def get_account_by_oauth_token(self, token): now = int(time.time()) # First, remove old tokens every 4 requests or so if random.randint(1, 4) == 1: q = OauthAccessToken.delete().where( OauthAccessToken.expires_at < now ) deleted = q.execute() # print "Old tokens deleted: " + str(deleted) try: access_token = OauthAccessToken.get( OauthAccessToken.access_token == token, OauthAccessToken.expires_at > now ) except peewee.DoesNotExist: raise Unauthorized('invalid_token') try: return Account.get( Account.account_id == access_token.account_id, Account.status == 'active' ) except peewee.DoesNotExist: raise Unauthorized('Account not found')
def post(self): # FIXME - add rate limiting # validate request grant_type = request.form.get('grant_type', '') if grant_type == "": abort(400, message="invalid_request") if grant_type != 'client_credentials': abort(400, message="unsupported_grant_type") # validate client (apikey) if request.authorization is not None: # preferred, use basic authorization key = request.authorization.username secret = request.authorization.password else: # alternatively, look in post params key = request.form.get('client_id', None) secret = request.form.get('client_secret', None) if not key or not secret: abort(400, message="invalid_request") now = int(time.time()) expire_time = int(config.get('oauth', 'token_expire_time')) try: apikey = self.get_apikey(key, secret) except peewee.DoesNotExist: abort(400, message="invalid_client") try: # look up existing token first, make sure it's good for at least # ten minutes token = self.get_token(apikey.apikey_id, now + 600) except peewee.DoesNotExist: # create one if needed token = OauthAccessToken() token.account_id = apikey.account_id.account_id token.apikey_id = apikey.apikey_id token.access_token = str(uuid.uuid4()) token.grant_type = 'client_credentials' token.expires_at = now + expire_time try: token.save() except Exception: abort(500, 'unable to generate token') return { 'access_token': token.access_token, 'token_type': 'bearer', 'expires_in': token.expires_at - now }
def post(self): # FIXME - add rate limiting # validate request grant_type = request.form.get('grant_type', '') if grant_type == "": abort(400, message="invalid_request") if grant_type != 'client_credentials': abort(400, message="unsupported_grant_type") # validate client (apikey) if request.authorization is not None: # preferred, use basic authorization key = request.authorization.username secret = request.authorization.password else: # alternatively, look in post params key = request.form.get('client_id', None) secret = request.form.get('client_secret', None) if not key or not secret: abort(400, message="invalid_request") now = int(time.time()) expire_time = int(config.get('oauth', 'token_expire_time')) try: apikey = self.get_apikey(key, secret) except peewee.DoesNotExist: abort(400, message="invalid_client") try: # look up existing token first, make sure it's good for at least # ten minutes token = self.get_token(apikey.apikey_id, now + 600) except peewee.DoesNotExist: # create one if needed token = OauthAccessToken() token.account_id = apikey.account_id.account_id token.apikey_id = apikey.apikey_id token.access_token = str(uuid.uuid4()) token.grant_type = 'client_credentials' token.expires_at = now + expire_time try: token.save() except: abort(500, 'unable to generate token') return { 'access_token': token.access_token, 'token_type': 'bearer', 'expires_in': token.expires_at - now }
def get_account_by_oauth_token(self, token): now = int(time.time()) try: access_token = OauthAccessToken.get( OauthAccessToken.access_token == token, OauthAccessToken.expires_at > now) except peewee.DoesNotExist: raise AuthException('invalid_token') try: return Account.get(Account.account_id == access_token.account_id, Account.status == 'active') except peewee.DoesNotExist: raise AuthException('Account not found')
def get_account_by_oauth_token(self, token): now = int(time.time()) try: access_token = OauthAccessToken.get( OauthAccessToken.access_token == token, OauthAccessToken.expires_at > now ) except peewee.DoesNotExist: raise AuthException('invalid_token') try: return Account.get( Account.account_id == access_token.account_id, Account.status == 'active' ) except peewee.DoesNotExist: raise AuthException('Account not found')
def get_token(self, apikey_id, expires_at): return OauthAccessToken().get(OauthAccessToken.apikey_id == apikey_id, OauthAccessToken.expires_at > expires_at)