def post(self, request, format=None):
if request.method == "POST":
ref_token = request.data.get("refresh_token")
expires = timezone.now() + timedelta(seconds=3600000)
application = Application.objects.get(
client_id=mainSettings.OAUTH_CLIENTID)
try:
refTokenModel = RefreshToken.objects.get(token=ref_token)
except RefreshToken.DoesNotExist:
return Response({'error': 'Refresh token invalid'}, status=400)
access_token = AccessToken(user=refTokenModel.user,
scope='',
expires=expires,
token=common.generate_token(),
application=application)
access_token.save()
#refresh_token = RefreshToken(token=ref_token,
# application=application,access_token=access_token )
refTokenModel.access_token = access_token
refTokenModel.save()
return Response(
{
'token': access_token.token,
'refresh_token': ref_token,
"token_type": "Bearer"
},
status=HTTPStatus.HTTP_200_OK)
else:
status_code = HTTPStatus.METHOD_NOT_ALLOWED
response = JsonResponse({'success': 'false'}, status=status_code)
return response
def save_bearer_token(self, token, request, *args, **kwargs):
"""
Check if an access_token exists for the couple user/application
that is valid and authorized for the same scopes and esures that
no refresh token was used.
If all the conditions are true the same access_token is issued.
Otherwise a new one is created with the default strategy.
"""
# this queryset identifies all the valid access tokens
# for the couple user/application.
previous_valid_tokens = AccessToken.objects.filter(
user=request.user, application=request.client,
).filter(expires__gt=timezone.now()).order_by('-expires')
# if a refresh token was not used and a valid token exists we
# can replace the new generated token with the old one.
if not request.refresh_token and previous_valid_tokens.exists():
for access_token in previous_valid_tokens:
# the previous access_token must allow access to the same scope
# or bigger
if access_token.allow_scopes(token['scope'].split()):
token['access_token'] = access_token.token
expires_in = access_token.expires - timezone.now()
token['expires_in'] = expires_in.total_seconds()
if hasattr(access_token, 'refresh_token'):
token['refresh_token'] = access_token.refresh_token.token
# break the loop and exist because we found to old token
return
# default behaviour when no old token is found
if request.refresh_token:
# remove used refresh token
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert() # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(seconds=token['expires_in'])
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(
user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
application=request.client,
access_token=access_token
)
refresh_token.save()
def save_bearer_token(self, token, request, *args, **kwargs):
"""
Check if an access_token exists for the couple user/application
that is valid and authorized for the same scopes and ensures that
no refresh token was used.
If all the conditions are true the same access_token is issued.
Otherwise a new one is created with the default strategy.
"""
# this queryset identifies all the valid access tokens
# for the couple user/application.
previous_valid_tokens = AccessToken.objects.filter(
user=request.user,
application=request.client,
).filter(expires__gt=timezone.now()).order_by('-expires')
# if a refresh token was not used and a valid token exists we
# can replace the new generated token with the old one.
if not request.refresh_token and previous_valid_tokens.exists():
for access_token in previous_valid_tokens:
# the previous access_token must allow access to the same scope
# or bigger
if access_token.allow_scopes(token['scope'].split()):
token['access_token'] = access_token.token
expires_in = access_token.expires - timezone.now()
token['expires_in'] = expires_in.total_seconds()
if hasattr(access_token, 'refresh_token'):
token[
'refresh_token'] = access_token.refresh_token.token
# break the loop and exist because we found to old token
return
# default behaviour when no old token is found
if request.refresh_token:
# remove used refresh token
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert (
) # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(seconds=token['expires_in'])
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(user=request.user,
token=token['refresh_token'],
application=request.client,
access_token=access_token)
refresh_token.save()
def get_user_token(user):
"""
Returns an access token for the given user. This function facilitates
interactions with the bundle service.
"""
if user is None or not user.is_authenticated():
return None
client = Application.objects.get(client_id=cli_client_id(user))
tokens = AccessToken.objects.filter(application_id=client.id,
expires__gt=timezone.now() +
timedelta(minutes=5))
access_token = None
for token in tokens:
if token.is_valid([]):
access_token = token
break
if access_token is None:
access_token = AccessToken(
user=user,
scope='',
expires=timezone.now() +
timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS),
token=generate_token(),
application=client)
access_token.save()
return str(access_token.token)
def setUp(self):
super(PollAPITestCaseOAuthToolkit, self).setUp()
# Prepare OAuth Toolkit Access
from oauth2_provider.models import AccessToken, Application
ot_application = Application(
user=self.user,
redirect_uris='http://example.com',
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
name='Test Application')
ot_application.save()
for scope in self.scopes + (None, ):
options = {
'user': self.user,
'application': ot_application,
'expires':
datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'scope': scope,
'token': getattr(self, scope_attrbute_name)
})
ot_access_token = AccessToken(**options)
ot_access_token.save()
self.choice_url = self.urls['choice_toolkit']
self.poll_url = self.urls['poll_toolkit']
self.scoped_choice_url = self.urls['scoped_choice_toolkit']
self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def signup_client(request):
serializer = SignupClientSerializer(data=request.data, context={'request': request})
serializer.is_valid()
# print("serializer error: ", oauth2_settings)
if serializer.errors:
return Response(data=serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
else:
serializer.save()
application = Application.objects.get(client_id=serializer.initial_data["client_id"])
expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
activated_user = User.objects.get(email=serializer.data["email"])
access_token = AccessToken(
user=activated_user,
scope='',
expires=expires,
token=common.generate_token(),
application=application
)
access_token.save()
refresh_token = RefreshToken(
user=activated_user,
token=common.generate_token(),
application=application,
access_token=access_token
)
refresh_token.save()
return Response({"expires": expires, "access_token": access_token.token,
"refresh_token": refresh_token.token}, status=200)
def setUp(self):
super(PollAPITestCaseOAuthToolkit, self).setUp()
# Prepare OAuth Toolkit Access
from oauth2_provider.models import AccessToken, Application
ot_application = Application(
user=self.user,
redirect_uris='http://example.com',
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
name='Test Application'
)
ot_application.save()
for scope in self.scopes + (None,):
options = {
'user': self.user,
'application': ot_application,
'expires': datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'scope': scope,
'token': getattr(self, scope_attrbute_name)
})
ot_access_token = AccessToken(**options)
ot_access_token.save()
self.choice_url = self.urls['choice_toolkit']
self.poll_url = self.urls['poll_toolkit']
self.scoped_choice_url = self.urls['scoped_choice_toolkit']
self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def create_user(self):
