def revoke_all_user_tokens():
page = auth.list_users()
while page:
for user in page.users:
auth.revoke_refresh_tokens(user.uid)
user = auth.get_user(user.uid)
page = page.get_next_page()
def invalidate_session(request):
try:
FirebaseAuth.revoke_refresh_tokens(get_session_claims(request)["sub"])
finally:
# Remove the session cookies.
request.session.pop(SESSION_COOKIE, None)
request.session.pop(SESSION_COOKIE_LASTCHECKED, None)
def test_verify_session_cookie_revoked(new_user, api_key):
custom_token = auth.create_custom_token(new_user.uid)
id_token = _sign_in(custom_token, api_key)
session_cookie = auth.create_session_cookie(
id_token, expires_in=datetime.timedelta(days=1))
time.sleep(1)
auth.revoke_refresh_tokens(new_user.uid)
claims = auth.verify_session_cookie(session_cookie, check_revoked=False)
user = auth.get_user(new_user.uid)
# verify_session_cookie succeeded because it didn't check revoked.
assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp
with pytest.raises(auth.AuthError) as excinfo:
claims = auth.verify_session_cookie(session_cookie, check_revoked=True)
assert excinfo.value.code == auth._SESSION_COOKIE_REVOKED
assert str(
excinfo.value) == 'The Firebase session cookie has been revoked.'
# Sign in again, verify works.
id_token = _sign_in(custom_token, api_key)
session_cookie = auth.create_session_cookie(
id_token, expires_in=datetime.timedelta(days=1))
claims = auth.verify_session_cookie(session_cookie, check_revoked=True)
assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def test_revoke_refresh_tokens(new_user):
user = auth.get_user(new_user.uid)
old_valid_after = user.tokens_valid_after_timestamp
time.sleep(1)
auth.revoke_refresh_tokens(new_user.uid)
user = auth.get_user(new_user.uid)
new_valid_after = user.tokens_valid_after_timestamp
assert new_valid_after > old_valid_after
def test_revoke_refresh_tokens(self, user_mgt_app):
_, recorder = _instrument_user_manager(user_mgt_app, 200, '{"localId":"testuser"}')
before_time = time.time()
auth.revoke_refresh_tokens('testuser', app=user_mgt_app)
after_time = time.time()
request = json.loads(recorder[0].body.decode())
assert request['localId'] == 'testuser'
assert int(request['validSince']) >= int(before_time)
assert int(request['validSince']) <= int(after_time)
def logout():
oreo = request.cookies.get("uauuccu_oreo")
try:
profile = auth.verify_session_cookie(oreo)
auth.revoke_refresh_tokens(profile["user_id"])
print("[Logged out]")
except Exception as e:
print(e)
print("[Failed to log out]")
return redirect("/")
def session_logout():
session_cookie = flask.request.cookies.get('session')
try:
decoded_claims = auth.verify_session_cookie(session_cookie)
auth.revoke_refresh_tokens(decoded_claims['sub'])
response = flask.make_response(flask.redirect('/login'))
response.set_cookie('session', expires=0)
return response
except ValueError:
return flask.redirect('/login')
def post(self):
try:
session_cookie = request.cookies.get('session')
decoded_claims = auth.verify_session_cookie(session_cookie)
auth.revoke_refresh_tokens(decoded_claims['sub'])
response = jsonify({})
response.set_cookie('session', expires=0)
return response
except:
return {'message': 'Session lost, just logout'}
def logout():
session_cookie = request.cookies.get('loggedInCookie')
try:
decoded_claims = auth.verify_session_cookie(session_cookie,
app=firebase_app)
auth.revoke_refresh_tokens(decoded_claims['sub'], app=firebase_app)
response = flask.make_response(redirect('/login'))
response.set_cookie('session', expires=0)
return response
except auth.InvalidSessionCookieError:
return redirect('/login')
def revoke_super_admin_privileges(user_id: str) -> None:
"""Revokes the user's super admin privileges.
Args:
user_id: str. The Oppia user ID to revoke privileges from.
"""
auth_id = get_auth_id_from_user_id(user_id)
if auth_id is None:
raise ValueError('user_id=%s has no Firebase account' % user_id)
firebase_auth.set_custom_user_claims(auth_id, None)
# NOTE: Revoke session cookies and ID tokens of the user so they are forced
# to log back in to obtain their updated privileges.
firebase_auth.revoke_refresh_tokens(auth_id)
def logout():
# get session_cookie
session_cookie = request.cookies.get(login_cookie_name)
# get user
user = auth.verify_session_cookie(session_cookie)
print("user", user)
# let user's seeein_cookie no use
auth.revoke_refresh_tokens(user['sub'])
# prepare response
response = jsonify({"msg": "logout"})
# ley viewer's cookie expire
response.set_cookie(login_cookie_name, expires=0)
return response
async def logout(response: Response, session: str = Cookie(None)):
if session is None:
raise HTTPException(404, "cookie not found")
try:
verification = auth.verify_session_cookie(session)
auth.revoke_refresh_tokens(verification["sub"])
except auth.InvalidSessionCookieError:
raise HTTPException(401)
response.delete_cookie("session")
return True
def logout():
session_cookie = request.cookies.get('session')
try:
# revoke session with Firebase
decoded_claims = auth.verify_session_cookie(session_cookie)
auth.revoke_refresh_tokens(decoded_claims['sub'])
# clear session cookie
response = make_response(redirect(url_for('.login')))
response.set_cookie('session', expires=0)
print(response)
return response
except auth.InvalidSessionCookieError:
return redirect(url_for('.login'))
def grant_super_admin_privileges(user_id: str) -> None:
"""Grants the user super admin privileges.
