def get_auth_url(self, state=None, redirect_uri=None): """ Return url which end-user should visit to authorize at ESIA. :param str or None state: identifier, will be returned as GET parameter in redirected request after auth. :param str or None redirect_uri: uri, where browser will be redirected after authorization. :return: url :rtype: str """ params = { 'client_id': self.settings.esia_client_id, 'client_secret': '', 'redirect_uri': redirect_uri or self.settings.redirect_uri, 'scope': self.settings.esia_scope, 'response_type': 'code', 'state': state or str(uuid.uuid4()), 'timestamp': get_timestamp(), 'access_type': 'offline' } params = sign_params(params, certificate_file=self.settings.certificate_file, private_key_file=self.settings.private_key_file) params = urlencode(sorted(params.items( ))) # sorted needed to make uri deterministic for tests. return '{base_url}{auth_url}?{params}'.format( base_url=self.settings.esia_service_url, auth_url=self._AUTHORIZATION_URL, params=params)
def get_auth_url(self, state=None): """ Return url which end-user should visit to authorize at ESIA. :param str or None state: identifier, will be returned as GET parameter in redirected request after auth.. :return: url :rtype: str """ params = { 'client_id': self.settings.esia_client_id, 'client_secret': '', 'redirect_uri': self.settings.redirect_uri, 'scope': self.settings.esia_scope, 'response_type': 'code', 'state': state or str(uuid.uuid4()), 'timestamp': get_timestamp(), 'access_type': 'offline' } params = sign_params(params, certificate_file=self.settings.certificate_file, private_key_file=self.settings.private_key_file) params = urlencode(sorted(params.items())) # sorted needed to make uri deterministic for tests. return '{base_url}{auth_url}?{params}'.format(base_url=self.settings.esia_service_url, auth_url=self._AUTHORIZATION_URL, params=params)
def test(self, datetime_mock): datetime_mock.datetime.now.return_value = datetime.datetime(2015, 11, 2, 9, 52, 36, 615866, tzinfo=pytz.utc) result = get_timestamp() expected_result = '2015.11.02 09:52:36 +0000' self.assertEqual(result, expected_result)
def complete_authorization(self, code, state, validate_token=True, redirect_uri=None): """ Exchanges received code and state to access token, validates token (optionally), extracts ESIA user id from token and returns ESIAInformationConnector instance. :type code: str :type state: str :param boolean validate_token: perform token validation :param str or None redirect_uri: uri, where browser will be redirected after authorization. :rtype: EsiaInformationConnector :raises IncorrectJsonError: if response contains invalid json body :raises HttpError: if response status code is not 2XX :raises IncorrectMarkerError: if validate_token set to True and received token cannot be validated """ params = { 'client_id': self.settings.esia_client_id, 'code': code, 'grant_type': 'authorization_code', 'redirect_uri': redirect_uri or self.settings.redirect_uri, 'timestamp': get_timestamp(), 'token_type': 'Bearer', 'scope': self.settings.esia_scope, 'state': state, } params = sign_params(params, certificate_file=self.settings.certificate_file, private_key_file=self.settings.private_key_file) url = '{base_url}{token_url}'.format( base_url=self.settings.esia_service_url, token_url=self._TOKEN_EXCHANGE_URL) response_json = make_request(url=url, method='POST', data=params) id_token = response_json['id_token'] if validate_token: payload = self._validate_token(id_token) else: payload = self._parse_token(id_token) return EsiaInformationConnector( access_token=response_json['access_token'], oid=self._get_user_id(payload), settings=self.settings)
def complete_authorization(self, code, state, validate_token=True, redirect_uri=None): """ Exchanges received code and state to access token, validates token (optionally), extracts ESIA user id from token and returns ESIAInformationConnector instance. :type code: str :type state: str :param boolean validate_token: perform token validation :param str or None redirect_uri: uri, where browser will be redirected after authorization. :rtype: EsiaInformationConnector :raises IncorrectJsonError: if response contains invalid json body :raises HttpError: if response status code is not 2XX :raises IncorrectMarkerError: if validate_token set to True and received token cannot be validated """ params = { 'client_id': self.settings.esia_client_id, 'code': code, 'grant_type': 'authorization_code', 'redirect_uri': redirect_uri or self.settings.redirect_uri, 'timestamp': get_timestamp(), 'token_type': 'Bearer', 'scope': self.settings.esia_scope, 'state': state, } params = sign_params(params, certificate_file=self.settings.certificate_file, private_key_file=self.settings.private_key_file) url = '{base_url}{token_url}'.format(base_url=self.settings.esia_service_url, token_url=self._TOKEN_EXCHANGE_URL) response_json = make_request(url=url, method='POST', data=params) id_token = response_json['id_token'] if validate_token: payload = self._validate_token(id_token) else: payload = self._parse_token(id_token) return EsiaInformationConnector(access_token=response_json['access_token'], oid=self._get_user_id(payload), settings=self.settings)
def get_auth_url(settings, state=None, redirect_uri=None): params = { 'client_id': settings.get("mnemonic"), 'client_secret': '', 'redirect_uri': redirect_uri or settings.get("redirect_uri"), 'scope': settings.get("scope"), 'response_type': 'code', 'state': state or str(uuid.uuid4()), 'timestamp': get_timestamp(), 'access_type': 'online' } params = sign_params_gost( params, public_cert_file_path=settings.get("certificate_file"), private_key_file_path=settings.get("private_key_file")) params = urlencode(sorted( params.items())) # sorted needed to make uri deterministic for tests. return settings.get('esia_url') + AUTHORIZATION_URL + "?" + params
def complete_authorization(settings, code, state, validate=True, redirect_uri=None): params = { 'client_id': settings.get("mnemonic"), 'code': code, 'grant_type': 'authorization_code', 'redirect_uri': redirect_uri or settings.get("redirect_uri"), 'timestamp': get_timestamp(), 'token_type': 'Bearer', 'scope': settings.get("scope"), 'state': state, } params = sign_params_gost( params, public_cert_file_path=settings.get("certificate_file"), private_key_file_path=settings.get("private_key_file")) url = settings.get('esia_url') + TOKEN_EXCHANGE_URL response_json = make_request(url=url, method='POST', data=params) # id_token = response_json['id_token'] id_token = response_json['access_token'] if validate: payload = validate_token(settings, id_token) else: payload = utils.parse_token(id_token) return { "token": response_json['access_token'], "user_id": get_user_from_token_params(payload) }