def setUp(self):
# Hacky way of inserting requested_sources, but it seems django doesn't
# want to read this from the test fixture
self.member1_project = OAuth2DataRequestProject.objects.get(slug="abc")
project_2 = DataRequestProject.objects.get(slug="abc-2")
self.member1_project.requested_sources.add(project_2)
self.member1_project.save()
self.access_token = AccessToken(
application=self.member1_project.application,
user=self.member1.user,
token="test-token-1",
expires=timezone.now() + timedelta(days=1),
scope="read",
)
self.access_token.save()
self.access_token_expired = AccessToken(
application=self.member1_project.application,
user=self.member1.user,
token="test-token-2",
expires=timezone.now() - timedelta(days=1),
scope="read",
)
self.access_token_expired.save()
def test_scopes_property(self):
self.client.login(username="******", password="******")
app = Application.objects.create(
name="test_app",
redirect_uris=
"http://localhost http://example.com http://example.it",
user=self.user,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
)
access_token = AccessToken(user=self.user,
scope='read write',
expires=0,
token='',
application=app)
access_token2 = AccessToken(user=self.user,
scope='write',
expires=0,
token='',
application=app)
self.assertEqual(access_token.scopes, {
'read': 'Reading scope',
'write': 'Writing scope'
})
self.assertEqual(access_token2.scopes, {'write': 'Writing scope'})
def setUpClass(cls):
super(DirectSharingOAuth2Tests, cls).setUpClass()
cls.authorize_url = ('/direct-sharing/projects/oauth2/authorize/'
'?client_id=test-key&response_type=code')
user1 = get_or_create_user('bacon')
cls.member1, _ = Member.objects.get_or_create(user=user1)
cls.member1_project = OAuth2DataRequestProject.objects.get(slug='abc')
email1 = cls.member1.primary_email
cls.access_token = AccessToken(
application=cls.member1_project.application,
user=user1,
token='test-token-1',
expires=datetime.now() + timedelta(days=1),
scope='read')
cls.access_token.save()
cls.access_token_expired = AccessToken(
application=cls.member1_project.application,
user=user1,
token='test-token-2',
expires=datetime.now() - timedelta(days=1),
scope='read')
cls.access_token_expired.save()
email1.verified = True
email1.save()
def setUpClass(cls):
super(DirectSharingOAuth2Tests2, cls).setUpClass()
cls.authorize_url = (
"/direct-sharing/projects/oauth2/authorize/"
"?client_id=test-key-2&response_type=code"
)
user1 = get_or_create_user("bacon")
cls.member1, _ = Member.objects.get_or_create(user=user1)
cls.member1.save()
cls.member1_project = OAuth2DataRequestProject.objects.get(slug="abc3")
cls.member1_project.save()
email1 = cls.member1.primary_email
cls.access_token = AccessToken(
application=cls.member1_project.application,
user=user1,
token="test-token-1",
expires=timezone.now() + timedelta(days=1),
scope="read",
)
cls.access_token.save()
email1.verified = True
email1.save()
def get_user_token(user):
"""
Returns an access token for the given user. This function facilitates
interactions with the bundle service.
