def post(self, action=None, **kwargs): if action == 'get_auth_url': auth_url, oauth_token, oauth_token_secret =\ User.get_auth_url() # TODO: Use redis? # app.db['auth_tokens'].insert({ # 'oauth_token': oauth_token, # 'oauth_token_secret': oauth_token_secret, # }) auth = AuthToken(oauth_token, oauth_token_secret) auth.save() logging.debug("User Auth: oauth token %s added", oauth_token) return self._render({'auth_url': auth_url}) if action == 'authenticate': parser = reqparse.RequestParser() parser.add_argument('oauth_token', type=str) parser.add_argument('oauth_verifier', type=str) params = parser.parse_args() oauth_token = params.get('oauth_token') oauth_verifier = params.get('oauth_verifier') logging.debug("User Auth: trying to authenticate with token %s", oauth_token) # TODO: Use redis? auth = AuthToken.get_auth(oauth_token) if not auth: logging.error('User Auth: token %s not found', oauth_token) return odesk_error_response( 500, 500, 'Wrong token: {0!s}'.format(oauth_token)) oauth_token_secret = auth.get('oauth_token_secret') auth_token, user = User.authenticate(oauth_token, oauth_token_secret, oauth_verifier) logging.debug('User Auth: Removing token %s', oauth_token) AuthToken.delete(auth.get('oauth_token')) return self._render({'auth_token': auth_token, 'user': user}) if action == 'get_user': user = getattr(request, 'user', None) if user: return self._render({'user': user}) return odesk_error_response(401, 401, 'Unauthorized') logging.error('User Auth: invalid action %s', action) raise NotFound('Action not found')
def test_token(self, delete_mock, get_mock, put_mock): TOKEN = '394c46b8902fb5e8fc9268f3cfd84539' SECRET = '394c46b8902fb5e8fc9268f3cfd84538' token_dict = dict(oauth_token=TOKEN, oauth_token_secret=SECRET, id=TOKEN) token = AuthToken(oauth_token=TOKEN, oauth_token_secret=SECRET) self.assertEquals(token.to_dict(), token_dict) token.save() put_mock.assert_called_with(token.TABLE_NAME, token_dict) get_mock.return_value = None self.assertEquals(AuthToken.get_auth('invalid'), None) # get_item get_mock.return_value = token_dict self.assertEquals(AuthToken.get_auth(TOKEN), token_dict) # delete AuthToken.delete(TOKEN) delete_mock.assert_called_with(token.TABLE_NAME, id=TOKEN) get_mock.return_value = None self.assertEquals(AuthToken.get_auth('invalid'), None)