def test_verify_session_cookie_revoked(new_user, api_key):
custom_token = auth.create_custom_token(new_user.uid)
id_token = _sign_in(custom_token, api_key)
session_cookie = auth.create_session_cookie(id_token, expires_in=datetime.timedelta(days=1))
time.sleep(1)
auth.revoke_refresh_tokens(new_user.uid)
claims = auth.verify_session_cookie(session_cookie, check_revoked=False)
user = auth.get_user(new_user.uid)
# verify_session_cookie succeeded because it didn't check revoked.
assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp
with pytest.raises(auth.AuthError) as excinfo:
claims = auth.verify_session_cookie(session_cookie, check_revoked=True)
assert excinfo.value.code == auth._SESSION_COOKIE_REVOKED
assert str(excinfo.value) == 'The Firebase session cookie has been revoked.'
# Sign in again, verify works.
id_token = _sign_in(custom_token, api_key)
session_cookie = auth.create_session_cookie(id_token, expires_in=datetime.timedelta(days=1))
claims = auth.verify_session_cookie(session_cookie, check_revoked=True)
assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def test_verify_id_token_revoked(new_user, api_key):
custom_token = auth.create_custom_token(new_user.uid)
id_token = _sign_in(custom_token, api_key)
claims = auth.verify_id_token(id_token)
assert claims['iat'] * 1000 >= new_user.tokens_valid_after_timestamp
time.sleep(1)
auth.revoke_refresh_tokens(new_user.uid)
claims = auth.verify_id_token(id_token, check_revoked=False)
user = auth.get_user(new_user.uid)
# verify_id_token succeeded because it didn't check revoked.
assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp
with pytest.raises(auth.AuthError) as excinfo:
claims = auth.verify_id_token(id_token, check_revoked=True)
assert excinfo.value.code == auth._ID_TOKEN_REVOKED
assert str(excinfo.value) == 'The Firebase ID token has been revoked.'
# Sign in again, verify works.
id_token = _sign_in(custom_token, api_key)
claims = auth.verify_id_token(id_token, check_revoked=True)
assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def test_sign_with_discovered_service_account(self):
request = testutils.MockRequest(200, 'discovered-service-account')
app = firebase_admin.initialize_app(testutils.MockCredential(),
name='iam-signer-app')
try:
_overwrite_iam_request(app, request)
# Force initialization of the signing provider. This will invoke the Metadata service.
auth_service = auth._get_auth_service(app)
assert auth_service.token_generator.signing_provider is not None
# Now invoke the IAM signer.
signature = base64.b64encode(b'test').decode()
request.response = testutils.MockResponse(
200, '{{"signature": "{0}"}}'.format(signature))
custom_token = auth.create_custom_token(MOCK_UID, app=app).decode()
assert custom_token.endswith('.' + signature)
self._verify_signer(custom_token, 'discovered-service-account')
assert len(request.log) == 2
assert request.log[0][1]['headers'] == {
'Metadata-Flavor': 'Google'
}
finally:
firebase_admin.delete_app(app)
def create_custom_token(uid: str, valid_minutes: int = 60) -> bytes:
""" Create a secure token for the given id.
This method is used to create secure custom JWT tokens to be passed to
clients. It takes a unique id that will be used by Firebase's
security rules to prevent unauthorized access. In this case, the uid will
be the channel id which is a combination of a user id and a game id.
"""
global _firebase_app
if _firebase_app is None:
_firebase_app = initialize_app()
attempts = 0
MAX_ATTEMPTS = 2
while attempts < MAX_ATTEMPTS:
try:
return auth.create_custom_token(uid).decode()
except:
# It appears that ConnectionResetError exceptions can
# propagate (wrapped in an obscure Firebase object) from
# the call to create_custom_token()
if attempts == MAX_ATTEMPTS - 1:
raise
attempts += 1
assert False, "Unexpected fall out of loop in firebase.create_custom_token()"
def get_token(uid):
"""Return a Firebase ID token dict from a user id (UID).
Returns:
dict: Keys are "kind", "idToken", "refreshToken", and "expiresIn".
"expiresIn" is in seconds.
The return dict matches the response payload described in
https://firebase.google.com/docs/reference/rest/auth/#section-verify-custom-token
The actual token is at get_token(uid)["idToken"].
