def __get_endpoins(self):
response = requests.get(settings.YAHOO_API_WELL_KNOWN_URL)
if response.status_code is not 200:
raise YahooOauthError(endpoint=settings.YAHOO_API_WELL_KNOWN_URL,
status_code=response.status_code,
message=response.text)
return json.loads(response.text)
def get_user_info(self, access_token):
response = requests.get(self.endpoints['userinfo_endpoint'] +
'?access_token=' + access_token)
if response.status_code is not 200:
raise YahooOauthError(endpoint=self.endpoints['userinfo_endpoint'],
status_code=response.status_code,
message=response.text)
profile = json.loads(response.text)
cognito_user_id = self.__generate_user_id(yahoo_user_id=profile['sub'])
return {'user_id': cognito_user_id, 'email': profile['email']}
def test_main_ng_with_yahooexception(self):
with patch('login_yahoo_index.YahooUtil') as yahoo_mock:
yahoo_mock.return_value.get_user_info.side_effect = YahooOauthError(
endpoint='http://example.com',
status_code=500,
message='error')
params = {'body': {'code': 'code', 'state': 'state'}}
params['body'] = json.dumps(params['body'])
response = LoginYahooIndex(params, {}).main()
self.assertEqual(response['statusCode'], 500)
self.assertEqual(json.loads(response['body']),
{'message': 'Internal server error'})
def test_main_ng_with_auth_error(self):
with patch('login_yahoo_index.YahooUtil') as yahoo_mock:
yahoo_mock.return_value.get_user_info.side_effect = YahooOauthError(
endpoint='http://example.com',
status_code=401,
message='{"error_description":"auth error"}')
params = {'body': {'code': 'code', 'state': 'state'}}
params['body'] = json.dumps(params['body'])
response = LoginYahooIndex(params, {}).main()
self.assertEqual(response['statusCode'], 401)
self.assertEqual(json.loads(response['body']),
{'message': 'auth error'})
def test_exec_main_ng_with_yahoo(self):
with patch('login_yahoo_authorization_url.YahooUtil') as yahoo_mock:
yahoo_mock.return_value.generate_auth_url.side_effect = YahooOauthError(
endpoint='http://example.com',
status_code=400,
message='error')
response = LoginYahooAuthorizationUrl({}, {}).main()
self.assertEqual(response['statusCode'], 500)
self.assertEqual(json.loads(response['body']), {
'message':
'Internal server error: LoginYahooAuthorizationUrl'
})
def verify_access_token(self, dynamodb, access_token, id_token):
# 以下のコメントはhttps://developer.yahoo.co.jp/yconnect/v2/id_token.htmlの検証手順番号
try:
start_time = time.time()
header = jwt.get_unverified_header(id_token)
response = requests.get(settings.YAHOO_API_PUBLIC_KEY_URL)
if response.status_code is not 200:
raise YahooOauthError(
endpoint=settings.YAHOO_API_PUBLIC_KEY_URL,
status_code=response.status_code,
message=response.text)
public_keys = json.loads(response.text)
# 6,7,8の検証
decoded_data = jwt.decode(id_token,
key=public_keys.get(
header['kid']).encode('utf-8'),
issuer=self.endpoints['issuer'],
audience=self.client_id,
algorithms='RS256')
nonce_checked = NonceUtil.verify(dynamodb=dynamodb,
nonce=decoded_data['nonce'],
provider='yahoo',
type='nonce')
# 9の検証
if nonce_checked is False:
raise YahooVerifyException(
'id token was invalid since nonce was invalid')
# 10の検証
token_hash = hashlib.sha256(access_token.encode('utf-8')).digest()
at_hash = base64.urlsafe_b64encode(
token_hash[:int(len(token_hash) / 2)])
if decoded_data['at_hash'] != at_hash.decode().rstrip('='):
print(at_hash.decode().rstrip('='))
raise YahooVerifyException(
'accesstoken was invalid since at_hash did not match')
# 12の検証
if start_time >= decoded_data['exp']:
raise YahooVerifyException(
'id token was invalid since start_time was less than exp')
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError, ClientError,
YahooVerifyException) as e:
raise e
return True
def get_access_token(self, code):
basicauth_str = self.client_id + ':' + self.secret
basicauth = base64.b64encode(basicauth_str.encode('utf-8'))
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic ' + basicauth.decode('UTF-8')
}
# アクセストークンの取得
response = requests.post(
self.endpoints['token_endpoint'],
headers=headers,
data='grant_type=authorization_code&redirect_uri=' +
self.callback_url + '&code=' + code)
if response.status_code is not 200:
raise YahooOauthError(endpoint=self.endpoints['token_endpoint'],
status_code=response.status_code,
message=response.text)
return json.loads(response.text)