def test_extract_success(self): body = {"foo": "bar"} payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip("=") jwt = "stuff." + payload + ".signature" extracted = _extract_id_token(jwt) self.assertEqual(body, extracted)
def test_extract_success(self): body = {'foo': 'bar'} payload = base64.urlsafe_b64encode(simplejson.dumps(body)).strip('=') jwt = 'stuff.' + payload + '.signature' extracted = _extract_id_token(jwt) self.assertEqual(extracted, body)
def set_google_credentials(strategy, details, response, user=None, *args, **kwargs): """ Saves google credentials to work with API """ if user: token_expiry = datetime.datetime.utcnow() + datetime.timedelta( seconds=int(response.get('expires_in'))) id_token = _extract_id_token(response.get('id_token')) credential = OAuth2Credentials( access_token=response.get('access_token'), client_id=settings.GOOGLE_OAUTH2_CLIENT_ID, client_secret=settings.GOOGLE_OAUTH2_CLIENT_SECRET, refresh_token=response.get('refresh_token'), token_expiry=token_expiry, token_uri=GOOGLE_TOKEN_URI, user_agent=None, revoke_uri=GOOGLE_REVOKE_URI, id_token=id_token, token_response=response) google_credential, is_created = GoogleCredentials.objects.get_or_create( user=user) google_credential.credential = credential google_credential.save()
def get_credentials(self, code, state, **kwargs): 'use callback data to get an access token' if state != self.state: return False # CSRF attack?!? d = dict(code=code, client_id=self.keys['client_id'], client_secret=self.keys['client_secret'], redirect_uri=self.keys['redirect_uri'], grant_type='authorization_code') r = requests.post(self.token_uri, data=d) self.access_data = ad = r.json() try: token_expiry = datetime.utcnow() \ + timedelta(seconds=int(ad['expires_in'])) except KeyError: token_expiry = None if 'id_token' in ad: ad['id_token'] = _extract_id_token(ad['id_token']) c = OAuth2Credentials(ad['access_token'], d['client_id'], d['client_secret'], ad.get('refresh_token', None), token_expiry, self.token_uri, self.user_agent, id_token=ad.get('id_token', None)) self.credentials = c return c
def _update(self, rapt, content, access_token, refresh_token=None, expires_in=None, id_token=None): if rapt: self.rapt_token = rapt self.token_response = content self.access_token = access_token self.refresh_token = (refresh_token if refresh_token else self.refresh_token) if expires_in: delta = datetime.timedelta(seconds=int(expires_in)) self.token_expiry = delta + client._UTCNOW() else: self.token_expiry = None self.id_token_jwt = id_token self.id_token = (client._extract_id_token(id_token) if id_token else None) self.invalid = False if self.store: self.store.locked_put(self)
def step2_exchange(self, code, http=None): """ Don't send scope in step2 """ if not (isinstance(code, str) or isinstance(code, unicode)): if 'code' not in code: if 'error' in code: error_msg = code['error'] else: error_msg = 'No code was supplied in the query parameters.' raise FlowExchangeError(error_msg) else: code = code['code'] body = urllib.urlencode({ 'grant_type': 'authorization_code', 'client_id': self.client_id, 'client_secret': self.client_secret, 'code': code, 'redirect_uri': self.redirect_uri, }) headers = { 'content-type': 'application/x-www-form-urlencoded', } if self.user_agent is not None: headers['user-agent'] = self.user_agent if http is None: http = httplib2.Http() resp, content = http.request(self.token_uri, method='POST', body=body, headers=headers) d = _parse_exchange_token_response(content) if resp.status == 200 and 'access_token' in d: access_token = d['access_token'] refresh_token = d.get('refresh_token', None) token_expiry = None if 'expires_in' in d: token_expiry = datetime.datetime.utcnow() + datetime.timedelta( seconds=int(d['expires_in'])) if 'id_token' in d: d['id_token'] = _extract_id_token(d['id_token']) logger.info('Successfully retrieved access token') return OAuth2Credentials(access_token, self.client_id, self.client_secret, refresh_token, token_expiry, self.token_uri, self.user_agent, id_token=d.get('id_token', None)) else: logger.info('Failed to retrieve access token: %s' % content) if 'error' in d: # you never know what those providers got to say error_msg = unicode(d['error']) else: error_msg = 'Invalid response: %s.' % str(resp.status) raise FlowExchangeError(error_msg)