"""
if user is None or not user.is_authenticated():
return None
client = Application.objects.get(client_id=cli_client_id(user))
tokens = AccessToken.objects.filter(application_id=client.id,
expires__gt=timezone.now() +
timedelta(minutes=5))
access_token = None
for token in tokens:
if token.is_valid([]):
access_token = token
break
if access_token is None:
access_token = AccessToken(
user=user,
scope='',
expires=timezone.now() +
timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS),
token=generate_token(),
application=client)
access_token.save()
return str(access_token.token)
def post(self, request, format=None):
if request.method == "POST":
ref_token = request.data.get("refresh_token")
expires = timezone.now() + timedelta(seconds=3600000)
application = Application.objects.get(
client_id=mainSettings.OAUTH_CLIENTID)
try:
refTokenModel = RefreshToken.objects.get(token=ref_token)
except RefreshToken.DoesNotExist:
return Response({'error': 'Refresh token invalid'}, status=400)
access_token = AccessToken(user=refTokenModel.user,
scope='',
expires=expires,
token=common.generate_token(),
application=application)
access_token.save()
#refresh_token = RefreshToken(token=ref_token,
# application=application,access_token=access_token )
refTokenModel.access_token = access_token
refTokenModel.save()
return Response(
{
'token': access_token.token,
'refresh_token': ref_token,
"token_type": "Bearer"
},
status=HTTPStatus.HTTP_200_OK)
else:
status_code = HTTPStatus.METHOD_NOT_ALLOWED
response = JsonResponse({'success': 'false'}, status=status_code)
return response
def test_accesstoken_create(self):
""" Create an AccessToken and check for signal """
request = self.factory.get('/bluebutton/fhir/v1/ExplanationOfBenefit/')
request.user = self.user
# xwalk = Crosswalk.objects.get(user=self.user)
app = self._create_application('ThePHR', user=request.user)
# print("\nApp - prep for AccessToken:%s" % app.name)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = request.user
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = [
"patient/Patient.read", "patient/ExplanationOfBenefit.read"
]
a_tkn.save()
# print("\n================\nSaved %s" % a_tkn)
self.assertEqual(True, True)
def save_bearer_token(self, token, request, *args, **kwargs):
"""
Check if an access_token exists for the couple user/application
that is valid and authorized for the same scopes and ensures that
no refresh token was used.
If all the conditions are true the same access_token is issued.
Otherwise a new one is created with the default strategy.
"""
# this queryset identifies all the valid access tokens
# for the couple user/application.
previous_valid_tokens = AccessToken.objects.filter(
user=request.user,
application=request.client,
).filter(expires__gt=timezone.now()).order_by('-expires')
# if a refresh token was not used and a valid token exists we
# can replace the new generated token with the old one.
if not request.refresh_token and previous_valid_tokens.exists():
for access_token in previous_valid_tokens:
# the previous access_token must allow access to the same scope
# or bigger
if access_token.allow_scopes(token['scope'].split()):
token['access_token'] = access_token.token
expires_in = access_token.expires - timezone.now()
token['expires_in'] = expires_in.total_seconds()
if hasattr(access_token, 'refresh_token'):
token[
'refresh_token'] = access_token.refresh_token.token
# break the loop and exist because we found to old token
return
# default behaviour when no old token is found
if request.refresh_token:
# remove used refresh token
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert (
) # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(seconds=token['expires_in'])
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(user=request.user,
token=token['refresh_token'],
application=request.client,
access_token=access_token)
refresh_token.save()
def save_bearer_token(self, token, request, *args, **kwargs):
if request.refresh_token:
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert () # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(
user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
application=request.client,
access_token=access_token
)
refresh_token.save()
if DEVICE_TOKEN_HEADER in request.headers:
self.save_device(request=request,
access_token=access_token,
refresh_token=refresh_token)
token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
def signup_client(request):
serializer = SignupClientSerializer(data=request.data, context={'request': request})
serializer.is_valid()
# print("serializer error: ", oauth2_settings)
if serializer.errors:
return Response(data=serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
else:
serializer.save()
application = Application.objects.get(client_id=serializer.initial_data["client_id"])
expires = timezone.now() + timedelta(seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
activated_user = User.objects.get(email=serializer.data["email"])
access_token = AccessToken(
user=activated_user,
scope='',
expires=expires,
token=common.generate_token(),
application=application
)
access_token.save()
refresh_token = RefreshToken(
user=activated_user,
token=common.generate_token(),
application=application,
access_token=access_token
)
refresh_token.save()
return Response({"expires": expires, "access_token": access_token.token,
"refresh_token": refresh_token.token}, status=200)
def save_bearer_token(self, token, request, *args, **kwargs):
"""
It's messy. It is 90% code from parent function. I didn't find a way to reduce it.
