def test_get_certificate_exception(self, oauth2_mock): session_mock = oauth2_mock.return_value session_mock.post = mock.Mock(side_effect=Exception) with self.assertRaises(oauth2.OAuth2Error): oauth2.get_certificate('token', 'state', 'http://test.com/refresh', 'http://test.com/certificate')
def test_get_certificate_status_code(self, oauth2_mock): session_mock = oauth2_mock.return_value session_mock.post = mock.Mock(return_value=mock.Mock(status_code=300)) with self.assertRaises(oauth2.OAuth2Error): oauth2.get_certificate('token', 'state', 'http://test.com/refresh', 'http://test.com/certificate')
def oauth2_callback(request): user = None try: openid_url = request.session.pop('openid') oauth_state = request.session.pop('oauth_state') logger.info('Handling OAuth2 callback for %r current state %r', openid_url, oauth_state) user = models.User.objects.get(auth__openid_url=openid_url) logger.info('Discovering token and certificate services') token_service, cert_service = openid.services( openid_url, (URN_ACCESS, URN_RESOURCE)) request_url = '{}?{}'.format(settings.WPS_OAUTH2_CALLBACK, request.META['QUERY_STRING']) logger.info('Getting token from service') token = oauth2.get_token(token_service.server_url, request_url, oauth_state) logger.info('Getting certificate from service') cert, key, new_token = oauth2.get_certificate(token, oauth_state, token_service.server_url, cert_service.server_url) logger.info('Updating user with token, certificate and state') user.auth.update('oauth2', [cert, key], token=new_token, state=oauth_state) except KeyError as e: logger.exception('Missing %r key from session data', e) return common.failed('Invalid OAuth state, report to server' ' administrator') except (WPSError, oauth2.OAuth2Error) as e: logger.exception('OAuth2 callback failed') if user is not None: extra = json.loads(user.auth.extra) extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e)) user.auth.extra = json.dumps(extra) user.auth.save() logger.info('Finished handling OAuth2 callback, redirect to profile') metrics.track_login(metrics.WPS_OAUTH_LOGIN_SUCCESS, user.auth.openid_url) return redirect(settings.WPS_PROFILE_URL)
def refresh_certificate(user): """ Refresh user certificate Will try to refresh a users certificate if authenticated using OAuth2. Args: user: User object. Return: returns new certificate """ logger.info('Refreshing user certificate') if user.auth.type == 'myproxyclient': raise CertificateError(user, 'MyProxyClient certificate has expired') url, services = discover.discoverYadis(user.auth.openid_url) auth_service = openid.find_service_by_type(services, URN_AUTHORIZE) cert_service = openid.find_service_by_type(services, URN_RESOURCE) try: extra = json.loads(user.auth.extra) except ValueError as e: raise WPSError( 'Missing OAuth2 state, try authenticating with OAuth2 again') if 'token' not in extra: raise WPSError( 'Missing OAuth2 token, try authenticating with OAuth2 again') try: cert, key, new_token = oauth2.get_certificate(extra['token'], extra['state'], auth_service.server_url, cert_service.server_url, refresh=True) except KeyError as e: raise WPSError('Missing OAuth2 {!r}', e) logger.info('Retrieved certificate and new token') extra['token'] = new_token user.auth.extra = json.dumps(extra) user.auth.cert = ''.join([cert, key]) user.auth.save() return user.auth.cert
def test_get_certificate(self, oauth2_mock): session_mock = oauth2_mock.return_value session_mock.post = mock.Mock( return_value=mock.Mock(status_code=200, text='certificate')) result = oauth2.get_certificate('token', 'http://test.com/refresh', 'http://test.com/certificate') self.assertIsInstance(result, tuple) self.assertEqual(len(result), 3) self.assertEqual(result[0], 'certificate') self.assertEqual(result[2], 'token')
def oauth2_callback(request): user = None try: openid_url = request.session.pop('openid') oauth_state = request.session.pop('oauth_state') user = models.User.objects.get(auth__openid_url=openid_url) token_service, cert_service = openid.services( openid_url, (URN_ACCESS, URN_RESOURCE)) request_url = '{}?{}'.format(settings.OAUTH2_CALLBACK, request.META['QUERY_STRING']) token = oauth2.get_token(token_service.server_url, request_url, oauth_state) logger.info('Retrieved OAuth2 token for OpenID {}'.format(openid_url)) cert, key, new_token = oauth2.get_certificate(token, token_service.server_url, cert_service.server_url) logger.info('Retrieved Certificated for OpenID {}'.format(openid_url)) user.auth.update('oauth2', [cert, key], token=new_token) except KeyError as e: pass except WPSError as e: logger.exception('OAuth2 callback failed') if user is not None: extra = json.loads(user.auth.extra) extra['error'] = 'OAuth2 callback failed "{}"'.format(str(e)) user.auth.extra = json.dumps(extra) user.auth.save() finally: return redirect(settings.PROFILE_URL)