def has_permission(self, request, view):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
return has_valid_access_token(request)
def get_session(request, provider):
config = load_provider_config(provider.config)
session = get_or_update_session(**config)
session_token = request.session.get("access_token")
valid_token = has_valid_access_token(session_token)
if valid_token:
session.headers.update({"Authorization": f"Bearer: {session_token}"})
return session
def __init__(self, url, config, session_token, task_id, *args, **kwargs):
self.base_url = url.rstrip("/\\")
self.base_url += "/"
self.config = config
self.task_id = task_id
self.job_url = None
logger.info(f"Session: {session_token}, {args}, {kwargs}")
valid_token = has_valid_access_token(session_token)
if not valid_token:
raise Exception("Invalid access token.")
self.session = get_or_update_session(*args, **kwargs)
def test_check_oauth_authentication(self, mock_fetch_user,
mock_refresh_tokens):
invalid_token = "invalid_token"
example_token = "token"
example_refresh_token = "refresh"
request = RequestFactory().get("/")
middleware = SessionMiddleware()
middleware.process_request(request)
request.session.save()
# Test with no token.
valid_access_token = has_valid_access_token(request)
self.assertEqual(valid_access_token, False)
# Test with the return value from fetch_user_from_token being OAuthError aka an invalid token.
with self.assertRaises(OAuthError):
request.session["access_token"] = invalid_token
mock_fetch_user.side_effect = OAuthError(401)
mock_refresh_tokens.side_effect = OAuthError(401)
valid_access_token = has_valid_access_token(request)
mock_fetch_user.assert_called_with(invalid_token)
self.assertEqual(valid_access_token, False)
# Test with the refresh token returning a new valid access token.
with self.assertRaises(OAuthError):
request.session["access_token"] = invalid_token
mock_fetch_user.side_effect = OAuthError(401)
mock_refresh_tokens.return_value = (example_token,
example_refresh_token)
valid_access_token = has_valid_access_token(request)
mock_fetch_user.assert_called_with(example_token)
self.assertEqual(valid_access_token, True)
# Test with a mocked return value of a valid user from fetch_user_from_token
mock_fetch_user.reset_mock(side_effect=True)
request.session["access_token"] = example_token
valid_access_token = has_valid_access_token(request)
mock_fetch_user.assert_called_with(example_token)
self.assertEqual(valid_access_token, True)