def test_authorize_ko(self): test_case = self class CheckAuthorizeHandlerbadState(FakeOAuthHandler): def _check_get_parameters(self, parameters): test_case.assertEqual( parameters.get('redirect_uri', None), 'http://localhost:%d' % redirect_server_port) test_case.assertEqual(parameters.get('state', None), 'state_test') # send bad state parameters['state'] = 'other_state' with TestServer(authorize_server_port, CheckAuthorizeHandlerbadState): manager = None try: manager = CredentialManager(service_information, proxies=dict(http='')) url = manager.init_authorize_code_process( 'http://localhost:%d' % redirect_server_port, 'state_test') self.assertIsNotNone(url) _logger.debug('Url got = %s', url) requests.get(url, proxies=dict(http='')) self.assertRaises( OAuthError, manager.wait_and_terminate_authorize_code_process) finally: if manager is not None and manager.authorization_code_context is not None: manager.wait_and_terminate_authorize_code_process(0.1)
def __init__(self, target_endpoint, client_id='cf', client_secret='', proxy=None, verify=True): self.info = self._get_info(target_endpoint, proxy, verify=verify) if not self.info.api_version.startswith('2.'): raise AssertionError( 'Only version 2 is supported for now. Found %s' % self.info.api_version) service_informations = ServiceInformation( None, '%s/oauth/token' % self.info.authorization_endpoint, client_id, client_secret, [], verify) super(CloudFoundryClient, self).__init__(service_informations, proxy) CredentialManager.__init__(self, service_informations, proxy) self.v2 = V2(target_endpoint, self) self.v3 = V3(target_endpoint, self) if self.info.doppler_endpoint is not None: self._doppler = DopplerClient( self.info.doppler_endpoint, self.proxies['http' if self.info.doppler_endpoint. startswith('ws://') else 'https'], self.service_information.verify, self) if self.info.doppler_endpoint is not None else None
def get_request_to_authorize(): service_information = ServiceInformation(auth_url,token_server,client_id,client_secret,scopes) manager = CredentialManager(service_information,proxies=dict(http='http://localhost:8080', https='https://localhost:8080')) url = manager.init_authorize_code_process(redirect_uri, state) webbrowser.open(auth_url, new=2) #gets the code from the aurthorization server and checks returnedstate is equal to given state code = manager.wait_and_terminate_authorize_code_process() return code
def api_request(client_id, client_secret, uri): service_info = ServiceInformation(AUTH_URL, TOKEN_URL, client_id, client_secret, []) manager = CredentialManager(service_info) manager.init_with_client_credentials() response = manager.get(CISCO_BASE + uri) if response.status_code != 200: print("error from server, code = %s, body=\n%s" % (response.status_code, response.text)) return False json_response = json.loads(response.text) return json_response['advisories']
class Oauth: ___scope = ['read', 'write'] access_token = '' def __init__(self, env): self.___manager = CredentialManager( ServiceInformation(env.oauth.authorize, env.oauth.token, env.oauth.clintId, env.oauth.clientSecret, self.___scope)) def login(self): self.___manager.init_with_client_credentials() self.access_token = self.___manager._access_token
def detail(request): code = request.GET["code"] try: scopes = ['scope_1', 'scope_2'] service_information = ServiceInformation(settings.AUTHORIZATION_URI, settings.ACCESS_TOKEN_URI, settings.CLIENT_ID, settings.CLIENT_SECRET, scopes) manager = CredentialManager(service_information) redirect_uri = settings.REDIRECT_URI manager.init_with_authorize_code(redirect_uri, code) token = manager._access_token ### call to API with token ### endpoint = "https://api.intra.42.fr/v2/me" data = {"ip": "1.1.2.3"} headers = {"Authorization": "Bearer " + token} me = requests.get(endpoint, data=data, headers=headers).json() except OAuthError: return (redirect('/')) return render(request, 'polls/detail.html', {'me': me})
