Пример #1
0
    def process_refresh_token_grant(self,
                                    client_id,
                                    client_secret,
                                    refresh_token):


        token = database.tokens.get_token(client_id,
                                          client_secret,
                                          refresh_token)
        
        if not isinstance(token, database.models.RefreshToken):
            return { 'error' : 'invalid_grant' }

        access_token = token.access_token
        #database.tokens.delete_token(access_token)
        del access_token

        new_access_token = database.tokens.get_token(
            client_id,
            client_secret,
            database.accesstoken.create_access_token_from_refresh_token(token))

        tokens = {
            'access_token' : new_access_token.code,
            'token_type'   : 'bearer',
            'expires_in'   : new_access_token.expire,
            }

        if new_access_token.scope:
            tokens.update({'scope'        : new_access_token.scope})

        return tokens
Пример #2
0
    def process_auth_code_grant(self,
                                client_id,
                                client_secret,
                                scope,
                                code,
                                redirect_uri):

        client = database.client.get_client(client_id)

        auth_code = database.authcode.get_auth_code(client_id,
                                                    client_secret,
                                                    code)
        print client, auth_code, 
        if client:
            print redirect_uri, client.redirect_uri

        if auth_code and \
               client and \
               redirect_uri == client.redirect_uri:

            access_token_str = database.accesstoken.create_access_token_from_code(auth_code)

            refresh_token_str = database.refreshtoken.create_refresh_token_from_code(
                auth_code,
                access_token_str)
            
            if not access_token_str:
                return  { 'error' : 'access_denied' }


            tokens = {
                'access_token'  : access_token_str,
                'token_type'    : 'bearer',
                'expires_in'    : database.tokens.get_token(client_id,
                                                           client_secret,
                                                           access_token_str).expire,
                'refresh_token' : refresh_token_str,
                }

            if scope:
                tokens.update({'scope'         : scope})

            try:
                
                if not database.associations.isassociated(auth_code.user,
                                                          auth_code.client,
                                                          refresh_token_str):
                    
                    database.associations.associate_client_with_user(auth_code.user,
                                                                     auth_code.client,
                                                                     refresh_token_str)
                else:
                    #import pdb; pdb.set_trace()
                    database.associations.update_association(auth_code.user,
                                                             auth_code.client,
                                                             refresh_token_str)

            except AssociationExistsWarning, e:
                logging.warn('process_auth_code_grant: ' + str(e))
            finally:
Пример #3
0
    def process_password_grant(self,
                               client_id,
                               client_secret,
                               username,
                               password,
                               scope):
        access_token = database.accesstoken.create_access_token_from_user_pass(
            client_id,
            client_secret,
            username,
            password,
            scope)
        refresh_token = database.refreshtoken.create_refresh_token_from_user_pass(
            client_id,
            client_secret,
            username,
            password,
            scope,
            access_token)
        if access_token is not None and \
               refresh_token is not None:
            #turn it into a AccessToken instance & RefreshToken instance
            if client_id != None:
                access_token = database.tokens.get_token(client_id,
                                                        client_secret,
                                                        access_token)
                refresh_token = database.tokens.get_token(client_id,
                                                         client_secret,
                                                         refresh_token)
            else:
                access_token = database.tokens.get_token(username,
                                                        password,
                                                        access_token)
                refresh_token = database.tokens.get_token(username,
                                                         password,
                                                         refresh_token)
            
            tokens = {
                'access_token'  : access_token.code,
                'token_type'    : 'bearer',
                'expires_in'    : access_token.expire,
                'refresh_token' : refresh_token.code,
                }
            if scope:
                tokens.update({'scope'         : scope})


            try:
                if not database.associations.isassociated(refresh_token.user,
                                                          refresh_token.client,
                                                          refresh_token):
                    database.associations.associate_client_with_user(refresh_token.user,
                                                                     refresh_token.client,
                                                                     refresh_token)
                else:
                    database.associations.update_association(refresh_token.user,
                                                             refresh_token.client,
                                                             refresh_token)

            except AssociationExistsWarning, e:
                logging.warn('process_auth_code_grant: ' + str(e))



            return tokens