def put(self): try: validator = RequestValidator(utils.spec) validated = validator.validate(FlaskOpenAPIRequest(request)) if validated.errors: raise errors.ResourceError( msg=f'Invalid PUT data: {validated.errors}.') refresh_token = validated.body.refresh_token refresh_token_data = auth.validate_token(refresh_token) token_data = refresh_token_data['access_token'] token_data.pop('token_type') token_data['exp'] = TapisAccessToken.compute_exp(token_data['ttl']) access_token = TapisAccessToken(**token_data) access_token.sign_token() refresh_token = TokensResource.get_refresh_from_access_token_data( token_data, access_token) result = { 'access_token': access_token.serialize, 'refres_token': refresh_token.serialize } return utils.ok(result=result, msg="Token generation successful.") except Exception as e: # return utils.ok(result="Got exception", msg=f"{refresh_token.serialize}") return utils.ok(result="Got exception", msg=f"Exception: {traceback.format_exc()}")
def test_implicit_grant(client, init_db): # simulate the authorization approval - with client: # use the session_transaction to enable modification of the session object: # cf., https://flask.palletsprojects.com/en/1.1.x/testing/#accessing-and-modifying-sessions with client.session_transaction() as sess: sess['username'] = TEST_USERNAME # once we leave the context, session updates applied via sess object are available - response = client.post('http://*****:*****@{TEST_TENANT_ID}'
def validate_access_token(response): """ Validate the a response has an access token and it is properly formatted. """ assert 'access_token' in response.json['result']['access_token'] assert 'expires_at' in response.json['result']['access_token'] assert 'expires_in' in response.json['result']['access_token'] assert 'jti' in response.json['result']['access_token'] claims = validate_token( response.json['result']['access_token']['access_token']) assert claims['tapis/tenant_id'] == TEST_TENANT_ID assert claims['tapis/username'] == TEST_USERNAME assert claims['sub'] == f'{TEST_USERNAME}@{TEST_TENANT_ID}' return claims
def recv(client, isServer=True): tryRecv = client.recv(C_LENGTH) if len(tryRecv) == C_LENGTH: cmd = int(tryRecv, 16) length = int(client.recv(C_LENGTH), 16) token = unpack(client.recv(T_LENGTH)) if isServer: if cmd != const.LOGIN and not validate_token(token): raise PermissionDenied if length > 0: content = unpack(client.recv(length)) else: content = "" return cmd, token, content else: raise ConnectionAbortedError
def validate_refresh_token(response): """ Validate that a response has a refresh token and it is properly formatted. """ assert 'refresh_token' in response.json['result']['refresh_token'] assert 'expires_at' in response.json['result']['refresh_token'] assert 'expires_in' in response.json['result']['refresh_token'] assert 'jti' in response.json['result']['refresh_token'] claims = validate_token( response.json['result']['refresh_token']['refresh_token']) assert claims['tapis/token_type'] == 'refresh' assert claims['tapis/tenant_id'] == TEST_TENANT_ID # the refresh token embeds the access token claims within: assert 'tapis/access_token' in claims print(claims['tapis/access_token']) assert claims['tapis/access_token'][ 'sub'] == f'{TEST_USERNAME}@{TEST_TENANT_ID}' return claims
def set_refresh_token(self, token): """ Set the refresh token to be used in this session. :param token: (TapisResult) A TapisResult object returned using the t.tokens.create_token() method. :return: """ def _expires_in(): return self.refresh_token.expires_at - datetime.datetime.now( datetime.timezone.utc) self.refresh_token = token # avoid circular imports by nesting this import here - the common.auth module has to import dynatapy at # initialization to make create service clients. try: from common.auth import validate_token self.refresh_token.claims = validate_token( self.refresh_token.refresh_token) self.refresh_token.original_ttl = self.refresh_token.expires_in self.refresh_token.expires_in = _expires_in self.refresh_token.expires_at = datetime.datetime.fromtimestamp( self.refresh_token.claims['exp'], datetime.timezone.utc) except: pass