def test_verify_session_cookie_revoked(new_user, api_key): custom_token = auth.create_custom_token(new_user.uid) id_token = _sign_in(custom_token, api_key) session_cookie = auth.create_session_cookie(id_token, expires_in=datetime.timedelta(days=1)) time.sleep(1) auth.revoke_refresh_tokens(new_user.uid) claims = auth.verify_session_cookie(session_cookie, check_revoked=False) user = auth.get_user(new_user.uid) # verify_session_cookie succeeded because it didn't check revoked. assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp with pytest.raises(auth.AuthError) as excinfo: claims = auth.verify_session_cookie(session_cookie, check_revoked=True) assert excinfo.value.code == auth._SESSION_COOKIE_REVOKED assert str(excinfo.value) == 'The Firebase session cookie has been revoked.' # Sign in again, verify works. id_token = _sign_in(custom_token, api_key) session_cookie = auth.create_session_cookie(id_token, expires_in=datetime.timedelta(days=1)) claims = auth.verify_session_cookie(session_cookie, check_revoked=True) assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def test_verify_id_token_revoked(new_user, api_key): custom_token = auth.create_custom_token(new_user.uid) id_token = _sign_in(custom_token, api_key) claims = auth.verify_id_token(id_token) assert claims['iat'] * 1000 >= new_user.tokens_valid_after_timestamp time.sleep(1) auth.revoke_refresh_tokens(new_user.uid) claims = auth.verify_id_token(id_token, check_revoked=False) user = auth.get_user(new_user.uid) # verify_id_token succeeded because it didn't check revoked. assert claims['iat'] * 1000 < user.tokens_valid_after_timestamp with pytest.raises(auth.AuthError) as excinfo: claims = auth.verify_id_token(id_token, check_revoked=True) assert excinfo.value.code == auth._ID_TOKEN_REVOKED assert str(excinfo.value) == 'The Firebase ID token has been revoked.' # Sign in again, verify works. id_token = _sign_in(custom_token, api_key) claims = auth.verify_id_token(id_token, check_revoked=True) assert claims['iat'] * 1000 >= user.tokens_valid_after_timestamp
def test_sign_with_discovered_service_account(self): request = testutils.MockRequest(200, 'discovered-service-account') app = firebase_admin.initialize_app(testutils.MockCredential(), name='iam-signer-app') try: _overwrite_iam_request(app, request) # Force initialization of the signing provider. This will invoke the Metadata service. auth_service = auth._get_auth_service(app) assert auth_service.token_generator.signing_provider is not None # Now invoke the IAM signer. signature = base64.b64encode(b'test').decode() request.response = testutils.MockResponse( 200, '{{"signature": "{0}"}}'.format(signature)) custom_token = auth.create_custom_token(MOCK_UID, app=app).decode() assert custom_token.endswith('.' + signature) self._verify_signer(custom_token, 'discovered-service-account') assert len(request.log) == 2 assert request.log[0][1]['headers'] == { 'Metadata-Flavor': 'Google' } finally: firebase_admin.delete_app(app)
def create_custom_token(uid: str, valid_minutes: int = 60) -> bytes: """ Create a secure token for the given id. This method is used to create secure custom JWT tokens to be passed to clients. It takes a unique id that will be used by Firebase's security rules to prevent unauthorized access. In this case, the uid will be the channel id which is a combination of a user id and a game id. """ global _firebase_app if _firebase_app is None: _firebase_app = initialize_app() attempts = 0 MAX_ATTEMPTS = 2 while attempts < MAX_ATTEMPTS: try: return auth.create_custom_token(uid).decode() except: # It appears that ConnectionResetError exceptions can # propagate (wrapped in an obscure Firebase object) from # the call to create_custom_token() if attempts == MAX_ATTEMPTS - 1: raise attempts += 1 assert False, "Unexpected fall out of loop in firebase.create_custom_token()"
