示例#1
0
    def reverse_access_token(cls, access_token):
        if not access_token:
            raise InvalidAccessToken()
        part = access_token.split('.')
        if len(part) != 3:
            raise InvalidAccessToken()

        expire, info, check = part
        expire_timestamp = int(base36_to_int(expire))
        if CurrentTimestamp()() > expire_timestamp:
            raise AccessTokenExpired()

        part = decrypt_cbc(info, OAUTH2_SETTINGS.ACCESS_TOKEN_SECRET_KEY).split('.')

        if len(part) != 6:
            raise InvalidAccessToken()

        client_pk, user_pk, expire2, scope, is_refreshable, checksum = base36_to_int(part[0]), base36_to_int(part[1]), \
                                                                       part[2], part[3], part[4], part[5]
        if expire2 != expire:
            raise InvalidAccessToken()

        user_secret_key = UserClientSecretKey.objects.get_cached(user_id=user_pk,
                                                                 client=Client(pk=client_pk)).secret_key.encode('utf-8')
        if checksum != decrypt_cbc(check, user_secret_key):
            raise InvalidAccessToken()

        return client_pk, user_pk, scope, is_refreshable, expire_timestamp, user_secret_key
示例#2
0
    def is_feed_available(cls, feed_pk, feed_token):
        if not feed_token:
            return False
        part = feed_token.split('.')
        if len(part) != 2:
            return False

        info, check = part
        part = decrypt_cbc(info, SOCIAL_SETTINGS.FEED_TOKEN_SECRET_KEY).split('.')

        if len(part) != 4:
            return False

        feed_token_pk, user_pk, checksum = base36_to_int(part[0]), base36_to_int(part[1]), part[3]
        #TODO cache...
        secret_key = FeedSecretKey.objects.get_or_create(feed_id=feed_pk)[0].secret_key.encode('utf-8')
        if checksum != decrypt_cbc(check, secret_key):
            return False

        return int(feed_pk) == int(feed_token_pk)
示例#3
0
    def refresh_access_token(cls, refresh_token, old_access_token, expires_in):
        if not old_access_token:
            raise InvalidAccessToken()
        part = old_access_token.split('.')
        if len(part) != 3:
            raise InvalidAccessToken()

        expire, info, check = part
        part = decrypt_cbc(info, OAUTH2_SETTINGS.ACCESS_TOKEN_SECRET_KEY).split('.')
        client_pk, user_pk, expire2, scope, is_refreshable, checksum = base36_to_int(part[0]), base36_to_int(part[1]), \
                                                                       part[2], part[3], part[4], part[5]
        user_secret_key = UserClientSecretKey.objects.get_cached(user_id=user_pk,
                                                                 client=Client(pk=client_pk)).secret_key.encode('utf-8')
        if checksum != decrypt_cbc(check, user_secret_key):
            raise InvalidAccessToken()

        refresh_checksum, _unused = decrypt_cbc(refresh_token, user_secret_key).split('.')
        if checksum != refresh_checksum:
            raise InvalidRefreshToken()
        return cls._generate_access_token(client_pk, user_pk, cls.str_to_scope(scope), expires_in, is_refreshable)
示例#4
0
 def check_code_and_decrypt_scope(cls, code, client, user):
     #TODO make fancy for error handling
     try:
         client_pk, scope_str, user_pk, timestamp, checksum_unused \
             = decrypt_cbc(code, OAUTH2_SETTINGS.CODE_SECRET_KEY).split('.')
         if timestamp >= CurrentTimestamp() and str(client.pk) == str(client_pk) and str(user.pk) == str(user_pk):
             return cls.str_to_scope(scope_str)
         raise InvalidRequestError()
     except OAuth2Error:
         raise
     except:
         raise InvalidRequestError()