def test_extract_success(self): body = {'foo': 'bar'} body_json = json.dumps(body).encode('ascii') payload = base64.urlsafe_b64encode(body_json).strip(b'=') jwt = b'stuff.' + payload + b'.signature' extracted = _extract_id_token(jwt) self.assertEqual(extracted, body)
def test_extract_success(self): body = {"foo": "bar"} body_json = json.dumps(body).encode("ascii") payload = base64.urlsafe_b64encode(body_json).strip(b"=") jwt = b"stuff." + payload + b".signature" extracted = _extract_id_token(jwt) self.assertEqual(extracted, body)
def make_credentials(self, user): token_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=int(user['expires_in'])) id_token = _extract_id_token(user['id_token']) credential = OAuth2Credentials( access_token=user['access_token'], client_id=self.settings['google_oauth']['key'], client_secret=self.settings['google_oauth']['secret'], refresh_token=user['refresh_token'], token_expiry=token_expiry, token_uri=GOOGLE_TOKEN_URI, user_agent=None, revoke_uri=GOOGLE_REVOKE_URI, id_token=id_token, token_response=user) return credential
def get(self): logging.warning('Beginning') args = dict(client_id=GOOGLE_CLIENT_ID, redirect_uri=server + "/googleauth") args['client_secret'] = GOOGLE_CLIENT_SECRET args['code'] = self.request.get('code') args['grant_type'] = 'authorization_code' url = 'https://accounts.google.com/o/oauth2/token' data = urllib.urlencode(args) req = urllib.urlopen(url, data) response = req.read() # logging.warning(response) # logging.warning('Going to try for id token') id_token = client._extract_id_token(json.loads(response)["id_token"]) email = id_token["email"] # access_token = crypt._urlsafe_b64decode(json.loads(response)["access_token"]) # logging.warning(access_token) # logging.warning('Going to try for profile with' + access_token) # profile_response = urllib.urlopen( # "https://wwww.googleapis.com/oauth2/v1/userinfo?access_token=" + # access_token).read() # logging.warning(profile_response) # profile = json.loads(profile_response) # logging.warning('Going to try for email') # email = profile["email"] test_key = db.Key.from_path('User', email) test_user = db.get(test_key) # self.auth().unset_session() if test_user == None: newUser = User(key_name=email) newUser.email = email newUser.name = email newUser.friends_list = [] newUser.event_key_list = [] newUser.auth_id = email newUser.g_token = id_token newUser.all_start = [] newUser.all_end = [] newUser.all_content = [] newUser.all_group = [] newUser.all_className = [] newUser.total_events = 0 newUser.put() else: newUser.g_token = id_token user = {'user_id': email, 'email': email} self.auth().set_session(user, User.create_auth_token(email)) self.redirect('/')
def make_credentials(self, user): # return AccessTokenCredentials(user['access_token'], "juliabox") token_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=int(user['expires_in'])) id_token = _extract_id_token(user['id_token']) credential = OAuth2Credentials( access_token=user['access_token'], client_id=self.settings['google_oauth']['key'], client_secret=self.settings['google_oauth']['secret'], refresh_token=user['refresh_token'], token_expiry=token_expiry, token_uri=GOOGLE_TOKEN_URI, user_agent=None, revoke_uri=GOOGLE_REVOKE_URI, id_token=id_token, token_response=user) return credential
def make_credentials(self, user): # return AccessTokenCredentials(user['access_token'], "juliabox") token_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=int(user['expires_in'])) id_token = _extract_id_token(user['id_token']) credential = OAuth2Credentials( access_token=user['access_token'], client_id=self.settings[self._OAUTH_SETTINGS_KEY]['key'], client_secret=self.settings[self._OAUTH_SETTINGS_KEY]['secret'], refresh_token=user['refresh_token'], token_expiry=token_expiry, token_uri=GOOGLE_TOKEN_URI, user_agent=None, revoke_uri=GOOGLE_REVOKE_URI, id_token=id_token, token_response=user) return credential
