def get_account_by_oauth_token(self, token):
now = int(time.time())
# First, remove old tokens every 4 requests or so
if random.randint(1, 4) == 1:
q = OauthAccessToken.delete().where(
OauthAccessToken.expires_at < now
)
deleted = q.execute()
# print "Old tokens deleted: " + str(deleted)
try:
access_token = OauthAccessToken.get(
OauthAccessToken.access_token == token,
OauthAccessToken.expires_at > now
)
except peewee.DoesNotExist:
raise Unauthorized('invalid_token')
try:
return Account.get(
Account.account_id == access_token.account_id,
Account.status == 'active'
)
except peewee.DoesNotExist:
raise Unauthorized('Account not found')
def post(self):
# FIXME - add rate limiting
# validate request
grant_type = request.form.get('grant_type', '')
if grant_type == "":
abort(400, message="invalid_request")
if grant_type != 'client_credentials':
abort(400, message="unsupported_grant_type")
# validate client (apikey)
if request.authorization is not None:
# preferred, use basic authorization
key = request.authorization.username
secret = request.authorization.password
else:
# alternatively, look in post params
key = request.form.get('client_id', None)
secret = request.form.get('client_secret', None)
if not key or not secret:
abort(400, message="invalid_request")
now = int(time.time())
expire_time = int(config.get('oauth', 'token_expire_time'))
try:
apikey = self.get_apikey(key, secret)
except peewee.DoesNotExist:
abort(400, message="invalid_client")
try:
# look up existing token first, make sure it's good for at least
# ten minutes
token = self.get_token(apikey.apikey_id, now + 600)
except peewee.DoesNotExist:
# create one if needed
token = OauthAccessToken()
token.account_id = apikey.account_id.account_id
token.apikey_id = apikey.apikey_id
token.access_token = str(uuid.uuid4())
token.grant_type = 'client_credentials'
token.expires_at = now + expire_time
try:
token.save()
except Exception:
abort(500, 'unable to generate token')
return {
'access_token': token.access_token,
'token_type': 'bearer',
'expires_in': token.expires_at - now
}
def post(self):
# FIXME - add rate limiting
# validate request
grant_type = request.form.get('grant_type', '')
if grant_type == "":
abort(400, message="invalid_request")
if grant_type != 'client_credentials':
abort(400, message="unsupported_grant_type")
# validate client (apikey)
if request.authorization is not None:
# preferred, use basic authorization
key = request.authorization.username
secret = request.authorization.password
else:
# alternatively, look in post params
key = request.form.get('client_id', None)
secret = request.form.get('client_secret', None)
if not key or not secret:
abort(400, message="invalid_request")
now = int(time.time())
expire_time = int(config.get('oauth', 'token_expire_time'))
try:
apikey = self.get_apikey(key, secret)
except peewee.DoesNotExist:
abort(400, message="invalid_client")
try:
# look up existing token first, make sure it's good for at least
# ten minutes
token = self.get_token(apikey.apikey_id, now + 600)
except peewee.DoesNotExist:
# create one if needed
token = OauthAccessToken()
token.account_id = apikey.account_id.account_id
token.apikey_id = apikey.apikey_id
token.access_token = str(uuid.uuid4())
token.grant_type = 'client_credentials'
token.expires_at = now + expire_time
try:
token.save()
except:
abort(500, 'unable to generate token')
return {
'access_token': token.access_token,
'token_type': 'bearer',
'expires_in': token.expires_at - now
}
def get_account_by_oauth_token(self, token):
now = int(time.time())
try:
access_token = OauthAccessToken.get(
OauthAccessToken.access_token == token,
OauthAccessToken.expires_at > now)
except peewee.DoesNotExist:
raise AuthException('invalid_token')
try:
return Account.get(Account.account_id == access_token.account_id,
Account.status == 'active')
except peewee.DoesNotExist:
raise AuthException('Account not found')
def get_account_by_oauth_token(self, token):
now = int(time.time())
try:
access_token = OauthAccessToken.get(
OauthAccessToken.access_token == token,
OauthAccessToken.expires_at > now
)
except peewee.DoesNotExist:
raise AuthException('invalid_token')
try:
return Account.get(
Account.account_id == access_token.account_id,
Account.status == 'active'
)
except peewee.DoesNotExist:
raise AuthException('Account not found')
def get_token(self, apikey_id, expires_at):
return OauthAccessToken().get(OauthAccessToken.apikey_id == apikey_id,
OauthAccessToken.expires_at > expires_at)