Args:
user_id: str. The Oppia user ID to promote to super admin.
"""
auth_id = get_auth_id_from_user_id(user_id)
if auth_id is None:
raise ValueError('user_id=%s has no Firebase account' % user_id)
custom_claims = '{"role":"%s"}' % feconf.FIREBASE_ROLE_SUPER_ADMIN
firebase_auth.set_custom_user_claims(auth_id, custom_claims)
# NOTE: Revoke session cookies and ID tokens of the user so they are forced
# to log back in to obtain their updated privileges.
firebase_auth.revoke_refresh_tokens(auth_id)
def logout(request):
"""
Remove the user session data and make the user to unauthenticated user.
"""
if save:
# save changes in profile before logout if valid session
request.user.save(request)
try:
decoded_claims = auth.verify_session_cookie(
request.session[FIREBASE_SESSION_COOKIES])
auth.revoke_refresh_tokens(decoded_claims['sub'])
except auth.InvalidSessionCookieError:
pass
request.session.flush()
request.user = User()
def revoke_refresh_token_uid():
cred = credentials.Certificate('path/to/service.json')
default_app = firebase_admin.initialize_app(cred)
# [START revoke_tokens]
# Revoke tokens on the backend.
auth.revoke_refresh_tokens(uid)
user = auth.get_user(uid)
# Convert to seconds as the auth_time in the token claims is in seconds.
revocation_second = user.tokens_valid_after_timestamp / 1000
print('Tokens revoked at: {0}'.format(revocation_second))
# [END revoke_tokens]
# [START save_revocation_in_db]
metadata_ref = firebase_admin.db.reference("metadata/" + uid)
metadata_ref.set({'revokeTime': revocation_second})
# [END save_revocation_in_db]
print(uid)
firebase_admin.delete_app(default_app)
def logout():
# 取得session cookie
session_cookie = request.cookies.get(cookie_name)
# 取得登入者
user = auth.verify_session_cookie(session_cookie)
# 取得user_id
user_id = user['user_id']
print(user_id)
# 通知firebase 此 session cookie作廢
# user_id會顯示在firebase裡authentication的UID
auth.revoke_refresh_tokens(user_id)
# 準備回應,不可以已讀不回不然會bad request
res = jsonify({'msg': '已登出'})
# 在瀏覽器作廢 session cookie (作廢就是讓cookie過期),寫到cookie要用expires
res.set_cookie(cookie_name, expires=0)
# 回應前端
return res
def test_verify_id_token_revoked(new_user, api_key):
custom_token = auth.create_custom_token(new_user.uid)
id_token = _sign_in(custom_token, api_key)
claims = auth.verify_id_token(id_token)
assert claims['iat'] * 1000 >= new_user.tokens_valid_after_timestamp
time.sleep(1)
auth.revoke_refresh_tokens(new_user.uid)
claims = auth.verify_id_token(id_token, check_revoked=False)
user = auth.get_user(new_user.uid)
# verify_id_token succeeded because it didn't check revoked.
assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp
with pytest.raises(auth.RevokedIdTokenError) as excinfo:
claims = auth.verify_id_token(id_token, check_revoked=True)
assert str(excinfo.value) == 'The Firebase ID token has been revoked.'
# Sign in again, verify works.
id_token = _sign_in(custom_token, api_key)
claims = auth.verify_id_token(id_token, check_revoked=True)
assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def firebase(self, config, data):
"""{
'iss': 'https://securetoken.google.com/...',
'name': '...',
'picture': '...', 'aud': '...', 'auth_time': 1536947307,
'user_id': '...', 'sub': '...', 'iat': 1536947882, 'exp': 1536951482,
'email': '...',
'email_verified': False,
'uid': '...'
}"""
decodedToken = auth.verify_id_token(data)
if "one-time-token" in config and config["one-time-token"] == True:
# Feature: token may used only once.
auth.revoke_refresh_tokens(decodedToken["uid"])
if abs(time.time() -
decodedToken["auth_time"]) > self.TIMEOUT_FIREBASE:
auth.revoke_refresh_tokens(decodedToken["uid"])
raise Exception("Token timed out. Relogin required.")
if not decodedToken["email"] in config["users"]:
raise Exception("User is not allowed to access.")
return True
def logout(decoded_claims: dict = Depends(APICookieCustom(name="session"))):
response = JSONResponse(content={'message': 'deslogado com sucesso'})
auth.revoke_refresh_tokens(decoded_claims['sub'])
response.set_cookie('session', expires=0)
return response
def refresh_custom_token(uid):
auth.revoke_refresh_tokens(uid, app=app)
return create_custom_token(uid)
def revoke_session_cookie(session_cookie):
"""Revoke a session cookie."""
decoded_claims = decode_claims(session_cookie)
auth.revoke_refresh_tokens(decoded_claims['sub'])
def revoke_refresh_tokens(uid):
auth.revoke_refresh_tokens(uid, app=app)
def revoke_user_token(uid):
auth.revoke_refresh_tokens(uid)
user = auth.get_user(uid)
def revoke_token(user): auth.revoke_refresh_tokens(user.uid)
def logout():
if pb_auth.current_user:
uid = pb_auth.current_user['user_id']
auth.revoke_refresh_tokens(uid)
return render_template('Login.html')
def revoke_refresh_tokens(token: str):
"""Revoke a user's refresh token.
Args:
token (str): The refresh token to authenticate a user.
"""
auth.revoke_refresh_tokens(token)
def logout(self):
auth.revoke_refresh_tokens(self.session['current_user']['uid'])
self.session = dict()
return redirect(url_for('login'))
