Exemplo n.º 1
0
 def get_original_scopes(self, refresh_token, request, *args, **kwargs):
     # Obtain the token associated with the given refresh_token and
     # return its scopes, these will be passed on to the refreshed
     # access token if the client did not specify a scope during the
     # request.
     token = Token.objects(refresh_token=refresh_token).first()
     if token:
         return token.scopes
Exemplo n.º 2
0
 def get_original_scopes(self, refresh_token, request, *args, **kwargs):
     # Obtain the token associated with the given refresh_token and
     # return its scopes, these will be passed on to the refreshed
     # access token if the client did not specify a scope during the
     # request.
     token = Token.objects(refresh_token=refresh_token).first()
     if token:
         return token.scopes
Exemplo n.º 3
0
 def validate_bearer_token(self, token, scopes, request):
     # Remember to check expiration and scope membership
     t = Token.objects(access_token=request.access_token).first()
     if t:
         valid = (set(t.scopes) & set(scopes))
         valid = valid and t.expires_at > get_utc_time()
         request.user = valid and t.user or None
         return valid
     return False
Exemplo n.º 4
0
 def validate_bearer_token(self, token, scopes, request):
     # Remember to check expiration and scope membership
     t = Token.objects(access_token=request.access_token).first()
     if t:
         valid = (set(t.scopes) & set(scopes))
         valid = valid and t.expires_at > get_utc_time()
         request.user = valid and t.user or None
         return valid
     return False
Exemplo n.º 5
0
    def post(self, *args, **kwargs):
        grant_type = self.get_argument('grant_type', None)
        code = self.get_argument('code', None)
        redirect_uri = self.get_argument('redirect_uri', None)
        client_id = self.get_argument('client_id', None)
        scope = self.get_argument('scope', None)
        username = self.get_argument('username', None)
        password = self.get_argument('password', None)
        refresh_token = self.get_argument('refresh_token', None)

        try:
            msg = 'Token request failed: %s'
            if not grant_type:
                raise Exception(msg % 'missing grant_type')
            body = ''
            base_uri, uri = self.get_uri()
            headers = self.get_headers()
            # TODO body
            if grant_type == 'authorization_code':
                if not code:
                    raise Exception(msg % 'missing code')
                body += 'grant_type=authorization_code&'
                body += 'code=%s&' % code
                body += 'redirect_uri=%s&' % url_escape(redirect_uri)
                body += 'client_id=%s&' % client_id
            elif grant_type == 'password':
                if not password or not username:
                    raise Exception(msg % 'missing password or username')
                body += 'grant_type=password&'
                body += 'client_id=%s&' % client_id
                body += 'username=%s&password=%s&' % (username, password)
                body += 'scope=%s&' % scope if scope else ''
            elif grant_type == 'client_credentials':
                body += 'grant_type=client_credentials&'
                body += 'scope=%s&' % scope
            elif grant_type == 'refresh_token':
                body += 'grant_type=refresh_token&'
                body += 'refresh_token=%s&' % refresh_token
                body += 'client_id=%s&' % client_id
            else:
                raise Exception(msg % 'unknown grant_type')
            headers, body, status = self.endpoint.create_token_response(
                base_uri + '/token', 'POST', body, headers, {})
            # error messages should be handlered here
            # body['error'], body['error_description']

            # password login behaviors
            data = json.loads(body)
            token = Token.objects(access_token=data['access_token']).first()
            user = token.user
            data['username'] = user.username
            self.set_status(201)
            self.write(data)
        except Exception as e:
            reason = e.message
            self.raise400(reason=reason)
Exemplo n.º 6
0
 def validate_refresh_token(self, refresh_token, client, request, *args,
                            **kwargs):
     token = Token.objects(refresh_token=refresh_token).first()
     if token:
         if client != token.client:
             return False
         scopes = client.scopes if client.scopes else client.default_scopes
         if not (set(token.scopes) & set(scopes)):
             return False
         request.user = token.user
         return True
     return False
Exemplo n.º 7
0
 def validate_refresh_token(self, refresh_token, client, request,
                            *args, **kwargs):
     token = Token.objects(refresh_token=refresh_token).first()
     if token:
         if client != token.client:
             return False
         scopes = client.scopes if client.scopes else client.default_scopes
         if not (set(token.scopes) & set(scopes)):
             return False
         request.user = token.user
         return True
     return False
Exemplo n.º 8
0
 def save_bearer_token(self, token, request, *args, **kwargs):
     # Remember to associate it with request.scopes, request.user and
     # request.client. The two former will be set when you validate
     # the authorization code. Don't forget to save both the
     # access_token and the refresh_token and set expiration for the
     # access_token to now + expires_in seconds.
     Token(client=request.client,
           user=request.user,
           scopes=request.scopes,
           access_token=token['access_token'],
           refresh_token=token['refresh_token'],
           expires_at=get_utc_time(token['expires_in'])).save()
     return request.client.default_redirect_uri
Exemplo n.º 9
0
 def revoke_token(self, token, token_type_hint, request, *args, **kwargs):
     if not token_type_hint or token_type_hint == 'access_token':
         t = Token.objects(access_token=token)
     elif token_type_hint == 'refresh_token':
         t = Token.objects(refresh_token=token)
     t.delete()
Exemplo n.º 10
0
 def revoke_token(self, token, token_type_hint, request, *args, **kwargs):
     if not token_type_hint or token_type_hint == 'access_token':
         t = Token.objects(access_token=token)
     elif token_type_hint == 'refresh_token':
         t = Token.objects(refresh_token=token)
     t.delete()