def get(self): logging.warning('Beginning') args = dict(client_id=GOOGLE_CLIENT_ID, redirect_uri=server + "/googleauth") args['client_secret'] = GOOGLE_CLIENT_SECRET args['code'] = self.request.get('code') args['grant_type'] = 'authorization_code' url = 'https://accounts.google.com/o/oauth2/token' data = urllib.urlencode(args) req = urllib.urlopen(url,data) response = req.read() # logging.warning(response) # logging.warning('Going to try for id token') id_token = client._extract_id_token(json.loads(response)["id_token"]) email = id_token["email"] # access_token = crypt._urlsafe_b64decode(json.loads(response)["access_token"]) # logging.warning(access_token) # logging.warning('Going to try for profile with' + access_token) # profile_response = urllib.urlopen( # "https://wwww.googleapis.com/oauth2/v1/userinfo?access_token=" + # access_token).read() # logging.warning(profile_response) # profile = json.loads(profile_response) # logging.warning('Going to try for email') # email = profile["email"] test_key = db.Key.from_path('User',email) test_user = db.get(test_key) # self.auth().unset_session() if test_user == None: newUser = User(key_name = email) newUser.email = email newUser.name = email newUser.friends_list = [] newUser.event_key_list = [] newUser.auth_id = email newUser.g_token = id_token newUser.all_start = [] newUser.all_end = [] newUser.all_content = [] newUser.all_group = [] newUser.all_className = [] newUser.total_events = 0 newUser.put() else: newUser.g_token = id_token user = {'user_id':email, 'email':email} self.auth().set_session(user,User.create_auth_token(email)) self.redirect('/')
def _do_refresh_request(self, http, rapt_refreshed=False): """Refresh the access_token using the refresh_token. Args: http: An object to be used to make HTTP requests. rapt_refreshed: If we did or did not already refreshed the rapt token. Raises: HttpAccessTokenRefreshError: When the refresh fails. """ body = self._generate_refresh_request_body() headers = self._generate_refresh_request_headers() logger.info('Refreshing access_token') resp, content = transport.request(http, self.token_uri, method='POST', body=body, headers=headers) content = _helpers._from_bytes(content) if resp.status != http_client.OK: self._handle_refresh_error(http, rapt_refreshed, resp, content) return d = json.loads(content) self.token_response = d self.access_token = d['access_token'] self.refresh_token = d.get('refresh_token', self.refresh_token) if 'expires_in' in d: delta = datetime.timedelta(seconds=int(d['expires_in'])) self.token_expiry = delta + client._UTCNOW() else: self.token_expiry = None if 'id_token' in d: self.id_token = client._extract_id_token(d['id_token']) self.id_token_jwt = d['id_token'] else: self.id_token = None self.id_token_jwt = None # On temporary refresh errors, the user does not actually have to # re-authorize, so we unflag here. self.invalid = False if self.store: self.store.locked_put(self)
def get_credentials(self, code, state, **kwargs): 'use callback data to get an access token' if state != self.state: return False # CSRF attack?!? d = dict(code=code, client_id=self.keys['client_ID'], client_secret=self.keys['client_secret'], redirect_uri=self.keys['redirect_uri'], grant_type='authorization_code') r = requests.post(self.token_uri, data=d) self.access_data = ad = r.json() try: token_expiry = datetime.utcnow() \ + timedelta(seconds=int(ad['expires_in'])) except KeyError: token_expiry = None if 'id_token' in ad: ad['id_token'] = _extract_id_token(ad['id_token']) c = OAuth2Credentials(ad['access_token'], d['client_id'], d['client_secret'], ad.get('refresh_token', None), token_expiry, self.token_uri, self.user_agent, id_token=ad.get('id_token', None)) self.credentials = c return c
def complete_login(self): self.credentials = _extract_id_token(self.access_token) return self.credentials