def get_token(uid): """Return a Firebase ID token dict from a user id (UID). Returns: dict: Keys are "kind", "idToken", "refreshToken", and "expiresIn". "expiresIn" is in seconds. The return dict matches the response payload described in https://firebase.google.com/docs/reference/rest/auth/#section-verify-custom-token The actual token is at get_token(uid)["idToken"]. """ token = auth.create_custom_token(uid) data = { 'token': token, 'returnSecureToken': True } url = "https://www.googleapis.com/identitytoolkit/v3/relyingparty" \ "/verifyCustomToken?key={}".format(API_KEY) req = urllib2.Request(url, json.dumps(data), {'Content-Type': 'application/json'}) response = urllib2.urlopen(req).read() return json.loads(response)
def register(): data = request.json email = data.get("email") password = data.get("password") role = data.get("role") admin_user = None # if whitelisted, set to admin if Admin.objects(email=email): admin_user = Admin.objects.get(email=email) elif role == Account.ADMIN: msg = "Email is not whitelisted as Admin" logger.info(msg) return create_response(status=422, message=msg) firebase_user, error_http_response = create_firebase_user(email, password) if error_http_response: return error_http_response # account created firebase_uid = firebase_user.uid if admin_user: admin_user.firebase_uid = firebase_uid admin_user.save() return create_response( message="Created account", data={ "token": firebase_admin_auth.create_custom_token(firebase_uid, { "role": role }).decode("utf-8"), }, )
def extend_session(): debug(f'[extend_session - INFO]: Starting.') func_name = 'extend_session' # Attempt to grab server settings document server_settings, err = getServerSettings() if err: err = f"[{func_name} - ERROR]: Unable to retrieve settings, err = {err}." return err, 500 request_data, user_id, err = authentication(request, server_settings) debug(f"[{func_name} - DATA]: request_data: {request_data}") if err: err = f"[{func_name} - ERROR]: Authentication error, err = {err}" return err, 500 custom_token = auth.create_custom_token(user_id) response = jsonify({ 'status': 'success', 'customtoken': custom_token.decode("utf-8") }) return response
def setUp(self): mapper = ClassMapper([Dog, Cat, Person, JackRussell, Monkey, Monarch]) # self.db = FirestoreWrapper(mapper, creds_path) cred = credentials.Certificate(CREDS) app = firebase_admin.initialize_app(cred) uid = 'some-uid' additional_claims = { 'premiumAccount': True } custom_token = auth.create_custom_token(uid, additional_claims) firebase_admin.delete_app(app) self.db = FirestoreWrapper(mapper, None, project_id=CREDS["project_id"], custom_token=custom_token.decode("utf-8"), api_key=API_KEY, namespace=NAMESPACE )
def __init__(self, mapper, app_name, uid, project_id, api_key, namespace, additional_claims=None): token = auth.create_custom_token(uid, additional_claims).decode("utf-8") super().__init__(mapper, None, project_id=project_id, custom_token=token, api_key=api_key, name=app_name, namespace=namespace) credentials = self.app.credential.get_credential() test_client = FirestoreTestClient(credentials=credentials, project=project_id) self.db = test_client
def get_token(self, user): return auth.create_custom_token(user)
def test_custom_token(self, auth_app): custom_token = auth.create_custom_token(MOCK_UID, app=auth_app) _overwrite_cert_request(auth_app, MOCK_REQUEST) with pytest.raises(ValueError): auth.verify_session_cookie(custom_token, app=auth_app)
def test_invalid_params(self, auth_app, values): user, claims, error = values with pytest.raises(error): auth.create_custom_token(user, claims, app=auth_app)
def create_firebase_token(pax_id): custom_token = auth.create_custom_token(pax_id) return str(custom_token, "utf-8")
def test_noncert_credential(self, non_cert_app): with pytest.raises(ValueError): auth.create_custom_token(MOCK_UID, app=non_cert_app)
def test_custom_token(api_key): custom_token = auth.create_custom_token('user1') id_token = _sign_in(custom_token, api_key) claims = auth.verify_id_token(id_token) assert claims['uid'] == 'user1'
def firebase_auth(): custom_token = auth.create_custom_token(get_token_sub()) return jsonify({'firebaseToken': custom_token.decode('utf-8')})
