def test_user_recovery_for_access_token(logger, mongodb):
"""Test the recover a user's access_secret based on a given access_token.
"""
assert user.count() == 0
assert user.dump() == []
username = '******'
access_token = (
"eyJleHBpcmVzIjogMTAsICJzYWx0IjogImMyNzZjMCIsICJpZGVudGl0eSI6ICJib2Iif"
"QtSy56A7SfLFayHdmuWdwZDBZESKvDCVAIxwHmYqg1wd8LOn12djG_thZg26TTzknKVqT"
"GmkOs5hs-B-zSfjVU="
)
access_secret = (
"cf25474cda623fe4cb9cebdbb0c328d44ec33d883d27b8e5dc7d62de2247296fe85e7"
"3dc6fb2d6cfe19f2c107676b52070010b1f932c6f25f74f308fe19c09f3"
)
data = [
{
"username": username,
"tokens": {
access_token: {
"access_secret": access_secret
}
},
"display_name": "Bobby",
"phone": "12121212",
"_id": "user-2719963b00964c01b42b5d81c998fd05",
"email": "*****@*****.**",
"password_hash": pwtools.hash_password('11amcoke')
},
]
user.load(data)
# Recover the user's secret given the access_token:
found = user.secret_for_access_token(access_token)
assert found == access_secret
# If the token is unknown the nothing will be returned.
assert user.secret_for_access_token('fake-token') is None
def secret_for_access_token(request):
"""Recover the secret token for a given access token.
:returns: the secret token string or None if nothing was found.
"""
log = get_log("secret_for_access_token")
access_token = request.matchdict['access_token'].strip()
log.warn("Attempting to find secret for access '{}'.".format(access_token))
return user.secret_for_access_token(access_token)
