def authenticate_imap_connection(self, account, conn): token = token_manager.get_token(account) try: conn.oauth2_login(account.email_address, token) except IMAPClient.Error as exc: exc = _process_imap_exception(exc) # Raise all IMAP disabled errors except authentication_failed # error, which we handle differently. if (isinstance(exc, ImapSupportDisabledError) and exc.reason != "authentication_failed"): raise exc log.error( "Error during IMAP XOAUTH2 login", account_id=account.id, error=exc, ) if not isinstance(exc, ImapSupportDisabledError): raise # Unknown IMAPClient error, reraise # If we got an AUTHENTICATIONFAILED response, force a token refresh # and try again. If IMAP auth still fails, it's likely that IMAP # access is disabled, so propagate that errror. token = token_manager.get_token(account, force_refresh=True) try: conn.oauth2_login(account.email_address, token) except IMAPClient.Error as exc: exc = _process_imap_exception(exc) if (not isinstance(exc, ImapSupportDisabledError) or exc.reason != "authentication_failed"): raise exc else: # Instead of authentication_failed, report imap disabled raise ImapSupportDisabledError("imap_disabled_for_account")
def get_items(self, sync_from_dt=None, max_results=100000): """ Fetches and parses fresh contact data. Parameters ---------- sync_from_dt: datetime, optional If given, fetch contacts that have been updated since this time. Otherwise fetch all contacts max_results: int, optional The maximum number of contact entries to fetch. Yields ------ ..models.tables.base.Contact The contacts that have been updated since the last account sync. Raises ------ ValidationError If no data could be fetched because of invalid credentials or insufficient permissions, respectively. """ query = gdata.contacts.client.ContactsQuery() # TODO(emfree): Implement batch fetching # Note: The Google contacts API will only return 25 results if # query.max_results is not explicitly set, so have to set it to a large # number by default. query.max_results = max_results if sync_from_dt: query.updated_min = datetime.isoformat(sync_from_dt) + "Z" query.showdeleted = True while True: try: google_client = self._get_google_client() results = google_client.GetContacts(q=query).entry return [ self._parse_contact_result(result) for result in results ] except gdata.client.RequestError as e: if e.status == 503: self.log.info("Ran into Google bot detection. Sleeping.", message=e) gevent.sleep(5 * 60 + random.randrange(0, 60)) else: self.log.info("contact sync request failure; retrying", message=e) gevent.sleep(30 + random.randrange(0, 60)) except gdata.client.Unauthorized: self.log.warning( "Invalid access token; refreshing and retrying") # Raises an OAuth error if no valid token exists with session_scope(self.namespace_id) as db_session: account = db_session.query(GmailAccount).get( self.account_id) token_manager.get_token(account, force_refresh=True)
def verify_account(self, account): """Verifies a IMAP account by logging in.""" try: access_token = token_manager.get_token(account) conn = self.connect_account(account.email_address, access_token, account.imap_endpoint, account.id) conn.logout() except ValidationError: # Access token could've expired, refresh and try again. access_token = token_manager.get_token(account, force_refresh=True) conn = self.connect_account(account.email_address, access_token, account.imap_endpoint, account.id) conn.logout() return True
def _get_google_client(self): """Return the Google API client.""" # TODO(emfree) figure out a better strategy for refreshing OAuth # credentials as needed with session_scope() as db_session: try: account = db_session.query(GmailAccount).get(self.account_id) client_id = account.client_id or OAUTH_CLIENT_ID client_secret = (account.client_secret or OAUTH_CLIENT_SECRET) access_token = token_manager.get_token(account) two_legged_oauth_token = gdata.gauth.OAuth2Token( client_id=client_id, client_secret=client_secret, scope=OAUTH_SCOPE, user_agent=SOURCE_APP_NAME, access_token=access_token, refresh_token=account.refresh_token) google_client = gdata.contacts.client.ContactsClient( source=SOURCE_APP_NAME) google_client.auth_token = two_legged_oauth_token return google_client except (gdata.client.BadAuthentication, OAuthError): self.log.info('Invalid user credentials given') account.sync_state = 'invalid' db_session.add(account) db_session.commit() raise ValidationError except ConnectionError: self.log.error('Connection error') account.sync_state = 'connerror' db_session.add(account) db_session.commit() raise
