth token %s was not found in our db" % auth_token)
        raise Exception, "Could not find AuthToken in database"
      else:
        auth_secret = result.secret

    response = self.make_request(self.access_url,
                                token=auth_token,
                                secret=auth_secret,
                                additional_params={"oauth_verifier":
                                                    auth_verifier})

    # Extract the access token/secret from the response.
    result = self._extract_credentials(response)

    return result
コード例 #27
0
def update_profile(request):
    token_param = request.GET.get('token')

    if not AuthToken.is_token_valid(token_param) and settings.DEBUG is False:
        return JsonResponse({'status': 'INVALID_TOKEN'})

    name = request.GET.get('nickname')
    if not name:
        return HttpResponseBadRequest('nickname get parameter is required')

    nickname_max_size = 25
    if len(name) > nickname_max_size:
        return JsonResponse({'status': 'NICKNAME_TOO_LONG', 'max_size': nickname_max_size})

    from django.utils.html import strip_tags, escape
    name = escape(strip_tags(name))

    token = AuthToken.objects.get(token_string=token_param)
    user = token.user
    user.public_name = name

    user.save()

    return JsonResponse({'status': 'OK'})
コード例 #28
0
ファイル: auth.py プロジェクト: zandeez/django-minecraft-auth
	def authenticate(self, username=None, password=None):
		try:
			f = urllib2.urlopen(self.minecraft_login_url,
				urllib.urlencode([('user',username),('password',password),('version',self.minecraft_version)]))
		except:
			return None
		
		ret = f.readline().strip();
		valid = ret != "Bad login"
		
		if valid:
			items = ret.split(':')
			if ret == "User not premium":
				uname = username
			else:
				uname = items[2]
			
			try:
				user = User.objects.get(username=uname)
				#user.set_password(password)
			except User.DoesNotExist:
				user = User(username=uname,password="******")
				user.save()
				
			if ret != "User not premium":
				try:
					token = user.authtoken
				except AuthToken.DoesNotExist:
					token = AuthToken(user=user)
			
				token.download_ticket = items[1]
				token.session_id = items[3]
				token.latest_version = items[0]			
				token.save()
			
			return user
		return None
コード例 #29
0
ファイル: token.py プロジェクト: rtista/stockit-api
    def on_post(self, req, resp):
        """
        Handle POST requests.
        """
        username = req.media.get('username')
        password = req.media.get('password')

        # Check if parameters not empty
        if None in [username, password]:
            raise falcon.HTTPBadRequest('Bad Request', 'Invalid Parameters')

        user = self.db_conn.query(User).filter_by(username=username).first()

        # If user does not exist
        if user == None:
            raise falcon.HTTPUnauthorized('Unauthorized', 'Wrong Credentials')

        # If password does not match
        if not pbkdf2_sha256.verify(password, user.password):
            raise falcon.HTTPUnauthorized('Unauthorized', 'Wrong Credentials')

        # Get user bearer token
        token = self.db_conn.query(AuthToken).filter_by(
            user_id=user.user_id).first()

        # Check if user does not have token
        if token == None:

            # Create user token (32 bits length)
            cond = False

            # Retry while token has not been inserted
            while not cond:
                token = AuthToken(user_id=user.user_id,
                                  auth_type='bearer',
                                  token=token_hex(16))

                try:
                    self.db_conn.add(token)
                    self.db_conn.commit()
                    cond = True

                except Exception:
                    pass

        # If user has token but it has expired
        elif token.expires_at < time():

            # Create user token (32 bits length)
            cond = False

            while not cond:
                token.token = token_hex(16)
                token.expires_at = time() + AppConfig.TOKEN_LIFE

                try:
                    self.db_conn.add(token)
                    self.db_conn.commit()
                    cond = True

                except Exception:
                    pass

        resp.media = {
            'auth_type': token.auth_type,
            'token': token.token,
            'expires_on': token.expires_at
        }
        resp.status = falcon.HTTP_201
コード例 #30
0
from datetime import datetime, timedelta
import logging
from google.appengine.ext import db
from models import AuthToken

delta = timedelta(seconds=60*60*2)
while(AuthToken.all().count() > 0):
  authtokens = AuthToken.all().fetch(1000)
  for authtoken in authtokens:
    if datetime.now() > authtoken.created + delta:
      db.delete(authtoken)
コード例 #31
0
def auth(request):
    token_param = request.GET.get('token')
    email_param = request.GET['email']
    # device name/identifier
    device_param = request.GET.get('device')

    email_param = email_param.lower()

    if token_param is None:  # register new token

        if not settings.ENABLE_REGISTRATION:
            return JsonResponse({'status': 'REGISTRATION_DISABLED'})

        if not email.is_email_valid(email_param) or not email_param.endswith('europa.eu'):
            return JsonResponse({'status': 'INVALID_EMAIL'})

        user_list = User.objects.filter(email=email_param)

        if not user_list:
            u = User(email=email_param)
            u.reset_public_name()
            u.save()
        else:
            u = user_list[0]

        if email.is_spamming(u.email):
            return JsonResponse({'status': 'CANCELED_BY_SPAM_PREVENTION'})

        token = AuthToken(token_string=AuthToken.gen_token_string(email_param), user=u)
        token.gen_validation_key()
        token.save()



        token.send_validation_mail(public_url='https://' + request.META.get('HTTP_HOST', settings.PUBLIC_URL))
        token.save()

        return JsonResponse({'token': token.token_string, 'status': 'OK'})
    else:  # actual auth
        token_list = AuthToken.objects.filter(token_string=token_param)
        if len(token_list) == 0:
            return JsonResponse({'status': 'TOKEN_NOT_FOUND'})

        token = token_list[0]

        if token.valid is False:
            return JsonResponse({'status': 'TOKEN_NOT_ACTIVATED'})
        if token.valid and email_param == token.user.email:
            return JsonResponse({'status': 'OK', 'public_name': token.user.public_name})
コード例 #32
0
ファイル: auth.py プロジェクト: richardjpope/habitat
def load_token(access_token=None, refresh_token=None):
    if access_token:
        return AuthToken.objects(access_token=access_token)[0]
    elif refresh_token:
        return AuthToken.objects(refresh_token=refresh_token)[0]