def persist_token_information(self, client_id, scope, access_token,
token_type, expires_in, refresh_token, data):
assert not refresh_token
found = user.get_user(json.loads(data)["username"])
if not found:
raise RuntimeError("Username must be in the data field")
token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]
assert token_name
assert token_code
assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH
assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH
oauth_app = OAuthApplication.get(client_id=client_id)
expires_at = datetime.utcnow() + timedelta(seconds=expires_in)
OAuthAccessToken.create(
application=oauth_app,
authorized_user=found,
scope=scope,
token_name=token_name,
token_code=Credential.from_string(token_code),
access_token="",
token_type=token_type,
expires_at=expires_at,
data=data,
)
def create_access_token_for_testing(user_obj,
client_id,
scope,
access_token=None,
expires_in=9000):
access_token = access_token or random_string_generator(length=40)()
token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]
assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH
assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH
expires_at = datetime.utcnow() + timedelta(seconds=expires_in)
application = get_application_for_client_id(client_id)
created = OAuthAccessToken.create(
application=application,
authorized_user=user_obj,
scope=scope,
token_type="token",
access_token="",
token_code=Credential.from_string(token_code),
token_name=token_name,
expires_at=expires_at,
data="",
)
return created, access_token
def lookup_access_token_for_user(user_obj, token_uuid):
try:
return OAuthAccessToken.get(
OAuthAccessToken.authorized_user == user_obj,
OAuthAccessToken.uuid == token_uuid)
except OAuthAccessToken.DoesNotExist:
return None
def validate_access_token(access_token):
assert isinstance(access_token, str)
token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
if not token_name:
return None
token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]
if not token_code:
return None
try:
found = (
OAuthAccessToken.select(OAuthAccessToken, User)
.join(User)
.where(OAuthAccessToken.token_name == token_name)
.get()
)
if found.token_code is None or not found.token_code.matches(token_code):
return None
return found
except OAuthAccessToken.DoesNotExist:
pass
return None
def lookup_access_token_for_user(user_obj, token_uuid):
try:
return (OAuthAccessToken.select(
OAuthAccessToken, User).join(User).where(
OAuthAccessToken.authorized_user == user_obj,
OAuthAccessToken.uuid == token_uuid).get())
except OAuthAccessToken.DoesNotExist:
return None
def list_access_tokens_for_user(user_obj):
query = (
OAuthAccessToken.select()
.join(OAuthApplication)
.switch(OAuthAccessToken)
.join(User)
.where(OAuthAccessToken.authorized_user == user_obj)
)
return query
def load_authorized_scope_string(self, client_id, username):
found = (OAuthAccessToken.select().join(OAuthApplication).switch(
OAuthAccessToken).join(User).where(
OAuthApplication.client_id == client_id,
User.username == username,
OAuthAccessToken.expires_at > datetime.utcnow()))
found = list(found)
logger.debug('Found %s matching tokens.', len(found))
long_scope_string = ','.join([token.scope for token in found])
logger.debug('Computed long scope string: %s', long_scope_string)
return long_scope_string
def validate_access_token(access_token):
assert isinstance(access_token, basestring)
token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
if not token_name:
return None
token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]
if not token_code:
return None
try:
found = (OAuthAccessToken.select(
OAuthAccessToken, User).join(User).where(
OAuthAccessToken.token_name == token_name).get())
if found.token_code is None or not found.token_code.matches(
token_code):
return None
return found
except OAuthAccessToken.DoesNotExist:
pass
# Legacy lookup.
# TODO(remove-unenc): Remove this once migrated.
if ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS):
try:
assert access_token
found = (OAuthAccessToken.select(
OAuthAccessToken, User).join(User).where(
OAuthAccessToken.access_token == access_token).get())
return found
except OAuthAccessToken.DoesNotExist:
return None
return None
def lookup_access_token_by_uuid(token_uuid):
try:
return OAuthAccessToken.get(OAuthAccessToken.uuid == token_uuid)
except OAuthAccessToken.DoesNotExist:
return None