def test_authorize_ok(self): test_case = self class CheckAuthorizeHandler(FakeOAuthHandler): def _check_get_parameters(self, parameters): _logger.debug('CheckAuthorizeHandler - _check_parameters - %s', str(parameters)) test_case.assertEqual( parameters.get('redirect_uri', None), 'http://localhost:%d' % redirect_server_port) test_case.assertEqual(parameters.get('state', None), 'state_test') test_case.assertEqual(parameters.get('client_id', None), 'client_id_test') test_case.assertEqual(parameters.get('scope', None), 'scope1 scope2') with TestServer(authorize_server_port, CheckAuthorizeHandler): manager = None try: manager = CredentialManager(service_information, proxies=dict(http='')) url = manager.init_authorize_code_process( 'http://localhost:%d' % redirect_server_port, 'state_test') self.assertIsNotNone(url) requests.get(url, proxies=dict(http='')) code = manager.wait_and_terminate_authorize_code_process() manager = None self.assertEqual(code, FakeOAuthHandler.CODE) finally: if manager is not None and manager.authorization_code_context is not None: manager.wait_and_terminate_authorize_code_process(0.1)
def test_authorize_ko(self): test_case = self class CheckAuthorizeHandlerbadState(FakeOAuthHandler): def _check_get_parameters(self, parameters): test_case.assertEqual(parameters.get('redirect_uri', None), 'http://localhost:%d' % redirect_server_port) test_case.assertEqual(parameters.get('state', None), 'state_test') # send bad state parameters['state'] = 'other_state' with TestServer(authorize_server_port, CheckAuthorizeHandlerbadState): manager = None try: manager = CredentialManager(service_information, proxies=dict(http='')) url = manager.init_authorize_code_process('http://localhost:%d' % redirect_server_port, 'state_test') self.assertIsNotNone(url) _logger.debug('Url got = %s', url) requests.get(url, proxies=dict(http='')) self.assertRaises(OAuthError, manager.wait_and_terminate_authorize_code_process) finally: if manager is not None and manager.authorization_code_context is not None: manager.wait_and_terminate_authorize_code_process(0.1)
def test_authorize_ok(self): test_case = self class CheckAuthorizeHandler(FakeOAuthHandler): def _check_get_parameters(self, parameters): _logger.debug('CheckAuthorizeHandler - _check_parameters - %s', str(parameters)) test_case.assertEqual(parameters.get('redirect_uri', None), 'http://localhost:%d' % redirect_server_port) test_case.assertEqual(parameters.get('state', None), 'state_test') test_case.assertEqual(parameters.get('client_id', None), 'client_id_test') test_case.assertEqual(parameters.get('scope', None), 'scope1 scope2') with TestServer(authorize_server_port, CheckAuthorizeHandler): manager = None try: manager = CredentialManager(service_information, proxies=dict(http='')) url = manager.init_authorize_code_process('http://localhost:%d' % redirect_server_port, 'state_test') self.assertIsNotNone(url) requests.get(url, proxies=dict(http='')) code = manager.wait_and_terminate_authorize_code_process() manager = None self.assertEqual(code, FakeOAuthHandler.CODE) finally: if manager is not None and manager.authorization_code_context is not None: manager.wait_and_terminate_authorize_code_process(0.1)
def _test_get_token(self, call_request, required_parameters, no_refresh_token=False): test_case = self refresh_token = required_parameters['refresh_token'] if 'refresh_token' in required_parameters \ else 'the refresh token' access_token = 'the access token' class CheckGetTokenWithCode(FakeOAuthHandler): def _handle_post(self, parameters): try: test_case.assertEqual( self.headers.get('Authorization', None), basic_auth) for name, expected_value in required_parameters.items(): test_case.assertEqual( parameters.get(bufferize_string(name), None), [bufferize_string(expected_value)]) response_body = dict(access_token=access_token) if not no_refresh_token: response_body['refresh_token'] = refresh_token response = json.dumps(response_body) self.send_response(OK, 'OK') self.send_header("Content-type", 'text/plain') self.send_header("Content-Length", len(response)) self.end_headers() self.wfile.write(bufferize_string(response)) except AssertionError as error: _logger.error('error - %s', error) self.send_response(BAD_REQUEST, 'BAD_REQUEST') self.send_header("Content-type", 'text/plain') self.send_header("Content-Length", 0) self.end_headers() with TestServer(token_server_port, CheckGetTokenWithCode): manager = CredentialManager(service_information, proxies=dict(http='')) call_request(manager) if not no_refresh_token: self.assertEqual(manager.refresh_token, refresh_token) else: self.assertIsNone(manager.refresh_token) self.assertEqual(manager._access_token, access_token)