def _get_google_client(self): """Return the Google API client.""" # TODO(emfree) figure out a better strategy for refreshing OAuth # credentials as needed with session_scope() as db_session: try: account = db_session.query(GmailAccount).get(self.account_id) client_id = account.client_id or OAUTH_CLIENT_ID client_secret = (account.client_secret or OAUTH_CLIENT_SECRET) access_token = token_manager.get_token(account) two_legged_oauth_token = gdata.gauth.OAuth2Token( client_id=client_id, client_secret=client_secret, scope=OAUTH_SCOPE, user_agent=SOURCE_APP_NAME, access_token=access_token, refresh_token=account.refresh_token) google_client = gdata.contacts.client.ContactsClient( source=SOURCE_APP_NAME) google_client.auth_token = two_legged_oauth_token return google_client except (gdata.client.BadAuthentication, OAuthError): self.log.info('Invalid user credentials given') account.sync_state = 'invalid' db_session.add(account) db_session.commit() raise ValidationError except ConnectionError: self.log.error('Connection error') account.sync_state = 'connerror' db_session.add(account) db_session.commit() raise
def get_token(self, account, force_refresh=False): if account.provider == 'gmail': return g_token_manager.get_token_for_email( account, force_refresh=force_refresh) else: return default_token_manager.get_token(account, force_refresh=force_refresh)
def get_token(self, account, force_refresh=False): if account.provider == 'gmail': return g_token_manager.get_token_for_email( account, force_refresh=force_refresh) else: return default_token_manager.get_token( account, force_refresh=force_refresh)
def __init__(self, account): self.account_id = account.id self.log = get_logger() self.log.bind(account_id=account.id) if isinstance(account, GenericAccount): self.smtp_username = account.smtp_username else: # Non-generic accounts have no smtp username self.smtp_username = account.email_address self.email_address = account.email_address self.provider_name = account.provider self.sender_name = account.name self.smtp_endpoint = account.smtp_endpoint self.auth_type = provider_info(self.provider_name)["auth"] if self.auth_type == "oauth2": try: self.auth_token = token_manager.get_token(account) except OAuthError: raise SendMailException( "Could not authenticate with the SMTP server.", 403 ) else: assert self.auth_type == "password" if isinstance(account, GenericAccount): self.auth_token = account.smtp_password else: # non-generic accounts have no smtp password self.auth_token = account.password
def _new_connection(self): from inbox.auth.base import handler_from_provider # Ensure that connections are initialized serially, so as not to use # many db sessions on startup. with self._new_conn_lock: auth_handler = handler_from_provider(self.provider_name) for retry_count in range(MAX_TRANSIENT_ERRORS): try: conn = auth_handler.connect_account(self.email_address, self.credential, self.imap_endpoint, self.account_id) # If we can connect the account, then we can set the sate # to 'running' if it wasn't already if self.sync_state != 'running': with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) self.sync_state = account.sync_state = 'running' return self.client_cls(self.account_id, self.provider_info, self.email_address, conn, readonly=self.readonly) except ConnectionError, e: if isinstance(e, TransientConnectionError): return None else: logger.error('Error connecting', account_id=self.account_id) with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) account.sync_state = 'connerror' account.update_sync_error(str(e)) return None except ValidationError, e: # If we failed to validate, but the account is oauth2, we # may just need to refresh the access token. Try this one # time. if (self.provider_info['auth'] == 'oauth2' and retry_count == 0): with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) self.credential = token_manager.get_token( account, force_refresh=True) else: logger.error('Error validating', account_id=self.account_id, logstash_tag='mark_invalid') with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) account.mark_invalid() account.update_sync_error(str(e)) raise
