Exemplo n.º 1
0
    def persist_token_information(self, client_id, scope, access_token,
                                  token_type, expires_in, refresh_token, data):
        assert not refresh_token
        found = user.get_user(json.loads(data)["username"])
        if not found:
            raise RuntimeError("Username must be in the data field")

        token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
        token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]

        assert token_name
        assert token_code
        assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH
        assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH

        oauth_app = OAuthApplication.get(client_id=client_id)
        expires_at = datetime.utcnow() + timedelta(seconds=expires_in)
        OAuthAccessToken.create(
            application=oauth_app,
            authorized_user=found,
            scope=scope,
            token_name=token_name,
            token_code=Credential.from_string(token_code),
            access_token="",
            token_type=token_type,
            expires_at=expires_at,
            data=data,
        )
Exemplo n.º 2
0
def create_access_token_for_testing(user_obj,
                                    client_id,
                                    scope,
                                    access_token=None,
                                    expires_in=9000):
    access_token = access_token or random_string_generator(length=40)()
    token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
    token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]

    assert len(token_name) == ACCESS_TOKEN_PREFIX_LENGTH
    assert len(token_code) >= ACCESS_TOKEN_MINIMUM_CODE_LENGTH

    expires_at = datetime.utcnow() + timedelta(seconds=expires_in)
    application = get_application_for_client_id(client_id)
    created = OAuthAccessToken.create(
        application=application,
        authorized_user=user_obj,
        scope=scope,
        token_type="token",
        access_token="",
        token_code=Credential.from_string(token_code),
        token_name=token_name,
        expires_at=expires_at,
        data="",
    )
    return created, access_token
Exemplo n.º 3
0
def lookup_access_token_for_user(user_obj, token_uuid):
    try:
        return OAuthAccessToken.get(
            OAuthAccessToken.authorized_user == user_obj,
            OAuthAccessToken.uuid == token_uuid)
    except OAuthAccessToken.DoesNotExist:
        return None
Exemplo n.º 4
0
def validate_access_token(access_token):
    assert isinstance(access_token, str)
    token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
    if not token_name:
        return None

    token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]
    if not token_code:
        return None

    try:
        found = (
            OAuthAccessToken.select(OAuthAccessToken, User)
            .join(User)
            .where(OAuthAccessToken.token_name == token_name)
            .get()
        )

        if found.token_code is None or not found.token_code.matches(token_code):
            return None

        return found
    except OAuthAccessToken.DoesNotExist:
        pass

    return None
Exemplo n.º 5
0
def lookup_access_token_for_user(user_obj, token_uuid):
    try:
        return (OAuthAccessToken.select(
            OAuthAccessToken, User).join(User).where(
                OAuthAccessToken.authorized_user == user_obj,
                OAuthAccessToken.uuid == token_uuid).get())
    except OAuthAccessToken.DoesNotExist:
        return None
Exemplo n.º 6
0
def list_access_tokens_for_user(user_obj):
    query = (
        OAuthAccessToken.select()
        .join(OAuthApplication)
        .switch(OAuthAccessToken)
        .join(User)
        .where(OAuthAccessToken.authorized_user == user_obj)
    )

    return query
Exemplo n.º 7
0
 def load_authorized_scope_string(self, client_id, username):
     found = (OAuthAccessToken.select().join(OAuthApplication).switch(
         OAuthAccessToken).join(User).where(
             OAuthApplication.client_id == client_id,
             User.username == username,
             OAuthAccessToken.expires_at > datetime.utcnow()))
     found = list(found)
     logger.debug('Found %s matching tokens.', len(found))
     long_scope_string = ','.join([token.scope for token in found])
     logger.debug('Computed long scope string: %s', long_scope_string)
     return long_scope_string
Exemplo n.º 8
0
Arquivo: oauth.py Projeto: zhill/quay
def validate_access_token(access_token):
    assert isinstance(access_token, basestring)
    token_name = access_token[:ACCESS_TOKEN_PREFIX_LENGTH]
    if not token_name:
        return None

    token_code = access_token[ACCESS_TOKEN_PREFIX_LENGTH:]
    if not token_code:
        return None

    try:
        found = (OAuthAccessToken.select(
            OAuthAccessToken, User).join(User).where(
                OAuthAccessToken.token_name == token_name).get())

        if found.token_code is None or not found.token_code.matches(
                token_code):
            return None

        return found
    except OAuthAccessToken.DoesNotExist:
        pass

    # Legacy lookup.
    # TODO(remove-unenc): Remove this once migrated.
    if ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS):
        try:
            assert access_token
            found = (OAuthAccessToken.select(
                OAuthAccessToken, User).join(User).where(
                    OAuthAccessToken.access_token == access_token).get())
            return found
        except OAuthAccessToken.DoesNotExist:
            return None

    return None
Exemplo n.º 9
0
def lookup_access_token_by_uuid(token_uuid):
    try:
        return OAuthAccessToken.get(OAuthAccessToken.uuid == token_uuid)
    except OAuthAccessToken.DoesNotExist:
        return None