def has_valid_access_token(request) -> bool:
if getattr(settings, "OAUTH_AUTHORIZATION_URL", None):
if isinstance(request, str):
access_token = request
else:
access_token = request.session.get("access_token")
if access_token:
try:
# This returns a call to get_user which updates the oauth profile.
fetch_user_from_token(access_token)
return True
except (OAuthError, Unauthorized):
logger.info(
"Invalid access token, trying to refresh access token.")
access_token, refresh_token = refresh_access_tokens(
request.session.get("refresh_token"))
request.session["access_token"] = access_token
request.session["refresh_token"] = refresh_token
try:
fetch_user_from_token(access_token)
return True
except (OAuthError, Unauthorized):
return False
else:
return False
else:
# If OAuth isn't enabled, allow without checking for a valid token.
return True
def callback(request):
try:
access_token, refresh_token = request_access_tokens(
request.GET.get("code"))
request.session["access_token"] = access_token
request.session["refresh_token"] = refresh_token
user = fetch_user_from_token(access_token)
state = request.GET.get("state")
if user:
login(request,
user,
backend="django.contrib.auth.backends.ModelBackend")
logger.info('User "{0}" has logged in successfully'.format(
get_id(user)))
if state:
return redirect(base64.b64decode(state).decode())
return redirect("dashboard")
else:
logger.error("User could not be logged in.")
return HttpResponse(
'{"error":"User could not be logged in"}',
content_type="application/json",
status=401,
)
except Exception as e:
# Unless otherwise noted, we want any exception to redirect to the error page.
logger.error("Exception occurred during oauth, redirecting user.")
if getattr(settings, "DEBUG"):
raise e
return redirect("/login/error")
def test_fetch_user_from_token(self, mock_get_user_data, mock_get_user):
user_data = {"user": "******"}
example_user_data = {
"identification": "long_dn",
"commonname": "test",
"username": "******",
"email": "*****@*****.**",
"first_name": "test",
"last_name": "user"
}
example_token = "1234"
# Test valid token
self.mock_requests.get(settings.OAUTH_PROFILE_URL,
text=json.dumps(user_data),
status_code=200)
mock_get_user_data.return_value = example_user_data
fetch_user_from_token(example_token)
mock_get_user_data.assert_called_with(user_data)
mock_get_user.assert_called_with(example_user_data, user_data)
# Test invalid token
self.mock_requests.get(settings.OAUTH_PROFILE_URL, status_code=401)
with self.assertRaises(Unauthorized):
fetch_user_from_token(example_token)
# Test connection issues
self.mock_requests.get(settings.OAUTH_PROFILE_URL,
text=json.dumps(user_data),
status_code=200)
with patch('eventkit_cloud.auth.auth.requests.get') as mock_post:
mock_post.side_effect = requests.ConnectionError()
with self.assertRaises(OAuthServerUnreachable):
fetch_user_from_token(OAuthServerUnreachable)
def callback(request):
access_token = request_access_token(request.GET.get('code'))
user = fetch_user_from_token(access_token)
state = request.GET.get('state')
if user:
login(request, user, backend='django.contrib.auth.backends.ModelBackend')
logger.info('User "{0}" has logged in successfully'.format(get_id(user)))
if state:
return redirect(base64.b64decode(state).decode())
return redirect('dashboard')
else:
logger.error('User could not be logged in.')
return HttpResponse('{"error":"User could not be logged in"}',
content_type="application/json",
status=401)