def _new_connection(self): from inbox.auth import handler_from_provider # Ensure that connections are initialized serially, so as not to use # many db sessions on startup. with self._new_conn_lock as _: auth_handler = handler_from_provider(self.provider_name) for retry_count in range(MAX_TRANSIENT_ERRORS): try: conn = auth_handler.connect_account( self.email_address, self.credential, self.imap_endpoint, self.account_id) # If we can connect the account, then we can set the sate # to 'running' if it wasn't already if self.sync_state != 'running': with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) self.sync_state = account.sync_state = 'running' return self.client_cls(self.account_id, self.provider_info, self.email_address, conn, readonly=self.readonly) except ConnectionError, e: if isinstance(e, TransientConnectionError): return None else: logger.error('Error connecting', account_id=self.account_id) with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) account.sync_state = 'connerror' account.update_sync_error(str(e)) return None except ValidationError, e: # If we failed to validate, but the account is oauth2, we # may just need to refresh the access token. Try this one # time. if (self.provider_info['auth'] == 'oauth2' and retry_count == 0): with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) self.credential = token_manager.get_token( account, force_refresh=True) else: logger.error('Error validating', account_id=self.account_id) with session_scope() as db_session: query = db_session.query(ImapAccount) account = query.get(self.account_id) account.sync_state = 'invalid' account.update_sync_error(str(e)) raise
def _get_google_client(self, retry_conn_errors=True): """Return the Google API client.""" # TODO(emfree) figure out a better strategy for refreshing OAuth # credentials as needed with session_scope() as db_session: try: account = db_session.query(GmailAccount).get(self.account_id) client_id = account.client_id or OAUTH_CLIENT_ID client_secret = (account.client_secret or OAUTH_CLIENT_SECRET) access_token = token_manager.get_token(account) two_legged_oauth_token = gdata.gauth.OAuth2Token( client_id=client_id, client_secret=client_secret, scope=OAUTH_SCOPE, user_agent=SOURCE_APP_NAME, access_token=access_token, refresh_token=account.refresh_token) google_client = gdata.contacts.client.ContactsClient( source=SOURCE_APP_NAME) google_client.auth_token = two_legged_oauth_token return google_client except (gdata.client.BadAuthentication, OAuthError) as e: self.log.debug('Invalid user credentials given: {}' .format(e), logstash_tag='mark_invalid', account_id=account.id) account.mark_invalid() db_session.add(account) db_session.commit() if not retry_conn_errors: # end of the line raise ValidationError try: token_manager.get_token(account, force_refresh=True) return self._get_google_client(retry_conn_errors=False) except OAuthError as e: raise ValidationError except ConnectionError: self.log.error('Connection error') account.sync_state = 'connerror' db_session.add(account) db_session.commit() raise
def _get_google_client(self, retry_conn_errors=True): """Return the Google API client.""" # TODO(emfree) figure out a better strategy for refreshing OAuth # credentials as needed with session_scope() as db_session: try: account = db_session.query(GmailAccount).get(self.account_id) client_id = account.client_id or OAUTH_CLIENT_ID client_secret = (account.client_secret or OAUTH_CLIENT_SECRET) access_token = token_manager.get_token(account) two_legged_oauth_token = gdata.gauth.OAuth2Token( client_id=client_id, client_secret=client_secret, scope=OAUTH_SCOPE, user_agent=SOURCE_APP_NAME, access_token=access_token, refresh_token=account.refresh_token) google_client = gdata.contacts.client.ContactsClient( source=SOURCE_APP_NAME) google_client.auth_token = two_legged_oauth_token return google_client except (gdata.client.BadAuthentication, OAuthError) as e: self.log.debug('Invalid user credentials given: {}' .format(e)) account.mark_invalid() db_session.add(account) db_session.commit() if not retry_conn_errors: # end of the line raise ValidationError try: token_manager.get_token(account, force_refresh=True) return self._get_google_client(retry_conn_errors=False) except OAuthError as e: raise ValidationError except ConnectionError: self.log.error('Connection error') account.sync_state = 'connerror' db_session.add(account) db_session.commit() raise
def _get_google_client(self, retry_conn_errors=True): """Return the Google API client.""" with session_scope(self.namespace_id) as db_session: account = db_session.query(GmailAccount).get(self.account_id) db_session.expunge(account) access_token = token_manager.get_token(account) token = gdata.gauth.AuthSubToken(access_token) google_client = gdata.contacts.client.ContactsClient(source=SOURCE_APP_NAME) google_client.auth_token = token return google_client
def verify_account(self, account): """Verifies a IMAP account by logging in.""" try: access_token = token_manager.get_token(account) conn = self.connect_account(account.email_address, access_token, account.imap_endpoint, account.id) conn.logout() except ValidationError: # Access token could've expired, refresh and try again. access_token = token_manager.get_token(account, force_refresh=True) conn = self.connect_account(account.email_address, access_token, account.imap_endpoint, account.id) conn.logout() return True
