예제 #1
0
    def get_token(self, token_id, scope):
        """Retrieves a registered token by token ID and required scope.
        @type token_id: basestring
        @param token_id: token ID
        @type scope: basestring
        @param scope: required scopes as space separated string
        """
        try:
            token = self.get_value(token_id)
        except KeyError:
            log.debug("Request for token of ID that is not registered: %s",
                      token_id)
            return None, 'invalid_token'

        if not token.valid:
            log.debug("Request for invalid token of ID: %s", token_id)
            return None, 'invalid_token'
        
        if token.expires <= datetime.utcnow():
            log.debug("Request for expired token of ID: %s", token_id)
            return None, 'invalid_token'
                    
        # Check scope
        if not scopeutil.isScopeGranted(token.scope,
                                        scopeutil.scopeStringToList(scope)):
            log.debug("Request for token of ID: %s - token was not granted "
                      "scope %s", token_id, scope)
            return None, 'insufficient_scope'
        
        return token, None
예제 #2
0
 def eq_authz_basis(self, other):
     """Determines whether a requested client authorization is equivalent to
     a granted one.
     @type other: ClientAuthorization
     @param other: requested authorization
     @rtype: bool
     @return: True if the user and client ID are the same and if there are no
     requested scopes that are not granted, otherwise False
     """
     return (self.user == other.user
             and self.client_id == other.client_id
             and scopeutil.isScopeGranted(self.scope, other.scope))