def post(self, request, format=None): if request.method == "POST": ref_token = request.data.get("refresh_token") expires = timezone.now() + timedelta(seconds=3600000) application = Application.objects.get( client_id=mainSettings.OAUTH_CLIENTID) try: refTokenModel = RefreshToken.objects.get(token=ref_token) except RefreshToken.DoesNotExist: return Response({'error': 'Refresh token invalid'}, status=400) access_token = AccessToken(user=refTokenModel.user, scope='', expires=expires, token=common.generate_token(), application=application) access_token.save() #refresh_token = RefreshToken(token=ref_token, # application=application,access_token=access_token ) refTokenModel.access_token = access_token refTokenModel.save() return Response( { 'token': access_token.token, 'refresh_token': ref_token, "token_type": "Bearer" }, status=HTTPStatus.HTTP_200_OK) else: status_code = HTTPStatus.METHOD_NOT_ALLOWED response = JsonResponse({'success': 'false'}, status=status_code) return response
def save_bearer_token(self, token, request, *args, **kwargs): """ Check if an access_token exists for the couple user/application that is valid and authorized for the same scopes and esures that no refresh token was used. If all the conditions are true the same access_token is issued. Otherwise a new one is created with the default strategy. """ # this queryset identifies all the valid access tokens # for the couple user/application. previous_valid_tokens = AccessToken.objects.filter( user=request.user, application=request.client, ).filter(expires__gt=timezone.now()).order_by('-expires') # if a refresh token was not used and a valid token exists we # can replace the new generated token with the old one. if not request.refresh_token and previous_valid_tokens.exists(): for access_token in previous_valid_tokens: # the previous access_token must allow access to the same scope # or bigger if access_token.allow_scopes(token['scope'].split()): token['access_token'] = access_token.token expires_in = access_token.expires - timezone.now() token['expires_in'] = expires_in.total_seconds() if hasattr(access_token, 'refresh_token'): token['refresh_token'] = access_token.refresh_token.token # break the loop and exist because we found to old token return # default behaviour when no old token is found if request.refresh_token: # remove used refresh token try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert() # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta(seconds=token['expires_in']) if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken( user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], application=request.client, access_token=access_token ) refresh_token.save()
def save_bearer_token(self, token, request, *args, **kwargs): """ Check if an access_token exists for the couple user/application that is valid and authorized for the same scopes and ensures that no refresh token was used. If all the conditions are true the same access_token is issued. Otherwise a new one is created with the default strategy. """ # this queryset identifies all the valid access tokens # for the couple user/application. previous_valid_tokens = AccessToken.objects.filter( user=request.user, application=request.client, ).filter(expires__gt=timezone.now()).order_by('-expires') # if a refresh token was not used and a valid token exists we # can replace the new generated token with the old one. if not request.refresh_token and previous_valid_tokens.exists(): for access_token in previous_valid_tokens: # the previous access_token must allow access to the same scope # or bigger if access_token.allow_scopes(token['scope'].split()): token['access_token'] = access_token.token expires_in = access_token.expires - timezone.now() token['expires_in'] = expires_in.total_seconds() if hasattr(access_token, 'refresh_token'): token[ 'refresh_token'] = access_token.refresh_token.token # break the loop and exist because we found to old token return # default behaviour when no old token is found if request.refresh_token: # remove used refresh token try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert ( ) # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta(seconds=token['expires_in']) if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken(user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken(user=request.user, token=token['refresh_token'], application=request.client, access_token=access_token) refresh_token.save()
def get_user_token(user): """ Returns an access token for the given user. This function facilitates interactions with the bundle service. """ if user is None or not user.is_authenticated(): return None client = Application.objects.get(client_id=cli_client_id(user)) tokens = AccessToken.objects.filter(application_id=client.id, expires__gt=timezone.now() + timedelta(minutes=5)) access_token = None for token in tokens: if token.is_valid([]): access_token = token break if access_token is None: access_token = AccessToken( user=user, scope='', expires=timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS), token=generate_token(), application=client) access_token.save() return str(access_token.token)
