def create_service_token(client, user):
"""Generate and return a bearer token for service calls
Partners need a mechanism for automated, authorized API access. This
function returns a bearer token for subsequent authorized calls.
NB - as this opens a back door, it's only offered to users with the single
role 'service'.
"""
if not current_app.config.get('TESTING') and (
len(user.roles) > 1 or user.roles[0].name != ROLE.SERVICE.value):
raise ValueError("only service users can create service tokens")
# Hacking a backdoor into the OAuth protocol to generate a valid token
# Mock the request and validation needed to pass
from oauthlib.oauth2.rfc6749.tokens import BearerToken
fake_request = Mock()
fake_request.state, fake_request.extra_credentials = None, None
fake_request.client = client
fake_request.user = user
fake_request.scopes = ['email']
request_validator = Mock()
request_validator.save_bearer_token = save_token
bt = BearerToken(request_validator=request_validator)
bt.expires_in = int(timedelta(days=365).total_seconds()) # one year
bt.create_token(fake_request)
# Token should now exist as only token for said user - return it
return Token.query.filter_by(user_id=user.id).first()
def create_service_token(client, user):
"""Generate and return a bearer token for service calls
Partners need a mechanism for automated, authorized API access. This
function returns a bearer token for subsequent authorized calls.
NB - as this opens a back door, it's only offered to users with the single
role 'service'.
"""
if not current_app.config.get('TESTING') and (
len(user.roles) > 1 or user.roles[0].name != ROLE.SERVICE.value):
raise ValueError("only service users can create service tokens")
# Hacking a backdoor into the OAuth protocol to generate a valid token
# Mock the request and validation needed to pass
from oauthlib.oauth2.rfc6749.tokens import BearerToken
fake_request = Mock()
fake_request.state, fake_request.extra_credentials = None, None
fake_request.client = client
fake_request.user = user
fake_request.scopes = ['email']
request_validator = Mock()
request_validator.save_bearer_token = save_token
bt = BearerToken(request_validator=request_validator)
bt.expires_in = int(timedelta(days=365).total_seconds()) # one year
bt.create_token(fake_request)
# Token should now exist as only token for said user - return it
return Token.query.filter_by(user_id=user.id).first()
def create_access_token(self, request, user, scope, client):
"""
Create and return a new access token.
"""
_days = 24 * 60 * 60
token_generator = BearerToken(
expires_in=settings.OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS * _days,
request_validator=oauth2_settings.OAUTH2_VALIDATOR_CLASS(),
)
self._populate_create_access_token_request(request, user, scope, client)
return token_generator.create_token(request, refresh_token=True)
def create_access_token(self, request, user, scope, client):
"""
Create and return a new access token.
"""
_days = 24 * 60 * 60
token_generator = BearerToken(
expires_in=settings.OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS * _days,
request_validator=oauth2_settings.OAUTH2_VALIDATOR_CLASS(),
)
self._populate_create_access_token_request(request, user, scope, client)
return token_generator.create_token(request, refresh_token=True)
def create_dot_access_token(request, user, client, expires_in=None, scopes=None):
"""
Create and return a new (persisted) access token, including a refresh token.
The token is returned in the form of a Dict:
{
u'access_token': u'some string',
u'refresh_token': u'another string',
u'token_type': u'Bearer',
u'expires_in': 36000,
u'scope': u'profile email',
},
"""
expires_in = _get_expires_in_value(expires_in)
token_generator = BearerToken(
expires_in=expires_in,
request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(),
)
_populate_create_access_token_request(request, user, client, scopes)
return token_generator.create_token(request, refresh_token=True)
def create_dot_access_token(request, user, client, expires_in=None, scopes=None):
"""
Create and return a new (persisted) access token, including a refresh token.
The token is returned in the form of a Dict:
{
u'access_token': u'some string',
u'refresh_token': u'another string',
u'token_type': u'Bearer',
u'expires_in': 36000,
u'scope': u'profile email',
},
"""
expires_in = _get_expires_in_value(expires_in)
token_generator = BearerToken(
expires_in=expires_in,
request_validator=dot_settings.OAUTH2_VALIDATOR_CLASS(),
)
_populate_create_access_token_request(request, user, client, scopes)
return token_generator.create_token(request, refresh_token=True)
def create_access_token(self, user, oauth_client):
class RequestValidator(object):
def save_bearer_token(self, token, request):
print token
return Token.set_for_oauth2(token, request)
validator = RequestValidator()
bearer_token_generator = BearerToken(request_validator=validator, expires_in=3600)
class RequestMock(object):
scopes = ['admin']
state = '123'
extra_credentials = None
def __init__(self, user, client):
self.user = user
self.client = client
request = RequestMock(user=user, client=oauth_client)
token = bearer_token_generator.create_token(request, refresh_token=True)
return token['access_token']
