def __get_endpoins(self): response = requests.get(settings.YAHOO_API_WELL_KNOWN_URL) if response.status_code is not 200: raise YahooOauthError(endpoint=settings.YAHOO_API_WELL_KNOWN_URL, status_code=response.status_code, message=response.text) return json.loads(response.text)
def get_user_info(self, access_token): response = requests.get(self.endpoints['userinfo_endpoint'] + '?access_token=' + access_token) if response.status_code is not 200: raise YahooOauthError(endpoint=self.endpoints['userinfo_endpoint'], status_code=response.status_code, message=response.text) profile = json.loads(response.text) cognito_user_id = self.__generate_user_id(yahoo_user_id=profile['sub']) return {'user_id': cognito_user_id, 'email': profile['email']}
def test_main_ng_with_yahooexception(self): with patch('login_yahoo_index.YahooUtil') as yahoo_mock: yahoo_mock.return_value.get_user_info.side_effect = YahooOauthError( endpoint='http://example.com', status_code=500, message='error') params = {'body': {'code': 'code', 'state': 'state'}} params['body'] = json.dumps(params['body']) response = LoginYahooIndex(params, {}).main() self.assertEqual(response['statusCode'], 500) self.assertEqual(json.loads(response['body']), {'message': 'Internal server error'})
def test_main_ng_with_auth_error(self): with patch('login_yahoo_index.YahooUtil') as yahoo_mock: yahoo_mock.return_value.get_user_info.side_effect = YahooOauthError( endpoint='http://example.com', status_code=401, message='{"error_description":"auth error"}') params = {'body': {'code': 'code', 'state': 'state'}} params['body'] = json.dumps(params['body']) response = LoginYahooIndex(params, {}).main() self.assertEqual(response['statusCode'], 401) self.assertEqual(json.loads(response['body']), {'message': 'auth error'})
def test_exec_main_ng_with_yahoo(self): with patch('login_yahoo_authorization_url.YahooUtil') as yahoo_mock: yahoo_mock.return_value.generate_auth_url.side_effect = YahooOauthError( endpoint='http://example.com', status_code=400, message='error') response = LoginYahooAuthorizationUrl({}, {}).main() self.assertEqual(response['statusCode'], 500) self.assertEqual(json.loads(response['body']), { 'message': 'Internal server error: LoginYahooAuthorizationUrl' })
def verify_access_token(self, dynamodb, access_token, id_token): # 以下のコメントはhttps://developer.yahoo.co.jp/yconnect/v2/id_token.htmlの検証手順番号 try: start_time = time.time() header = jwt.get_unverified_header(id_token) response = requests.get(settings.YAHOO_API_PUBLIC_KEY_URL) if response.status_code is not 200: raise YahooOauthError( endpoint=settings.YAHOO_API_PUBLIC_KEY_URL, status_code=response.status_code, message=response.text) public_keys = json.loads(response.text) # 6,7,8の検証 decoded_data = jwt.decode(id_token, key=public_keys.get( header['kid']).encode('utf-8'), issuer=self.endpoints['issuer'], audience=self.client_id, algorithms='RS256') nonce_checked = NonceUtil.verify(dynamodb=dynamodb, nonce=decoded_data['nonce'], provider='yahoo', type='nonce') # 9の検証 if nonce_checked is False: raise YahooVerifyException( 'id token was invalid since nonce was invalid') # 10の検証 token_hash = hashlib.sha256(access_token.encode('utf-8')).digest() at_hash = base64.urlsafe_b64encode( token_hash[:int(len(token_hash) / 2)]) if decoded_data['at_hash'] != at_hash.decode().rstrip('='): print(at_hash.decode().rstrip('=')) raise YahooVerifyException( 'accesstoken was invalid since at_hash did not match') # 12の検証 if start_time >= decoded_data['exp']: raise YahooVerifyException( 'id token was invalid since start_time was less than exp') except (jwt.ExpiredSignatureError, jwt.InvalidTokenError, ClientError, YahooVerifyException) as e: raise e return True
def get_access_token(self, code): basicauth_str = self.client_id + ':' + self.secret basicauth = base64.b64encode(basicauth_str.encode('utf-8')) headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic ' + basicauth.decode('UTF-8') } # アクセストークンの取得 response = requests.post( self.endpoints['token_endpoint'], headers=headers, data='grant_type=authorization_code&redirect_uri=' + self.callback_url + '&code=' + code) if response.status_code is not 200: raise YahooOauthError(endpoint=self.endpoints['token_endpoint'], status_code=response.status_code, message=response.text) return json.loads(response.text)