def _authenticate_IMAP_connection(self, account, conn): host, port = account.imap_endpoint try: # Raises ValidationError if the refresh token we have is invalid. token = token_manager.get_token(account) conn.oauth2_login(account.email_address, token) except IMAPClient.Error as exc: log.error('Error during IMAP XOAUTH2 login', account_id=account.id, host=host, port=port, error=exc) raise
def _authenticate_IMAP_connection(self, account, conn): host, port = account.imap_endpoint try: # Raises ValidationError if the refresh token we have is invalid. token = token_manager.get_token(account) conn.oauth2_login(account.email_address, token) except IMAPClient.Error as exc: log.error('Error during IMAP XOAUTH2 login', account_id=account.id, host=host, port=port, error=exc) raise
def __init__(self, account): self.account_id = int(account.id) try: with session_scope(self.account_id) as db_session: self.account = db_session.query(Account).get(self.account_id) self.auth_token = token_manager.get_token(self.account) db_session.expunge_all() except OAuthError: raise SearchBackendException( "This search can't be performed because the account's " "credentials are out of date. Please reauthenticate and try " "again.", 403, )
def verify_config(self, account): """Verifies configuration, specifically presence of 'All Mail' folder. Will raise an inbox.crispin.GmailSettingError if not present. """ access_token = token_manager.get_token(account) conn = self.connect_account(account.email_address, access_token, account.imap_endpoint, account.id) # make a crispin client and check the folders client = GmailCrispinClient(account.id, provider_info('gmail'), account.email_address, conn, readonly=True) client.sync_folders() conn.logout() return True
def verify_config(self, account): """Verifies configuration, specifically presence of 'All Mail' folder. Will raise an inbox.crispin.GmailSettingError if not present. """ access_token = token_manager.get_token(account) conn = self.connect_account(account.email_address, access_token, account.imap_endpoint, account.id) # make a crispin client and check the folders client = GmailCrispinClient(account.id, provider_info('gmail'), account.email_address, conn, readonly=True) client.sync_folders() conn.logout() return True
def _get_google_service(self): """Return the Google API client.""" with session_scope() as db_session: try: account = db_session.query(GmailAccount).get(self.account_id) client_id = account.client_id or OAUTH_CLIENT_ID client_secret = (account.client_secret or OAUTH_CLIENT_SECRET) self.email = account.email_address access_token = token_manager.get_token(account) refresh_token = account.refresh_token credentials = OAuth2Credentials( access_token=access_token, client_id=client_id, client_secret=client_secret, refresh_token=refresh_token, token_expiry=None, # Value not actually needed by library. token_uri=OAUTH_ACCESS_TOKEN_URL, user_agent=SOURCE_APP_NAME) http = httplib2.Http() http = credentials.authorize(http) service = build(serviceName='calendar', version='v3', http=http) return service except OAuthError: self.log.error('Invalid user credentials given') account.sync_state = 'invalid' db_session.add(account) db_session.commit() raise ValidationError except ConnectionError: self.log.error('Connection error') account.sync_state = 'connerror' db_session.add(account) db_session.commit() raise ConnectionError
def _get_google_service(self): """Return the Google API client.""" with session_scope() as db_session: try: account = db_session.query(GmailAccount).get(self.account_id) client_id = account.client_id or OAUTH_CLIENT_ID client_secret = (account.client_secret or OAUTH_CLIENT_SECRET) self.email = account.email_address access_token = token_manager.get_token(account) refresh_token = account.refresh_token credentials = OAuth2Credentials( access_token=access_token, client_id=client_id, client_secret=client_secret, refresh_token=refresh_token, token_expiry=None, # Value not actually needed by library. token_uri=OAUTH_ACCESS_TOKEN_URL, user_agent=SOURCE_APP_NAME) http = httplib2.Http() http = credentials.authorize(http) service = build(serviceName='calendar', version='v3', http=http) return service except OAuthError: self.log.error('Invalid user credentials given') account.sync_state = 'invalid' db_session.add(account) db_session.commit() raise ValidationError except ConnectionError: self.log.error('Connection error') account.sync_state = 'connerror' db_session.add(account) db_session.commit() raise ConnectionError