I tried and I failed :'(
Sin Count += 1
Save access and refresh token, If refresh token is issued, remove old refresh tokens as
in rfc:`6`
"""
if request.refresh_token:
# remove used refresh token
# Copied as is from parent. I don't know why they're even caring to delete this! - Dheerendra
try:
RefreshToken.objects.get(token=request.refresh_token).revoke()
except RefreshToken.DoesNotExist:
assert (
) # TODO though being here would be very strange, at least log the error
expires = timezone.now() + timedelta(
seconds=oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
token['expires_in'] = oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS
if request.response_type == 'token':
expires = timezone.now() + timedelta(
seconds=settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS)
token[
'expires_in'] = settings.IMPLICIT_ACCESS_TOKEN_EXPIRES_SECONDS
if request.grant_type == 'client_credentials':
request.user = None
access_token = AccessToken(user=request.user,
scope=token['scope'],
expires=expires,
token=token['access_token'],
application=request.client)
access_token.save()
if 'refresh_token' in token:
refresh_token = RefreshToken(
user=request.user,
token=token['refresh_token'],
application=request.client,
)
if request.grant_type == 'authorization_code':
refresh_tokens = RefreshToken.objects.all().filter(
user=request.user,
application=request.client).order_by('-id')
if len(refresh_tokens) > 0:
refresh_token = refresh_tokens[0]
# Delete the old access_token
refresh_token.access_token.delete()
if len(refresh_tokens) > 1:
# Enforce 1 token pair. Delete all old refresh_tokens
RefreshToken.objects.exclude(
pk=refresh_token.id).delete()
refresh_token.access_token = access_token
refresh_token.save()
token['refresh_token'] = refresh_token.token
token['groups'] = request.user.groups
def setUp(self):
super(PollAPITestCaseOAuth2Provider, self).setUp()
from provider.oauth2.models import AccessToken, Client
from provider.constants import CONFIDENTIAL, READ, WRITE, READ_WRITE
# Prepare OAuth2 Provider Access
op_client = Client(user=self.user,
name='Test Application',
url='http://example.com',
redirect_uri='http://example.com',
client_type=CONFIDENTIAL)
op_client.save()
for scope in self.scopes + (None, ):
options = {
'user': self.user,
'client': op_client,
'expires':
datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'token':
getattr(self, scope_attrbute_name),
'scope':
locals()[scope.replace(" ", "_").upper()]
})
op_access_token = AccessToken(**options)
op_access_token.save()
self.choice_url = self.urls['choice_provider']
self.poll_url = self.urls['poll_provider']
self.scoped_choice_url = self.urls['scoped_choice_provider']
self.scoped_poll_url = self.urls['scoped_poll_provider']
def create_user(self):
# FIXME: Please refactor me!
self.logout_url = reverse('accounts.logout')
self.username = '******'
self.password = '******'
self.data = \
{
'first_name': 'Demo',
'last_name': 'Demo',
'email': '*****@*****.**',
}
# this is used to identify addresses created by allocate_wallets mock
self.address_id_pattern = 'addr_id_'
self._mock_rpc()
self.create_main_user()
self.client = NexchangeClient()
success = self.client.login(username=self.username,
password=self.password)
expires = timezone.now() + timedelta(days=30)
token = AccessToken(user=self.user,
token='3HrghbVeDUQWaOriqrXYLZmCb4cEXB',
expires=expires)
token.save()
assert success
def setUp(self):
super(PollAPITestCaseOAuthToolkit, self).setUp()
# Prepare OAuth Toolkit Access
from oauth2_provider.models import AccessToken, Application
ot_application = Application(
user=self.user,
redirect_uris='http://example.com',
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
name='Test Application')
ot_application.save()
for scope in self.scopes + (None, ):
options = {
'user': self.user,
'application': ot_application,
'expires':
datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'scope': scope,
'token': getattr(self, scope_attrbute_name)
})
ot_access_token = AccessToken(**options)
ot_access_token.save()
self.choice_url = self.urls['choice_toolkit']
self.poll_url = self.urls['poll_toolkit']
self.scoped_choice_url = self.urls['scoped_choice_toolkit']
