def bootstrap_bumblebee(): """ Return or create a OAuthClient owned by the "bumblebee" user. Re-uses an existing client if "oauth_client" is encoded into the session cookie, otherwise writes a new client to the database. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL'] client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client') scopes = ' '.join(current_app.config.get('BOOTSTRAP_SCOPES', [])) client = OAuthClient(user_id=current_user.get_id(), name=client_name, description=client_name, is_confidential=False, is_internal=True, _default_scopes=scopes, ratelimit=1.0) client.gen_salt() db.session.add(client) token = Bootstrap.create_temporary_token(client) db.session.add(token) db.session.commit() return client, token
def bootstrap_user_new(self, client_name=None, scopes=None, ratelimit=1.0, expires=datetime.datetime(2500, 1, 1)): """ Create a OAuthClient owned by the authenticated real user. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL'] self._check_ratelimit(ratelimit) uid = current_user.get_id() client_name = client_name or current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client') client = OAuthClient( user_id=current_user.get_id(), name=client_name, description=client_name, is_confidential=True, is_internal=True, _default_scopes=scopes or ' '.join(current_app.config['USER_DEFAULT_SCOPES']), ratelimit=ratelimit ) client.gen_salt() db.session.add(client) token = Bootstrap.create_user_token(client, expires=expires) db.session.add(token) current_app.logger.info( "Created OAuth client for {email}".format(email=current_user.email) ) db.session.commit() return client, token
def bootstrap_user(self, client_name=None, scopes=None, ratelimit=1.0, expires=datetime.datetime(2500, 1, 1)): """ Return or create a OAuthClient owned by the authenticated real user. Re-uses an existing client if "oauth_client" is found in the database for this user, otherwise writes a new client to the database. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL'] uid = current_user.get_id() client_name = client_name or current_app.config.get( 'BOOTSTRAP_CLIENT_NAME', 'BB client') client = OAuthClient.query.filter_by( user_id=uid, name=client_name, ).order_by(OAuthClient.created.desc()).first() if client is None: self._check_ratelimit(ratelimit) client = OAuthClient( user_id=current_user.get_id(), name=client_name, description=client_name, is_confidential=True, is_internal=True, _default_scopes=scopes or ' '.join(current_app.config['USER_DEFAULT_SCOPES']), ratelimit=ratelimit) client.gen_salt() db.session.add(client) token = Bootstrap.create_user_token(client, expires=expires) db.session.add(token) current_app.logger.info("Created BB client for {email}".format( email=current_user.email)) else: token = OAuthToken.query.filter_by( client_id=client.client_id, user_id=current_user.get_id(), ).first() if token is None: # the token was not created yet token = Bootstrap.create_user_token(client, expires=expires) db.session.add(token) current_app.logger.info("Created BB client for {email}".format( email=current_user.email)) db.session.commit() return client, token
def bootstrap_user(): """ Return or create a OAuthClient owned by the authenticated real user. Re-uses an existing client if "oauth_client" is found in the database for this user, otherwise writes a new client to the database. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL'] uid = current_user.get_id() client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client') client = OAuthClient.query.filter_by( user_id=uid, name=client_name, ).first() if client is None: scopes = ' '.join(current_app.config['USER_DEFAULT_SCOPES']) salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40) client = OAuthClient( user_id=current_user.get_id(), name=client_name, description=client_name, is_confidential=True, is_internal=True, _default_scopes=scopes, ) client.gen_salt() db.session.add(client) token = OAuthToken( client_id=client.client_id, user_id=uid, access_token=gen_salt(salt_length), refresh_token=gen_salt(salt_length), expires=datetime.datetime(2500, 1, 1), _scopes=scopes, is_personal=False, is_internal=True, ) db.session.add(token) db.session.commit() current_app.logger.info( "Created BB client for {email}".format(email=current_user.email) ) else: token = OAuthToken.query.filter_by( client_id=client.client_id, user_id=current_user.get_id(), ).first() return client, token
