def results_by_access_token(results, client_secret):
""" Splits results by access token validity
The first list of results have valid access tokens
The second list do not
"""
access_results = []
other_results = []
for result in results:
# do we even have a token
if result.access_token is None:
other_results.append(result)
else:
# check encrypted access token
tok = result.access_token
decrypted = decrypt(client_secret, tok)
if hash_sha1_64(decrypted) != result.access_sha1:
logger.debug("Invalidated %s because of invalid access checksum"%(result.id,))
other_results.append(result)
else:
# check token expiration
if result.access_exp and \
result.access_exp - time.time() < 300:
# will expire in less than 5 minutes
logger.debug("Invalidated %s because it will expire in less than 5 minutes: %s"%(result.id,result.access_exp - time.time()))
other_results.append(result)
else:
access_results.append(result)
return access_results, other_results
def access_token(record, client_secret):
""" Loads up an access_token from the database
The resulting object can be returned to the client
"""
access_token = decrypt(client_secret, record.access_token)
if hash_sha1_64(access_token) == record.access_sha1:
token = {
"access_token": access_token,
"token_type": record.access_token_type
}
if record.access_exp:
token['expires_in'] = int(record.access_exp - time.time())
else:
token['expires_in'] = 600 # 10 minute default
return token
else:
logger.info("Invalid access checksum in database")
return None
def results_by_refresh_token(results, client_secret): """ Splits results by refresh token validity The first list of results have valid refresh tokens The second list do not """ refresh_results = [] other_results = [] for result in results: # do we even have a token if result.refresh_token is None: other_results.append(result) else: # check encrypted refresh token tok = result.refresh_token decrypted = decrypt(client_secret, tok) if hash_sha1_64(decrypted) != result.refresh_sha1: other_results.append(result) else: refresh_results.append(result) return refresh_results, other_results
def refresh_access(self, record, client_secret):
logger.info("Refreshing access token for "+record.client_id)
refresh_token = decrypt(client_secret, record.refresh_token)
data = {"client_id": record.client_id, "client_secret": client_secret, \
"refresh_token": refresh_token, "grant_type": "refresh_token"}
r = requests.post(record.token_uri, data=data)
if int(r.status_code / 100) == 2:
token_data = r.json()
else:
token_data = None
if token_data is not None and 'error' not in token_data:
self.parse_access_token(record, client_secret, token_data)
else:
record.refresh_token = None
record.refresh_sha1 = None
record.access_token = None
record.access_sha1 = None
record.access_exp = None
self.db.commit()
return record
