def bootstrap_bumblebee():
"""
Return or create a OAuthClient owned by the "bumblebee" user.
Re-uses an existing client if "oauth_client" is encoded into the
session cookie, otherwise writes a new client to the database.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL']
client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME',
'BB client')
scopes = ' '.join(current_app.config.get('BOOTSTRAP_SCOPES', []))
client = OAuthClient(user_id=current_user.get_id(),
name=client_name,
description=client_name,
is_confidential=False,
is_internal=True,
_default_scopes=scopes,
ratelimit=1.0)
client.gen_salt()
db.session.add(client)
token = Bootstrap.create_temporary_token(client)
db.session.add(token)
db.session.commit()
return client, token
def bootstrap_user_new(self, client_name=None, scopes=None, ratelimit=1.0,
expires=datetime.datetime(2500, 1, 1)):
"""
Create a OAuthClient owned by the authenticated real user.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL']
self._check_ratelimit(ratelimit)
uid = current_user.get_id()
client_name = client_name or current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client')
client = OAuthClient(
user_id=current_user.get_id(),
name=client_name,
description=client_name,
is_confidential=True,
is_internal=True,
_default_scopes=scopes or ' '.join(current_app.config['USER_DEFAULT_SCOPES']),
ratelimit=ratelimit
)
client.gen_salt()
db.session.add(client)
token = Bootstrap.create_user_token(client, expires=expires)
db.session.add(token)
current_app.logger.info(
"Created OAuth client for {email}".format(email=current_user.email)
)
db.session.commit()
return client, token
def bootstrap_user(self,
client_name=None,
scopes=None,
ratelimit=1.0,
expires=datetime.datetime(2500, 1, 1)):
"""
Return or create a OAuthClient owned by the authenticated real user.
Re-uses an existing client if "oauth_client" is found in the database
for this user, otherwise writes a new client to the database.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL']
uid = current_user.get_id()
client_name = client_name or current_app.config.get(
'BOOTSTRAP_CLIENT_NAME', 'BB client')
client = OAuthClient.query.filter_by(
user_id=uid,
name=client_name,
).order_by(OAuthClient.created.desc()).first()
if client is None:
self._check_ratelimit(ratelimit)
client = OAuthClient(
user_id=current_user.get_id(),
name=client_name,
description=client_name,
is_confidential=True,
is_internal=True,
_default_scopes=scopes
or ' '.join(current_app.config['USER_DEFAULT_SCOPES']),
ratelimit=ratelimit)
client.gen_salt()
db.session.add(client)
token = Bootstrap.create_user_token(client, expires=expires)
db.session.add(token)
current_app.logger.info("Created BB client for {email}".format(
email=current_user.email))
else:
token = OAuthToken.query.filter_by(
client_id=client.client_id,
user_id=current_user.get_id(),
).first()
if token is None:
# the token was not created yet
token = Bootstrap.create_user_token(client, expires=expires)
db.session.add(token)
current_app.logger.info("Created BB client for {email}".format(
email=current_user.email))
db.session.commit()
return client, token
def bootstrap_user():
"""
Return or create a OAuthClient owned by the authenticated real user.
Re-uses an existing client if "oauth_client" is found in the database
for this user, otherwise writes a new client to the database.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL']
uid = current_user.get_id()
client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client')
client = OAuthClient.query.filter_by(
user_id=uid,
name=client_name,
).first()
if client is None:
scopes = ' '.join(current_app.config['USER_DEFAULT_SCOPES'])
salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40)
client = OAuthClient(
user_id=current_user.get_id(),
name=client_name,
description=client_name,
is_confidential=True,
is_internal=True,
_default_scopes=scopes,
)
client.gen_salt()
db.session.add(client)
token = OAuthToken(
client_id=client.client_id,
user_id=uid,
access_token=gen_salt(salt_length),
refresh_token=gen_salt(salt_length),
expires=datetime.datetime(2500, 1, 1),
_scopes=scopes,
is_personal=False,
is_internal=True,
)
db.session.add(token)
db.session.commit()
current_app.logger.info(
"Created BB client for {email}".format(email=current_user.email)
)
else:
token = OAuthToken.query.filter_by(
client_id=client.client_id,
user_id=current_user.get_id(),
).first()
return client, token
def bootstrap_bumblebee():
"""
Return or create a OAuthClient owned by the "bumblebee" user.
Re-uses an existing client if "oauth_client" is encoded into the
session cookie, otherwise writes a new client to the database.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL']
salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40)
scopes = ' '.join(current_app.config.get('BOOTSTRAP_SCOPES', []))
expires = current_app.config.get('BOOTSTRAP_TOKEN_EXPIRES', 3600 * 24)
client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME',
'BB client')
uid = current_user.get_id()
client = OAuthClient(
user_id=uid,
name=client_name,
description=client_name,
is_confidential=False,
is_internal=True,
_default_scopes=scopes,
)
client.gen_salt()
db.session.add(client)
if isinstance(expires, int):
expires = datetime.datetime.utcnow() + datetime.timedelta(
seconds=expires)
token = OAuthToken(
client_id=client.client_id,
user_id=uid,
expires=expires,
_scopes=scopes,
access_token=gen_salt(salt_length),
refresh_token=gen_salt(salt_length),
is_personal=False,
is_internal=True,
)
db.session.add(token)
db.session.commit()
return client, token
def put(self):
"""
Generates a new API key
:return: dict containing the API key data structure
"""
client = OAuthClient.query.filter_by(
user_id=current_user.get_id(),
name=u'ADS API client',
).first()
if client is None: # If no client exists, create a new one
client = OAuthClient(
user_id=current_user.get_id(),
name=u'ADS API client',
description=u'ADS API client',
is_confidential=False,
is_internal=True,
_default_scopes=' '.join(
current_app.config['USER_API_DEFAULT_SCOPES']
),
ratelimit=1.0
)
client.gen_salt()
token = OAuthToken(
client_id=client.client_id,
user_id=current_user.get_id(),
access_token=gen_salt(40),
refresh_token=gen_salt(40),
expires=datetime.datetime(2500, 1, 1),
_scopes=' '.join(
current_app.config['USER_API_DEFAULT_SCOPES']
),
is_personal=False,
)
db.session.add(client)
db.session.add(token)
try:
db.session.commit()
except Exception, e:
current_app.logger.error("Unknown DB error: {0}".format(e))
abort(503)
current_app.logger.info(
"Created ADS API client+token for {0}".format(
current_user.email
)
)
def bootstrap_bumblebee():
"""
Return or create a OAuthClient owned by the "bumblebee" user.
Re-uses an existing client if "oauth_client" is encoded into the
session cookie, otherwise writes a new client to the database.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL']
salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40)
scopes = ' '.join(current_app.config.get('BOOTSTRAP_SCOPES', []))
expires = current_app.config.get('BOOTSTRAP_TOKEN_EXPIRES', 3600*24)
client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client')
uid = current_user.get_id()
client = OAuthClient(
user_id=uid,
name=client_name,
description=client_name,
is_confidential=False,
is_internal=True,
_default_scopes=scopes,
)
client.gen_salt()
db.session.add(client)
if isinstance(expires, int):
expires = datetime.datetime.utcnow() + datetime.timedelta(
seconds=expires)
token = OAuthToken(
client_id=client.client_id,
user_id=uid,
expires=expires,
_scopes=scopes,
access_token=gen_salt(salt_length),
refresh_token=gen_salt(salt_length),
is_personal=False,
is_internal=True,
)
db.session.add(token)
db.session.commit()
return client, token
def put(self):
"""
Generates a new API key
:return: dict containing the API key data structure
"""
client = OAuthClient.query.filter_by(
user_id=current_user.get_id(),
name=u'ADS API client',
).first()
if client is None: # If no client exists, create a new one
client = OAuthClient(
user_id=current_user.get_id(),
name=u'ADS API client',
description=u'ADS API client',
is_confidential=False,
is_internal=True,
_default_scopes=' '.join(
current_app.config['USER_API_DEFAULT_SCOPES']
),
)
client.gen_salt()
token = OAuthToken(
client_id=client.client_id,
user_id=current_user.get_id(),
access_token=gen_salt(40),
refresh_token=gen_salt(40),
expires=datetime.datetime(2500, 1, 1),
_scopes=' '.join(
current_app.config['USER_API_DEFAULT_SCOPES']
),
is_personal=False,
)
db.session.add(client)
db.session.add(token)
try:
db.session.commit()
except Exception, e:
current_app.logger.error("Unknown DB error: {0}".format(e))
abort(503)
current_app.logger.info(
"Created ADS API client+token for {0}".format(
current_user.email
)
)
def bootstrap_user():
"""
Return or create a OAuthClient owned by the authenticated real user.
Re-uses an existing client if "oauth_client" is found in the database
for this user, otherwise writes a new client to the database.
Similar logic performed for the OAuthToken.
