Пример #1
0
 def put(self):
     try:
         validator = RequestValidator(utils.spec)
         validated = validator.validate(FlaskOpenAPIRequest(request))
         if validated.errors:
             raise errors.ResourceError(
                 msg=f'Invalid PUT data: {validated.errors}.')
         refresh_token = validated.body.refresh_token
         refresh_token_data = auth.validate_token(refresh_token)
         token_data = refresh_token_data['access_token']
         token_data.pop('token_type')
         token_data['exp'] = TapisAccessToken.compute_exp(token_data['ttl'])
         access_token = TapisAccessToken(**token_data)
         access_token.sign_token()
         refresh_token = TokensResource.get_refresh_from_access_token_data(
             token_data, access_token)
         result = {
             'access_token': access_token.serialize,
             'refres_token': refresh_token.serialize
         }
         return utils.ok(result=result, msg="Token generation successful.")
     except Exception as e:
         # return utils.ok(result="Got exception", msg=f"{refresh_token.serialize}")
         return utils.ok(result="Got exception",
                         msg=f"Exception: {traceback.format_exc()}")
Пример #2
0
def test_implicit_grant(client, init_db):
    # simulate the authorization approval -
    with client:
        # use the session_transaction to enable modification of the session object:
        # cf., https://flask.palletsprojects.com/en/1.1.x/testing/#accessing-and-modifying-sessions
        with client.session_transaction() as sess:
            sess['username'] = TEST_USERNAME
        # once we leave the context, session updates applied via sess object are available -
        response = client.post('http://*****:*****@{TEST_TENANT_ID}'
Пример #3
0
def validate_access_token(response):
    """
    Validate the a response has an access token and it is properly formatted.
    """
    assert 'access_token' in response.json['result']['access_token']
    assert 'expires_at' in response.json['result']['access_token']
    assert 'expires_in' in response.json['result']['access_token']
    assert 'jti' in response.json['result']['access_token']
    claims = validate_token(
        response.json['result']['access_token']['access_token'])
    assert claims['tapis/tenant_id'] == TEST_TENANT_ID
    assert claims['tapis/username'] == TEST_USERNAME
    assert claims['sub'] == f'{TEST_USERNAME}@{TEST_TENANT_ID}'
    return claims
Пример #4
0
def recv(client, isServer=True):
    tryRecv = client.recv(C_LENGTH)
    if len(tryRecv) == C_LENGTH:
        cmd = int(tryRecv, 16)
        length = int(client.recv(C_LENGTH), 16)
        token = unpack(client.recv(T_LENGTH))
        if isServer:
            if cmd != const.LOGIN and not validate_token(token):
                raise PermissionDenied
        if length > 0:
            content = unpack(client.recv(length))
        else:
            content = ""
        return cmd, token, content
    else:
        raise ConnectionAbortedError
Пример #5
0
def validate_refresh_token(response):
    """
    Validate that a response has a refresh token and it is properly formatted.
    """
    assert 'refresh_token' in response.json['result']['refresh_token']
    assert 'expires_at' in response.json['result']['refresh_token']
    assert 'expires_in' in response.json['result']['refresh_token']
    assert 'jti' in response.json['result']['refresh_token']
    claims = validate_token(
        response.json['result']['refresh_token']['refresh_token'])
    assert claims['tapis/token_type'] == 'refresh'
    assert claims['tapis/tenant_id'] == TEST_TENANT_ID
    # the refresh token embeds the access token claims within:
    assert 'tapis/access_token' in claims
    print(claims['tapis/access_token'])
    assert claims['tapis/access_token'][
        'sub'] == f'{TEST_USERNAME}@{TEST_TENANT_ID}'
    return claims
Пример #6
0
    def set_refresh_token(self, token):
        """
        Set the refresh token to be used in this session.
        :param token: (TapisResult) A TapisResult object returned using the t.tokens.create_token() method.
        :return:
        """
        def _expires_in():
            return self.refresh_token.expires_at - datetime.datetime.now(
                datetime.timezone.utc)

        self.refresh_token = token
        # avoid circular imports by nesting this import here - the common.auth module has to import dynatapy at
        # initialization to make create service clients.
        try:
            from common.auth import validate_token
            self.refresh_token.claims = validate_token(
                self.refresh_token.refresh_token)
            self.refresh_token.original_ttl = self.refresh_token.expires_in
            self.refresh_token.expires_in = _expires_in
            self.refresh_token.expires_at = datetime.datetime.fromtimestamp(
                self.refresh_token.claims['exp'], datetime.timezone.utc)
        except:
            pass