예제 #1
0
    def test_authenticate_header_username(self):
        obs = self.get('/qiita_db/artifacts/1/', headers={
            'Authorization': 'Bearer ' + self.user_token})
        self.assertEqual(obs.code, 200)

        # Check rate limiting works
        self.assertEqual(int(r_client.get(self.user_rate_key)), 1)
        r_client.setex('[email protected]_daily_limit', 0, 2)
        obs = self.get('/qiita_db/artifacts/100/', headers={
            'Authorization': 'Bearer ' + self.user_token})
        exp = {'error': 'invalid_grant',
               'error_description': 'Oauth2 error: daily request limit reached'
               }
        self.assertEqual(loads(obs.body), exp)
예제 #2
0
    def test_authenticate_header_username(self):
        obs = self.get('/qiita_db/artifacts/1/mapping/', headers={
            'Authorization': 'Bearer ' + self.user_token})
        self.assertEqual(obs.code, 200)

        # Check rate limiting works
        self.assertEqual(int(r_client.get(self.user_rate_key)), 1)
        r_client.setex('[email protected]_daily_limit', 0, 2)
        obs = self.get('/qiita_db/artifacts/100/mapping/', headers={
            'Authorization': 'Bearer ' + self.user_token})
        exp = {'error': 'invalid_grant',
               'error_description': 'Oauth2 error: daily request limit reached'
               }
        self.assertEqual(loads(obs.body), exp)
예제 #3
0
    def set_token(self, client_id, grant_type, user=None, timeout=3600):
        """Create access token for the client on redis and send json response

        Parameters
        ----------
        client_id : str
            Client that requested the token
        grant_type : str
            Type of key being requested
        user : str, optional
            If password grant type requested, the user requesting the key.
        timeout : int, optional
            The timeout, in seconds, for the token. Default 3600

        Returns
        -------
        Writes token information JSON in the form expected by RFC6750:
        {'access_token': token,
         'token_type': 'Bearer',
         'expires_in': timeout}

         access_token: the actual token to use
         token_type: 'Bearer', which is the expected token type for Oauth2
         expires_in: time to token expiration, in seconds.
        """
        token = self.generate_access_token()

        r_client.hset(token, 'timestamp', datetime.datetime.now())
        r_client.hset(token, 'client_id', client_id)
        r_client.hset(token, 'grant_type', grant_type)
        r_client.expire(token, timeout)
        if user:
            r_client.hset(token, 'user', user)
        if grant_type == 'password':
            # Check if client has access limit key, and if not, create it
            limit_key = '%s_%s_daily_limit' % (client_id, user)
            limiter = r_client.get(limit_key)
            if limiter is None:
                # Set limit to 5,000 requests per day
                r_client.setex(limit_key, 5000, 86400)

        self.write({
            'access_token': token,
            'token_type': 'Bearer',
            'expires_in': timeout
        })
        self.finish()
예제 #4
0
파일: oauth2.py 프로젝트: carlyboyd/qiita
    def set_token(self, client_id, grant_type, user=None, timeout=3600):
        """Create access token for the client on redis and send json response

        Parameters
        ----------
        client_id : str
            Client that requested the token
        grant_type : str
            Type of key being requested
        user : str, optional
            If password grant type requested, the user requesting the key.
        timeout : int, optional
            The timeout, in seconds, for the token. Default 3600

        Returns
        -------
        Writes token information JSON in the form expected by RFC6750:
        {'access_token': token,
         'token_type': 'Bearer',
         'expires_in': timeout}

         access_token: the actual token to use
         token_type: 'Bearer', which is the expected token type for Oauth2
         expires_in: time to token expiration, in seconds.
        """
        token = self.generate_access_token()

        r_client.hset(token, 'timestamp', datetime.datetime.now())
        r_client.hset(token, 'client_id', client_id)
        r_client.hset(token, 'grant_type', grant_type)
        r_client.expire(token, timeout)
        if user:
            r_client.hset(token, 'user', user)
        if grant_type == 'password':
            # Check if client has access limit key, and if not, create it
            limit_key = '%s_%s_daily_limit' % (client_id, user)
            limiter = r_client.get(limit_key)
            if limiter is None:
                # Set limit to 5,000 requests per day
                r_client.setex(limit_key, 5000, 86400)