def step2_exchange(self, code, http=None): """Exhanges a code for OAuth2Credentials. Args: code: string or dict, either the code as a string, or a dictionary of the query parameters to the redirect_uri, which contains the code. http: httplib2.Http, optional http instance to use to do the fetch Returns: An OAuth2Credentials object that can be used to authorize requests. Raises: FlowExchangeError if a problem occured exchanging the code for a refresh_token. """ if not (isinstance(code, str) or isinstance(code, unicode)): if 'code' not in code: if 'error' in code: error_msg = code['error'] else: error_msg = 'No code was supplied in the query parameters.' raise FlowExchangeError(error_msg) else: code = code['code'] body = urllib.urlencode({ 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': self.redirect_uri, }) headers = { 'content-type': 'application/x-www-form-urlencoded', } if self.user_agent is not None: headers['user-agent'] = self.user_agent if http is None: http = httplib2.Http() http.add_credentials(self.client_id, self.client_secret) resp, content = http.request(self.token_uri, method='POST', body=body, headers=headers) d = _parse_exchange_token_response(content) if resp.status == 200 and 'access_token' in d: access_token = d['access_token'] refresh_token = d.get('refresh_token', None) token_expiry = None if 'expires_in' in d: token_expiry = datetime.datetime.utcnow() + datetime.timedelta( seconds=int(d['expires_in'])) if 'id_token' in d: d['id_token'] = _extract_id_token(d['id_token']) logger.info('Successfully retrieved access token') return OAuth2Credentials(access_token, self.client_id, self.client_secret, refresh_token, token_expiry, self.token_uri, self.user_agent, revoke_uri=self.revoke_uri, id_token=d.get('id_token', None), token_response=d) else: logger.info('Failed to retrieve access token: %s' % content) if 'error' in d: # you never know what those providers got to say error_msg = unicode(d['error']) else: error_msg = 'Invalid response: %s.' % str(resp.status) raise FlowExchangeError(error_msg)
def step2_exchange(self, code=None, http=None, device_flow_info=None): """ Exchanges a code for OAuth2Credentials without sending scope parameter """ if code is None and device_flow_info is None: raise ValueError('No code or device_flow_info provided.') if code is not None and device_flow_info is not None: raise ValueError('Cannot provide both code and device_flow_info.') if code is None: code = device_flow_info.device_code elif not isinstance(code, six.string_types): if 'code' not in code: raise FlowExchangeError(code.get( 'error', 'No code was supplied in the query parameters.')) code = code['code'] post_data = { 'client_id': self.client_id, 'code': code, #'scope': self.scope, } if self.client_secret is not None: post_data['client_secret'] = self.client_secret if device_flow_info is not None: post_data['grant_type'] = 'http://oauth.net/grant_type/device/1.0' else: post_data['grant_type'] = 'authorization_code' post_data['redirect_uri'] = self.redirect_uri body = urllib.parse.urlencode(post_data) headers = { 'content-type': 'application/x-www-form-urlencoded', } if self.authorization_header is not None: headers['Authorization'] = self.authorization_header if self.user_agent is not None: headers['user-agent'] = self.user_agent if http is None: http = httplib2.Http() resp, content = http.request(self.token_uri, method='POST', body=body, headers=headers) d = _parse_exchange_token_response(content) if resp.status == 200 and 'access_token' in d: access_token = d['access_token'] refresh_token = d.get('refresh_token', None) token_expiry = None if 'expires_in' in d: token_expiry = ( datetime.datetime.utcnow() + datetime.timedelta(seconds=int(d['expires_in']))) extracted_id_token = None if 'id_token' in d: extracted_id_token = _extract_id_token(d['id_token']) return OAuth2Credentials( access_token, self.client_id, self.client_secret, refresh_token, token_expiry, self.token_uri, self.user_agent, revoke_uri=self.revoke_uri, id_token=extracted_id_token, token_response=d, scopes=self.scope, token_info_uri=self.token_info_uri) else: if 'error' in d: # you never know what those providers got to say error_msg = (str(d['error']) + str(d.get('error_description', ''))) else: error_msg = 'Invalid response: %s.' % str(resp.status) raise FlowExchangeError(error_msg)