def results_by_access_token(results, client_secret): """ Splits results by access token validity The first list of results have valid access tokens The second list do not """ access_results = [] other_results = [] for result in results: # do we even have a token if result.access_token is None: other_results.append(result) else: # check encrypted access token tok = result.access_token decrypted = decrypt(client_secret, tok) if hash_sha1_64(decrypted) != result.access_sha1: logger.debug("Invalidated %s because of invalid access checksum"%(result.id,)) other_results.append(result) else: # check token expiration if result.access_exp and \ result.access_exp - time.time() < 300: # will expire in less than 5 minutes logger.debug("Invalidated %s because it will expire in less than 5 minutes: %s"%(result.id,result.access_exp - time.time())) other_results.append(result) else: access_results.append(result) return access_results, other_results
def access_token(record, client_secret): """ Loads up an access_token from the database The resulting object can be returned to the client """ access_token = decrypt(client_secret, record.access_token) if hash_sha1_64(access_token) == record.access_sha1: token = { "access_token": access_token, "token_type": record.access_token_type } if record.access_exp: token['expires_in'] = int(record.access_exp - time.time()) else: token['expires_in'] = 600 # 10 minute default return token else: logger.info("Invalid access checksum in database") return None
def results_by_refresh_token(results, client_secret): """ Splits results by refresh token validity The first list of results have valid refresh tokens The second list do not """ refresh_results = [] other_results = [] for result in results: # do we even have a token if result.refresh_token is None: other_results.append(result) else: # check encrypted refresh token tok = result.refresh_token decrypted = decrypt(client_secret, tok) if hash_sha1_64(decrypted) != result.refresh_sha1: other_results.append(result) else: refresh_results.append(result) return refresh_results, other_results
def refresh_access(self, record, client_secret): logger.info("Refreshing access token for "+record.client_id) refresh_token = decrypt(client_secret, record.refresh_token) data = {"client_id": record.client_id, "client_secret": client_secret, \ "refresh_token": refresh_token, "grant_type": "refresh_token"} r = requests.post(record.token_uri, data=data) if int(r.status_code / 100) == 2: token_data = r.json() else: token_data = None if token_data is not None and 'error' not in token_data: self.parse_access_token(record, client_secret, token_data) else: record.refresh_token = None record.refresh_sha1 = None record.access_token = None record.access_sha1 = None record.access_exp = None self.db.commit() return record