def test_callback(self): # Exchange temporary credentials for permanent credentials # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() user = UserFactory() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state" ): # make sure the user is logged in authenticate(user=self.user, access_token=None, response=None) session = get_session() session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user) account = ExternalAccount.find_one() assert_equal(account.oauth_key, 'mock_access_token') assert_equal(account.provider_id, 'mock_provider_id')
def test_callback(self): # Exchange temporary credentials for permanent credentials # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() user = UserFactory() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state"): # make sure the user is logged in authenticate(user=self.user, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user) account = ExternalAccount.find_one() assert_equal(account.oauth_key, 'mock_access_token') assert_equal(account.provider_id, 'mock_provider_id')
def migrate_to_external_account(user_settings_document): user_info = utils.get_user_info(access_key=user_settings_document['access_key'], secret_key=user_settings_document['secret_key']) user = User.load(user_settings_document['owner']) if not user_info: return (None, None, None) new = False try: external_account = ExternalAccount.find_one(Q('provider_id', 'eq', user_info.id)) logger.info('Duplicate account use found: s3usersettings {0} with id {1}'.format(user_settings_document['_id'], user._id)) except NoResultsFound: new = True external_account = ExternalAccount( provider=PROVIDER, provider_name=PROVIDER_NAME, provider_id=user_info.id, oauth_key=user_settings_document['access_key'], oauth_secret=user_settings_document['secret_key'], display_name=user_info.display_name, ) external_account.save() user.external_accounts.append(external_account) user.save() return external_account, user, new
def migrate_to_external_account(user_settings_document): user_info = utils.get_user_info( access_key=user_settings_document['access_key'], secret_key=user_settings_document['secret_key']) user = User.load(user_settings_document['owner']) if not user_info: return (None, None, None) new = False try: external_account = ExternalAccount.find_one( Q('provider_id', 'eq', user_info.id)) logger.info( 'Duplicate account use found: s3usersettings {0} with id {1}'. format(user_settings_document['_id'], user._id)) except NoResultsFound: new = True external_account = ExternalAccount( provider=PROVIDER, provider_name=PROVIDER_NAME, provider_id=user_info.id, oauth_key=user_settings_document['access_key'], oauth_secret=user_settings_document['secret_key'], display_name=user_info.display_name, ) external_account.save() user.external_accounts.append(external_account) user.save() return external_account, user, new
def s3_add_user_account(auth, **kwargs): """Verifies new external account credentials and adds to user's list""" try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not (access_key and secret_key): return { 'message': 'All the fields above are required.' }, httplib.BAD_REQUEST user_info = utils.get_user_info(access_key, secret_key) if not user_info: return { 'message': ('Unable to access account.\n' 'Check to make sure that the above credentials are valid, ' 'and that they have permission to list buckets.') }, httplib.BAD_REQUEST if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM' ) }, httplib.BAD_REQUEST account = None try: account = ExternalAccount( provider=SHORT_NAME, provider_name=FULL_NAME, oauth_key=access_key, oauth_secret=secret_key, provider_id=user_info.id, display_name=user_info.display_name, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('oauth_key', 'eq', access_key) & Q('oauth_secret', 'eq', secret_key)) assert account is not None if account not in auth.user.external_accounts: auth.user.external_accounts.append(account) # Ensure S3 is enabled. auth.user.get_or_add_addon('s3', auth=auth) auth.user.save() return {}
def s3_add_user_account(auth, **kwargs): """Verifies new external account credentials and adds to user's list""" try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not (access_key and secret_key): return { 'message': 'All the fields above are required.' }, httplib.BAD_REQUEST user_info = utils.get_user_info(access_key, secret_key) if not user_info: return { 'message': ('Unable to access account.\n' 'Check to make sure that the above credentials are valid, ' 'and that they have permission to list buckets.') }, httplib.BAD_REQUEST if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM') }, httplib.BAD_REQUEST account = None try: account = ExternalAccount( provider=SHORT_NAME, provider_name=FULL_NAME, oauth_key=access_key, oauth_secret=secret_key, provider_id=user_info.id, display_name=user_info.display_name, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('provider', 'eq', SHORT_NAME) & Q('provider_id', 'eq', user_info.id) ) assert account is not None if account not in auth.user.external_accounts: auth.user.external_accounts.append(account) # Ensure S3 is enabled. auth.user.get_or_add_addon('s3', auth=auth) auth.user.save() return {}