# FIXME: Please refactor me!
self.logout_url = reverse('accounts.logout')
self.username = '******'
self.password = '******'
self.data = \
{
'first_name': 'Demo',
'last_name': 'Demo',
'email': '*****@*****.**',
}
# this is used to identify addresses created by allocate_wallets mock
self.address_id_pattern = 'addr_id_'
self._mock_rpc()
self.create_main_user()
self.client = NexchangeClient()
success = self.client.login(username=self.username,
password=self.password)
expires = timezone.now() + timedelta(days=30)
token = AccessToken(user=self.user,
token='3HrghbVeDUQWaOriqrXYLZmCb4cEXB',
expires=expires)
token.save()
assert success
def setUp(self):
super(PollAPITestCase, self).setUp()
self.poll_1 = Poll.objects.get(pk=1)
self.poll_2 = Poll.objects.get(pk=2)
self.urls = {}
kwargs = {'api_name': 'v1'}
for api in ['choice', 'poll']:
kwargs['resource_name'] = api
self.urls[api] = reverse('api_dispatch_list', kwargs=kwargs)
# Create a user.
username = '******'
email = '*****@*****.**'
password = '******'
self.user = User.objects.create_user(username, email, password)
# Prepare OAuth Toolkit Access
ot_application = Application(
user=self.user,
redirect_uris='http://example.com',
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
name='Test Application'
)
ot_application.save()
self.ot_token = 'TOKEN'
ot_access_token = AccessToken(
user=self.user,
application=ot_application,
expires=datetime.datetime.now() + datetime.timedelta(days=10),
scope='read',
token=self.ot_token
)
ot_access_token.save()
def setUp(self):
# Hacky way of inserting requested_sources, but it seems django doesn't
# want to read this from the test fixture
self.member1_project = OAuth2DataRequestProject.objects.get(slug="abc")
project_2 = DataRequestProject.objects.get(slug="abc-2")
self.member1_project.requested_sources.add(project_2)
self.member1_project.save()
self.access_token = AccessToken(
application=self.member1_project.application,
user=self.member1.user,
token="test-token-1",
expires=timezone.now() + timedelta(days=1),
scope="read",
)
self.access_token.save()
self.access_token_expired = AccessToken(
application=self.member1_project.application,
user=self.member1.user,
token="test-token-2",
expires=timezone.now() - timedelta(days=1),
scope="read",
)
self.access_token_expired.save()
def post(self, request):
email = request.POST.get('email')
try:
if email is None:
raise User.DoesNotExist
except Exception as e:
return Response(data={'error': e.message}, status=400)
try:
user = User.objects.get(email=email)
if user.is_active == False:
return Response(status=404, data={'error': 'user deactivated'})
if user:
if not user.check_password(request.POST.get('password')):
return Response(status=401,
data={'error': 'incorrect password'})
userToken = AccessToken.objects.filter(user=user)
if userToken:
if timezone.now() <= userToken[0].expires:
return Response(data={
'access_token': userToken[0].token,
'token_type': 'Bearer',
"email": userToken[0].user.email,
"scope": userToken[0].scope
},
status=200)
else:
AccessToken.delete(userToken[0])
return self.issue_new_token(request, user, email)
else:
return self.issue_new_token(request, user, email)
except Exception as e:
return Response(status=404, data={'error': e.message})
def save_bearer_token(self, token, request, *args, **kwargs):
"""
It's messy. It is 90% code from parent function. I didn't find a way to reduce it.
I tried and I failed :'(
Sin Count += 1
Save access and refresh token, If refresh token is issued, remove old refresh tokens as
in rfc:`6`
"""
if request.refresh_token:
# remove used refresh token
# Copied as is from parent. I don't know why they're even caring to delete this! - Dheerendra
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert (
) # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(
seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
if request.response_type == 'token':
expires = timezone.now() + timedelta(
seconds=settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS)
token[
'expires_in'] = settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
application=request.client,
)
if request.grant_type == 'authorization_code':
refresh_tokens = RefreshToken.objects.all().filter(
user=request.user,
application=request.client).order_by('-id')
if len(refresh_tokens) > 0:
refresh_token = refresh_tokens[0]
# Delete the old access_token
refresh_token.access_token.delete()
if len(refresh_tokens) > 1:
# Enforce 1 token pair. Delete all old refresh_tokens
RefreshToken.objects.exclude(
pk=refresh_token.id).delete()
refresh_token.access_token = access_token
refresh_token.save()
token['refresh_token'] = refresh_token.token
token['groups'] = request.user.groups
def save_bearer_token(self, token, request, *args, **kwargs):
if request.refresh_token:
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert () # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(
user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
application=request.client,
access_token=access_token
)
refresh_token.save()
if DEVICE_TOKEN_HEADER in request.headers:
self.save_device(request=request,
access_token=access_token,
refresh_token=refresh_token)
token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
def _create_access_token(self,
expires,
request,
token,
source_refresh_token=None):
access_token = AccessToken(
user=request.user,
scope=' '.join(request.user.scopes),
expires=expires,
token=token["access_token"],
application=request.client,
)
access_token.save()
auth_cache = caches['auth']
cached_auth = {
'uid': access_token.user.id,
'scopes': access_token.user.scopes,
'token': access_token.token,
}
key = 'auth:access_token:{token}'.format(token=access_token.token)
auth_cache.set(key, cached_auth,
oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
return access_token
def get_user_token(user):
"""
Returns an access token for the given user. This function facilitates
interactions with the bundle service.
