def test_login(self): app = TestApp(M.app) user_id = 'testuser' apikey = self._add_api_key() token = ApiToken.add(apikey.client_id, user_id) app.get('/', headers=dict(Authorization="Bearer %s" % token.token), status=200)
def __token_grant_by_password(apikey): username = __check_request_required_var('username') password = __check_request_required_var('password') user = User.get_by_name(username) if not DEVELOP_MODE and user and not user.validate_password(password): raise InvalidRequest(err.username_password_mismatch) token = ApiToken.add(apikey.client_id, username) return json.dumps(token.token_dict())
def __token_grant_by_refresh_token(apikey): refresh_token = __check_request_required_var('refresh_token') token = ApiToken.get_by_refresh_token(refresh_token) if not token: raise InvalidRequest(err.invalid_refresh_token, ext=refresh_token) if datetime.now() > token.refresh_expire_time: raise InvalidRequest(err.refresh_token_has_expired, ext=refresh_token) new_token = token.refresh() return json.dumps(new_token.token_dict())
def __token_grant_by_authorization_code(apikey): redirect_uri = __check_request_required_var('redirect_uri') authorization_code = __check_request_required_var('code') if apikey.status != ApiKey.STATUS_DEV: if apikey.redirect_uri != redirect_uri: raise InvalidRequest(err.redirect_uri_mismatch, ext=redirect_uri) user_id = OAuthCode.check(apikey.client_id, authorization_code) if not user_id: raise InvalidRequest(err.invalid_authorization_code, ext=authorization_code) request.response.set_content_type('application/json; charset=utf8') token = ApiToken.add(apikey.client_id, user_id) return json.dumps(token.token_dict())
def __token_grant_by_authorization_code(apikey): redirect_uri = __check_request_required_var('redirect_uri') authorization_code = __check_request_required_var('code') if apikey.status != ApiKey.STATUS_DEV: if apikey.redirect_uri != redirect_uri: raise InvalidRequest(err.redirect_uri_mismatch, ext=redirect_uri) user_id = OAuthCode.check(apikey.client_id, authorization_code) if not user_id: raise InvalidRequest( err.invalid_authorization_code, ext=authorization_code) request.response.set_content_type('application/json; charset=utf8') token = ApiToken.add(apikey.client_id, user_id) return json.dumps(token.token_dict())
def check_auth(request): auth_header = request.environ.get('HTTP_AUTHORIZATION') # 无 Token 直接返回 if not auth_header: return # Token 格式是否正确 if not auth_header.startswith('Bearer '): # raise OAuthError(*err.auth_access_token_is_missing) # 考虑到需要兼容 qaci 使用 Basic auth 的场景,先不 raise auth = AuthCode(auth_header) if auth.confirm(): request.user = auth.user return oauth_token = auth_header[7:] token = ApiToken.get_by_token(oauth_token) # ApiToken 是否存在 if not token: raise OAuthError(*err.auth_invalid_access_token) # ApiKey 是否存在 if not token.key: raise OAuthError(*err.auth_invalid_apikey) # ApiKey 是否可用 if token.key.status == ApiKey.STATUS_BLOCKED: raise OAuthError(*err.auth_apikey_blocked) # ApiToken 是否过期 if datetime.now() > token.expire_time: raise OAuthError(*err.auth_access_token_has_expired) request.user = token.user request.client_id = token.client_id
def _add_api_token(self, user_id): apikey = self._add_api_key() return ApiToken.add(apikey.client_id, user_id)
def _add_api_token(self): apikey = self._add_api_key() user_id = "testuser" return ApiToken.add(apikey.client_id, user_id, datetime.now())
def test_get_token_by_refresh_token(self): token = self._add_api_token() target_token = ApiToken.get_by_refresh_token(token.refresh_token) eq_(token, target_token)
def test_get_api_token(self): token = self._add_api_token() target_token = ApiToken.get(token.id) eq_(token, target_token)
def _add_api_token(self): apikey = self._add_api_key() user_id = 'testuser' return ApiToken.add(apikey.client_id, user_id, datetime.now())