def issueAuthorizationCode(self, client_id, username, scope, userinfo, redirect_uri, userinfocode):
token_security_check = generate_random_secure_string()
expires_in = 600
token = {
"type": "Authorization",
"security_check": token_security_check,
"client_id": client_id,
"username": username,
"scope": json.dumps(scope),
"expires_at": int(time.time()) + expires_in,
"userinfocode": userinfocode,
"redirect_uri": redirect_uri,
}
token_id = self.new_unique_data("token", token)
# The returned token is the token ID with appended to it the security
# check value.
# The token ID is used to lookup the token in the database, and the
# security check value is used to make the string slightly more
# random
token = "%s_%s" % (token_id, token_security_check)
return token
def issueToken(self, client_id, username, scope, issue_refresh, userinfocode):
token_security_check = generate_random_secure_string()
expires_in = 3600
token = {
"type": "Bearer",
"security_check": token_security_check,
"client_id": client_id,
"username": username,
"scope": json.dumps(scope),
"expires_at": int(time.time()) + expires_in,
"issued_at": int(time.time()),
"refreshable": False,
"userinfocode": userinfocode,
}
if issue_refresh:
token["refreshable"] = True
# TODO: Figure out time for this
token["refreshable_until"] = None
token["refresh_security_check"] = generate_random_secure_string(128)
token_id = self.new_unique_data("token", token)
# The refresh token also has a prefix of R_ to make it distinguishable
if issue_refresh:
refresh_token = "R_%s_%s" % (token_id, token["refresh_security_check"])
else:
refresh_token = None
# The returned token is the token ID with appended to it the security
# check value.
# The token ID is used to lookup the token in the database, and the
# security check value is used to make the string slightly more
# random
token = "%s_%s" % (token_id, token_security_check)
return {"token_id": token_id, "access_token": token, "refresh_token": refresh_token, "expires_in": expires_in}
def refreshToken(self, refresh_token, client_id):
token = self.lookupToken(refresh_token, "Refresh", True)
if not token:
return None
if not constant_time_string_comparison(token["client_id"], client_id):
return None
if token["type"] != "Bearer":
# Only Bearer tokens are supported
return None
if not token["refreshable"]:
return None
if token["refreshable_until"] and token["refreshable_until"] >= int(time.time()):
return None
token_security_check = generate_random_secure_string()
refresh_security_check = generate_random_secure_string(128)
expires_in = 3600
# TODO: Figure out values for this
refreshable_until = None
token["security_check"] = token_security_check
token["refresh_security_check"] = refresh_security_check
token["expires_at"] = int(time.time()) + expires_in
token["refreshable_until"] = refreshable_until
self.update_token(token)
token = "%s_%s" % (token["token_id"], token_security_check)
refresh_token = "R_%s_%s" % (token["token_id"], refresh_security_check)
return {"access_token": token, "refresh_token": refresh_token, "expires_in": expires_in}
def generate_secret(self, force=False):
if 'client_secret' not in self.client_info or force:
self.client_info['client_secret'] = \
generate_random_secure_string()
self.client_info['client_secret_expires_at'] = 0 # FIXME: Expire?
self.client_info['client_id_issued_at'] = int(time.time())
