def validate_client_secret(self, client_id, client_secret): try: application = OAuthApplication.get(client_id=client_id) assert application.secure_client_secret is not None return application.secure_client_secret.matches(client_secret) except OAuthApplication.DoesNotExist: return False
def persist_token_information(self, client_id, scope, access_token, token_type, expires_in, refresh_token, data): assert not refresh_token found = user.get_user(json.loads(data)["username"]) if not found: raise RuntimeError("Username must be in the data field") token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH] token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:] assert token_name assert token_code assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH oauth_app = OAuthApplication.get(client_id=client_id) expires_at = datetime.utcnow() + timedelta(seconds=expires_in) OAuthAccessToken.create( application=oauth_app, authorized_user=found, scope=scope, token_name=token_name, token_code=Credential.from_string(token_code), access_token="", token_type=token_type, expires_at=expires_at, data=data, )
def validate_client_secret(self, client_id, client_secret): try: application = OAuthApplication.get(client_id=client_id) # TODO(remove-unenc): Remove legacy check. if ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS): if application.secure_client_secret is None: return application.client_secret == client_secret assert application.secure_client_secret is not None return application.secure_client_secret.matches(client_secret) except OAuthApplication.DoesNotExist: return False
def persist_authorization_code(self, client_id, full_code, scope): oauth_app = OAuthApplication.get(client_id=client_id) data = self._generate_data_string() assert len(full_code) >= (AUTHORIZATION_CODE_PREFIX_LENGTH * 2) code_name = full_code[:AUTHORIZATION_CODE_PREFIX_LENGTH] code_credential = full_code[AUTHORIZATION_CODE_PREFIX_LENGTH:] OAuthAuthorizationCode.create( application=oauth_app, scope=scope, code_name=code_name, code_credential=Credential.from_string(code_credential), data=data, )
def validate_redirect_uri(self, client_id, redirect_uri): internal_redirect_url = '%s%s' % (get_app_url( config.app_config), url_for('web.oauth_local_handler')) if redirect_uri == internal_redirect_url: return True try: oauth_app = OAuthApplication.get(client_id=client_id) if (oauth_app.redirect_uri and redirect_uri and redirect_uri.startswith(oauth_app.redirect_uri)): return True return False except OAuthApplication.DoesNotExist: return False
def persist_authorization_code(self, client_id, full_code, scope): oauth_app = OAuthApplication.get(client_id=client_id) data = self._generate_data_string() assert len(full_code) >= (AUTHORIZATION_CODE_PREFIX_LENGTH * 2) code_name = full_code[:AUTHORIZATION_CODE_PREFIX_LENGTH] code_credential = full_code[AUTHORIZATION_CODE_PREFIX_LENGTH:] # TODO(remove-unenc): Remove legacy fallback. full_code = None if ActiveDataMigration.has_flag(ERTMigrationFlags.WRITE_OLD_FIELDS): full_code = code_name + code_credential OAuthAuthorizationCode.create( application=oauth_app, code=full_code, scope=scope, code_name=code_name, code_credential=Credential.from_string(code_credential), data=data)
def get_application_for_client_id(self, client_id): try: return OAuthApplication.get(client_id=client_id) except OAuthApplication.DoesNotExist: return None
def lookup_application(org, client_id): try: return OAuthApplication.get(organization=org, client_id=client_id) except OAuthApplication.DoesNotExist: return None