def setUp(self): super(PollAPITestCaseOAuthToolkit, self).setUp() # Prepare OAuth Toolkit Access from oauth2_provider.models import AccessToken, Application ot_application = Application( user=self.user, redirect_uris='http://example.com', client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, name='Test Application') ot_application.save() for scope in self.scopes + (None, ): options = { 'user': self.user, 'application': ot_application, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'scope': scope, 'token': getattr(self, scope_attrbute_name) }) ot_access_token = AccessToken(**options) ot_access_token.save() self.choice_url = self.urls['choice_toolkit'] self.poll_url = self.urls['poll_toolkit'] self.scoped_choice_url = self.urls['scoped_choice_toolkit'] self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def signup_client(request): serializer = SignupClientSerializer(data=request.data, context={'request': request}) serializer.is_valid() # print("serializer error: ", oauth2_settings) if serializer.errors: return Response(data=serializer.errors, status=status.HTTP_400_BAD_REQUEST) else: serializer.save() application = Application.objects.get(client_id=serializer.initial_data["client_id"]) expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) activated_user = User.objects.get(email=serializer.data["email"]) access_token = AccessToken( user=activated_user, scope='', expires=expires, token=common.generate_token(), application=application ) access_token.save() refresh_token = RefreshToken( user=activated_user, token=common.generate_token(), application=application, access_token=access_token ) refresh_token.save() return Response({"expires": expires, "access_token": access_token.token, "refresh_token": refresh_token.token}, status=200)
def setUp(self): super(PollAPITestCaseOAuthToolkit, self).setUp() # Prepare OAuth Toolkit Access from oauth2_provider.models import AccessToken, Application ot_application = Application( user=self.user, redirect_uris='http://example.com', client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, name='Test Application' ) ot_application.save() for scope in self.scopes + (None,): options = { 'user': self.user, 'application': ot_application, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'scope': scope, 'token': getattr(self, scope_attrbute_name) }) ot_access_token = AccessToken(**options) ot_access_token.save() self.choice_url = self.urls['choice_toolkit'] self.poll_url = self.urls['poll_toolkit'] self.scoped_choice_url = self.urls['scoped_choice_toolkit'] self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def create_user(self): # FIXME: Please refactor me! self.logout_url = reverse('accounts.logout') self.username = '******' self.password = '******' self.data = \ { 'first_name': 'Demo', 'last_name': 'Demo', 'email': '*****@*****.**', } # this is used to identify addresses created by allocate_wallets mock self.address_id_pattern = 'addr_id_' self._mock_rpc() self.create_main_user() self.client = NexchangeClient() success = self.client.login(username=self.username, password=self.password) expires = timezone.now() + timedelta(days=30) token = AccessToken(user=self.user, token='3HrghbVeDUQWaOriqrXYLZmCb4cEXB', expires=expires) token.save() assert success
def setUp(self): super(PollAPITestCase, self).setUp() self.poll_1 = Poll.objects.get(pk=1) self.poll_2 = Poll.objects.get(pk=2) self.urls = {} kwargs = {'api_name': 'v1'} for api in ['choice', 'poll']: kwargs['resource_name'] = api self.urls[api] = reverse('api_dispatch_list', kwargs=kwargs) # Create a user. username = '******' email = '*****@*****.**' password = '******' self.user = User.objects.create_user(username, email, password) # Prepare OAuth Toolkit Access ot_application = Application( user=self.user, redirect_uris='http://example.com', client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, name='Test Application' ) ot_application.save() self.ot_token = 'TOKEN' ot_access_token = AccessToken( user=self.user, application=ot_application, expires=datetime.datetime.now() + datetime.timedelta(days=10), scope='read', token=self.ot_token ) ot_access_token.save()
def setUp(self): # Hacky way of inserting requested_sources, but it seems django doesn't # want to read this from the test fixture self.member1_project = OAuth2DataRequestProject.objects.get(slug="abc") project_2 = DataRequestProject.objects.get(slug="abc-2") self.member1_project.requested_sources.add(project_2) self.member1_project.save() self.access_token = AccessToken( application=self.member1_project.application, user=self.member1.user, token="test-token-1", expires=timezone.now() + timedelta(days=1), scope="read", ) self.access_token.save() self.access_token_expired = AccessToken( application=self.member1_project.application, user=self.member1.user, token="test-token-2", expires=timezone.now() - timedelta(days=1), scope="read", ) self.access_token_expired.save()
def post(self, request): email = request.POST.get('email') try: if email is None: raise User.DoesNotExist except Exception as e: return Response(data={'error': e.message}, status=400) try: user = User.objects.get(email=email) if user.is_active == False: return Response(status=404, data={'error': 'user deactivated'}) if user: if not user.check_password(request.POST.get('password')): return Response(status=401, data={'error': 'incorrect password'}) userToken = AccessToken.objects.filter(user=user) if userToken: if timezone.now() <= userToken[0].expires: return Response(data={ 'access_token': userToken[0].token, 'token_type': 'Bearer', "email": userToken[0].user.email, "scope": userToken[0].scope }, status=200) else: AccessToken.delete(userToken[0]) return self.issue_new_token(request, user, email) else: return self.issue_new_token(request, user, email) except Exception as e: return Response(status=404, data={'error': e.message})
def save_bearer_token(self, token, request, *args, **kwargs): """ It's messy. It is 90% code from parent function. I didn't find a way to reduce it. I tried and I failed :'( Sin Count += 1 Save access and refresh token, If refresh token is issued, remove old refresh tokens as in rfc:`6` """ if request.refresh_token: # remove used refresh token # Copied as is from parent. I don't know why they're even caring to delete this! - Dheerendra try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert ( ) # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta( seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS if request.response_type == 'token': expires = timezone.now() + timedelta( seconds=settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS) token[ 'expires_in'] = settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken(user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], application=request.client, ) if request.grant_type == 'authorization_code': refresh_tokens = RefreshToken.objects.all().filter( user=request.user, application=request.client).order_by('-id') if len(refresh_tokens) > 0: refresh_token = refresh_tokens[0] # Delete the old access_token refresh_token.access_token.delete() if len(refresh_tokens) > 1: # Enforce 1 token pair. Delete all old refresh_tokens RefreshToken.objects.exclude( pk=refresh_token.id).delete() refresh_token.access_token = access_token refresh_token.save() token['refresh_token'] = refresh_token.token token['groups'] = request.user.groups
