def create_implicit_grant_access_token(uid, client_id, redirect_uri, scope=None): user = get_user(uid) client = get_client(client_id) db = DB() try: # the only authentication here is to check the # redirect_uri is the same as the one stored # for the registered client if client.redirect_uri == redirect_uri: token = AccessToken(client.id, user.id, scope=scope) while db.contains(token.code): token = AccessToken(client.id, user.id, scope=scope) db.put(token.code, token) db.commit() return token.code else: logging.warn( "".join([str(client_id), " uri of ", str(client.redirect_uri), " does not match ", str(redirect_uri)]) ) except Exception, e: logging.error("".join(["create_implicit_grant_access_token: ", str(e)])) db.abort()
def create_access_token_from_user_pass(client_id, client_secret, user_id, password, scope): client = None if client_id != None: client = get_client(client_id) else: # create a client object from username and password client = Client(user_id, user_id, password, None) # make client_secret equal the password # saving me from having to change anything below client_secret = password user = get_user(user_id) db = DB() try: if client != None and user != None and client.secret == client_secret and user.password == password: token = AccessToken(client.id, user.id, scope=scope) while db.contains(token.code): token = AccessToken(client.id, user.id, scope=scope) db.put(token.code, token) db.commit() return token.code except Exception, e: logging.error("".join(["create_access_token_from_user_pass: ", str(e)])) db.abort()
def add_anonymous_url(url): db = DB() try: if db.contains('anonymous_urls'): urls = db.get('anonymous_urls') urls.add(url) db.put('anonymous_urls', urls) else: urls = set() urls.add(url) db.put('anonymous_urls', urls) db.commit() except Exception, e: logging.error(''.join(['add_anonymous_url: ', str(e)])) db.abort()
def create_access_token_from_code(auth_code): client = get_client(auth_code.client) user = get_user(auth_code.user) db = DB() try: token = AccessToken(client.id, user.id, scope=auth_code.scope) while db.contains(token.code): token = AccessToken(client.id, user.id, scope=auth_code.scope) db.put(token.code, token) db.commit() return token.code except Exception, e: logging.error("".join(["create_access_token_from_code: ", str(e)])) db.abort()
def create_access_token_from_refresh_token(refresh_token): ''' We assume that in the getting of the refresh_token, before calling this function, the authentication takes place there. ''' #disconnect the data reference from the data stored in the DB #refresh_token_copy = deepcopy(refresh_token) db = DB() try: #refresh_token = get_token(refresh_token_str) #delete old access_token and create a new access_token #to replace the old one. refresh_token.access_token is #the string code not an AccessToken object delete_token(refresh_token.access_token) #use the info stored in the refresh_token copy to create a #new AccessToken token = AccessToken(refresh_token.client, refresh_token.user, refresh_token.scope) while db.contains(token.code): token = AccessToken(refresh_token.client, refresh_token.user, refresh_token.scope) db.put(token.code, token) logging.warn('is a token ' + str(token)) refresh_token.access_token = token.code db.update(refresh_token.code, refresh_token) logging.warn('has changed ' + str(refresh_token._p_changed)) db.commit() #return access token string not AccessToken object return token.code except Exception, e: logging.error(''.join(['create_access_token_from_refresh_token: ', str(e)])) db.abort()
def create_refresh_token_from_user_pass(client_id, client_secret, user_id, password, scope, access_token): try: client = None if client_id != None: client = get_client(client_id) else: #not using client credentials do just create #a client object from user credentials client = Client(user_id, user_id, password, None) #make client_secret equal password client_secret = password user = get_user(user_id) if client != None and \ user != None and \ client.secret == client_secret and \ user.password == password: db = DB() try: token = RefreshToken(access_token.code, client.id, user.id, scope=scope) while db.contains(token.code): token = RefreshToken(access_token.code, client.id, user.id, scope=scope) db.put(token.code, token) db.commit() return token.code except Exception, e: logging.error(''.join(['create_refresh_token_from_user_pass: ', str(e)])) db.abort() finally: db.close()