def bootstrap_bumblebee(): """ Return or create a OAuthClient owned by the "bumblebee" user. Re-uses an existing client if "oauth_client" is encoded into the session cookie, otherwise writes a new client to the database. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL'] salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40) scopes = ' '.join(current_app.config.get('BOOTSTRAP_SCOPES', [])) expires = current_app.config.get('BOOTSTRAP_TOKEN_EXPIRES', 3600 * 24) client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client') uid = current_user.get_id() client = OAuthClient( user_id=uid, name=client_name, description=client_name, is_confidential=False, is_internal=True, _default_scopes=scopes, ) client.gen_salt() db.session.add(client) if isinstance(expires, int): expires = datetime.datetime.utcnow() + datetime.timedelta( seconds=expires) token = OAuthToken( client_id=client.client_id, user_id=uid, expires=expires, _scopes=scopes, access_token=gen_salt(salt_length), refresh_token=gen_salt(salt_length), is_personal=False, is_internal=True, ) db.session.add(token) db.session.commit() return client, token
def put(self): """ Generates a new API key :return: dict containing the API key data structure """ client = OAuthClient.query.filter_by( user_id=current_user.get_id(), name=u'ADS API client', ).first() if client is None: # If no client exists, create a new one client = OAuthClient( user_id=current_user.get_id(), name=u'ADS API client', description=u'ADS API client', is_confidential=False, is_internal=True, _default_scopes=' '.join( current_app.config['USER_API_DEFAULT_SCOPES'] ), ratelimit=1.0 ) client.gen_salt() token = OAuthToken( client_id=client.client_id, user_id=current_user.get_id(), access_token=gen_salt(40), refresh_token=gen_salt(40), expires=datetime.datetime(2500, 1, 1), _scopes=' '.join( current_app.config['USER_API_DEFAULT_SCOPES'] ), is_personal=False, ) db.session.add(client) db.session.add(token) try: db.session.commit() except Exception, e: current_app.logger.error("Unknown DB error: {0}".format(e)) abort(503) current_app.logger.info( "Created ADS API client+token for {0}".format( current_user.email ) )
def bootstrap_bumblebee(): """ Return or create a OAuthClient owned by the "bumblebee" user. Re-uses an existing client if "oauth_client" is encoded into the session cookie, otherwise writes a new client to the database. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL'] salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40) scopes = ' '.join(current_app.config.get('BOOTSTRAP_SCOPES', [])) expires = current_app.config.get('BOOTSTRAP_TOKEN_EXPIRES', 3600*24) client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client') uid = current_user.get_id() client = OAuthClient( user_id=uid, name=client_name, description=client_name, is_confidential=False, is_internal=True, _default_scopes=scopes, ) client.gen_salt() db.session.add(client) if isinstance(expires, int): expires = datetime.datetime.utcnow() + datetime.timedelta( seconds=expires) token = OAuthToken( client_id=client.client_id, user_id=uid, expires=expires, _scopes=scopes, access_token=gen_salt(salt_length), refresh_token=gen_salt(salt_length), is_personal=False, is_internal=True, ) db.session.add(token) db.session.commit() return client, token
def put(self): """ Generates a new API key :return: dict containing the API key data structure """ client = OAuthClient.query.filter_by( user_id=current_user.get_id(), name=u'ADS API client', ).first() if client is None: # If no client exists, create a new one client = OAuthClient( user_id=current_user.get_id(), name=u'ADS API client', description=u'ADS API client', is_confidential=False, is_internal=True, _default_scopes=' '.join( current_app.config['USER_API_DEFAULT_SCOPES'] ), ) client.gen_salt() token = OAuthToken( client_id=client.client_id, user_id=current_user.get_id(), access_token=gen_salt(40), refresh_token=gen_salt(40), expires=datetime.datetime(2500, 1, 1), _scopes=' '.join( current_app.config['USER_API_DEFAULT_SCOPES'] ), is_personal=False, ) db.session.add(client) db.session.add(token) try: db.session.commit() except Exception, e: current_app.logger.error("Unknown DB error: {0}".format(e)) abort(503) current_app.logger.info( "Created ADS API client+token for {0}".format( current_user.email ) )
def bootstrap_user(): """ Return or create a OAuthClient owned by the authenticated real user. Re-uses an existing client if "oauth_client" is found in the database for this user, otherwise writes a new client to the database. Similar logic performed for the OAuthToken. :return: OAuthToken instance """ assert current_user.email != current_app.config['BOOTSTRAP_USER_EMAIL'] uid = current_user.get_id() client_name = current_app.config.get('BOOTSTRAP_CLIENT_NAME', 'BB client') client = OAuthClient.query.filter_by( user_id=uid, name=client_name, ).first() scopes = ' '.join(current_app.config['USER_DEFAULT_SCOPES']) salt_length = current_app.config.get('OAUTH2_CLIENT_ID_SALT_LEN', 40) if client is None: client = OAuthClient( user_id=current_user.get_id(), name=client_name, description=client_name, is_confidential=True, is_internal=True, _default_scopes=scopes, ) client.gen_salt() db.session.add(client) token = OAuthToken( client_id=client.client_id, user_id=uid, access_token=gen_salt(salt_length), refresh_token=gen_salt(salt_length), expires=datetime.datetime(2500, 1, 1), _scopes=scopes, is_personal=False, is_internal=True, ) db.session.add(token) current_app.logger.info("Created BB client for {email}".format( email=current_user.email)) else: token = OAuthToken.query.filter_by( client_id=client.client_id, user_id=current_user.get_id(), ).first() if token is None: # the token was not created yet token = OAuthToken( client_id=client.client_id, user_id=uid, access_token=gen_salt(salt_length), refresh_token=gen_salt(salt_length), expires=datetime.datetime(2500, 1, 1), _scopes=scopes, is_personal=False, is_internal=True, ) db.session.add(token) current_app.logger.info("Created BB client for {email}".format( email=current_user.email)) db.session.commit() return client, token