        self.write({'access_token': token,
                    'token_type': 'Bearer',
                    'expires_in': timeout})
        self.finish()
예제 #5
0
 def setUp(self):
     # Create client test authentication token
     self.client_token = 'SOMEAUTHTESTINGTOKENHERE2122'
     r_client.hset(self.client_token, 'timestamp', '12/12/12 12:12:00')
     r_client.hset(self.client_token, 'client_id', 'test123123123')
     r_client.hset(self.client_token, 'grant_type', 'client')
     r_client.expire(self.client_token, 5)
     # Create username test authentication token
     self.user_token = 'SOMEAUTHTESTINGTOKENHEREUSERNAME'
     r_client.hset(self.user_token, 'timestamp', '12/12/12 12:12:00')
     r_client.hset(self.user_token, 'client_id', 'testuser')
     r_client.hset(self.user_token, 'grant_type', 'password')
     r_client.hset(self.user_token, 'user', '*****@*****.**')
     r_client.expire(self.user_token, 5)
     # Create test access limit token
     self.user_rate_key = '[email protected]_daily_limit'
     r_client.setex(self.user_rate_key, 2, 5)
     super(OAuth2BaseHandlerTests, self).setUp()
예제 #6
0
 def setUp(self):
     # Create client test authentication token
     self.client_token = 'SOMEAUTHTESTINGTOKENHERE2122'
     r_client.hset(self.client_token, 'timestamp', '12/12/12 12:12:00')
     r_client.hset(self.client_token, 'client_id', 'test123123123')
     r_client.hset(self.client_token, 'grant_type', 'client')
     r_client.expire(self.client_token, 5)
     # Create username test authentication token
     self.user_token = 'SOMEAUTHTESTINGTOKENHEREUSERNAME'
     r_client.hset(self.user_token, 'timestamp', '12/12/12 12:12:00')
     r_client.hset(self.user_token, 'client_id', 'testuser')
     r_client.hset(self.user_token, 'grant_type', 'password')
     r_client.hset(self.user_token, 'user', '*****@*****.**')
     r_client.expire(self.user_token, 5)
     # Create test access limit token
     self.user_rate_key = '[email protected]_daily_limit'
     r_client.setex(self.user_rate_key, 2, 5)
     super(OAuth2BaseHandlerTests, self).setUp()
예제 #7
0
    def wrapper(handler, *args, **kwargs):
        header = handler.request.headers.get('Authorization', None)
        if header is None:
            _oauth_error(handler, 'Oauth2 error: invalid access token',
                         'invalid_request')
            return
        token_info = header.split()
        # Based on RFC6750 if reply is not 2 elements in the format of:
        # ['Bearer', token] we assume a wrong reply
        if len(token_info) != 2 or token_info[0] != 'Bearer':
            _oauth_error(handler, 'Oauth2 error: invalid access token',
                         'invalid_grant')
            return

        token = token_info[1]
        db_token = r_client.hgetall(token)
        if not db_token:
            # token has timed out or never existed
            _oauth_error(handler, 'Oauth2 error: token has timed out',
                         'invalid_grant')
            return
        # Check daily rate limit for key if password style key
        if db_token['grant_type'] == 'password':
            limit_key = '%s_%s_daily_limit' % (db_token['client_id'],
                                               db_token['user'])
            limiter = r_client.get(limit_key)
            if limiter is None:
                # Set limit to 5,000 requests per day
                r_client.setex(limit_key, 5000, 86400)
            else:
                r_client.decr(limit_key)
                if int(r_client.get(limit_key)) <= 0:
                    _oauth_error(
                        handler, 'Oauth2 error: daily request limit reached',
                        'invalid_grant')
                    return

        return f(handler, *args, **kwargs)