def associate_client_with_user(user_id, client_id, refresh_token_str): """ Adds client to list of authorised clients who can access the users resources on a long term basis """ client = get_client(client_id) user = get_user(user_id) refresh_token = get_token(client.id, client.secret, refresh_token_str) ## before going further, see if client is confidential or not. ## If confidential then it is assumed to be able to keep the ## username and password secret from itself. If this is the ## case then it's allowed to continue, else throw a ## ConfindentialError. if client.type.lower() != 'confidential': client_id = refresh_token.client raise ConfidentailError('Client ' + client_id + \ ' is not a confidentail client') db = DB() try: key = 'client_association_' + str(user.id) if db.contains(key): association = db.get(key) if client.id not in association.clients: association.clients[client.id] = refresh_token.code db.update(key, association) else: raise AssociationExistsWarning(''.join(['Client ', str(client.id), ' is already associated with ', str(user.id)])) else: association = Association(user.id) association.clients[client.id] = refresh_token.code db.put(key, association) db.commit() except Exception, e: logging.error(''.join(['associate_client_with_user: ', str(e)])) raise e db.abort()
def add_user(uid, password, firstname=None, lastname=None): if not uid or not password: logging.error("add_user: can't add a user of uid " + str(uid) + \ " and password of " + str(password)) return None user = User(uid, password, firstname, lastname) db = DB() try: #if it doesn't exist add it else report it does if not db.contains(uid): db.put(uid, user) db.commit() else: logging.warn(''.join(['add_user: '******' already exists'])) raise UserExistsWarning(''.join(['User ', str(uid), ' already exists'])) except Exception, e: logging.error(''.join(['add_user: ', (str(e))])) db.abort() return None
def create_auth_code(client_id, uid, scope=None): client = get_client(client_id) user = get_user(uid) db = DB() try: auth_code = AuthCode(client.id, user.id, scope=scope) while db.contains(auth_code.code): token = AccessToken(client.id, user.id, scope=scope) db.put(auth_code.code, auth_code) db.commit() code = auth_code.code return code except Exception, e: logging.error(''.join(['create_auth_code: ', str(e)])) db.abort() raise e
def create_refresh_token_from_code(auth_code, access_token): db = DB() try: auth_code = deepcopy(auth_code) logging.warn('access_token = ' + str(access_token) + ' auth_code = ' + str(auth_code.code)) token = RefreshToken(access_token, auth_code.client, auth_code.user, scope=auth_code.scope) while db.contains(token.code): token = RefreshToken(access_token, auth_code.client, auth_code.user, scope=auth_code.scope) db.put(token.code, token) db.commit() return token.code except Exception, e: logging.error(''.join(['create_refresh_token_from_code ', str(e)])) db.abort()
def create_client(client_name, client_id, client_secret, redirect_uri, client_type='confidential'): client = Client( client_name, client_id, client_secret, redirect_uri, client_type) db = DB() try: if not db.contains(client_id): db.put(client_id, client) db.commit() return deepcopy(client) else: raise ClientExistsWarning(''.join(['Client with id of ',str(client_id), ' already exists'])) except Exception, e: logging.error(''.join(['create_client: ', str(e)])) db.abort()
from client import create_client, get_client, delete_client, client_exists from models import AccessToken, RefreshToken add_user('jim', 'password') user = get_user('jim') if not client_exists('bobby fiet3'): client = create_client('bob', 'bobby fiet3', 'iamcool', 'http://whaever.com') else: client = get_client('bobby fiet3') access_token = AccessToken(client, user) refresh_token = RefreshToken(access_token, client, user) db = DB() try: db.put(access_token.code, access_token) db.put(refresh_token.code, refresh_token) db.commit() finally: db.close() try: associate_client_with_user(user, client, refresh_token.code) except: pass associations = get_associations(user) print print associations.user.id, associations.user.password print print 'clients' print for x in associations.clients: