def __get_endpoins(self):
        response = requests.get(settings.YAHOO_API_WELL_KNOWN_URL)

        if response.status_code is not 200:
            raise YahooOauthError(endpoint=settings.YAHOO_API_WELL_KNOWN_URL,
                                  status_code=response.status_code,
                                  message=response.text)
        return json.loads(response.text)
    def get_user_info(self, access_token):
        response = requests.get(self.endpoints['userinfo_endpoint'] +
                                '?access_token=' + access_token)
        if response.status_code is not 200:
            raise YahooOauthError(endpoint=self.endpoints['userinfo_endpoint'],
                                  status_code=response.status_code,
                                  message=response.text)
        profile = json.loads(response.text)
        cognito_user_id = self.__generate_user_id(yahoo_user_id=profile['sub'])

        return {'user_id': cognito_user_id, 'email': profile['email']}
Exemplo n.º 3
0
 def test_main_ng_with_yahooexception(self):
     with patch('login_yahoo_index.YahooUtil') as yahoo_mock:
         yahoo_mock.return_value.get_user_info.side_effect = YahooOauthError(
             endpoint='http://example.com',
             status_code=500,
             message='error')
         params = {'body': {'code': 'code', 'state': 'state'}}
         params['body'] = json.dumps(params['body'])
         response = LoginYahooIndex(params, {}).main()
         self.assertEqual(response['statusCode'], 500)
         self.assertEqual(json.loads(response['body']),
                          {'message': 'Internal server error'})
Exemplo n.º 4
0
 def test_main_ng_with_auth_error(self):
     with patch('login_yahoo_index.YahooUtil') as yahoo_mock:
         yahoo_mock.return_value.get_user_info.side_effect = YahooOauthError(
             endpoint='http://example.com',
             status_code=401,
             message='{"error_description":"auth error"}')
         params = {'body': {'code': 'code', 'state': 'state'}}
         params['body'] = json.dumps(params['body'])
         response = LoginYahooIndex(params, {}).main()
         self.assertEqual(response['statusCode'], 401)
         self.assertEqual(json.loads(response['body']),
                          {'message': 'auth error'})
 def test_exec_main_ng_with_yahoo(self):
     with patch('login_yahoo_authorization_url.YahooUtil') as yahoo_mock:
         yahoo_mock.return_value.generate_auth_url.side_effect = YahooOauthError(
             endpoint='http://example.com',
             status_code=400,
             message='error')
         response = LoginYahooAuthorizationUrl({}, {}).main()
         self.assertEqual(response['statusCode'], 500)
         self.assertEqual(json.loads(response['body']), {
             'message':
             'Internal server error: LoginYahooAuthorizationUrl'
         })
    def verify_access_token(self, dynamodb, access_token, id_token):
        # 以下のコメントはhttps://developer.yahoo.co.jp/yconnect/v2/id_token.htmlの検証手順番号
        try:
            start_time = time.time()
            header = jwt.get_unverified_header(id_token)
            response = requests.get(settings.YAHOO_API_PUBLIC_KEY_URL)
            if response.status_code is not 200:
                raise YahooOauthError(
                    endpoint=settings.YAHOO_API_PUBLIC_KEY_URL,
                    status_code=response.status_code,
                    message=response.text)
            public_keys = json.loads(response.text)

            # 6,7,8の検証
            decoded_data = jwt.decode(id_token,
                                      key=public_keys.get(
                                          header['kid']).encode('utf-8'),
                                      issuer=self.endpoints['issuer'],
                                      audience=self.client_id,
                                      algorithms='RS256')

            nonce_checked = NonceUtil.verify(dynamodb=dynamodb,
                                             nonce=decoded_data['nonce'],
                                             provider='yahoo',
                                             type='nonce')

            # 9の検証
            if nonce_checked is False:
                raise YahooVerifyException(
                    'id token was invalid since nonce was invalid')

            # 10の検証
            token_hash = hashlib.sha256(access_token.encode('utf-8')).digest()
            at_hash = base64.urlsafe_b64encode(
                token_hash[:int(len(token_hash) / 2)])
            if decoded_data['at_hash'] != at_hash.decode().rstrip('='):
                print(at_hash.decode().rstrip('='))
                raise YahooVerifyException(
                    'accesstoken was invalid since at_hash did not match')

            # 12の検証
            if start_time >= decoded_data['exp']:
                raise YahooVerifyException(
                    'id token was invalid since start_time was less than exp')
        except (jwt.ExpiredSignatureError, jwt.InvalidTokenError, ClientError,
                YahooVerifyException) as e:
            raise e

        return True
    def get_access_token(self, code):
        basicauth_str = self.client_id + ':' + self.secret
        basicauth = base64.b64encode(basicauth_str.encode('utf-8'))

        headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
            'Authorization': 'Basic ' + basicauth.decode('UTF-8')
        }

        # アクセストークンの取得
        response = requests.post(
            self.endpoints['token_endpoint'],
            headers=headers,
            data='grant_type=authorization_code&redirect_uri=' +
            self.callback_url + '&code=' + code)
        if response.status_code is not 200:
            raise YahooOauthError(endpoint=self.endpoints['token_endpoint'],
                                  status_code=response.status_code,
                                  message=response.text)
        return json.loads(response.text)