def check_authorization_header(self):
"""
Check that the request has an auth header and that its token matches the currently valid token.
Further check that the token isn't expired.
Called by methods decorated with the authorize decorator.
"""
authorization_header = request.headers.get('Authorization')
if not authorization_header or not authorization_header.startswith('Bearer '):
abort(401)
token = authorization_header[7:]
token_record = get_token_record_by_token(self._db_session, token)
if datetime.utcnow() > token_record.expires_at:
abort(401)
def check_authorization_header(self):
"""
Check that the request has an auth header and that its token matches the currently valid token.
Further check that the token isn't expired.
Called by methods decorated with the authorize decorator.
"""
authorization_header = request.headers.get('Authorization')
if not authorization_header or not authorization_header.startswith(
'Bearer '):
abort(401)
token = authorization_header[7:]
token_record = get_token_record_by_token(self._db_session, token)
if datetime.utcnow() > token_record.expires_at:
abort(401)
def oauth2_token(self):
"""
OAuth2 /token method.
Either exchanges an auth code for an access/refresh token pair, or refreshes a token.
"""
grant_type = request.forms.get('grant_type')
client_id, client_secret = request.forms.get(
'client_id'), request.forms.get('client_secret')
app = self._get_application_by_id(client_id)
if client_secret != app.client_secret:
abort(400, 'Invalid client secret: {0}'.format(client_secret))
if grant_type == 'authorization_code':
code = request.forms.get('code')
if self._auth_request is None:
abort(400, 'Invalid code: {0}'.format(code))
access_token, refresh_token = self._auth_request[
'access_token'], self._auth_request['refresh_token']
elif grant_type == 'refresh_token':
refresh_token = request.forms.get('refresh_token')
refresh_token_record = get_token_record_by_token(
self._db_session, refresh_token)
if refresh_token_record.token_type == 'refresh':
if datetime.utcnow() > refresh_token_record.expires_at:
abort(400, 'Token expired: {0}'.format(refresh_token))
access_token, _, refresh_token, _ = self._create_tokens(
client_id,
owned_by_id=refresh_token_record.owned_by_id,
)
else:
abort(400, 'Invalid token: {0}'.format(refresh_token))
else:
abort(400, 'Invalid grant type: {0}'.format(grant_type))
return json.dumps({
'access_token': access_token,
'refresh_token': refresh_token,
'expires_in': self.ACCESS_TOKEN_DURATION_SECONDS,
})
def oauth2_token(self):
"""
OAuth2 /token method.
Either exchanges an auth code for an access/refresh token pair, or refreshes a token.
"""
grant_type = request.forms.get('grant_type')
client_id, client_secret = request.forms.get('client_id'), request.forms.get('client_secret')
app = self._get_application_by_id(client_id)
if client_secret != app.client_secret:
abort(400, 'Invalid client secret: {0}'.format(client_secret))
if grant_type == 'authorization_code':
code = request.forms.get('code')
if self._auth_request is None:
abort(400, 'Invalid code: {0}'.format(code))
access_token, refresh_token = self._auth_request['access_token'], self._auth_request['refresh_token']
elif grant_type == 'refresh_token':
refresh_token = request.forms.get('refresh_token')
refresh_token_record = get_token_record_by_token(self._db_session, refresh_token)
if refresh_token_record.token_type == 'refresh':
if datetime.utcnow() > refresh_token_record.expires_at:
abort(400, 'Token expired: {0}'.format(refresh_token))
access_token, _, refresh_token, _ = self._create_tokens(
client_id,
owned_by_id=refresh_token_record.owned_by_id,
)
else:
abort(400, 'Invalid token: {0}'.format(refresh_token))
else:
abort(400, 'Invalid grant type: {0}'.format(grant_type))
return json.dumps({
'access_token': access_token,
'refresh_token': refresh_token,
'expires_in': self.ACCESS_TOKEN_DURATION_SECONDS,
})
def expire_token(self, token):
token_record = get_token_record_by_token(self._db_session, token)
token_record.expires_at = datetime.utcnow()
self._db_session.commit()
def expire_token(self, token):
token_record = get_token_record_by_token(self._db_session, token)
token_record.expires_at = datetime.utcnow()
self._db_session.commit()
