def create_implicit_grant_access_token(uid, client_id, redirect_uri, scope=None):
user = get_user(uid)
client = get_client(client_id)
db = DB()
try:
# the only authentication here is to check the
# redirect_uri is the same as the one stored
# for the registered client
if client.redirect_uri == redirect_uri:
token = AccessToken(client.id, user.id, scope=scope)
while db.contains(token.code):
token = AccessToken(client.id, user.id, scope=scope)
db.put(token.code, token)
db.commit()
return token.code
else:
logging.warn(
"".join([str(client_id), " uri of ", str(client.redirect_uri), " does not match ", str(redirect_uri)])
)
except Exception, e:
logging.error("".join(["create_implicit_grant_access_token: ", str(e)]))
db.abort()
def create_access_token_from_user_pass(client_id, client_secret, user_id, password, scope):
client = None
if client_id != None:
client = get_client(client_id)
else:
# create a client object from username and password
client = Client(user_id, user_id, password, None)
# make client_secret equal the password
# saving me from having to change anything below
client_secret = password
user = get_user(user_id)
db = DB()
try:
if client != None and user != None and client.secret == client_secret and user.password == password:
token = AccessToken(client.id, user.id, scope=scope)
while db.contains(token.code):
token = AccessToken(client.id, user.id, scope=scope)
db.put(token.code, token)
db.commit()
return token.code
except Exception, e:
logging.error("".join(["create_access_token_from_user_pass: ", str(e)]))
db.abort()
def add_anonymous_url(url):
db = DB()
try:
if db.contains('anonymous_urls'):
urls = db.get('anonymous_urls')
urls.add(url)
db.put('anonymous_urls', urls)
else:
urls = set()
urls.add(url)
db.put('anonymous_urls', urls)
db.commit()
except Exception, e:
logging.error(''.join(['add_anonymous_url: ', str(e)]))
db.abort()
def create_access_token_from_code(auth_code):
client = get_client(auth_code.client)
user = get_user(auth_code.user)
db = DB()
try:
token = AccessToken(client.id, user.id, scope=auth_code.scope)
while db.contains(token.code):
token = AccessToken(client.id, user.id, scope=auth_code.scope)
db.put(token.code, token)
db.commit()
return token.code
except Exception, e:
logging.error("".join(["create_access_token_from_code: ", str(e)]))
db.abort()
def create_access_token_from_refresh_token(refresh_token):
'''
We assume that in the getting of the refresh_token,
before calling this function, the authentication takes place there.
'''
#disconnect the data reference from the data stored in the DB
#refresh_token_copy = deepcopy(refresh_token)
db = DB()
try:
#refresh_token = get_token(refresh_token_str)
#delete old access_token and create a new access_token
#to replace the old one. refresh_token.access_token is
#the string code not an AccessToken object
delete_token(refresh_token.access_token)
#use the info stored in the refresh_token copy to create a
#new AccessToken
token = AccessToken(refresh_token.client,
refresh_token.user,
refresh_token.scope)
while db.contains(token.code):
token = AccessToken(refresh_token.client,
refresh_token.user,
refresh_token.scope)
db.put(token.code, token)
logging.warn('is a token ' + str(token))
refresh_token.access_token = token.code
db.update(refresh_token.code, refresh_token)
logging.warn('has changed ' + str(refresh_token._p_changed))
db.commit()
#return access token string not AccessToken object
return token.code
except Exception, e:
logging.error(''.join(['create_access_token_from_refresh_token: ',
str(e)]))
db.abort()
def create_refresh_token_from_user_pass(client_id,
client_secret,
user_id,
password,
scope,
access_token):
try:
client = None
if client_id != None:
client = get_client(client_id)
else:
#not using client credentials do just create
#a client object from user credentials
client = Client(user_id, user_id, password, None)
#make client_secret equal password
client_secret = password
user = get_user(user_id)
if client != None and \
user != None and \
client.secret == client_secret and \
user.password == password:
db = DB()
try:
token = RefreshToken(access_token.code,
client.id,
user.id,
scope=scope)
while db.contains(token.code):
token = RefreshToken(access_token.code,
client.id,
user.id,
scope=scope)
db.put(token.code, token)
db.commit()
return token.code
except Exception, e:
logging.error(''.join(['create_refresh_token_from_user_pass: ',
str(e)]))
db.abort()
finally:
db.close()
def associate_client_with_user(user_id, client_id, refresh_token_str):
"""
Adds client to list of authorised clients who can access the users resources on a long term basis
"""
client = get_client(client_id)
user = get_user(user_id)
refresh_token = get_token(client.id, client.secret, refresh_token_str)