"""
token = auth.create_custom_token(uid)
data = {
'token': token,
'returnSecureToken': True
}
url = "https://www.googleapis.com/identitytoolkit/v3/relyingparty" \
"/verifyCustomToken?key={}".format(API_KEY)
req = urllib2.Request(url,
json.dumps(data),
{'Content-Type': 'application/json'})
response = urllib2.urlopen(req).read()
return json.loads(response)
def register():
data = request.json
email = data.get("email")
password = data.get("password")
role = data.get("role")
admin_user = None
# if whitelisted, set to admin
if Admin.objects(email=email):
admin_user = Admin.objects.get(email=email)
elif role == Account.ADMIN:
msg = "Email is not whitelisted as Admin"
logger.info(msg)
return create_response(status=422, message=msg)
firebase_user, error_http_response = create_firebase_user(email, password)
if error_http_response:
return error_http_response
# account created
firebase_uid = firebase_user.uid
if admin_user:
admin_user.firebase_uid = firebase_uid
admin_user.save()
return create_response(
message="Created account",
data={
"token":
firebase_admin_auth.create_custom_token(firebase_uid, {
"role": role
}).decode("utf-8"),
},
)
def extend_session():
debug(f'[extend_session - INFO]: Starting.')
func_name = 'extend_session'
# Attempt to grab server settings document
server_settings, err = getServerSettings()
if err:
err = f"[{func_name} - ERROR]: Unable to retrieve settings, err = {err}."
return err, 500
request_data, user_id, err = authentication(request, server_settings)
debug(f"[{func_name} - DATA]: request_data: {request_data}")
if err:
err = f"[{func_name} - ERROR]: Authentication error, err = {err}"
return err, 500
custom_token = auth.create_custom_token(user_id)
response = jsonify({
'status': 'success',
'customtoken': custom_token.decode("utf-8")
})
return response
def setUp(self):
mapper = ClassMapper([Dog, Cat, Person, JackRussell, Monkey, Monarch])
# self.db = FirestoreWrapper(mapper, creds_path)
cred = credentials.Certificate(CREDS)
app = firebase_admin.initialize_app(cred)
uid = 'some-uid'
additional_claims = {
'premiumAccount': True
}
custom_token = auth.create_custom_token(uid, additional_claims)
firebase_admin.delete_app(app)
self.db = FirestoreWrapper(mapper,
None,
project_id=CREDS["project_id"],
custom_token=custom_token.decode("utf-8"),
api_key=API_KEY,
namespace=NAMESPACE
)
def __init__(self,
mapper,
app_name,
uid,
project_id,
api_key,
namespace,
additional_claims=None):
token = auth.create_custom_token(uid,
additional_claims).decode("utf-8")
super().__init__(mapper,
None,
project_id=project_id,
custom_token=token,
api_key=api_key,
name=app_name,
namespace=namespace)
credentials = self.app.credential.get_credential()
test_client = FirestoreTestClient(credentials=credentials,
project=project_id)
self.db = test_client
def get_token(self, user):
return auth.create_custom_token(user)
def test_custom_token(self, auth_app):
custom_token = auth.create_custom_token(MOCK_UID, app=auth_app)
_overwrite_cert_request(auth_app, MOCK_REQUEST)
with pytest.raises(ValueError):
auth.verify_session_cookie(custom_token, app=auth_app)
def test_invalid_params(self, auth_app, values):
user, claims, error = values
with pytest.raises(error):
auth.create_custom_token(user, claims, app=auth_app)
def create_firebase_token(pax_id):
custom_token = auth.create_custom_token(pax_id)
return str(custom_token, "utf-8")
def test_noncert_credential(self, non_cert_app):
with pytest.raises(ValueError):
auth.create_custom_token(MOCK_UID, app=non_cert_app)
def test_custom_token(api_key):
custom_token = auth.create_custom_token('user1')
id_token = _sign_in(custom_token, api_key)
claims = auth.verify_id_token(id_token)
assert claims['uid'] == 'user1'
def firebase_auth():
custom_token = auth.create_custom_token(get_token_sub())
return jsonify({'firebaseToken': custom_token.decode('utf-8')})
def create_custom_token(request: flask.Request):
if config.is_dev and config.fake_user:
logger.warning('Create Custom Token: Using Fake User')
return b'FAKE TOKEN'
claims = _verify_claims(request)