def test_bearer_requests(self): access_token = 'the access token' test_case = self class BearerHandler(BaseHTTPRequestHandler): EXPECTED_METHOD = None def do_GET(self): test_case.assertEqual('GET', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_POST(self): test_case.assertEqual('POST', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_PUT(self): test_case.assertEqual('PUT', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_PATCH(self): test_case.assertEqual('PATCH', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_DELETE(self): test_case.assertEqual('DELETE', BearerHandler.EXPECTED_METHOD) self._handle_request() def _handle_request(self): try: test_case.assertEqual(self.headers.get('Authorization', None), 'Bearer %s' % access_token) self.send_response(HTTPStatus.OK.value, 'OK') self.send_header("Content-type", 'text/plain') self.send_header("Content-Length", 0) self.end_headers() except AssertionError as ex: body = str(ex.message) self.send_response(HTTPStatus.UNAUTHORIZED.value, 'Unauthorized') self.send_header("Content-type", 'text/plain') self.send_header("Content-Length", len(body)) self.end_headers() self.wfile.write(bytes(body, 'UTF-8')) with TestServer(api_server_port, BearerHandler): _logger.debug('test_get_token_with_code - server started') api_url = 'http://localhost:%d/api/uri' % api_server_port manager = CredentialManager(service_information, proxies=dict(http='')) manager._access_token = access_token BearerHandler.EXPECTED_METHOD = 'GET' manager.get(api_url) BearerHandler.EXPECTED_METHOD = 'POST' manager.post(api_url) BearerHandler.EXPECTED_METHOD = 'PUT' manager.put(api_url) BearerHandler.EXPECTED_METHOD = 'PATCH' manager.patch(api_url) BearerHandler.EXPECTED_METHOD = 'DELETE' manager.delete(api_url)
def authenticate(): while not config.jira.url: part = input(NEED_JIRA_URL) path = Tempo.matching_instances(part) if path: config.jira.url = path if config.tempo.access_token: if validate_access_token(config.tempo.access_token): return logger.info( f'Could not validate access using {config.tempo.access_token}' ) # config.tempo.access_token = None if config.tempo.client_id and config.tempo.client_secret: service_information = ServiceInformation( urljoin( config.jira.url, '/plugins/servlet/ac/io.tempo.jira/oauth-authorize/' ), urljoin( config.tempo.api_url, '/oauth/token/', ), config.tempo.client_id, config.tempo.client_secret, [], ) manager = CredentialManager( service_information, ) if config.tempo.refresh_token: try: manager.init_with_token(config.tempo.refresh_token) if validate_access_token(manager._access_token): config.tempo.access_token = manager._access_token return except OAuthError: pass if input(BAD_ACCESS_TOKEN).lower()[0] != 'y': sys.exit(1) redirect_uri = 'http://localhost:8158/oauth/code' url = manager.init_authorize_code_process( redirect_uri, str(uuid.uuid4()) ) url = f'{url}&access_type=tenant_user' logger.info('Opening this url in your browser: %s', url) webbrowser.open(url) print('Please finish the authorization process in your browser.') code = manager.wait_and_terminate_authorize_code_process() logger.debug('Code got = %s', code) manager.init_with_authorize_code(redirect_uri, code) logger.debug('Access got = %s', manager._access_token) config.tempo.access_token = manager._access_token config.tempo.refresh_token = manager.refresh_token else: webbrowser.open( urljoin( config.jira.url, '/plugins/servlet/ac/io.tempo.jira/tempo-configuration/' ) ) access_token = input( 'I opened a new browser window where you can get an access token. ' 'Paste your access token here:' ) if validate_access_token(access_token): config.tempo.access_token = access_token else: print('Could not communicate with tempo. Check the logs.') sys.exit(1)