## before going further, see if client is confidential or not.
## If confidential then it is assumed to be able to keep the
## username and password secret from itself. If this is the
## case then it's allowed to continue, else throw a
## ConfindentialError.
if client.type.lower() != 'confidential':
client_id = refresh_token.client
raise ConfidentailError('Client ' + client_id + \
' is not a confidentail client')
db = DB()
try:
key = 'client_association_' + str(user.id)
if db.contains(key):
association = db.get(key)
if client.id not in association.clients:
association.clients[client.id] = refresh_token.code
db.update(key, association)
else:
raise AssociationExistsWarning(''.join(['Client ',
str(client.id),
' is already associated with ',
str(user.id)]))
else:
association = Association(user.id)
association.clients[client.id] = refresh_token.code
db.put(key, association)
db.commit()
except Exception, e:
logging.error(''.join(['associate_client_with_user: ', str(e)]))
raise e
db.abort()
def add_user(uid, password, firstname=None, lastname=None):
if not uid or not password:
logging.error("add_user: can't add a user of uid " + str(uid) + \
" and password of " + str(password))
return None
user = User(uid, password, firstname, lastname)
db = DB()
try:
#if it doesn't exist add it else report it does
if not db.contains(uid):
db.put(uid, user)
db.commit()
else:
logging.warn(''.join(['add_user: '******' already exists']))
raise UserExistsWarning(''.join(['User ', str(uid), ' already exists']))
except Exception, e:
logging.error(''.join(['add_user: ', (str(e))]))
db.abort()
return None
def create_auth_code(client_id, uid, scope=None):
client = get_client(client_id)
user = get_user(uid)
db = DB()
try:
auth_code = AuthCode(client.id, user.id, scope=scope)
while db.contains(auth_code.code):
token = AccessToken(client.id,
user.id,
scope=scope)
db.put(auth_code.code, auth_code)
db.commit()
code = auth_code.code
return code
except Exception, e:
logging.error(''.join(['create_auth_code: ', str(e)]))
db.abort()
raise e
def create_refresh_token_from_code(auth_code, access_token):
db = DB()
try:
auth_code = deepcopy(auth_code)
logging.warn('access_token = ' + str(access_token) + ' auth_code = ' + str(auth_code.code))
token = RefreshToken(access_token,
auth_code.client,
auth_code.user,
scope=auth_code.scope)
while db.contains(token.code):
token = RefreshToken(access_token,
auth_code.client,
auth_code.user,
scope=auth_code.scope)
db.put(token.code, token)
db.commit()
return token.code
except Exception, e:
logging.error(''.join(['create_refresh_token_from_code ', str(e)]))
db.abort()
def create_client(client_name,
client_id,
client_secret,
redirect_uri,
client_type='confidential'):
client = Client( client_name,
client_id,
client_secret,
redirect_uri,
client_type)
db = DB()
try:
if not db.contains(client_id):
db.put(client_id, client)
db.commit()
return deepcopy(client)
else:
raise ClientExistsWarning(''.join(['Client with id of ',str(client_id), ' already exists']))
except Exception, e:
logging.error(''.join(['create_client: ', str(e)]))
db.abort()
from client import create_client, get_client, delete_client, client_exists
from models import AccessToken, RefreshToken
add_user('jim', 'password')
user = get_user('jim')
if not client_exists('bobby fiet3'):
client = create_client('bob',
'bobby fiet3',
'iamcool',
'http://whaever.com')
else:
client = get_client('bobby fiet3')
access_token = AccessToken(client, user)
refresh_token = RefreshToken(access_token, client, user)
db = DB()
try:
db.put(access_token.code, access_token)
db.put(refresh_token.code, refresh_token)
db.commit()
finally:
db.close()
try:
associate_client_with_user(user, client, refresh_token.code)
except:
pass
associations = get_associations(user)
print
print associations.user.id, associations.user.password
print
print 'clients'
print
for x in associations.clients:
