def reverse_access_token(cls, access_token): if not access_token: raise InvalidAccessToken() part = access_token.split('.') if len(part) != 3: raise InvalidAccessToken() expire, info, check = part expire_timestamp = int(base36_to_int(expire)) if CurrentTimestamp()() > expire_timestamp: raise AccessTokenExpired() part = decrypt_cbc(info, OAUTH2_SETTINGS.ACCESS_TOKEN_SECRET_KEY).split('.') if len(part) != 6: raise InvalidAccessToken() client_pk, user_pk, expire2, scope, is_refreshable, checksum = base36_to_int(part[0]), base36_to_int(part[1]), \ part[2], part[3], part[4], part[5] if expire2 != expire: raise InvalidAccessToken() user_secret_key = UserClientSecretKey.objects.get_cached(user_id=user_pk, client=Client(pk=client_pk)).secret_key.encode('utf-8') if checksum != decrypt_cbc(check, user_secret_key): raise InvalidAccessToken() return client_pk, user_pk, scope, is_refreshable, expire_timestamp, user_secret_key
def is_feed_available(cls, feed_pk, feed_token): if not feed_token: return False part = feed_token.split('.') if len(part) != 2: return False info, check = part part = decrypt_cbc(info, SOCIAL_SETTINGS.FEED_TOKEN_SECRET_KEY).split('.') if len(part) != 4: return False feed_token_pk, user_pk, checksum = base36_to_int(part[0]), base36_to_int(part[1]), part[3] #TODO cache... secret_key = FeedSecretKey.objects.get_or_create(feed_id=feed_pk)[0].secret_key.encode('utf-8') if checksum != decrypt_cbc(check, secret_key): return False return int(feed_pk) == int(feed_token_pk)
def refresh_access_token(cls, refresh_token, old_access_token, expires_in): if not old_access_token: raise InvalidAccessToken() part = old_access_token.split('.') if len(part) != 3: raise InvalidAccessToken() expire, info, check = part part = decrypt_cbc(info, OAUTH2_SETTINGS.ACCESS_TOKEN_SECRET_KEY).split('.') client_pk, user_pk, expire2, scope, is_refreshable, checksum = base36_to_int(part[0]), base36_to_int(part[1]), \ part[2], part[3], part[4], part[5] user_secret_key = UserClientSecretKey.objects.get_cached(user_id=user_pk, client=Client(pk=client_pk)).secret_key.encode('utf-8') if checksum != decrypt_cbc(check, user_secret_key): raise InvalidAccessToken() refresh_checksum, _unused = decrypt_cbc(refresh_token, user_secret_key).split('.') if checksum != refresh_checksum: raise InvalidRefreshToken() return cls._generate_access_token(client_pk, user_pk, cls.str_to_scope(scope), expires_in, is_refreshable)
def check_code_and_decrypt_scope(cls, code, client, user): #TODO make fancy for error handling try: client_pk, scope_str, user_pk, timestamp, checksum_unused \ = decrypt_cbc(code, OAUTH2_SETTINGS.CODE_SECRET_KEY).split('.') if timestamp >= CurrentTimestamp() and str(client.pk) == str(client_pk) and str(user.pk) == str(user_pk): return cls.str_to_scope(scope_str) raise InvalidRequestError() except OAuth2Error: raise except: raise InvalidRequestError()