def __init__(self, account): self.account_id = account.id self.log = get_logger() self.log.bind(account_id=account.id) self.email_address = account.email_address self.provider_name = account.provider self.sender_name = account.name self.smtp_endpoint = account.smtp_endpoint self.auth_type = provider_info(self.provider_name, self.email_address)['auth'] if self.auth_type == 'oauth2': try: self.auth_token = token_manager.get_token(account) except OAuthError: raise SendMailException( 'Could not authenticate with the SMTP server.', 403) else: assert self.auth_type == 'password' self.auth_token = account.password
def __init__(self, account): self.account_id = account.id self.log = get_logger() self.log.bind(account_id=account.id) self.email_address = account.email_address self.provider_name = account.provider self.sender_name = account.name self.smtp_endpoint = account.smtp_endpoint self.auth_type = provider_info(self.provider_name, self.email_address)['auth'] if self.auth_type == 'oauth2': try: self.auth_token = token_manager.get_token(account) except OAuthError: raise SendMailException( 'Could not authenticate with the SMTP server.', 403) else: assert self.auth_type == 'password' self.auth_token = account.password
def _set_account_info(self): with session_scope() as db_session: account = db_session.query(Account).get(self.account_id) self.provider_name = account.provider self.email_address = account.email_address self.provider_info = account.provider_info self.imap_endpoint = account.imap_endpoint self.sync_state = account.sync_state if self.provider_name == 'gmail': self.client_cls = GmailCrispinClient elif getattr(account, 'supports_condstore', False): self.client_cls = CondStoreCrispinClient elif self.provider_info.get('condstore'): self.client_cls = CondStoreCrispinClient else: self.client_cls = CrispinClient # Refresh token if need be, for OAuthed accounts if self.provider_info['auth'] == 'oauth2': try: self.credential = token_manager.get_token(account) except ValidationError as e: logger.error("Error obtaining access token", account_id=self.account_id, logstash_tag='mark_invalid') account.mark_invalid() account.update_sync_error(str(e)) db_session.commit() raise except ConnectionError as e: logger.error("Error connecting", account_id=self.account_id) account.sync_state = 'connerror' account.update_sync_error(str(e)) db_session.commit() raise else: self.credential = account.password
def get_gmail_raw_contents(message): account = message.namespace.account auth_token = token_manager.get_token(account) # The Gmail API exposes the X-GM-MSGID field but encodes it # in hexadecimal. g_msgid = message.g_msgid if g_msgid is None: raise EmailDeletedException( "Couldn't find message on backend server. This is a permanent error." ) if isinstance(g_msgid, basestring): g_msgid = int(g_msgid) hex_id = format(g_msgid, "x") url = "https://www.googleapis.com/gmail/v1/users/me/messages/{}?format=raw".format( hex_id, "x") r = requests.get(url, auth=OAuthRequestsWrapper(auth_token)) if r.status_code != 200: log.error("Got an error when fetching raw email", r.status_code, r.text) if r.status_code in [403, 429]: raise TemporaryEmailFetchException( "Temporary usage limit hit. Please try again.") if r.status_code == 404: raise EmailDeletedException( "Couldn't find message on backend server. This is a permanent error." ) elif r.status_code >= 500 and r.status_code <= 599: raise TemporaryEmailFetchException( "Backend server error. Please try again in a few minutes.") data = r.json() raw = str(data["raw"]) return base64.urlsafe_b64decode(raw + "=" * (4 - len(raw) % 4))
def _set_account_info(self): with session_scope() as db_session: account = db_session.query(Account).get(self.account_id) self.provider_name = account.provider self.email_address = account.email_address self.provider_info = account.provider_info self.imap_endpoint = account.imap_endpoint self.sync_state = account.sync_state if self.provider_name == 'gmail': self.client_cls = GmailCrispinClient elif getattr(account, 'supports_condstore', False): self.client_cls = CondStoreCrispinClient elif self.provider_info.get('condstore'): self.client_cls = CondStoreCrispinClient else: self.client_cls = CrispinClient # Refresh token if need be, for OAuthed accounts if self.provider_info['auth'] == 'oauth2': try: self.credential = token_manager.get_token(account) except ValidationError as e: logger.error("Error obtaining access token", account_id=self.account_id) account.mark_invalid() account.update_sync_error(str(e)) db_session.commit() raise except ConnectionError as e: logger.error("Error connecting", account_id=self.account_id) account.sync_state = 'connerror' account.update_sync_error(str(e)) db_session.commit() raise else: self.credential = account.password