def save_bearer_token(self, token, request, *args, **kwargs): if request.refresh_token: try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert () # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken( user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], application=request.client, access_token=access_token ) refresh_token.save() if DEVICE_TOKEN_HEADER in request.headers: self.save_device(request=request, access_token=access_token, refresh_token=refresh_token) token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
def _create_access_token(self, expires, request, token, source_refresh_token=None): access_token = AccessToken( user=request.user, scope=' '.join(request.user.scopes), expires=expires, token=token["access_token"], application=request.client, ) access_token.save() auth_cache = caches['auth'] cached_auth = { 'uid': access_token.user.id, 'scopes': access_token.user.scopes, 'token': access_token.token, } key = 'auth:access_token:{token}'.format(token=access_token.token) auth_cache.set(key, cached_auth, oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) return access_token
def test_scopes_property(self): self.client.login(username="******", password="******") app = Application.objects.create( name="test_app", redirect_uris= "http://localhost http://example.com http://example.it", user=self.user, client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, ) access_token = AccessToken(user=self.user, scope='read write', expires=0, token='', application=app) access_token2 = AccessToken(user=self.user, scope='write', expires=0, token='', application=app) self.assertEqual(access_token.scopes, { 'read': 'Reading scope', 'write': 'Writing scope' }) self.assertEqual(access_token2.scopes, {'write': 'Writing scope'})
def post(self, request): email = request.POST.get('email') try: if email is None: raise User.DoesNotExist except Exception as e: print e return Response(data={'error': e.message}, status=400) try: user = User.objects.get(email=email) user_details = User.objects.filter(email=email) userSerializer = UserSerializer(user_details, many=True) if user.is_active == False: return Response(status=404, data={'error': 'user not verified'}) if not user.check_password("batman25"): return Response(status=401, data={'error': 'incorrect password'}) userToken = AccessToken.objects.filter(user=user) print timezone.now() if not user.qrhash == request.POST.get('qrcode'): return Response(status=404, data={'error': 'Qrcode is not valid'}) # if not timezone.now() >= user.qrhash_expiration: # print user.qrhash # print timezone.now() # print # return Response(status=404, data={'error': 'Qrcode is expired'}) # if user.ismobile_loggedin and timezone.now() <= userToken[0].expires: # return Response(status=404, data={'error': 'You are already logged in any device'}) if userToken: if timezone.now() <= userToken[0].expires: user.ismobile_loggedin = True user.save() return Response(data={ 'access_token': userToken[0].token, 'token_type': 'Bearer', "email": userSerializer.data[0]['email'], "name": userSerializer.data[0]['user_name'], 'avatar': userSerializer.data[0]['avatar'], "scope": userToken[0].scope, "role": { 'admin': userSerializer.data[0]['is_admin'], 'active': userSerializer.data[0]['is_active'], }, "status": '200' }, status=200) else: AccessToken.delete(userToken[0]) return self.issue_new_token(request, user, email) else: return self.issue_new_token(request, user, email) except Exception as e: print e.message return Response(status=404, data={'error': e.message})
def setUpClass(cls): super(DirectSharingOAuth2Tests, cls).setUpClass() cls.authorize_url = ('/direct-sharing/projects/oauth2/authorize/' '?client_id=test-key&response_type=code') user1 = get_or_create_user('bacon') cls.member1, _ = Member.objects.get_or_create(user=user1) cls.member1_project = OAuth2DataRequestProject.objects.get(slug='abc') email1 = cls.member1.primary_email cls.access_token = AccessToken( application=cls.member1_project.application, user=user1, token='test-token-1', expires=datetime.now() + timedelta(days=1), scope='read') cls.access_token.save() cls.access_token_expired = AccessToken( application=cls.member1_project.application, user=user1, token='test-token-2', expires=datetime.now() - timedelta(days=1), scope='read') cls.access_token_expired.save() email1.verified = True email1.save()
def setUp(self): super(PollAPITestCaseOAuth2Provider, self).setUp() from provider.oauth2.models import AccessToken, Client from provider.constants import CONFIDENTIAL, READ, WRITE, READ_WRITE # Prepare OAuth2 Provider Access op_client = Client( user=self.user, name='Test Application', url='http://example.com', redirect_uri='http://example.com', client_type=CONFIDENTIAL ) op_client.save() for scope in self.scopes + (None,): options = { 'user': self.user, 'client': op_client, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'token': getattr(self, scope_attrbute_name), 'scope': locals()[scope.replace(" ", "_").upper()] }) op_access_token = AccessToken(**options) op_access_token.save() self.choice_url = self.urls['choice_provider'] self.poll_url = self.urls['poll_provider'] self.scoped_choice_url = self.urls['scoped_choice_provider'] self.scoped_poll_url = self.urls['scoped_poll_provider']