def do_migration(records): database['googledrivenodesettings'].update({'user_settings': { '$type': 2 }}, {'$rename': { 'user_settings': 'foreign_user_settings' }}, multi=True) for user_addon in records: user = user_addon.owner old_account = user_addon.oauth_settings logger.info('Record found for user {}'.format(user._id)) # Create/load external account and append to user try: account = ExternalAccount( provider='googledrive', provider_name='Google Drive', display_name=old_account.username, oauth_key=old_account.access_token, refresh_token=old_account.refresh_token, provider_id=old_account.user_id, expires_at=old_account.expires_at, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('provider', 'eq', 'googledrive') & Q('provider_id', 'eq', old_account.user_id)) assert account is not None user.external_accounts.append(account) user.save() # Remove oauth_settings from user settings object user_addon.oauth_settings = None user_addon.save() logger.info('Added external account {0} to user {1}'.format( account._id, user._id, )) # Add external account to authorized nodes for node in GoogleDriveNodeSettings.find(): if node.foreign_user_settings is None: continue logger.info('Migrating user_settings for googledrive {}'.format( node._id)) node.user_settings = node.foreign_user_settings node.save()
def do_migration(records): host = 'dataverse.harvard.edu' for user_addon in records: user = user_addon.owner api_token = user_addon.api_token logger.info('Record found for user {}'.format(user._id)) # Modified from `dataverse_add_user_account` # Create/load external account and append to user try: account = ExternalAccount( provider='dataverse', provider_name='Dataverse', display_name=host, oauth_key=host, oauth_secret=api_token, provider_id=api_token, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('provider', 'eq', 'dataverse') & Q('provider_id', 'eq', api_token)) assert account is not None user.external_accounts.append(account) user.save() # Remove api_token from user settings object user_addon.api_token = None user_addon.save() logger.info('Added external account {0} to user {1}'.format( account._id, user._id, )) ####### BROKEN ####### # Field user_addon needed to be user_addon._id for lookup. # # Add external account to authorized nodes for node_addon in get_authorized_node_settings(user_addon): node_addon.set_auth(account, user) logger.info('Added external account {0} to node {1}'.format( account._id, node_addon.owner._id, ))
def owncloud_add_user_account(auth, **kwargs): """ Verifies new external account credentials and adds to user's list This view expects `host`, `username` and `password` fields in the JSON body of the request. """ # Ensure that ownCloud uses https host_url = request.json.get('host') host = furl() host.host = host_url.rstrip('/').replace('https://', '').replace('http://', '') host.scheme = 'https' username = request.json.get('username') password = request.json.get('password') try: oc = owncloud.Client(host.url, verify_certs=settings.USE_SSL) oc.login(username, password) oc.logout() except requests.exceptions.ConnectionError: return { 'message': 'Invalid ownCloud server.' }, http.BAD_REQUEST except owncloud.owncloud.HTTPResponseError: return { 'message': 'ownCloud Login failed.' }, http.UNAUTHORIZED provider = OwnCloudProvider(account=None, host=host.url, username=username, password=password) try: provider.account.save() except KeyExistsException: # ... or get the old one provider.account = ExternalAccount.find_one( Q('provider', 'eq', provider.short_name) & Q('provider_id', 'eq', '{}:{}'.format(host.url, username).lower()) ) user = auth.user if provider.account not in user.external_accounts: user.external_accounts.append(provider.account) user.get_or_add_addon('owncloud', auth=auth) user.save() return {}
def do_migration(records): host = 'dataverse.harvard.edu' for user_addon in records: user = user_addon.owner api_token = user_addon.api_token logger.info('Record found for user {}'.format(user._id)) # Modified from `dataverse_add_user_account` # Create/load external account and append to user try: account = ExternalAccount( provider='dataverse', provider_name='Dataverse', display_name=host, oauth_key=host, oauth_secret=api_token, provider_id=api_token, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('provider', 'eq', 'dataverse') & Q('provider_id', 'eq', api_token) ) assert account is not None user.external_accounts.append(account) user.save() # Remove api_token from user settings object user_addon.api_token = None user_addon.save() logger.info('Added external account {0} to user {1}'.format( account._id, user._id, )) ####### BROKEN ####### # Field user_addon needed to be user_addon._id for lookup. # # Add external account to authorized nodes for node_addon in get_authorized_node_settings(user_addon): node_addon.set_auth(account, user) logger.info('Added external account {0} to node {1}'.format( account._id, node_addon.owner._id, ))