def connect_account(self, account): """Returns an authenticated IMAP connection for the given account. Raises ------ ValidationError If fetching an access token failed because the refresh token we have is invalid (i.e., if the user has revoked access). ConnectionError If another error occurred when fetching an access token. imapclient.IMAPClient.Error, socket.error If errors occurred establishing the connection or logging in. """ host, port = account.imap_endpoint try: conn = IMAPClient(host, port=port, use_uid=True, ssl=True) except (IMAPClient.Error, socket.error) as exc: log.error('Error instantiating IMAP connection', account_id=account.id, email=account.email_address, imap_host=host, imap_port=port, error=exc) raise try: # Raises ValidationError if the refresh token we have is invalid. token = token_manager.get_token(account) conn.oauth2_login(account.email_address, token) except IMAPClient.Error as exc: log.error('Error during IMAP XOAUTH2 login', account_id=account.id, email=account.email_address, host=host, port=port, error=exc) raise return conn
def connect_account(self, account): """Returns an authenticated IMAP connection for the given account. Raises ------ ValidationError If fetching an access token failed because the refresh token we have is invalid (i.e., if the user has revoked access). ConnectionError If another error occurred when fetching an access token. imapclient.IMAPClient.Error, socket.error If errors occurred establishing the connection or logging in. """ host, port = account.imap_endpoint try: conn = IMAPClient(host, port=port, use_uid=True, ssl=True) except (IMAPClient.Error, socket.error) as exc: log.error('Error instantiating IMAP connection', account_id=account.id, email=account.email_address, imap_host=host, imap_port=port, error=exc) raise try: # Raises ValidationError if the refresh token we have is invalid. token = token_manager.get_token(account) conn.oauth2_login(account.email_address, token) except IMAPClient.Error as exc: log.error('Error during IMAP XOAUTH2 login', account_id=account.id, email=account.email_address, host=host, port=port, error=exc) raise return conn
def fetch_items(self, sync_from_time=None): with session_scope() as db_session: account = db_session.query(OutlookAccount).get(self.account_id) access_token = token_manager.get_token(account) params = {'access_token': access_token} path = OAUTH_USER_INFO_URL + "/events" resp = requests.get(path, params=params) if resp.status_code != 200: try: resp_data = resp.json() if 'error' in resp_data and 'code' in resp_data['error']: self.log.error("Error obtaining events", message=resp_data['error']['code'], provider=self.PROVIDER_NAME, account_id=self.account_id) else: self.log.error("Error obtaining events", provider=self.PROVIDER_NAME, message="Invalid response from server.", account_id=self.account_id) except ValueError: self.log.error("Error obtaining events", provider=self.PROVIDER_NAME, message="Invalid response from server.", account_id=self.account_id) return response_items = resp.json()['data'] user_id = account.o_id calendar_id = self.get_calendar_id('default') extra = {'user_id': user_id, 'stored_uids': []} for response_event in response_items: yield (calendar_id, response_event, extra)
def _get_access_token(self): with session_scope() as db_session: acc = db_session.query(Account).get(self.account_id) # This will raise OAuthError if OAuth access was revoked. The # BaseSyncMonitor loop will catch this, clean up, and exit. return token_manager.get_token(acc)
def _smtp_oauth2_try_refresh(self): with session_scope() as db_session: account = db_session.query(ImapAccount).get(self.account_id) self.auth_token = token_manager.get_token(account, force_refresh=True)
def _smtp_oauth2_try_refresh(self): with session_scope() as db_session: account = db_session.query(ImapAccount).get(self.account_id) self.auth_token = token_manager.get_token(account, force_refresh=True)
def _get_access_token(self): with session_scope() as db_session: acc = db_session.query(Account).get(self.account_id) # This will raise OAuthError if OAuth access was revoked. The # BaseSyncMonitor loop will catch this, clean up, and exit. return token_manager.get_token(acc)
def _get_access_token_for_push_notifications(self, account, force_refresh=False): if not self.push_notifications_enabled(account): raise OAuthError("Account not enabled for push notifications.") return token_manager.get_token(account, force_refresh)