def test_bearer_requests(self): access_token = 'the access token' test_case = self class BearerHandler(BaseHTTPRequestHandler): EXPECTED_METHOD = None def do_GET(self): test_case.assertEqual('GET', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_POST(self): test_case.assertEqual('POST', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_PUT(self): test_case.assertEqual('PUT', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_PATCH(self): test_case.assertEqual('PATCH', BearerHandler.EXPECTED_METHOD) self._handle_request() def do_DELETE(self): test_case.assertEqual('DELETE', BearerHandler.EXPECTED_METHOD) self._handle_request() def _handle_request(self): try: test_case.assertEqual(self.headers.get('Authorization', None), 'Bearer %s' % access_token) self.send_response(OK, 'OK') self.send_header("Content-type", 'text/plain') self.send_header("Content-Length", 0) self.end_headers() except AssertionError as ex: body = str(ex.message) self.send_response(UNAUTHORIZED, 'Unauthorized') self.send_header("Content-type", 'text/plain') self.send_header("Content-Length", len(body)) self.end_headers() self.wfile.write(bufferize_string(body)) with TestServer(api_server_port, BearerHandler): _logger.debug('test_get_token_with_code - server started') api_url = 'http://localhost:%d/api/uri' % api_server_port manager = CredentialManager(service_information, proxies=dict(http='')) manager._access_token = access_token BearerHandler.EXPECTED_METHOD = 'GET' manager.get(api_url) BearerHandler.EXPECTED_METHOD = 'POST' manager.post(api_url) BearerHandler.EXPECTED_METHOD = 'PUT' manager.put(api_url) BearerHandler.EXPECTED_METHOD = 'PATCH' manager.patch(api_url) BearerHandler.EXPECTED_METHOD = 'DELETE' manager.delete(api_url)
#https://pypi.org/project/oauth2-client/ #以下のサンプルは、ブラウザーでアクセスして承認ボタンを押すタイプ #前提条件として、misocaにログインしてアプリの設定をしていること from logging import getLogger, StreamHandler, Formatter from oauth2_client.credentials_manager import CredentialManager, ServiceInformation #スコープの設定 scopes = ['read', 'write'] service_information = ServiceInformation( 'https://app.misoca.jp/oauth2/authorize', #authorizeのULR 'https://app.misoca.jp/oauth2/token', #tokenのULR 'アプリケーションIDを設定すること', 'シークレットIDを設定すること', scopes) manager = CredentialManager(service_information) #リダイレクトURLを設定する redirect_uri = 'http://0.0.0.0:5001/callback_misoca' url = manager.init_authorize_code_process(redirect_uri, 'state_test') #ここでブラウザを開いて、コンソールに表示されたURLをブラウザーに入力する print('Open this url in your browser\n%s' % url) code = manager.wait_and_terminate_authorize_code_process() print('Code got = %s' % code) manager.init_with_authorize_code(redirect_uri, code) #ここでTokenをゲットできている print('Access got = [%s]' % manager._access_token)
def __init__(self, env): self.___manager = CredentialManager( ServiceInformation(env.oauth.authorize, env.oauth.token, env.oauth.clintId, env.oauth.clientSecret, self.___scope))
##################################################################### ##loginidとパスワードを使ってMisoca(ミソカ) APIを使うサンプル ##################################################################### from logging import getLogger, StreamHandler, Formatter from oauth2_client.credentials_manager import CredentialManager, ServiceInformation import urllib.request scopes = ['read', 'write'] service_information = ServiceInformation( 'https://app.misoca.jp/oauth2/authorize', #authorizeのULR 'https://app.misoca.jp/oauth2/token', #tokenのULR 'アプリケーションIDを設定すること', 'シークレットIDを設定すること', scopes) manager = CredentialManager(service_information) manager.init_with_user_credentials('login idを設定', 'パスワードを設定') print('Access got = %s' % manager._access_token) # Here access and refresh token may be used response = manager.get("https://app.misoca.jp/api/v3/contacts") print(response.text)
def _token_request(self, request_parameters, refresh_token_mandatory): response = requests.post(NetatmoClient.TOKEN_URL, data=request_parameters) if response.status_code != 200: CredentialManager._handle_bad_response(response) else: self._process_token_response(response.json(), refresh_token_mandatory)