return auth.create_custom_token(claims['sub'], app=firebase_util.get_app())
def view_question(request, q_num, ch_name, m_name):
module_stored = get_object_or_404(Module, module_name=m_name)
chapter_stored = get_object_or_404(Chapter,
module=module_stored,
chapter_name=ch_name)
question_stored = get_object_or_404(Question,
chapter=chapter_stored,
question_number=q_num)
student = Student.objects.get(user=request.user)
try:
team = student.joined_teams.get(chapter=chapter_stored)
except:
raise Http404(u"Access Denied")
if len(team.qn_tried) + 1 < q_num:
raise Http404(u"Please do questions in order")
elif len(team.qn_tried) + 1 > q_num:
raise Http404(u"You already done this question")
if request.method == 'POST':
ans_return = request.POST.get('ans_return')
print(ans_return)
solution = get_object_or_404(Solution, question=question_stored)
team.qn_tried = team.qn_tried + "1"
if ans_return == solution.solution_answer:
team.qn_results = team.qn_results + "1"
print("Answer is Correct")
else:
team.qn_results = team.qn_results + "0"
print("Answer is Wrong")
print(team.qn_tried)
print(team.qn_results)
team.save()
return HttpResponseRedirect(
reverse('appOne:start_question',
kwargs={
'm_name': m_name,
'ch_name': ch_name
}))
else:
students = team.student_set.all()
student_list = list(students)
print(student_list) # debug
index = student_list.index(student) # get the index of student....
ordering = (index + q_num) % 5
haveQuestion = False
optionStr = ""
display_str = ""
if (ordering == 0):
haveQuestion = True
display_str = question_stored.question_name
elif (ordering == 1):
display_str = question_stored.question_optionA
optionStr = "OPTION A"
elif (ordering == 2):
display_str = question_stored.question_optionB
optionStr = "OPTION B"
elif (ordering == 3):
display_str = question_stored.question_optionC
optionStr = "OPTION C"
elif (ordering == 4):
display_str = question_stored.question_optionD
optionStr = "OPTION D"
else:
print("error")
uid = request.user.username
try:
auth.create_user(uid=uid)
print("add user")
except:
print("Existing user")
custom_token = (auth.create_custom_token(uid)).decode()
student = Student.objects.get(user=request.user)
team = student.joined_teams.get(chapter=chapter_stored)
room_id = team.room_id
context = {
'display_str': display_str,
'haveQuestion': haveQuestion,
'optionStr': optionStr,
'custom_token': custom_token,
'room_id': room_id,
}
return render(request, 'appOne/quiz.html', context)
def create_custom_token(uid):
try:
return auth.create_custom_token(uid)
except Exception as e:
raise e
def generate_custom_token(self, email):
user = auth.get_user_by_email(email, self._app)
token = auth.create_custom_token(user.uid,
app=self._app).decode('utf-8')
return token
def get_custom_token(uid, connector): return auth.create_custom_token(uid, app=connector.app)
def get_firebase_token(user: User):
uid = user.firebase_uid
custom_token = auth.create_custom_token(uid)
return jsonify(firebase_token=custom_token.decode()), 200
def create_user_token():
try:
token = request.form["token"]
except KeyError as e:
return jsonify({"statusCode": 407, "message": "token missing"})
else:
try:
decoded_token: dict = auth.verify_id_token(token)
except Exception as e:
return jsonify({
"statusCode": 505,
"message": "Exception" + str(e)
})
else:
try:
uid = decoded_token["uid"]
except KeyError as e:
return jsonify({
"statusCode": 406,
"message": "KeyError Exception" + str(e)
})
except Exception as e:
return jsonify({
"statusCode": 505,
"message": "Exception" + str(e)
})
else:
try:
doc_data: dict = db.collection("accounts").document(
uid).get().to_dict()
except TypeError as e:
return jsonify({
"statusCode": 406,
"message": "TypeError Exception" + str(e)
})
except Exception as e:
return jsonify({
"statusCode": 505,
"message": "Exception" + str(e)
})
else:
try:
permissions: dict = doc_data["permissions"]
except KeyError as e:
return jsonify({
"statusCode":
406,
"message":
"KeyError Exception" + str(e),
})
except TypeError as e:
return jsonify({
"statusCode":
406,
"message":
"TypeError Exception" + str(e),
})