class RoleEndpointTest(TestCase): def setUp(self): self.client = APIClient() self.user = User.objects.create_user("Foo", "Bar", "*****@*****.**", "123456") self.dev_user = User.objects.create_user("Foo", "Bar1", "*****@*****.**", "123456") self.application = Application( name="Test Application", user=self.dev_user, client_type=Application.CLIENT_PUBLIC, authorization_grant_type=Application.GRANT_PASSWORD, ) self.application.save() self.token = AccessToken( token="ABC123", user=self.user, expires=datetime.datetime.now() + datetime.timedelta(days=1), scope='read write', application=self.application ) self.token.save() self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token.token) def tearDown(self): self.application.delete() self.token.delete() self.user.delete() self.dev_user.delete()
def setUp(self): super(PollAPITestCaseOAuth2Provider, self).setUp() from provider.oauth2.models import AccessToken, Client from provider.constants import CONFIDENTIAL, READ, WRITE, READ_WRITE # Prepare OAuth2 Provider Access op_client = Client(user=self.user, name='Test Application', url='http://example.com', redirect_uri='http://example.com', client_type=CONFIDENTIAL) op_client.save() for scope in self.scopes + (None, ): options = { 'user': self.user, 'client': op_client, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'token': getattr(self, scope_attrbute_name), 'scope': locals()[scope.replace(" ", "_").upper()] }) op_access_token = AccessToken(**options) op_access_token.save() self.choice_url = self.urls['choice_provider'] self.poll_url = self.urls['poll_provider'] self.scoped_choice_url = self.urls['scoped_choice_provider'] self.scoped_poll_url = self.urls['scoped_poll_provider']
def setUp(self): super(PollAPITestCaseOAuthToolkit, self).setUp() call_command('loaddata', 'polls_api_testdata.json', verbosity=0) self.client = Client() self.poll_1 = Poll.objects.get(pk=1) self.poll_2 = Poll.objects.get(pk=2) self.urls = {} kwargs = {'api_name': 'v1'} apis = [ 'choice_toolkit', 'scoped_choice_toolkit', 'poll_toolkit', 'scoped_poll_toolkit', ] for api in apis: kwargs['resource_name'] = api self.urls[api] = reverse('api_dispatch_list', kwargs=kwargs) # Create a user. username = '******' email = '*****@*****.**' password = '******' self.user = User.objects.create_user(username, email, password) self.scopes = ("read", "write", "read write") for scope in self.scopes: scope_attrbute_name = "token_" + scope.replace(" ", "_") setattr(self, scope_attrbute_name, "TOKEN" + scope) self.token = 'TOKEN' self.scoped_token = self.token_read_write ot_application = Application( user=self.user, redirect_uris='http://example.com', client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, name='Test Application' ) ot_application.save() for scope in self.scopes + (None,): options = { 'user': self.user, 'application': ot_application, 'expires': datetime.datetime.now() + datetime.timedelta(days=10), 'token': self.token } if scope: scope_attrbute_name = "token_" + scope.replace(" ", "_") options.update({ 'scope': scope, 'token': getattr(self, scope_attrbute_name) }) ot_access_token = AccessToken(**options) ot_access_token.save() self.choice_url = self.urls['choice_toolkit'] self.poll_url = self.urls['poll_toolkit'] self.scoped_choice_url = self.urls['scoped_choice_toolkit'] self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def save_bearer_token(self, token, request, *args, **kwargs): """ It's messy. It is 90% code from parent function. I didn't find a way to reduce it. I tried and I failed :'( Sin Count += 1 Save access and refresh token, If refresh token is issued, remove old refresh tokens as in rfc:`6` """ if request.refresh_token: # remove used refresh token # Copied as is from parent. I don't know why they're even caring to delete this! - Dheerendra try: RefreshToken.objects.get(token=request.refresh_token).revoke() except RefreshToken.DoesNotExist: assert () # TODO though being here would be very strange, at least log the error expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS) token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS if request.response_type == 'token': expires = timezone.now() + timedelta(seconds=settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS) token['expires_in'] = settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS if request.grant_type == 'client_credentials': request.user = None access_token = AccessToken( user=request.user, scope=token['scope'], expires=expires, token=token['access_token'], application=request.client) access_token.save() if 'refresh_token' in token: refresh_token = RefreshToken( user=request.user, token=token['refresh_token'], application=request.client, ) if request.grant_type == 'authorization_code': refresh_tokens = RefreshToken.objects.all().filter(user=request.user, application=request.client).order_by('-id') if len(refresh_tokens) > 0: refresh_token = refresh_tokens[0] # Delete the old access_token refresh_token.access_token.delete() if len(refresh_tokens) > 1: # Enforce 1 token pair. Delete all old refresh_tokens RefreshToken.objects.exclude(pk=refresh_token.id).delete() refresh_token.access_token = access_token refresh_token.save() token['refresh_token'] = refresh_token.token
def _create_access_token(expires, request, token): access_token = AccessToken( user=request.user, scope=token["scope"], expires=expires, token=token["access_token"], application=request.client ) access_token.save() return access_token
def test_accesstoken_create(self): """ Create an AccessToken and check for signal """ request = self.factory.get('/bluebutton/fhir/v1/ExplanationOfBenefit/') request.user = self.user # xwalk = Crosswalk.objects.get(user=self.user) app = self._create_application('ThePHR', user=request.user) # print("\nApp - prep for AccessToken:%s" % app.name) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = request.user a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = [ "patient/Patient.read", "patient/ExplanationOfBenefit.read" ] a_tkn.save() # print("\n================\nSaved %s" % a_tkn) self.assertEqual(True, True)
def post( self, request, ): serializer_class = serializers.AuthenticateAccountSerializer( data=request.data) if serializer_class.is_valid(): username = serializer_class.data.get('username') password = serializer_class.data.get('password') account = Account.objects.get(username=username) if account.check_password(raw_password=password): payload = { 'uuid': str(account.uuid), 'username': account.username, 'time': str(datetime.now(timezone.utc)), } access_token = jwt.encode(payload, settings.SECRET_KEY).decode('utf-8') try: to_black_list = AccessToken.objects.get(user=account) token_black_list = BlackList() token_black_list.token = to_black_list.value to_black_list.delete() token_black_list.save() except: pass to_access_token = AccessToken() to_access_token.user = account to_access_token.value = str(access_token) to_access_token.save() expires = datetime.now() + timedelta(seconds=300000) refresh_token = AccesssTokenOATH( user=account, expires=expires, token=common.generate_token(), ) refresh_token.save() payload2 = {'token': str(refresh_token)} refresh_token_str = jwt.encode( payload2, settings.SECRET_KEY).decode('utf-8') decode_token = jwt.decode(refresh_token_str, settings.SECRET_KEY) tokens = { 'access_token': access_token, 'refresh_token': refresh_token_str, } return Response(tokens, status=HTTP_201_CREATED) else: return Response({"message": "Authentication failed"}, status=HTTP_400_BAD_REQUEST)
def create(self, request, *args, **kwargs): """ """ data = request.data data = dict(data.items()) serializer = UserCreateSerializer(data=data) host = request.META['HTTP_HOST'] if serializer.is_valid(): user = get_user_model().objects.create_user(**serializer.data) user.set_password(data.get('password')) user.is_active = False user.save() # here generating the activation key activation_key = str(uuid.uuid4()) user.activation_key = activation_key user.save() profile = Profile(user=user) profile.save() mail_user_activation_key(user, host=host) # getting application application = Application.objects.get(name="mmb") # creating access token access_token = AccessToken(user=user, expires=expires, token=generate_token(), application=application) access_token.save() refresh_token = RefreshToken.objects.create( user=user, token=generate_token(), access_token=access_token, application=application) response = { 'access_token': access_token.token, 'token_type': 'Bearer', 'expires_in': settings.OAUTH2_PROVIDER['ACCESS_TOKEN_EXPIRE_SECONDS'], 'refresh_token': refresh_token.token } return Response(response, status=status.HTTP_200_OK) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def callback(request): # Could not authorize twitch app if 'error' in request.GET: # todo: handle appropriately error_message = _('You denied access to your Twitch account') \ if request.GET['error'] == 'access_denied' else _('Error while authentication via Twitch API') messages.error(request, error_message) logger.error( '[Twitch Auth] %s: %s' % (request.META['REMOTE_ADDR'], request.GET['error_description'])) return HttpResponseRedirect('/') # get redirection url # todo: make dynamic or username state based => setup/home/etc redirect_to = settings.FRONTEND_URL + settings.FRONTEND_CALLBACK code = request.GET['code'] state = request.GET['state'] logger.error(f"{code}, {state}") # if user is already logged in, redirect to that url # if request.user.is_authenticated: # return HttpResponseRedirect(redirect_to) # authenticate with backend user = authenticate(request, code=request.GET['code']) if user and user.is_active: # auth_login(request, user) # todo: create oauth2 token try: expires = timezone.now() + timedelta( seconds=settings.ACCESS_TOKEN_EXPIRE_SECONDS) temporary_token = TemporaryToken.objects.get(identifier=state) application = temporary_token.application access_token = AccessToken(user=user, scope='', expires=expires, token=common.generate_token(), application=application) access_token.save() temporary_token.token = access_token temporary_token.approved = True temporary_token.save() except TemporaryToken.DoesNotExist: print("Yo we couldnt find this") # messages.success(request, _('You successfully logged in')) return HttpResponseRedirect(redirect_to) else: print("not an existing user... complete setup") # messages.error(request, _('Cannot authenticate you')) return HttpResponseRedirect('/')
def _create_bearer_token(self, user): app, created = Application.objects.get_or_create( user=user, client_type=Application.CLIENT_CONFIDENTIAL, authorization_grant_type=Application.GRANT_PASSWORD, name=user.username) expires_in = settings.ACCESS_TOKEN_EXPIRE_SECONDS expires = timezone.now() + timedelta(seconds=expires_in) token = AccessToken(user=user, token=generate_token(), application=app, expires=expires) token.save()
def create_access_token(self, user: "******") -> AccessToken: """Create an access token.""" expires = timezone.now() + timedelta(seconds=self.token_expire) access_token = AccessToken( user=user, scope="read write groups", expires=expires, token=common.generate_token(), application=self.jwt_app, ) access_token.save() return access_token
def post(self, request): email = request.POST.get('email') try: if email is None: raise User.DoesNotExist except Exception as e: print e return Response(data={'error': e.message}, status=400) try: user = User.objects.get(email=email) user_details = User.objects.filter(email=email) userSerializer = UserSerializer(user_details, many=True) if user.is_active == False: return Response(status=404, data={'error': 'user not verified'}) if not user.check_password(request.POST.get('password')): return Response(status=401, data={'error': 'incorrect password'}) userToken = AccessToken.objects.filter(user=user) if userToken: if timezone.now() <= userToken[0].expires: # print timezone.now() - timezone.timedelta(days=365) # print timezone.now() + timezone.timedelta(minutes=598) # print userToken[0].expires # print timezone.now() + timezone.timedelta(minutes=598) <= userToken[0].expires return Response(data={ 'access_token': userToken[0].token, 'token_type': 'Bearer', 'avatar': userSerializer.data[0]['avatar'], "email": userSerializer.data[0]['email'], "name": userSerializer.data[0]['user_name'], "scope": userToken[0].scope, "role": { 'admin': userSerializer.data[0]['is_admin'], 'active': userSerializer.data[0]['is_active'] }, "status": '200' }, status=200) else: AccessToken.delete(userToken[0]) return self.issue_new_token(request, user, email) else: return self.issue_new_token(request, user, email) except Exception as e: print e.message return Response(status=404, data={'error': e.message})