self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def _create_access_token(self,
expires,
request,
token,
source_refresh_token=None):
access_token = AccessToken(
user=request.user,
scope=' '.join(request.user.scopes),
expires=expires,
token=token["access_token"],
application=request.client,
)
access_token.save()
auth_cache = caches['auth']
cached_auth = {
'uid': access_token.user.id,
'scopes': access_token.user.scopes,
'token': access_token.token,
}
key = 'auth:access_token:{token}'.format(token=access_token.token)
auth_cache.set(key, cached_auth,
oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS)
return access_token
def setUp(self):
super(PollAPITestCaseOAuthToolkit, self).setUp()
call_command('loaddata', 'polls_api_testdata.json', verbosity=0)
self.client = Client()
self.poll_1 = Poll.objects.get(pk=1)
self.poll_2 = Poll.objects.get(pk=2)
self.urls = {}
kwargs = {'api_name': 'v1'}
apis = [
'choice_toolkit',
'scoped_choice_toolkit',
'poll_toolkit',
'scoped_poll_toolkit',
]
for api in apis:
kwargs['resource_name'] = api
self.urls[api] = reverse('api_dispatch_list', kwargs=kwargs)
# Create a user.
username = '******'
email = '*****@*****.**'
password = '******'
self.user = User.objects.create_user(username, email, password)
self.scopes = ("read", "write", "read write")
for scope in self.scopes:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
setattr(self, scope_attrbute_name, "TOKEN" + scope)
self.token = 'TOKEN'
self.scoped_token = self.token_read_write
ot_application = Application(
user=self.user,
redirect_uris='http://example.com',
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
name='Test Application'
)
ot_application.save()
for scope in self.scopes + (None,):
options = {
'user': self.user,
'application': ot_application,
'expires': datetime.datetime.now() + datetime.timedelta(days=10),
'token': self.token
}
if scope:
scope_attrbute_name = "token_" + scope.replace(" ", "_")
options.update({
'scope': scope,
'token': getattr(self, scope_attrbute_name)
})
ot_access_token = AccessToken(**options)
ot_access_token.save()
self.choice_url = self.urls['choice_toolkit']
self.poll_url = self.urls['poll_toolkit']
self.scoped_choice_url = self.urls['scoped_choice_toolkit']
self.scoped_poll_url = self.urls['scoped_poll_toolkit']
def _create_access_token(expires, request, token):
access_token = AccessToken(
user=request.user,
scope=token["scope"],
expires=expires,
token=token["access_token"],
application=request.client
)
access_token.save()
return access_token
def test_access_token_signal_update(self):
""" Create AccessToken check for update to user/app consent """
usr = self.user
app = self._create_application('ThePHR', user=usr)
# xwalk = Crosswalk.objects.get(user=usr)
this_moment = timezone.now()
future_time = this_moment + relativedelta(years=1)
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = [
"patient/Patient.read", "patient/ExplanationOfBenefit.read"
]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
# print("\nConsent:%s" % f_c)
# print("\nJSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "1")
a_tkn.delete()
a_tkn = AccessToken()
a_tkn.user = usr
a_tkn.application = app
a_tkn.token = "1234567890"
a_tkn.expires = future_time
a_tkn.scope = [
"patient/Patient.read", "patient/ExplanationOfBenefit.read"
]
a_tkn.save()
f_c = fhir_Consent.objects.get(user=usr, application=app)
# print("\nUpdated Consent:%s" % f_c)
# print("\nUpdated JSON Consent:\n%s\n" % pretty_json(f_c.consent))
self.assertEqual(f_c.consent['meta']['versionId'], "2")
def create(self, request, *args, **kwargs):
"""
"""
data = request.data
data = dict(data.items())
serializer = UserCreateSerializer(data=data)
host = request.META['HTTP_HOST']
if serializer.is_valid():
user = get_user_model().objects.create_user(**serializer.data)
user.set_password(data.get('password'))
user.is_active = False
user.save()
# here generating the activation key
activation_key = str(uuid.uuid4())
user.activation_key = activation_key
user.save()
profile = Profile(user=user)
profile.save()
mail_user_activation_key(user, host=host)
# getting application
application = Application.objects.get(name="mmb")
# creating access token
access_token = AccessToken(user=user,