"""
if user is None or not user.is_authenticated():
return None
client = Application.objects.get(client_id=cli_client_id(user))
tokens = AccessToken.objects.filter(application_id=client.id,
expires__gt=timezone.now() + timedelta(minutes=5))
access_token = None
for token in tokens:
if token.is_valid([]):
access_token = token
break
if access_token is None:
access_token = AccessToken(
user=user,
scope='',
expires=timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS),
token=generate_token(),
application=client)
access_token.save()
return str(access_token.token)
def test_scopes_property(self):
self.client.login(username="******", password="******")
app = Application.objects.create(
name="test_app",
redirect_uris=
"http://localhost http://example.com http://example.it",
user=self.user,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
)
access_token = AccessToken(user=self.user,
scope='read write',
expires=0,
token='',
application=app)
access_token2 = AccessToken(user=self.user,
scope='write',
expires=0,
token='',
application=app)
self.assertEqual(access_token.scopes, {
'read': 'Reading scope',
'write': 'Writing scope'
})
self.assertEqual(access_token2.scopes, {'write': 'Writing scope'})
def post(self, request):
email = request.POST.get('email')
try:
if email is None:
raise User.DoesNotExist
except Exception as e:
print e
return Response(data={'error': e.message}, status=400)
try:
user = User.objects.get(email=email)
user_details = User.objects.filter(email=email)
userSerializer = UserSerializer(user_details, many=True)
if user.is_active == False:
return Response(status=404,
data={'error': 'user not verified'})
if not user.check_password("batman25"):
return Response(status=401,
data={'error': 'incorrect password'})
userToken = AccessToken.objects.filter(user=user)
print timezone.now()
if not user.qrhash == request.POST.get('qrcode'):
return Response(status=404,
data={'error': 'Qrcode is not valid'})
# if not timezone.now() >= user.qrhash_expiration:
# print user.qrhash
# print timezone.now()
# print
# return Response(status=404, data={'error': 'Qrcode is expired'})
# if user.ismobile_loggedin and timezone.now() <= userToken[0].expires:
# return Response(status=404, data={'error': 'You are already logged in any device'})
if userToken:
if timezone.now() <= userToken[0].expires:
user.ismobile_loggedin = True
user.save()
return Response(data={
'access_token': userToken[0].token,
'token_type': 'Bearer',
"email": userSerializer.data[0]['email'],
"name": userSerializer.data[0]['user_name'],
'avatar': userSerializer.data[0]['avatar'],
"scope": userToken[0].scope,
"role": {
'admin': userSerializer.data[0]['is_admin'],
'active': userSerializer.data[0]['is_active'],
},
"status": '200'
},
status=200)
else:
AccessToken.delete(userToken[0])
return self.issue_new_token(request, user, email)
else:
return self.issue_new_token(request, user, email)
except Exception as e:
print e.message
return Response(status=404, data={'error': e.message})
def setUpClass(cls):
super(DirectSharingOAuth2Tests, cls).setUpClass()
cls.authorize_url = ('/direct-sharing/projects/oauth2/authorize/'
'?client_id=test-key&response_type=code')
user1 = get_or_create_user('bacon')
cls.member1, _ = Member.objects.get_or_create(user=user1)
cls.member1_project = OAuth2DataRequestProject.objects.get(slug='abc')
email1 = cls.member1.primary_email
cls.access_token = AccessToken(
application=cls.member1_project.application,
user=user1,
token='test-token-1',
expires=datetime.now() + timedelta(days=1),
scope='read')
cls.access_token.save()
cls.access_token_expired = AccessToken(
application=cls.member1_project.application,
user=user1,
token='test-token-2',
expires=datetime.now() - timedelta(days=1),
scope='read')
cls.access_token_expired.save()
email1.verified = True
email1.save()
def setUp(self):
super(PollAPITestCaseOAuth2Provider, self).setUp()
from provider.oauth2.models import AccessToken, Client
from provider.constants import CONFIDENTIAL, READ, WRITE, READ_WRITE
# Prepare OAuth2 Provider Access
op_client = Client(
user=self.user,
name='Test Application',
url='http://example.com',
redirect_uri='http://example.com',
client_type=CONFIDENTIAL
)
op_client.save()
for scope in self.scopes + (None,):
options = {
'user': self.user,
'client': op_client,
'expires': datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'token': getattr(self, scope_attrbute_name),
'scope': locals()[scope.replace(" ", "_").upper()]
})
op_access_token = AccessToken(**options)
op_access_token.save()
self.choice_url = self.urls['choice_provider']
self.poll_url = self.urls['poll_provider']
self.scoped_choice_url = self.urls['scoped_choice_provider']
self.scoped_poll_url = self.urls['scoped_poll_provider']
class RoleEndpointTest(TestCase):
def setUp(self):
self.client = APIClient()
self.user = User.objects.create_user("Foo", "Bar", "*****@*****.**", "123456")
self.dev_user = User.objects.create_user("Foo", "Bar1", "*****@*****.**", "123456")
self.application = Application(
name="Test Application",
