class SSOGrantViewSet(viewsets.ReadOnlyModelViewSet): """ A `Grant` represents a login attempt, where "application" is the client which was tried to log into. """ serializer_class = SSOGrantSerializer queryset = get_grant_model().objects.all() permission_classes = [TokenHasScopeOrSuperUser] @action(detail=False, methods=["GET"]) def get_own(self, request): queryset = get_grant_model().objects.filter(user=request.user) serializer = self.get_serializer(queryset, many=True) return Response(serializer.data)
def form_valid(self, form): user = self.request.user app_id = form.cleaned_data['app_id'] self.log.info('Revoking all oauth tokens for user %s, application %d', user, app_id) rt_model = oauth2_models.get_refresh_token_model() at_model = oauth2_models.get_access_token_model() gr_model = oauth2_models.get_grant_model() rt_model.objects.filter(user=user, application=app_id).delete() at_model.objects.filter(user=user, application=app_id).delete() gr_model.objects.filter(user=user, application=app_id).delete() return super().form_valid(form)
from urllib.parse import parse_qs, urlparse import pytest from django.contrib.auth import get_user_model from django.core.exceptions import ImproperlyConfigured from django.test import RequestFactory, TestCase from django.urls import reverse from oauth2_provider.models import get_access_token_model, get_application_model, get_grant_model from oauth2_provider.views import ReadWriteScopedResourceView, ScopedProtectedResourceView from .utils import get_basic_auth_header Application = get_application_model() AccessToken = get_access_token_model() Grant = get_grant_model() UserModel = get_user_model() CLEARTEXT_SECRET = "1234567890abcdefghijklmnopqrstuvwxyz" # mocking a protected resource view class ScopeResourceView(ScopedProtectedResourceView): required_scopes = ["scope1"] def get(self, request, *args, **kwargs): return "This is a protected resource" class MultiScopeResourceView(ScopedProtectedResourceView): required_scopes = ["scope1", "scope2"]
from django.utils import timezone from oauthlib.oauth2.rfc6749 import errors as oauthlib_errors from oauth2_provider.models import ( get_access_token_model, get_application_model, get_grant_model, get_refresh_token_model ) from oauth2_provider.settings import oauth2_settings from oauth2_provider.views import ProtectedResourceView from .utils import get_basic_auth_header Application = get_application_model() AccessToken = get_access_token_model() Grant = get_grant_model() RefreshToken = get_refresh_token_model() UserModel = get_user_model() # mocking a protected resource view class ResourceView(ProtectedResourceView): def get(self, request, *args, **kwargs): return "This is a protected resource" class BaseTest(TestCase): def setUp(self): self.factory = RequestFactory() self.test_user = UserModel.objects.create_user("test_user", "*****@*****.**", "123456") self.dev_user = UserModel.objects.create_user("dev_user", "*****@*****.**", "123456")
list_display = ("jti", "user", "application", "expires") raw_id_fields = ("user", ) search_fields = ("user__email", ) if has_email else () list_filter = ("application", ) class RefreshTokenAdmin(admin.ModelAdmin): list_display = ("token", "user", "application") raw_id_fields = ("user", "access_token") search_fields = ("token", ) + (("user__email", ) if has_email else ()) list_filter = ("application", ) application_model = get_application_model() access_token_model = get_access_token_model() grant_model = get_grant_model() id_token_model = get_id_token_model() refresh_token_model = get_refresh_token_model() application_admin_class = get_application_admin_class() access_token_admin_class = get_access_token_admin_class() grant_admin_class = get_grant_admin_class() id_token_admin_class = get_id_token_admin_class() refresh_token_admin_class = get_refresh_token_admin_class() admin.site.register(application_model, application_admin_class) admin.site.register(access_token_model, access_token_admin_class) admin.site.register(grant_model, grant_admin_class) admin.site.register(id_token_model, id_token_admin_class) admin.site.register(refresh_token_model, refresh_token_admin_class)
def get_own(self, request): queryset = get_grant_model().objects.filter(user=request.user) serializer = self.get_serializer(queryset, many=True) return Response(serializer.data)
class Meta: model = get_grant_model() fields = ["id", "user", "application", "created"]