def create_custom_token(request: flask.Request): if config.is_dev and config.fake_user: logger.warning('Create Custom Token: Using Fake User') return b'FAKE TOKEN' claims = _verify_claims(request) return auth.create_custom_token(claims['sub'], app=firebase_util.get_app())
def view_question(request, q_num, ch_name, m_name): module_stored = get_object_or_404(Module, module_name=m_name) chapter_stored = get_object_or_404(Chapter, module=module_stored, chapter_name=ch_name) question_stored = get_object_or_404(Question, chapter=chapter_stored, question_number=q_num) student = Student.objects.get(user=request.user) try: team = student.joined_teams.get(chapter=chapter_stored) except: raise Http404(u"Access Denied") if len(team.qn_tried) + 1 < q_num: raise Http404(u"Please do questions in order") elif len(team.qn_tried) + 1 > q_num: raise Http404(u"You already done this question") if request.method == 'POST': ans_return = request.POST.get('ans_return') print(ans_return) solution = get_object_or_404(Solution, question=question_stored) team.qn_tried = team.qn_tried + "1" if ans_return == solution.solution_answer: team.qn_results = team.qn_results + "1" print("Answer is Correct") else: team.qn_results = team.qn_results + "0" print("Answer is Wrong") print(team.qn_tried) print(team.qn_results) team.save() return HttpResponseRedirect( reverse('appOne:start_question', kwargs={ 'm_name': m_name, 'ch_name': ch_name })) else: students = team.student_set.all() student_list = list(students) print(student_list) # debug index = student_list.index(student) # get the index of student.... ordering = (index + q_num) % 5 haveQuestion = False optionStr = "" display_str = "" if (ordering == 0): haveQuestion = True display_str = question_stored.question_name elif (ordering == 1): display_str = question_stored.question_optionA optionStr = "OPTION A" elif (ordering == 2): display_str = question_stored.question_optionB optionStr = "OPTION B" elif (ordering == 3): display_str = question_stored.question_optionC optionStr = "OPTION C" elif (ordering == 4): display_str = question_stored.question_optionD optionStr = "OPTION D" else: print("error") uid = request.user.username try: auth.create_user(uid=uid) print("add user") except: print("Existing user") custom_token = (auth.create_custom_token(uid)).decode() student = Student.objects.get(user=request.user) team = student.joined_teams.get(chapter=chapter_stored) room_id = team.room_id context = { 'display_str': display_str, 'haveQuestion': haveQuestion, 'optionStr': optionStr, 'custom_token': custom_token, 'room_id': room_id, } return render(request, 'appOne/quiz.html', context)
def create_custom_token(uid): try: return auth.create_custom_token(uid) except Exception as e: raise e
def generate_custom_token(self, email): user = auth.get_user_by_email(email, self._app) token = auth.create_custom_token(user.uid, app=self._app).decode('utf-8') return token
def get_custom_token(uid, connector): return auth.create_custom_token(uid, app=connector.app)
def get_firebase_token(user: User): uid = user.firebase_uid custom_token = auth.create_custom_token(uid) return jsonify(firebase_token=custom_token.decode()), 200
def create_user_token(): try: token = request.form["token"] except KeyError as e: return jsonify({"statusCode": 407, "message": "token missing"}) else: try: decoded_token: dict = auth.verify_id_token(token) except Exception as e: return jsonify({ "statusCode": 505, "message": "Exception" + str(e) }) else: try: uid = decoded_token["uid"] except KeyError as e: return jsonify({ "statusCode": 406, "message": "KeyError Exception" + str(e) }) except Exception as e: return jsonify({ "statusCode": 505, "message": "Exception" + str(e) }) else: try: doc_data: dict = db.collection("accounts").document( uid).get().to_dict() except TypeError as e: return jsonify({ "statusCode": 406, "message": "TypeError Exception" + str(e) }) except Exception as e: return jsonify({ "statusCode": 505, "message": "Exception" + str(e) }) else: try: permissions: dict = doc_data["permissions"] except KeyError as e: return jsonify({ "statusCode": 406, "message": "KeyError Exception" + str(e), }) except TypeError as e: return jsonify({ "statusCode": 406, "message": "TypeError Exception" + str(e), }) except Exception as e: return jsonify({ "statusCode": 505, "message": "Exception" + str(e) }) else: try: custom_token = auth.create_custom_token( uid, permissions) except Exception as e: return jsonify({ "statusCode": 505, "message": "Exception" + str(e) }) else: return jsonify({ "statusCode": 202, "message": "operation was successful", "token": str(custom_token), })