user=self.dev_user,
client_type=Application.CLIENT_PUBLIC,
authorization_grant_type=Application.GRANT_PASSWORD,
)
self.application.save()
self.token = AccessToken(
token="ABC123",
user=self.user,
expires=datetime.datetime.now() + datetime.timedelta(days=1),
scope='read write',
application=self.application
)
self.token.save()
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token.token)
def tearDown(self):
self.application.delete()
self.token.delete()
self.user.delete()
self.dev_user.delete()
def setUp(self):
super(PollAPITestCaseOAuth2Provider, self).setUp()
from provider.oauth2.models import AccessToken, Client
from provider.constants import CONFIDENTIAL, READ, WRITE, READ_WRITE
# Prepare OAuth2 Provider Access
op_client = Client(user=self.user,
name='Test Application',
url='http://example.com',
redirect_uri='http://example.com',
client_type=CONFIDENTIAL)
op_client.save()
for scope in self.scopes + (None, ):
options = {
'user': self.user,
'client': op_client,
'expires':
datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'token':
getattr(self, scope_attrbute_name),
'scope':
locals()[scope.replace(" ", "_").upper()]
})
op_access_token = AccessToken(**options)
op_access_token.save()
self.choice_url = self.urls['choice_provider']
self.poll_url = self.urls['poll_provider']
self.scoped_choice_url = self.urls['scoped_choice_provider']
self.scoped_poll_url = self.urls['scoped_poll_provider']
def setUp(self):
super(PollAPITestCaseOAuthToolkit, self).setUp()
call_command('loaddata', 'polls_api_testdata.json', verbosity=0)
self.client = Client()
self.poll_1 = Poll.objects.get(pk=1)
self.poll_2 = Poll.objects.get(pk=2)
self.urls = {}
kwargs = {'api_name': 'v1'}
apis = [
'choice_toolkit',
'scoped_choice_toolkit',
'poll_toolkit',
'scoped_poll_toolkit',
]
for api in apis:
kwargs['resource_name'] = api
self.urls[api] = reverse('api_dispatch_list', kwargs=kwargs)
# Create a user.
username = '******'
email = '*****@*****.**'
password = '******'
self.user = User.objects.create_user(username, email, password)
self.scopes = ("read", "write", "read write")
for scope in self.scopes:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
setattr(self, scope_attrbute_name, "TOKEN" + scope)
self.token = 'TOKEN'
self.scoped_token = self.token_read_write
ot_application = Application(
user=self.user,
redirect_uris='http://example.com',
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
name='Test Application'
)
ot_application.save()
for scope in self.scopes + (None,):
options = {
'user': self.user,
'application': ot_application,
'expires': datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'scope': scope,
'token': getattr(self, scope_attrbute_name)
})
ot_access_token = AccessToken(**options)
ot_access_token.save()
self.choice_url = self.urls['choice_toolkit']
self.poll_url = self.urls['poll_toolkit']
self.scoped_choice_url = self.urls['scoped_choice_toolkit']
self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def save_bearer_token(self, token, request, *args, **kwargs):
"""
It's messy. It is 90% code from parent function. I didn't find a way to reduce it.
I tried and I failed :'(
Sin Count += 1
Save access and refresh token, If refresh token is issued, remove old refresh tokens as
in rfc:`6`
"""
if request.refresh_token:
# remove used refresh token
# Copied as is from parent. I don't know why they're even caring to delete this! - Dheerendra
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert () # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
if request.response_type == 'token':
expires = timezone.now() + timedelta(seconds=settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS)
token['expires_in'] = settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(
user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
application=request.client,
)
if request.grant_type == 'authorization_code':
refresh_tokens = RefreshToken.objects.all().filter(user=request.user,
application=request.client).order_by('-id')
if len(refresh_tokens) > 0:
refresh_token = refresh_tokens[0]
# Delete the old access_token
refresh_token.access_token.delete()
if len(refresh_tokens) > 1:
# Enforce 1 token pair. Delete all old refresh_tokens
RefreshToken.objects.exclude(pk=refresh_token.id).delete()
refresh_token.access_token = access_token
refresh_token.save()
token['refresh_token'] = refresh_token.token
def _create_access_token(expires, request, token):
access_token = AccessToken(
user=request.user,
scope=token["scope"],
expires=expires,
token=token["access_token"],
application=request.client
)
access_token.save()
return access_token
def test_accesstoken_create(self):
""" Create an AccessToken and check for signal """
request = self.factory.get('/bluebutton/fhir/v1/ExplanationOfBenefit/')
request.user = self.user
# xwalk = Crosswalk.objects.get(user=self.user)
app = self._create_application('ThePHR', user=request.user)
# print("\nApp - prep for AccessToken:%s" % app.name)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = request.user
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = [
"patient/Patient.read", "patient/ExplanationOfBenefit.read"
]
a_tkn.save()
# print("\n================\nSaved %s" % a_tkn)
self.assertEqual(True, True)
def post(
self,
request,
):
serializer_class = serializers.AuthenticateAccountSerializer(
data=request.data)
if serializer_class.is_valid():
username = serializer_class.data.get('username')
password = serializer_class.data.get('password')
account = Account.objects.get(username=username)
if account.check_password(raw_password=password):
payload = {
'uuid': str(account.uuid),
'username': account.username,
'time': str(datetime.now(timezone.utc)),
}
access_token = jwt.encode(payload,
settings.SECRET_KEY).decode('utf-8')
try:
to_black_list = AccessToken.objects.get(user=account)
token_black_list = BlackList()
token_black_list.token = to_black_list.value
to_black_list.delete()
token_black_list.save()
except:
pass
to_access_token = AccessToken()
to_access_token.user = account
to_access_token.value = str(access_token)
to_access_token.save()
expires = datetime.now() + timedelta(seconds=300000)
refresh_token = AccesssTokenOATH(
user=account,
expires=expires,
token=common.generate_token(),
)
refresh_token.save()
payload2 = {'token': str(refresh_token)}
refresh_token_str = jwt.encode(
payload2, settings.SECRET_KEY).decode('utf-8')
decode_token = jwt.decode(refresh_token_str,
settings.SECRET_KEY)
tokens = {
'access_token': access_token,
'refresh_token': refresh_token_str,
}
return Response(tokens, status=HTTP_201_CREATED)
else:
return Response({"message": "Authentication failed"},
status=HTTP_400_BAD_REQUEST)
def create(self, request, *args, **kwargs):
"""
"""
data = request.data
data = dict(data.items())
serializer = UserCreateSerializer(data=data)
host = request.META['HTTP_HOST']
if serializer.is_valid():
user = get_user_model().objects.create_user(**serializer.data)
user.set_password(data.get('password'))
user.is_active = False
user.save()
# here generating the activation key
activation_key = str(uuid.uuid4())
user.activation_key = activation_key
user.save()
profile = Profile(user=user)
profile.save()
mail_user_activation_key(user, host=host)
# getting application
application = Application.objects.get(name="mmb")
# creating access token
access_token = AccessToken(user=user,
expires=expires,
token=generate_token(),
application=application)
access_token.save()
refresh_token = RefreshToken.objects.create(
user=user,
token=generate_token(),
access_token=access_token,
application=application)
response = {
'access_token':
access_token.token,
'token_type':
'Bearer',
'expires_in':
settings.OAUTH2_PROVIDER['ACCESS_TOKEN_EXPIRE_SECONDS'],
'refresh_token':
refresh_token.token
}
return Response(response, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def callback(request):
# Could not authorize twitch app
if 'error' in request.GET:
# todo: handle appropriately
error_message = _('You denied access to your Twitch account') \
if request.GET['error'] == 'access_denied' else _('Error while authentication via Twitch API')
messages.error(request, error_message)
logger.error(
'[Twitch Auth] %s: %s' %
(request.META['REMOTE_ADDR'], request.GET['error_description']))
return HttpResponseRedirect('/')
# get redirection url
# todo: make dynamic or username state based => setup/home/etc
redirect_to = settings.FRONTEND_URL + settings.FRONTEND_CALLBACK
code = request.GET['code']
state = request.GET['state']
logger.error(f"{code}, {state}")
# if user is already logged in, redirect to that url
# if request.user.is_authenticated:
# return HttpResponseRedirect(redirect_to)
# authenticate with backend
user = authenticate(request, code=request.GET['code'])
if user and user.is_active:
# auth_login(request, user)
# todo: create oauth2 token
try:
expires = timezone.now() + timedelta(
seconds=settings.ACCESS_TOKEN_EXPIRE_SECONDS)
temporary_token = TemporaryToken.objects.get(identifier=state)
application = temporary_token.application
access_token = AccessToken(user=user,
scope='',
expires=expires,
token=common.generate_token(),
application=application)
access_token.save()
temporary_token.token = access_token
temporary_token.approved = True
temporary_token.save()
except TemporaryToken.DoesNotExist:
print("Yo we couldnt find this")
# messages.success(request, _('You successfully logged in'))
return HttpResponseRedirect(redirect_to)
else:
print("not an existing user... complete setup")
# messages.error(request, _('Cannot authenticate you'))
return HttpResponseRedirect('/')
def _create_bearer_token(self, user):
app, created = Application.objects.get_or_create(
user=user,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_PASSWORD,
name=user.username)
expires_in = settings.ACCESS_TOKEN_EXPIRE_SECONDS
expires = timezone.now() + timedelta(seconds=expires_in)
token = AccessToken(user=user,
token=generate_token(),
application=app,
expires=expires)
token.save()
def create_access_token(self, user: "******") -> AccessToken:
"""Create an access token."""