expires=expires,
token=generate_token(),
application=application)
access_token.save()
refresh_token = RefreshToken.objects.create(
user=user,
token=generate_token(),
access_token=access_token,
application=application)
response = {
'access_token':
access_token.token,
'token_type':
'Bearer',
'expires_in':
settings.OAUTH2_PROVIDER['ACCESS_TOKEN_EXPIRE_SECONDS'],
'refresh_token':
refresh_token.token
}
return Response(response, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def access_tokens(users):
access_tokens_list = [
AccessToken(
user_id=1,
token="test_access_token",
expires=datetime.now()
)
]
with freeze_time("2020-05-28 10:06:23"):
AccessToken.objects.bulk_create(access_tokens_list)
access_tokens_objs = AccessToken.objects.all()
return access_tokens_objs
def callback(request):
# Could not authorize twitch app
if 'error' in request.GET:
# todo: handle appropriately
error_message = _('You denied access to your Twitch account') \
if request.GET['error'] == 'access_denied' else _('Error while authentication via Twitch API')
messages.error(request, error_message)
logger.error(
'[Twitch Auth] %s: %s' %
(request.META['REMOTE_ADDR'], request.GET['error_description']))
return HttpResponseRedirect('/')
# get redirection url
# todo: make dynamic or username state based => setup/home/etc
redirect_to = settings.FRONTEND_URL + settings.FRONTEND_CALLBACK
code = request.GET['code']
state = request.GET['state']
logger.error(f"{code}, {state}")
# if user is already logged in, redirect to that url
# if request.user.is_authenticated:
# return HttpResponseRedirect(redirect_to)
# authenticate with backend
user = authenticate(request, code=request.GET['code'])
if user and user.is_active:
# auth_login(request, user)
# todo: create oauth2 token
try:
expires = timezone.now() + timedelta(
seconds=settings.ACCESS_TOKEN_EXPIRE_SECONDS)
temporary_token = TemporaryToken.objects.get(identifier=state)
application = temporary_token.application
access_token = AccessToken(user=user,
scope='',
expires=expires,
token=common.generate_token(),
application=application)
access_token.save()
temporary_token.token = access_token
temporary_token.approved = True
temporary_token.save()
except TemporaryToken.DoesNotExist:
print("Yo we couldnt find this")
# messages.success(request, _('You successfully logged in'))
return HttpResponseRedirect(redirect_to)
else:
print("not an existing user... complete setup")
# messages.error(request, _('Cannot authenticate you'))
return HttpResponseRedirect('/')
def create_access_token(self, user: "******") -> AccessToken:
"""Create an access token."""
expires = timezone.now() + timedelta(seconds=self.token_expire)
access_token = AccessToken(
user=user,
scope="read write groups",
expires=expires,
token=common.generate_token(),
application=self.jwt_app,
)
access_token.save()
return access_token
def _create_bearer_token(self, user):
app, created = Application.objects.get_or_create(
user=user,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_PASSWORD,
name=user.username)
expires_in = settings.ACCESS_TOKEN_EXPIRE_SECONDS
expires = timezone.now() + timedelta(seconds=expires_in)
token = AccessToken(user=user,
token=generate_token(),
application=app,
expires=expires)
token.save()
def test_profile(client, settings, monkeypatch, mock_response) -> None:
user = get_user_model()(username="******")
user.save()
one_day_hence = timezone.now() + timedelta(days=1)
AccessToken(user=user,
token='secretstring',
expires=one_day_hence,
scope='read').save()
response = client.get(reverse('djangito_server:profile'),
**{'Authorization': f'Bearer secretstring'})
assert response.status_code == 200
json_response = response.content.decode('utf-8')
assert json.loads(json_response)['username'] == 'pandichef'
def setup_user_token():
# create user
user = User.objects.create_user('hongzhi', password='******')
# create oauth application
app = Application()
app.user = user
app.save()
token = AccessToken()
token.user = user
token.expires = timezone.now().replace(year=timezone.now().year + 1)
token.application = app
token.token = '987654321'
token.save()
return user, token.token
def send_email(request):
"""
Send an email related to a user password reset.