except Exception as e:
return jsonify({
"statusCode": 505,
"message": "Exception" + str(e)
})
else:
try:
custom_token = auth.create_custom_token(
uid, permissions)
except Exception as e:
return jsonify({
"statusCode": 505,
"message": "Exception" + str(e)
})
else:
return jsonify({
"statusCode": 202,
"message": "operation was successful",
"token": str(custom_token),
})
def generate_token(uid):
custom_token = auth.create_custom_token(uid).decode("utf-8")
return custom_token
import firebase_admin
from firebase_admin import auth
from firebase_admin import credentials
from util import EnvSetting
data = credentials.Certificate(EnvSetting.GOOGLE_CRED_PATH)
default_app = firebase_admin.initialize_app(credential=data)
print(default_app.name)
user_record = auth.create_user(email='*****@*****.**')
auth.set_custom_user_claims(user_record.uid, {"some": "value"})
#user_record = auth.get_user_by_email('*****@*****.**')
print("\n got")
token = auth.create_custom_token(user_record.uid, app=default_app)
print("\n got token bytes")
token = token.decode('utf-8')
print("\n str token " + token)
def test_minting_new_token(self):
custom_token = auth.create_custom_token(self.test_uid)
self.assertIsNotNone(custom_token)
import firebase_admin
from firebase_admin import credentials, auth
cred = credentials.Certificate('./ServiceAccountKey.json')
default_app = firebase_admin.initialize_app(cred)
uid = 'yhuai2'
custom_token = auth.create_custom_token(uid)
print(custom_token)
def issueCustomToken(self):
return auth.create_custom_token(self.config.userID, {
"initializing": self.config.initMode,
"customized": True,
}).decode("ascii")
def test_valid_params(self, auth_app, values):
user, claims = values
custom_token = auth.create_custom_token(user, claims, app=auth_app)
_verify_custom_token(custom_token, claims)
def create_custom_token(self, *args):
if self.app:
return auth.create_custom_token(*args, app=self.app)
else:
return auth.create_custom_token(*args)
def login():
data = request.json
email = data.get("email")
password = data.get("password")
role = data.get("role")
firebase_user = None
profile_model = get_profile_model(role)
try:
firebase_user = firebase_client.auth().sign_in_with_email_and_password(
email, password)
except Exception as e:
if Users.objects(email=email) or profile_model.objects(email=email):
# user = Users.objects.get(email=email)
# old account, need to create a firebase account
# no password -> no sign-in methods -> forced to reset password
firebase_user, error_http_response = create_firebase_user(
email, None)
if error_http_response:
return error_http_response
# user.delete()
# send password reset email
error = send_forgot_password_email(email)
msg = "Created new Firebase account for existing user"
logger.info(msg)
return (error and error or create_response(
status=201, message=msg, data={"passwordReset": True}))
else:
msg = "Could not login"
logger.info(msg)
return create_response(status=422, message=msg)
firebase_uid = firebase_user["localId"]
firebase_admin_user = firebase_admin_auth.get_user(firebase_uid)
profile_id = None
try:
profile = profile_model.objects.get(email=email)
profile_id = str(profile.id)
if not profile.firebase_uid or profile.firebase_uid != firebase_uid:
profile.firebase_uid = firebase_uid
profile.save()
except:
if role != Account.ADMIN:
# user failed to create profile during registration phase
# prompt frontend to return user to appropriate phase
return create_response(
message="Logged in",
data={
"redirectToVerify":
not firebase_admin_user.email_verified,
"redirectToCreateProfile":
True,
"token":
firebase_admin_auth.create_custom_token(
firebase_uid, {
"role": role
}).decode("utf-8"),
"profileId":
profile_id,
"role":
role,
},
)
# pass
msg = "Couldn't find profile with these credentials"
logger.info(msg)
return create_response(status=422, message=msg)
return create_response(
message="Logged in",
data={
"token":
firebase_admin_auth.create_custom_token(firebase_uid, {
"role": role,
"profileId": profile_id
}).decode("utf-8"),
"profileId":
profile_id,
"role":
role,
},
)