expires = timezone.now() + timedelta(seconds=self.token_expire)
access_token = AccessToken(
user=user,
scope="read write groups",
expires=expires,
token=common.generate_token(),
application=self.jwt_app,
)
access_token.save()
return access_token
def post(self, request):
email = request.POST.get('email')
try:
if email is None:
raise User.DoesNotExist
except Exception as e:
print e
return Response(data={'error': e.message}, status=400)
try:
user = User.objects.get(email=email)
user_details = User.objects.filter(email=email)
userSerializer = UserSerializer(user_details, many=True)
if user.is_active == False:
return Response(status=404,
data={'error': 'user not verified'})
if not user.check_password(request.POST.get('password')):
return Response(status=401,
data={'error': 'incorrect password'})
userToken = AccessToken.objects.filter(user=user)
if userToken:
if timezone.now() <= userToken[0].expires:
# print timezone.now() - timezone.timedelta(days=365)
# print timezone.now() + timezone.timedelta(minutes=598)
# print userToken[0].expires
# print timezone.now() + timezone.timedelta(minutes=598) <= userToken[0].expires
return Response(data={
'access_token': userToken[0].token,
'token_type': 'Bearer',
'avatar': userSerializer.data[0]['avatar'],
"email": userSerializer.data[0]['email'],
"name": userSerializer.data[0]['user_name'],
"scope": userToken[0].scope,
"role": {
'admin': userSerializer.data[0]['is_admin'],
'active': userSerializer.data[0]['is_active']
},
"status": '200'
},
status=200)
else:
AccessToken.delete(userToken[0])
return self.issue_new_token(request, user, email)
else:
return self.issue_new_token(request, user, email)
except Exception as e:
print e.message
return Response(status=404, data={'error': e.message})
def setUpClass(cls):
super(DirectSharingOAuth2Tests2, cls).setUpClass()
cls.authorize_url = (
"/direct-sharing/projects/oauth2/authorize/"
"?client_id=test-key-2&response_type=code"
)
user1 = get_or_create_user("bacon")
cls.member1, _ = Member.objects.get_or_create(user=user1)
cls.member1.save()
cls.member1_project = OAuth2DataRequestProject.objects.get(slug="abc3")
cls.member1_project.save()
email1 = cls.member1.primary_email
cls.access_token = AccessToken(
application=cls.member1_project.application,
user=user1,
token="test-token-1",
expires=timezone.now() + timedelta(days=1),
scope="read",
)
cls.access_token.save()
email1.verified = True
email1.save()
def generate_access_token(user):
'''获取 accesstoken, 由于微信小程序无法使用session, 所以采用oauth的机制'''
application = Application.objects.get(
client_id=settings.ORIGINAL_OAUTH2_CLIENT_ID,
client_secret=settings.ORIGINAL_OAUTH2_CLIENT_SECRET,
)
expires = arrow.now().shift(years=1).datetime
token = common.generate_token()
scopes = ['read', 'write']
access_token = AccessToken(
user=user,
scope=scopes,
expires=expires,
token=token,
application=application,
source_refresh_token=None,
)
access_token.save()
return access_token
def send_email(request):
"""
Send an email related to a user password reset.
TODO: move to /users; fix HttpResponse
---
parameters:
- name: email
paramType: form
- name: user
paramType: form
"""
email = request.POST.get('email')
name = request.POST.get('user')
user = User.objects.get(username=name)
if user.email != email:
return HttpResponse(status.HTTP_403_FORBIDDEN)
uidb64 = base64.urlsafe_b64encode(force_bytes(user.pk))
token = AccessToken(
user=user,
application=Application.objects.get(
client_id='aHD4NUa4IRjA1OrPD2kJLXyz34c06Bi5eVX8O94p'),
expires=timezone.now() + timezone.timedelta(minutes=5),
token=generate_token())
token.save()
email_config = {
'email': email,
'domain': request.META['HTTP_HOST'],
'site_name': 'TRAC',
'uid': uidb64,
'user': user,
'token': str(token),
'protocol': 'https://',
}
url = "/".join((email_config['domain'], 'UserSettings',
email_config['uid'], email_config['token'], ''))
email_body = loader.render_to_string(
'../templates/email_templates/email_template.html', email_config)
send_mail('Reset Password Request',
email_body,
'*****@*****.**', (email_config['email'], ),
fail_silently=False)
return HttpResponse(status.HTTP_200_OK)
def create_access_token(self, user_id, application_id, scopes,
expiry_in_seconds):
import datetime
from oauth2_provider.models import AccessToken
access_token = self._generate_access_token()
expires = datetime.datetime.now() + datetime.timedelta(
seconds=expiry_in_seconds)
access_token_object = AccessToken(user_id=user_id,
token=access_token,
application_id=application_id,
expires=expires,
scope=scopes)
access_token_object.save()
from common.dtos import AccessTokenDTO
return AccessTokenDTO(access_token_id=access_token_object.id,
token=access_token_object.token,
expires=expires)
def archive_bearer_token(self):
# During testing, you will probably have to copy access tokens from prod for this to work
try:
app = Application.objects.get(name='Archive')
except Application.DoesNotExist:
logger.error(
'Archive application not found. Oauth applications need to be populated.'
)
return ''
access_token = AccessToken.objects.filter(
user=self.user, application=app,
expires__gt=timezone.now()).last()
if not access_token:
access_token = AccessToken(user=self.user,
application=app,
token=uuid.uuid4().hex,
expires=timezone.now() +
timedelta(days=30))
access_token.save()
return access_token.token
def setup_user_token():
# create user
user = User.objects.create_user('hongzhi', password='******')
# create oauth application
app = Application()
app.user = user
app.save()
token = AccessToken()
token.user = user
token.expires = timezone.now().replace(year=timezone.now().year + 1)
token.application = app
token.token = '987654321'
token.save()
return user, token.token
def test_accesstoken_create(self):
""" Create an AccessToken and check for signal """
request = self.factory.get('/create_test_account/bb_upload/')
request.user = self.user
# xwalk = Crosswalk.objects.get(user=self.user)
app = self._create_application('ThePHR', user=request.user)
# print("\nApp - prep for AccessToken:%s" % app.name)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = request.user
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = ["patient/Patient.read",
"patient/ExplanationOfBenefit.read"]
a_tkn.save()
# print("\n================\nSaved %s" % a_tkn)
self.assertEqual(True, True)
def verify_token(request):
"""