TODO: move to /users; fix HttpResponse
---
parameters:
- name: email
paramType: form
- name: user
paramType: form
"""
email = request.POST.get('email')
name = request.POST.get('user')
user = User.objects.get(username=name)
if user.email != email:
return HttpResponse(status.HTTP_403_FORBIDDEN)
uidb64 = base64.urlsafe_b64encode(force_bytes(user.pk))
token = AccessToken(
user=user,
application=Application.objects.get(
client_id='aHD4NUa4IRjA1OrPD2kJLXyz34c06Bi5eVX8O94p'),
expires=timezone.now() + timezone.timedelta(minutes=5),
token=generate_token())
token.save()
email_config = {
'email': email,
'domain': request.META['HTTP_HOST'],
'site_name': 'TRAC',
'uid': uidb64,
'user': user,
'token': str(token),
'protocol': 'https://',
}
url = "/".join((email_config['domain'], 'UserSettings',
email_config['uid'], email_config['token'], ''))
email_body = loader.render_to_string(
'../templates/email_templates/email_template.html', email_config)
send_mail('Reset Password Request',
email_body,
'*****@*****.**', (email_config['email'], ),
fail_silently=False)
return HttpResponse(status.HTTP_200_OK)
def create_access_token(self, user_id, application_id, scopes,
expiry_in_seconds):
import datetime
from oauth2_provider.models import AccessToken
access_token = self._generate_access_token()
expires = datetime.datetime.now() + datetime.timedelta(
seconds=expiry_in_seconds)
access_token_object = AccessToken(user_id=user_id,
token=access_token,
application_id=application_id,
expires=expires,
scope=scopes)
access_token_object.save()
from common.dtos import AccessTokenDTO
return AccessTokenDTO(access_token_id=access_token_object.id,
token=access_token_object.token,
expires=expires)
def generate_access_token(user):
'''获取 accesstoken, 由于微信小程序无法使用session, 所以采用oauth的机制'''
application = Application.objects.get(
client_id=settings.ORIGINAL_OAUTH2_CLIENT_ID,
client_secret=settings.ORIGINAL_OAUTH2_CLIENT_SECRET,
)
expires = arrow.now().shift(years=1).datetime
token = common.generate_token()
scopes = ['read', 'write']
access_token = AccessToken(
user=user,
scope=scopes,
expires=expires,
token=token,
application=application,
source_refresh_token=None,
)
access_token.save()
return access_token
def archive_bearer_token(self):
# During testing, you will probably have to copy access tokens from prod for this to work
try:
app = Application.objects.get(name='Archive')
except Application.DoesNotExist:
logger.error(
'Archive application not found. Oauth applications need to be populated.'
)
return ''
access_token = AccessToken.objects.filter(
user=self.user, application=app,
expires__gt=timezone.now()).last()
if not access_token:
access_token = AccessToken(user=self.user,
application=app,
token=uuid.uuid4().hex,
expires=timezone.now() +
timedelta(days=30))
access_token.save()
return access_token.token
def post(self,request):
message = {}
serializer = serializers.ConvertTokenSerializer(data=request.data)
if serializer.is_valid():
application = Application.objects.all()[0]
token = Token.objects.get(key=serializer.data['key'])
expires = datetime.now() + timedelta(seconds=100000000)
access_token = AccessToken(
user=token.user,
scope='write read',
expires=expires,
token=common.generate_token(),
application=application
)
access_token.save()
message['token'] = access_token.token
message['name'] = access_token.user.nome
message['email'] = access_token.user.email
return Response(message,200)
else:
message['status'] = 'error'
return Response(message, 500)