def get_token(): parser = argparse.ArgumentParser() add_arguments(parser) args = parser.parse_args() app = create_app('manual_client_registration', EXTENSIONS = ['adsws.ext.sqlalchemy', 'adsws.ext.security',], PACKAGES=['adsws.modules.oauth2server',]) with app.app_context() as context: try: u = db.session.query(User).filter_by(email=args.user_email).one() except NoResultFound: if not args.create_user: sys.exit("User with email [%s] not found, and --create-user was not specified. Exiting." % args.user_email) u = User(email=args.user_email) db.session.add(u) db.session.commit() except MultipleResultsFound: raise DatabaseIntegrityError try: client = db.session.query(OAuthClient).filter_by(user_id=u.id,name=args.name).one() except MultipleResultsFound: raise DatabaseIntegrityError("Multiple oauthclients found for that user and name") except NoResultFound: client = OAuthClient( user_id = u.id, description=args.description, name=args.name, is_confidential=True, is_internal=True,) client.gen_salt() db.session.add(client) db.session.commit() try: tokens = db.session.query(OAuthToken).filter_by( client_id=client.client_id, user_id=u.id, is_personal=args.is_personal).all() #Iterate through each result and compare scopes matching_tokens = [] for t in tokens: if set(args.scopes) == set(t.scopes): matching_tokens.append(t) if not matching_tokens: raise NoResultFound print "%s tokens with those definitions found, returning the first" % len(matching_tokens) token = matching_tokens[0] except NoResultFound: token = OAuthToken( client_id=client.client_id, user_id=u.id, access_token=gen_salt(current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN', 40)), refresh_token=gen_salt(current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN', 40)), _scopes=' '.join(args.scopes), expires=datetime.datetime(2050,1,1) if args.is_personal else None, is_personal=args.is_personal, is_internal=True,) db.session.add(token) db.session.commit() return { 'access_token': token.access_token, 'refresh_token': token.refresh_token, 'username': u.email, 'expires_in': token.expires.isoformat() if token.expires else None, 'token_type': 'Bearer'}
def get_token(): parser = argparse.ArgumentParser() add_arguments(parser) args = parser.parse_args() app = create_app('manual_client_registration', EXTENSIONS=[ 'adsws.ext.sqlalchemy', 'adsws.ext.security', ], PACKAGES=[ 'adsws.modules.oauth2server', ]) with app.app_context() as context: try: u = db.session.query(User).filter_by(email=args.user_email).one() except NoResultFound: if not args.create_user: sys.exit( "User with email [%s] not found, and --create-user was not specified. Exiting." % args.user_email) u = User(email=args.user_email) db.session.add(u) db.session.commit() except MultipleResultsFound: raise DatabaseIntegrityError try: client = db.session.query(OAuthClient).filter_by( user_id=u.id, name=args.name).one() except MultipleResultsFound: raise DatabaseIntegrityError( "Multiple oauthclients found for that user and name") except NoResultFound: client = OAuthClient( user_id=u.id, description=args.description, name=args.name, is_confidential=True, is_internal=True, ) client.gen_salt() db.session.add(client) db.session.commit() try: tokens = db.session.query(OAuthToken).filter_by( client_id=client.client_id, user_id=u.id, is_personal=args.is_personal).all() #Iterate through each result and compare scopes matching_tokens = [] for t in tokens: if set(args.scopes) == set(t.scopes): matching_tokens.append(t) if not matching_tokens: raise NoResultFound print "%s tokens with those definitions found, returning the first" % len( matching_tokens) token = matching_tokens[0] except NoResultFound: token = OAuthToken( client_id=client.client_id, user_id=u.id, access_token=gen_salt( current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN', 40)), refresh_token=gen_salt( current_app.config.get('OAUTH2_TOKEN_PERSONAL_SALT_LEN', 40)), _scopes=' '.join(args.scopes), expires=datetime.datetime(2050, 1, 1) if args.is_personal else None, is_personal=args.is_personal, is_internal=True, ) db.session.add(token) db.session.commit() return { 'access_token': token.access_token, 'refresh_token': token.refresh_token, 'username': u.email, 'expires_in': token.expires.isoformat() if token.expires else None, 'token_type': 'Bearer' }