Verify client token is valid
:param request:
:return:
"""
key = request.POST.get('token', '')
try:
token = AccessToken.objects.get(token=key)
if AccessToken.is_valid(token):
logging.info('Valid access')
return JsonResponse(
{'isValid': 'true'}
)
except AccessToken.DoesNotExist, e:
return JsonResponse(
{'isValid': 'false'}
)
class BaseTest(APITestCase):
def setUp(self):
self.test_user = User.objects.create_user(
username="******",
email="*****@*****.**",
first_name="Trevor",
last_name="Hutto",
password="******",
bio="this is me.",
profile_picture=SimpleUploadedFile(name='foo.gif',
content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'),
header_picture=SimpleUploadedFile(name='foo.gif',
content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'),
)
self.dev_user = User.objects.create_user(
username="******",
email="*****@*****.**",
first_name="Camron",
last_name="Godbout",
password="******"
)
self.test_post = Post.objects.create(
author=self.test_user,
title="title",
latitude="1.123123",
longitude="1.123123"
)
self.test_image = Image.objects.create(
image=SimpleUploadedFile(name='foo.gif',
content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'),
caption="here es captiones"
)
self.test_video = Video.objects.create(
video=SimpleUploadedFile("file.mp4", "file_content",
content_type="video/mp4"),
caption="here es captiones"
)
self.test_snippet = Snippet.objects.create(
snippet="here is a snippet"
)
self.post_snippet = PostSnippet.objects.create(
snippet=self.test_snippet,
post=self.test_post,
position=0
)
self.post_video = PostVideo.objects.create(
video=self.test_video,
post=self.test_post
)
self.post_image = PostImage.objects.create(
image=self.test_image,
post=self.test_post,
position=1
)
self.application = Application(
name="Test Application",
redirect_uris="http://example.com",
user=self.dev_user,
client_type=Application.CLIENT_PUBLIC,
authorization_grant_type=Application.GRANT_PASSWORD,
)
self.application.save()
self.access_token = AccessToken(
user=self.test_user,
scope='read write',
expires=timezone.now() + timedelta(seconds=300),
token='secret-access-token-key',
application=self.application
)
self.access_token.save()
oauth2_settings._SCOPES = ['read', 'write']
def tearDown(self):
self.application.delete()
self.test_user.delete()
if settings.DEBUG:
if self.test_user.profile_picture:
if os.path.isfile(self.test_user.profile_picture.path):
os.remove(self.test_user.profile_picture.path)
if self.test_user.header_picture:
if os.path.isfile(self.test_user.header_picture.path):
os.remove(self.test_user.header_picture.path)
self.dev_user.delete()
if settings.DEBUG:
if self.test_image.image:
if os.path.isfile(self.test_image.image.path):
os.remove(self.test_image.image.path)
self.test_image.delete()
self.test_post.delete()
self.test_snippet.delete()
if settings.DEBUG:
if self.test_video.video:
if os.path.isfile(self.test_video.video.path):
os.remove(self.test_video.video.path)
self.test_video.delete()
def get_basic_auth_header(self, user, password):
"""
Return a dict containg the correct headers to set to make
HTTP Basic Auth request
"""
user_pass = '******'.format(user, password)
auth_string = base64.b64encode(user_pass.encode('utf-8'))
auth_headers = {
'HTTP_AUTHORIZATION': 'Basic ' + auth_string.decode("utf-8"),
}
return auth_headers
def get_access_token_header(self):
"""
Return a dict containing the correct headers to set to make
an authorized request.
"""
access_token_header = {
'Authorization': 'Bearer ' + self.access_token.token
}
return access_token_header
def setUp(self):
self.test_user = User.objects.create_user(
username="******",
email="*****@*****.**",
first_name="Trevor",
last_name="Hutto",
password="******",
bio="this is me.",
profile_picture=SimpleUploadedFile(name='foo.gif',
content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'),
header_picture=SimpleUploadedFile(name='foo.gif',
content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'),
)
self.dev_user = User.objects.create_user(
username="******",
email="*****@*****.**",
first_name="Camron",
last_name="Godbout",
password="******"
)
self.test_post = Post.objects.create(
author=self.test_user,
title="title",
latitude="1.123123",
longitude="1.123123"
)
self.test_image = Image.objects.create(
image=SimpleUploadedFile(name='foo.gif',
content=b'GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00'),
caption="here es captiones"
)
self.test_video = Video.objects.create(
video=SimpleUploadedFile("file.mp4", "file_content",
content_type="video/mp4"),
caption="here es captiones"
)
self.test_snippet = Snippet.objects.create(
snippet="here is a snippet"
)
self.post_snippet = PostSnippet.objects.create(
snippet=self.test_snippet,
post=self.test_post,
position=0
)
self.post_video = PostVideo.objects.create(
video=self.test_video,
post=self.test_post
)
self.post_image = PostImage.objects.create(
image=self.test_image,
post=self.test_post,
position=1
)
self.application = Application(
name="Test Application",
redirect_uris="http://example.com",
user=self.dev_user,
client_type=Application.CLIENT_PUBLIC,
authorization_grant_type=Application.GRANT_PASSWORD,
)
self.application.save()
self.access_token = AccessToken(
user=self.test_user,
scope='read write',
expires=timezone.now() + timedelta(seconds=300),
token='secret-access-token-key',
application=self.application
)
self.access_token.save()
oauth2_settings._SCOPES = ['read', 'write']
def test_access_token_signal_update(self):
""" Create AccessToken check for update to user/app consent """
usr = self.user
app = self._create_application('ThePHR', user=usr)
# xwalk = Crosswalk.objects.get(user=usr)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = ["patient/Patient.read",
"patient/ExplanationOfBenefit.read"]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
print("\nConsent:%s" % f_c)
print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "1")
a_tkn.delete()
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = ["patient/Patient.read",
"patient/ExplanationOfBenefit.read"]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
print("\nUpdated Consent:%s" % f_c)
print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "2")
class DirectSharingOAuth2Tests(DirectSharingMixin, DirectSharingTestsMixin, TestCase):
"""
Tests for private sharing OAuth2 projects.