def owncloud_add_user_account(auth, **kwargs): """ Verifies new external account credentials and adds to user's list This view expects `host`, `username` and `password` fields in the JSON body of the request. """ # Ensure that ownCloud uses https host_url = request.json.get('host') host = furl() host.host = host_url.rstrip('/').replace('https://', '').replace('http://', '') host.scheme = 'https' username = request.json.get('username') password = request.json.get('password') try: oc = owncloud.Client(host.url, verify_certs=settings.USE_SSL) oc.login(username, password) oc.logout() except requests.exceptions.ConnectionError: return {'message': 'Invalid ownCloud server.'}, http.BAD_REQUEST except owncloud.owncloud.HTTPResponseError: return {'message': 'ownCloud Login failed.'}, http.UNAUTHORIZED provider = OwnCloudProvider(account=None, host=host.url, username=username, password=password) try: provider.account.save() except KeyExistsException: # ... or get the old one provider.account = ExternalAccount.find_one( Q('provider', 'eq', provider.short_name) & Q('provider_id', 'eq', '{}:{}'.format(host.url, username).lower())) user = auth.user if provider.account not in user.external_accounts: user.external_accounts.append(provider.account) user.get_or_add_addon('owncloud', auth=auth) user.save() return {}
def do_migration(records): database['googledrivenodesettings'].update({'user_settings': {'$type': 2}}, {'$rename': { 'user_settings': 'foreign_user_settings'}}, multi=True) for user_addon in records: user = user_addon.owner old_account = user_addon.oauth_settings logger.info('Record found for user {}'.format(user._id)) # Create/load external account and append to user try: account = ExternalAccount( provider='googledrive', provider_name='Google Drive', display_name=old_account.username, oauth_key=old_account.access_token, refresh_token=old_account.refresh_token, provider_id=old_account.user_id, expires_at=old_account.expires_at, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('provider', 'eq', 'googledrive') & Q('provider_id', 'eq', old_account.user_id) ) assert account is not None user.external_accounts.append(account) user.save() # Remove oauth_settings from user settings object user_addon.oauth_settings = None user_addon.save() logger.info('Added external account {0} to user {1}'.format( account._id, user._id, )) # Add external account to authorized nodes for node in GoogleDriveNodeSettings.find(): if node.foreign_user_settings is None: continue logger.info('Migrating user_settings for googledrive {}'.format(node._id)) node.user_settings = node.foreign_user_settings node.save()
def test_callback(self): # Exchange temporary credentials for permanent credentials # mock a successful call to the provider to exchange temp keys for # permanent keys httpretty.register_uri( httpretty.POST, 'http://mock1a.com/callback', body=( 'oauth_token=perm_token' '&oauth_token_secret=perm_secret' '&oauth_callback_confirmed=true' ), ) user = UserFactory() # Fake a request context for the callback ctx = self.app.app.test_request_context( path='/oauth/callback/mock1a/', query_string='oauth_token=temp_key&oauth_verifier=mock_verifier', ) with ctx: # make sure the user is logged in authenticate(user=user, access_token=None, response=None) session = get_session() session.data['oauth_states'] = { self.provider.short_name: { 'token': 'temp_key', 'secret': 'temp_secret', }, } session.save() # do the key exchange self.provider.auth_callback(user=user) account = ExternalAccount.find_one() assert_equal(account.oauth_key, 'perm_token') assert_equal(account.oauth_secret, 'perm_secret') assert_equal(account.provider_id, 'mock_provider_id') assert_equal(account.provider_name, 'Mock OAuth 1.0a Provider')
def dataverse_add_user_account(auth, **kwargs): """Verifies new external account credentials and adds to user's list""" user = auth.user provider = DataverseProvider() host = request.json.get('host').rstrip('/') api_token = request.json.get('api_token') # Verify that credentials are valid client.connect_or_error(host, api_token) # Note: `DataverseSerializer` expects display_name to be a URL try: provider.account = ExternalAccount( provider=provider.short_name, provider_name=provider.name, display_name=host, # no username; show host oauth_key=host, # hijacked; now host oauth_secret=api_token, # hijacked; now api_token provider_id=api_token, # Change to username if Dataverse allows ) provider.account.save() except KeyExistsException: # ... or get the old one provider.account = ExternalAccount.find_one( Q('provider', 'eq', provider.short_name) & Q('provider_id', 'eq', api_token) ) assert provider.account is not None if provider.account not in user.external_accounts: user.external_accounts.append(provider.account) user_addon = auth.user.get_addon('dataverse') if not user_addon: user.add_addon('dataverse') user.save() # Need to ensure that the user has dataverse enabled at this point user.get_or_add_addon('dataverse', auth=auth) user.save() return {}
def test_callback(self): # Exchange temporary credentials for permanent credentials # mock a successful call to the provider to exchange temp keys for # permanent keys httpretty.register_uri( httpretty.POST, 'http://mock1a.com/callback', body=( 'oauth_token=perm_token' '&oauth_token_secret=perm_secret' '&oauth_callback_confirmed=true' ), ) user = UserFactory() # Fake a request context for the callback ctx = self.app.app.test_request_context( path='/oauth/callback/mock1a/', query_string='oauth_token=temp_key&oauth_verifier=mock_verifier', ) with ctx: # make sure the user is logged in authenticate(user=user, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'token': 'temp_key', 'secret': 'temp_secret', }, } session.save() # do the key exchange self.provider.auth_callback(user=user) account = ExternalAccount.find_one() assert_equal(account.oauth_key, 'perm_token') assert_equal(account.oauth_secret, 'perm_secret') assert_equal(account.provider_id, 'mock_provider_id') assert_equal(account.provider_name, 'Mock OAuth 1.0a Provider')