def generate_token(uid): custom_token = auth.create_custom_token(uid).decode("utf-8") return custom_token
import firebase_admin from firebase_admin import auth from firebase_admin import credentials from util import EnvSetting data = credentials.Certificate(EnvSetting.GOOGLE_CRED_PATH) default_app = firebase_admin.initialize_app(credential=data) print(default_app.name) user_record = auth.create_user(email='*****@*****.**') auth.set_custom_user_claims(user_record.uid, {"some": "value"}) #user_record = auth.get_user_by_email('*****@*****.**') print("\n got") token = auth.create_custom_token(user_record.uid, app=default_app) print("\n got token bytes") token = token.decode('utf-8') print("\n str token " + token)
def test_minting_new_token(self): custom_token = auth.create_custom_token(self.test_uid) self.assertIsNotNone(custom_token)
import firebase_admin from firebase_admin import credentials, auth cred = credentials.Certificate('./ServiceAccountKey.json') default_app = firebase_admin.initialize_app(cred) uid = 'yhuai2' custom_token = auth.create_custom_token(uid) print(custom_token)
def issueCustomToken(self): return auth.create_custom_token(self.config.userID, { "initializing": self.config.initMode, "customized": True, }).decode("ascii")
def test_valid_params(self, auth_app, values): user, claims = values custom_token = auth.create_custom_token(user, claims, app=auth_app) _verify_custom_token(custom_token, claims)
def create_custom_token(self, *args): if self.app: return auth.create_custom_token(*args, app=self.app) else: return auth.create_custom_token(*args)
def login(): data = request.json email = data.get("email") password = data.get("password") role = data.get("role") firebase_user = None profile_model = get_profile_model(role) try: firebase_user = firebase_client.auth().sign_in_with_email_and_password( email, password) except Exception as e: if Users.objects(email=email) or profile_model.objects(email=email): # user = Users.objects.get(email=email) # old account, need to create a firebase account # no password -> no sign-in methods -> forced to reset password firebase_user, error_http_response = create_firebase_user( email, None) if error_http_response: return error_http_response # user.delete() # send password reset email error = send_forgot_password_email(email) msg = "Created new Firebase account for existing user" logger.info(msg) return (error and error or create_response( status=201, message=msg, data={"passwordReset": True})) else: msg = "Could not login" logger.info(msg) return create_response(status=422, message=msg) firebase_uid = firebase_user["localId"] firebase_admin_user = firebase_admin_auth.get_user(firebase_uid) profile_id = None try: profile = profile_model.objects.get(email=email) profile_id = str(profile.id) if not profile.firebase_uid or profile.firebase_uid != firebase_uid: profile.firebase_uid = firebase_uid profile.save() except: if role != Account.ADMIN: # user failed to create profile during registration phase # prompt frontend to return user to appropriate phase return create_response( message="Logged in", data={ "redirectToVerify": not firebase_admin_user.email_verified, "redirectToCreateProfile": True, "token": firebase_admin_auth.create_custom_token( firebase_uid, { "role": role }).decode("utf-8"), "profileId": profile_id, "role": role, }, ) # pass msg = "Couldn't find profile with these credentials" logger.info(msg) return create_response(status=422, message=msg) return create_response( message="Logged in", data={ "token": firebase_admin_auth.create_custom_token(firebase_uid, { "role": role, "profileId": profile_id }).decode("utf-8"), "profileId": profile_id, "role": role, }, )