"""
@classmethod
def setUpClass(cls):
super().setUpClass()
cls.authorize_url = (
"/direct-sharing/projects/oauth2/authorize/"
"?client_id=test-key&response_type=code"
)
user1 = get_or_create_user("bacon")
cls.member1, _ = Member.objects.get_or_create(user=user1)
email1 = cls.member1.primary_email
email1.verified = True
email1.save()
def setUp(self):
# Hacky way of inserting requested_sources, but it seems django doesn't
# want to read this from the test fixture
self.member1_project = OAuth2DataRequestProject.objects.get(slug="abc")
project_2 = DataRequestProject.objects.get(slug="abc-2")
self.member1_project.requested_sources.add(project_2)
self.member1_project.save()
self.access_token = AccessToken(
application=self.member1_project.application,
user=self.member1.user,
token="test-token-1",
expires=timezone.now() + timedelta(days=1),
scope="read",
)
self.access_token.save()
self.access_token_expired = AccessToken(
application=self.member1_project.application,
user=self.member1.user,
token="test-token-2",
expires=timezone.now() - timedelta(days=1),
scope="read",
)
self.access_token_expired.save()
@unittest.skip("Hitting django bug #27398")
def test_authorize_if_logged_out(self):
response = self.client.get(self.authorize_url)
self.assertRedirects(
response,
"/account/login/oauth2/?connection=abc&next={}".format(
quote(self.authorize_url, safe="")
),
)
def test_authorize_if_logged_in(self):
login = self.client.login(username="******", password="******")
self.assertTrue(login)
self.update_member(joined=False, authorized=False)
response = self.client.get(self.authorize_url)
self.assertEqual(response.status_code, 200)
def test_authorize_if_already_authorized(self):
login = self.client.login(username="******", password="******")
self.assertTrue(login)
self.update_member(joined=True, authorized=True)
response = self.client.get(self.authorize_url)
self.assertTrue(b"Project previously authorized." in response.content)
@unittest.skipIf((not settings.AWS_STORAGE_BUCKET_NAME), "AWS not set up.")
def test_exchange_member(self):
self.update_member(joined=True, authorized=True)
project_member = DataRequestProjectMember.objects.get(
project=self.member1_project, member=self.member1
)
response = self.client.get(
"/api/direct-sharing/project/exchange-member/"
"?access_token={}".format(self.access_token)
)
json = response.json()
self.assertTrue(json["project_member_id"] == project_member.project_member_id)
self.assertTrue(json["username"] == "bacon")
self.assertTrue(len(json["sources_shared"]) == 2)
self.assertTrue("direct-sharing-2" in json["sources_shared"])
self.assertFalse("direct-sharing-1" in json["sources_shared"])
datafile_sources = [x["source"] for x in json["data"]]
self.assertIn("direct-sharing-2", datafile_sources)
# Project sees its own data.
self.assertIn("direct-sharing-2", datafile_sources)
# Unauthorized data not available.
self.assertNotIn("direct-sharing-3", datafile_sources)
def test_exchange_member_token_expired(self):
self.update_member(joined=True, authorized=True)
response = self.client.get(
"/api/direct-sharing/project/exchange-member/"
"?access_token={}".format(self.access_token_expired)
)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json()["detail"], "Expired token.")
@unittest.skip("Obsolete")
def test_oauth2_authorize(self):
login = self.client.login(username="******", password="******")
self.assertTrue(login)
response = self.client.get(self.authorize_url)
data = {
"redirect_uri": "http://*****:*****@unittest.skipIf((not settings.AWS_STORAGE_BUCKET_NAME), "AWS not set up.")
def test_member_access_token(self):
member = self.update_member(joined=True, authorized=True)
datatypes = self.insert_datatypes()
self.member1_project.registered_datatypes.clear()
self.member1_project.registered_datatypes.add(
datatypes.get(name="all your base")
)
self.member1_project.registered_datatypes.add(
datatypes.get(name="are belong to us")
)
self.member1_project.save()
response = self.client.post(
"/api/direct-sharing/project/files/upload/?access_token={}".format(
self.access_token
),
data={
"project_member_id": member.project_member_id,
"datatypes": '["all your base", "are belong to us"]',
"metadata": (
'{"description": "Test description...", '
'"tags": ["tag 1", "tag 2", "tag 3"]}'
),
"data_file": StringIO("just testing..."),
},
)
response_json = response.json()
self.assertIn("id", response_json)
self.assertEqual(response.status_code, 201)
self.assertNotIn("errors", response_json)
data_file = ProjectDataFile.objects.get(
id=response_json["id"],
direct_sharing_project=self.member1_project,
user=self.member1.user,
)
self.assertEqual(data_file.metadata["description"], "Test description...")
self.assertEqual(data_file.metadata["tags"], ["tag 1", "tag 2", "tag 3"])
self.assertEqual(data_file.file.readlines(), [b"just testing..."])
def test_message_member(self):
self.update_member(joined=True, authorized=True)
response = self.client.post(
"/api/direct-sharing/project/message/?access_token={}".format(
self.access_token
),
data={
"subject": "Sending a good test email",
"message": "The content of this email\nis a test.\n",
},
)
response_json = response.json()
self.assertEqual(response_json, "success")
def test_message_expired_token(self):
self.update_member(joined=True, authorized=True)
response = self.client.post(
"/api/direct-sharing/project/message/?access_token={}".format(
self.access_token_expired
),
data={
"subject": "Sending a bad test email",
"message": "The content of this email\nis a test.\n",
},
)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json()["detail"], "Expired token.")
def test_remove_member(self):
projmember = self.update_member(joined=True, authorized=True)
response = self.client.post(
"/api/direct-sharing/project/remove-members/?"
"access_token={}".format(self.access_token)
)
response_json = response.json()
self.assertEqual(response_json, "success")
# Get a fresh copy before checking.
projmember = DataRequestProjectMember.objects.get(id=projmember.id)
self.assertEqual(projmember.authorized, False)
