def verify_access_token(request, key):
try:
token = None
if request:
token = get_token_object_from_session(request.session)
if not token or token.key != key:
token = AccessToken.objects.get(token=key)
if not token.is_valid():
raise OAuthToolkitError('AccessToken is not valid.')
if token.is_expired():
raise OAuthToolkitError('AccessToken has expired.')
except AccessToken.DoesNotExist:
raise FatalClientError("AccessToken not found at all.")
except Exception:
return None
return token
def get(self, request, *args, **kwargs):
if request.resource_owner:
user = request.resource_owner
#set = user.accesstoken_set.all()
access_token = request.GET.get('access_token', None)
if not access_token:
access_token = request.META.get('HTTP_AUTHORIZATION', None)
if access_token:
access_token = access_token.replace("Bearer ", "")
token = AccessToken.objects.filter(token=access_token).first()
if not token:
return self.error_response(
OAuthToolkitError("No access token"))
is_superuser, can_authenticate = self.get_group_permissions(
token.user, token)
# if set the personal settings overwrite the user settings
pp_superuser, pp_authenticate = self.get_personal_permissions(
token.user, token)
if pp_superuser is not None:
if type(pp_superuser) is bool:
is_superuser = pp_superuser
if pp_authenticate is not None:
if type(pp_authenticate) is bool:
can_authenticate = pp_authenticate
return JsonResponse({
'id': user.username,
'first_name': user.first_name,
'last_name': user.last_name,
'name': user.first_name + ' ' + user.last_name,
'email': user.email,
#ToDo: check the emails
'email_verifyed': 'True',
'email_verified': 'True',
'is_superuser': is_superuser,
'can_authenticate': can_authenticate
})
return self.error_response(OAuthToolkitError("No resource owner"))
def oauth_error(self, request, error, **kwargs):
# UGLY HACK
from oauthlib.common import Request
core = self.get_oauthlib_core()
uri, http_method, body, headers = core._extract_params(request)
orequest = Request(uri,
http_method=http_method,
body=body,
headers=headers)
raise OAuthToolkitError(
error=error(request=orequest, state=orequest.state, **kwargs))
def validate_authorization_request(self, request):
"""
A wrapper method that calls validate_authorization_request on `server_class` instance.
:param request: The current django.http.HttpRequest object
"""
try:
uri, http_method, body, headers = self._extract_params(request)
headers["tatl.scopes"] = request.user.get_all_permissions(
) if request.user else []
scopes, credentials = self.server.validate_authorization_request(
uri, http_method=http_method, body=body, headers=headers)
return scopes, credentials
except oauth2.FatalClientError as error:
raise FatalClientError(error=error)
except oauth2.OAuth2Error as error:
raise OAuthToolkitError(error=error)
def get(self, request):
access_token = request.GET.get('access_token', None)
if not access_token:
access_token = request.META.get('HTTP_AUTHORIZATION', None)
if access_token:
access_token = access_token.replace("Bearer ", "")
token = AccessToken.objects.filter(token=access_token).first()
if not token:
return self.error_response(OAuthToolkitError("No access token"))
# dont check for expired/valid, if the token was valid it's enough
#if not token.is_valid():
# return self.error_response(OAuthToolkitError("invalid access token"))
user = token.user
self.clean_user_sessions(user)
self.clean_user_tokens(user)
return HttpResponse("OK")
def test_error_response_with_redirect(self):
"""Test that errors are rendered without a 'url' context variable."""
base_error = FakeOAuthLibError()
error = OAuthToolkitError(error=base_error)
response = self.view.error_response(error)
self.assertIsInstance(response, HttpResponseUriRedirect)