:return: OAuthToken instance
"""
assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL']
uid = current_user.get_id()
client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME',
'BB client')
client = OAuthClient.query.filter_by(
user_id=uid,
name=client_name,
).first()
scopes = ' '.join(current_app.config['USER_DEFAULT_SCOPES'])
salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40)
if client is None:
client = OAuthClient(
user_id=current_user.get_id(),
name=client_name,
description=client_name,
is_confidential=True,
is_internal=True,
_default_scopes=scopes,
)
client.gen_salt()
db.session.add(client)
token = OAuthToken(
client_id=client.client_id,
user_id=uid,
access_token=gen_salt(salt_length),
refresh_token=gen_salt(salt_length),
expires=datetime.datetime(2500, 1, 1),
_scopes=scopes,
is_personal=False,
is_internal=True,
)
db.session.add(token)
current_app.logger.info("Created BB client for {email}".format(
email=current_user.email))
else:
token = OAuthToken.query.filter_by(
client_id=client.client_id,
user_id=current_user.get_id(),
).first()
if token is None:
# the token was not created yet
token = OAuthToken(
client_id=client.client_id,
user_id=uid,
access_token=gen_salt(salt_length),
refresh_token=gen_salt(salt_length),
expires=datetime.datetime(2500, 1, 1),
_scopes=scopes,
is_personal=False,
is_internal=True,
)
db.session.add(token)
current_app.logger.info("Created BB client for {email}".format(
email=current_user.email))
db.session.commit()
return client, token
def get_token():
parser = argparse.ArgumentParser()
add_arguments(parser)
args = parser.parse_args()
app = create_app('manual_client_registration',
EXTENSIONS = ['adsws.ext.sqlalchemy',
'adsws.ext.security',],
PACKAGES=['adsws.modules.oauth2server',])
with app.app_context() as context:
try:
u = db.session.query(User).filter_by(email=args.user_email).one()
except NoResultFound:
if not args.create_user:
sys.exit("User with email [%s] not found, and --create-user was not specified. Exiting." % args.user_email)
u = User(email=args.user_email)
db.session.add(u)
db.session.commit()
except MultipleResultsFound:
raise DatabaseIntegrityError
try:
client = db.session.query(OAuthClient).filter_by(user_id=u.id,name=args.name).one()
except MultipleResultsFound:
raise DatabaseIntegrityError("Multiple oauthclients found for that user and name")
except NoResultFound:
client = OAuthClient(
user_id = u.id,
description=args.description,
name=args.name,
is_confidential=True,
is_internal=True,)
client.gen_salt()
db.session.add(client)
db.session.commit()
try:
tokens = db.session.query(OAuthToken).filter_by(
client_id=client.client_id,
user_id=u.id,
is_personal=args.is_personal).all()
#Iterate through each result and compare scopes
matching_tokens = []
for t in tokens:
if set(args.scopes) == set(t.scopes):
matching_tokens.append(t)
if not matching_tokens:
raise NoResultFound
print "%s tokens with those definitions found, returning the first" % len(matching_tokens)
token = matching_tokens[0]
except NoResultFound:
token = OAuthToken(
client_id=client.client_id,
user_id=u.id,
access_token=gen_salt(current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN', 40)),
refresh_token=gen_salt(current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN', 40)),
_scopes=' '.join(args.scopes),
expires=datetime.datetime(2050,1,1) if args.is_personal else None,
is_personal=args.is_personal,
is_internal=True,)
db.session.add(token)
db.session.commit()
return {
'access_token': token.access_token,
'refresh_token': token.refresh_token,
'username': u.email,
'expires_in': token.expires.isoformat() if token.expires else None,
'token_type': 'Bearer'}
def get_token():
parser = argparse.ArgumentParser()
add_arguments(parser)
args = parser.parse_args()
app = create_app('manual_client_registration',
EXTENSIONS=[
'adsws.ext.sqlalchemy',
'adsws.ext.security',
],
PACKAGES=[
'adsws.modules.oauth2server',
])
with app.app_context() as context:
try:
u = db.session.query(User).filter_by(email=args.user_email).one()
except NoResultFound:
if not args.create_user:
sys.exit(
"User with email [%s] not found, and --create-user was not specified. Exiting."
% args.user_email)
u = User(email=args.user_email)
db.session.add(u)
db.session.commit()
except MultipleResultsFound:
raise DatabaseIntegrityError
try:
client = db.session.query(OAuthClient).filter_by(
user_id=u.id, name=args.name).one()
except MultipleResultsFound:
raise DatabaseIntegrityError(
"Multiple oauthclients found for that user and name")
except NoResultFound:
client = OAuthClient(
user_id=u.id,
description=args.description,
name=args.name,
is_confidential=True,
is_internal=True,
)
client.gen_salt()
db.session.add(client)
db.session.commit()
try:
tokens = db.session.query(OAuthToken).filter_by(
client_id=client.client_id,
user_id=u.id,
is_personal=args.is_personal).all()
#Iterate through each result and compare scopes
matching_tokens = []
for t in tokens:
if set(args.scopes) == set(t.scopes):
matching_tokens.append(t)
if not matching_tokens:
raise NoResultFound
print "%s tokens with those definitions found, returning the first" % len(
matching_tokens)
token = matching_tokens[0]
except NoResultFound:
token = OAuthToken(
client_id=client.client_id,
user_id=u.id,
access_token=gen_salt(
current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN',
40)),
refresh_token=gen_salt(
current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN',
40)),
_scopes=' '.join(args.scopes),
expires=datetime.datetime(2050, 1, 1)
if args.is_personal else None,
is_personal=args.is_personal,
is_internal=True,
)
db.session.add(token)
db.session.commit()
return {
'access_token': token.access_token,
'refresh_token': token.refresh_token,
'username': u.email,
'expires_in': token.expires.isoformat() if token.expires else None,
'token_type': 'Bearer'
}