def setUpClass(cls): super(DirectSharingOAuth2Tests2, cls).setUpClass() cls.authorize_url = ( "/direct-sharing/projects/oauth2/authorize/" "?client_id=test-key-2&response_type=code" ) user1 = get_or_create_user("bacon") cls.member1, _ = Member.objects.get_or_create(user=user1) cls.member1.save() cls.member1_project = OAuth2DataRequestProject.objects.get(slug="abc3") cls.member1_project.save() email1 = cls.member1.primary_email cls.access_token = AccessToken( application=cls.member1_project.application, user=user1, token="test-token-1", expires=timezone.now() + timedelta(days=1), scope="read", ) cls.access_token.save() email1.verified = True email1.save()
def generate_access_token(user): '''获取 accesstoken, 由于微信小程序无法使用session, 所以采用oauth的机制''' application = Application.objects.get( client_id=settings.ORIGINAL_OAUTH2_CLIENT_ID, client_secret=settings.ORIGINAL_OAUTH2_CLIENT_SECRET, ) expires = arrow.now().shift(years=1).datetime token = common.generate_token() scopes = ['read', 'write'] access_token = AccessToken( user=user, scope=scopes, expires=expires, token=token, application=application, source_refresh_token=None, ) access_token.save() return access_token
def send_email(request): """ Send an email related to a user password reset. TODO: move to /users; fix HttpResponse --- parameters: - name: email paramType: form - name: user paramType: form """ email = request.POST.get('email') name = request.POST.get('user') user = User.objects.get(username=name) if user.email != email: return HttpResponse(status.HTTP_403_FORBIDDEN) uidb64 = base64.urlsafe_b64encode(force_bytes(user.pk)) token = AccessToken( user=user, application=Application.objects.get( client_id='aHD4NUa4IRjA1OrPD2kJLXyz34c06Bi5eVX8O94p'), expires=timezone.now() + timezone.timedelta(minutes=5), token=generate_token()) token.save() email_config = { 'email': email, 'domain': request.META['HTTP_HOST'], 'site_name': 'TRAC', 'uid': uidb64, 'user': user, 'token': str(token), 'protocol': 'https://', } url = "/".join((email_config['domain'], 'UserSettings', email_config['uid'], email_config['token'], '')) email_body = loader.render_to_string( '../templates/email_templates/email_template.html', email_config) send_mail('Reset Password Request', email_body, '*****@*****.**', (email_config['email'], ), fail_silently=False) return HttpResponse(status.HTTP_200_OK)
def create_access_token(self, user_id, application_id, scopes, expiry_in_seconds): import datetime from oauth2_provider.models import AccessToken access_token = self._generate_access_token() expires = datetime.datetime.now() + datetime.timedelta( seconds=expiry_in_seconds) access_token_object = AccessToken(user_id=user_id, token=access_token, application_id=application_id, expires=expires, scope=scopes) access_token_object.save() from common.dtos import AccessTokenDTO return AccessTokenDTO(access_token_id=access_token_object.id, token=access_token_object.token, expires=expires)
def archive_bearer_token(self): # During testing, you will probably have to copy access tokens from prod for this to work try: app = Application.objects.get(name='Archive') except Application.DoesNotExist: logger.error( 'Archive application not found. Oauth applications need to be populated.' ) return '' access_token = AccessToken.objects.filter( user=self.user, application=app, expires__gt=timezone.now()).last() if not access_token: access_token = AccessToken(user=self.user, application=app, token=uuid.uuid4().hex, expires=timezone.now() + timedelta(days=30)) access_token.save() return access_token.token
def setup_user_token(): # create user user = User.objects.create_user('hongzhi', password='******') # create oauth application app = Application() app.user = user app.save() token = AccessToken() token.user = user token.expires = timezone.now().replace(year=timezone.now().year + 1) token.application = app token.token = '987654321' token.save() return user, token.token
def test_accesstoken_create(self): """ Create an AccessToken and check for signal """ request = self.factory.get('/create_test_account/bb_upload/') request.user = self.user # xwalk = Crosswalk.objects.get(user=self.user) app = self._create_application('ThePHR', user=request.user) # print("\nApp - prep for AccessToken:%s" % app.name) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = request.user a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = ["patient/Patient.read", "patient/ExplanationOfBenefit.read"] a_tkn.save() # print("\n================\nSaved %s" % a_tkn) self.assertEqual(True, True)
def verify_token(request): """ Verify client token is valid :param request: :return: """ key = request.POST.get('token', '') try: token = AccessToken.objects.get(token=key) if AccessToken.is_valid(token): logging.info('Valid access') return JsonResponse( {'isValid': 'true'} ) except AccessToken.DoesNotExist, e: return JsonResponse( {'isValid': 'false'} )
class BaseTest(APITestCase): def setUp(self): self.test_user = User.objects.create_user( username="******", email="*****@*****.**", first_name="Trevor", last_name="Hutto", password="******", bio="this is me.", profile_picture=SimpleUploadedFile(name='foo.gif', content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'), header_picture=SimpleUploadedFile(name='foo.gif', content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'), ) self.dev_user = User.objects.create_user( username="******", email="*****@*****.**", first_name="Camron", last_name="Godbout", password="******" ) self.test_post = Post.objects.create( author=self.test_user, title="title", latitude="1.123123", longitude="1.123123" ) self.test_image = Image.objects.create( image=SimpleUploadedFile(name='foo.gif', content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'), caption="here es captiones" ) self.test_video = Video.objects.create( video=SimpleUploadedFile("file.mp4", "file_content", content_type="video/mp4"), caption="here es captiones" ) self.test_snippet = Snippet.objects.create( snippet="here is a snippet" ) self.post_snippet = PostSnippet.objects.create( snippet=self.test_snippet, post=self.test_post, position=0 ) self.post_video = PostVideo.objects.create( video=self.test_video, post=self.test_post ) self.post_image = PostImage.objects.create( image=self.test_image, post=self.test_post, position=1 ) self.application = Application( name="Test Application", redirect_uris="http://example.com", user=self.dev_user, client_type=Application.CLIENT_PUBLIC, authorization_grant_type=Application.GRANT_PASSWORD, ) self.application.save() self.access_token = AccessToken( user=self.test_user, scope='read write', expires=timezone.now() + timedelta(seconds=300), token='secret-access-token-key', application=self.application ) self.access_token.save() oauth2_settings._SCOPES = ['read', 'write'] def tearDown(self): self.application.delete() self.test_user.delete() if settings.DEBUG: if self.test_user.profile_picture: if os.path.isfile(self.test_user.profile_picture.path): os.remove(self.test_user.profile_picture.path) if self.test_user.header_picture: if os.path.isfile(self.test_user.header_picture.path): os.remove(self.test_user.header_picture.path) self.dev_user.delete() if settings.DEBUG: if self.test_image.image: if os.path.isfile(self.test_image.image.path): os.remove(self.test_image.image.path) self.test_image.delete() self.test_post.delete() self.test_snippet.delete() if settings.DEBUG: if self.test_video.video: if os.path.isfile(self.test_video.video.path): os.remove(self.test_video.video.path) self.test_video.delete() def get_basic_auth_header(self, user, password): """ Return a dict containg the correct headers to set to make HTTP Basic Auth request """ user_pass = '******'.format(user, password) auth_string = base64.b64encode(user_pass.encode('utf-8')) auth_headers = { 'HTTP_AUTHORIZATION': 'Basic ' + auth_string.decode("utf-8"), } return auth_headers def get_access_token_header(self): """ Return a dict containing the correct headers to set to make an authorized request. """ access_token_header = { 'Authorization': 'Bearer ' + self.access_token.token } return access_token_header
def setUp(self): self.test_user = User.objects.create_user( username="******", email="*****@*****.**", first_name="Trevor", last_name="Hutto", password="******", bio="this is me.", profile_picture=SimpleUploadedFile(name='foo.gif', content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'), header_picture=SimpleUploadedFile(name='foo.gif', content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'), ) self.dev_user = User.objects.create_user( username="******", email="*****@*****.**", first_name="Camron", last_name="Godbout", password="******" ) self.test_post = Post.objects.create( author=self.test_user, title="title", latitude="1.123123", longitude="1.123123" ) self.test_image = Image.objects.create( image=SimpleUploadedFile(name='foo.gif', content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'), caption="here es captiones" ) self.test_video = Video.objects.create( video=SimpleUploadedFile("file.mp4", "file_content", content_type="video/mp4"), caption="here es captiones" ) self.test_snippet = Snippet.objects.create( snippet="here is a snippet" ) self.post_snippet = PostSnippet.objects.create( snippet=self.test_snippet, post=self.test_post, position=0 ) self.post_video = PostVideo.objects.create( video=self.test_video, post=self.test_post ) self.post_image = PostImage.objects.create( image=self.test_image, post=self.test_post, position=1 ) self.application = Application( name="Test Application", redirect_uris="http://example.com", user=self.dev_user, client_type=Application.CLIENT_PUBLIC, authorization_grant_type=Application.GRANT_PASSWORD, ) self.application.save() self.access_token = AccessToken( user=self.test_user, scope='read write', expires=timezone.now() + timedelta(seconds=300), token='secret-access-token-key', application=self.application ) self.access_token.save() oauth2_settings._SCOPES = ['read', 'write']
def test_access_token_signal_update(self): """ Create AccessToken check for update to user/app consent """ usr = self.user app = self._create_application('ThePHR', user=usr) # xwalk = Crosswalk.objects.get(user=usr) this_moment = timezone.now() future_time = this_moment + relativedelta(years=1) a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = ["patient/Patient.read", "patient/ExplanationOfBenefit.read"] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) print("\nConsent:%s" % f_c) print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "1") a_tkn.delete() a_tkn = AccessToken() a_tkn.user = usr a_tkn.application = app a_tkn.token = "1234567890" a_tkn.expires = future_time a_tkn.scope = ["patient/Patient.read", "patient/ExplanationOfBenefit.read"] a_tkn.save() f_c = fhir_Consent.objects.get(user=usr, application=app) print("\nUpdated Consent:%s" % f_c) print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent)) self.assertEqual(f_c.consent['meta']['versionId'], "2")
class DirectSharingOAuth2Tests(DirectSharingMixin, DirectSharingTestsMixin, TestCase): """ Tests for private sharing OAuth2 projects. """ @classmethod def setUpClass(cls): super().setUpClass() cls.authorize_url = ( "/direct-sharing/projects/oauth2/authorize/" "?client_id=test-key&response_type=code" ) user1 = get_or_create_user("bacon") cls.member1, _ = Member.objects.get_or_create(user=user1) email1 = cls.member1.primary_email email1.verified = True email1.save() def setUp(self): # Hacky way of inserting requested_sources, but it seems django doesn't # want to read this from the test fixture self.member1_project = OAuth2DataRequestProject.objects.get(slug="abc") project_2 = DataRequestProject.objects.get(slug="abc-2") self.member1_project.requested_sources.add(project_2) self.member1_project.save() self.access_token = AccessToken( application=self.member1_project.application, user=self.member1.user, token="test-token-1", expires=timezone.now() + timedelta(days=1), scope="read", ) self.access_token.save() self.access_token_expired = AccessToken( application=self.member1_project.application, user=self.member1.user, token="test-token-2", expires=timezone.now() - timedelta(days=1), scope="read", ) self.access_token_expired.save() @unittest.skip("Hitting django bug #27398") def test_authorize_if_logged_out(self): response = self.client.get(self.authorize_url) self.assertRedirects( response, "/account/login/oauth2/?connection=abc&next={}".format( quote(self.authorize_url, safe="") ), ) def test_authorize_if_logged_in(self): login = self.client.login(username="******", password="******") self.assertTrue(login) self.update_member(joined=False, authorized=False) response = self.client.get(self.authorize_url) self.assertEqual(response.status_code, 200) def test_authorize_if_already_authorized(self): login = self.client.login(username="******", password="******") self.assertTrue(login) self.update_member(joined=True, authorized=True) response = self.client.get(self.authorize_url) self.assertTrue(b"Project previously authorized." in response.content) @unittest.skipIf((not settings.AWS_STORAGE_BUCKET_NAME), "AWS not set up.") def test_exchange_member(self): self.update_member(joined=True, authorized=True) project_member = DataRequestProjectMember.objects.get( project=self.member1_project, member=self.member1 ) response = self.client.get( "/api/direct-sharing/project/exchange-member/" "?access_token={}".format(self.access_token) ) json = response.json() self.assertTrue(json["project_member_id"] == project_member.project_member_id) self.assertTrue(json["username"] == "bacon") self.assertTrue(len(json["sources_shared"]) == 2) self.assertTrue("direct-sharing-2" in json["sources_shared"]) self.assertFalse("direct-sharing-1" in json["sources_shared"]) datafile_sources = [x["source"] for x in json["data"]] self.assertIn("direct-sharing-2", datafile_sources) # Project sees its own data. self.assertIn("direct-sharing-2", datafile_sources) # Unauthorized data not available. self.assertNotIn("direct-sharing-3", datafile_sources) def test_exchange_member_token_expired(self): self.update_member(joined=True, authorized=True) response = self.client.get( "/api/direct-sharing/project/exchange-member/" "?access_token={}".format(self.access_token_expired) ) self.assertEqual(response.status_code, 401) self.assertEqual(response.json()["detail"], "Expired token.") @unittest.skip("Obsolete") def test_oauth2_authorize(self): login = self.client.login(username="******", password="******") self.assertTrue(login) response = self.client.get(self.authorize_url) data = { "redirect_uri": "http://*****:*****@unittest.skipIf((not settings.AWS_STORAGE_BUCKET_NAME), "AWS not set up.") def test_member_access_token(self): member = self.update_member(joined=True, authorized=True) datatypes = self.insert_datatypes() self.member1_project.registered_datatypes.clear() self.member1_project.registered_datatypes.add( datatypes.get(name="all your base") ) self.member1_project.registered_datatypes.add( datatypes.get(name="are belong to us") ) self.member1_project.save() response = self.client.post( "/api/direct-sharing/project/files/upload/?access_token={}".format( self.access_token ), data={ "project_member_id": member.project_member_id, "datatypes": '["all your base", "are belong to us"]', "metadata": ( '{"description": "Test description...", ' '"tags": ["tag 1", "tag 2", "tag 3"]}' ), "data_file": StringIO("just testing..."), }, ) response_json = response.json() self.assertIn("id", response_json) self.assertEqual(response.status_code, 201) self.assertNotIn("errors", response_json) data_file = ProjectDataFile.objects.get( id=response_json["id"], direct_sharing_project=self.member1_project, user=self.member1.user, ) self.assertEqual(data_file.metadata["description"], "Test description...") self.assertEqual(data_file.metadata["tags"], ["tag 1", "tag 2", "tag 3"]) self.assertEqual(data_file.file.readlines(), [b"just testing..."]) def test_message_member(self): self.update_member(joined=True, authorized=True) response = self.client.post( "/api/direct-sharing/project/message/?access_token={}".format( self.access_token ), data={ "subject": "Sending a good test email", "message": "The content of this email\nis a test.\n", }, ) response_json = response.json() self.assertEqual(response_json, "success") def test_message_expired_token(self): self.update_member(joined=True, authorized=True) response = self.client.post( "/api/direct-sharing/project/message/?access_token={}".format( self.access_token_expired ), data={ "subject": "Sending a bad test email", "message": "The content of this email\nis a test.\n", }, ) self.assertEqual(response.status_code, 401) self.assertEqual(response.json()["detail"], "Expired token.") def test_remove_member(self): projmember = self.update_member(joined=True, authorized=True) response = self.client.post( "/api/direct-sharing/project/remove-members/?" "access_token={}".format(self.access_token) ) response_json = response.json() self.assertEqual(response_json, "success") # Get a fresh copy before checking. projmember = DataRequestProjectMember.objects.get(id=projmember.id) self.assertEqual(projmember.authorized, False)