def test_downloader_view_new_download(self): self.assertTrue(self.login()) ci = 1 at = 5 newToken = AccessToken(id=at, accessToken="testToken", userID="0", serviceType="google", tokenTime=timezone.now(), userInfo="noInfo", cloudItem=CloudItem.objects.get(id=ci)) newToken.save() #first get the normal page r = self.client.get("/download/" + str(ci) + "/" + str(at) + "/", secure=True) self.assertContains(r, "No download have been started") #take last download d = Download.objects.latest("downTime") self.assertEquals(at, d.tokenID.id) #button has not been click self.assertEquals(constConfig.THREAD_NOTCLICKED, d.threadStatus)
def post(self): token = self.get_argument("access_token") access_token = AccessToken(self.application.access_token_store).find_by_access_token(token) data = access_token.verify() self.set_header("Content-Type", "application/json") self.write(json.dumps(data))
def _get_access_token(user, auth_code): client_id = settings.CROPLET_API_CLIENT_ID client_secret = settings.CROPLET_SECRET_API_KEY post_data = { 'grant_type': 'authorization_code', 'code': auth_code, 'client_id': client_id, 'client_secret': client_secret, 'redirect_uri': 'http://localhost:8005/callback/' } response = requests.post('{cropr_url}/oauth2/token/'.format(cropr_url=settings.CROPR_URL), post_data) if response.status_code != 200: Grant.objects.filter(user=user).delete() response = json.loads(response.text) if (hasattr(user, "access_token")): AccessToken.objects.filter(user=user).delete() token = AccessToken(user=user) access_token = response.get('access_token') if access_token: accessToken = AccessToken(user=user, access_token=access_token) accessToken.save() user.access_token = token user.save()
def token(request): # 验证应用端合法性 client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION')) if not client: response = HttpResponse('401 Unauthorized', status=401) response['WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."' return response # 验证是否为令牌表单 form = TokenForm(request.POST) if not form.is_valid(): return error_response('invalid_request') grant_type = form.cleaned_data['grant_type'] code = form.cleaned_data['code'] redirect_uri = form.cleaned_data['redirect_uri'] # 处理authorization_code请求 if grant_type == 'authorization_code': try: code = AuthorizationCode.objects.filter(expire_time__gte=datetime.datetime.now()).get(client=client, code=UUID(bytes=urlsafe_base64_decode(code)), redirect_uri=redirect_uri) except AuthorizationCode.DoesNotExist: return error_response('invalid_grant') try: token = AccessToken(client=client, user=code.user, code=code.code, expire_time=datetime.datetime.now() + datetime.timedelta(hours=1)) token.save() except IntegrityError: AccessToken.objects.get(code=code.code).delete() code.delete() return error_response('invalid_grant') return success_response(urlsafe_base64_encode(token.token.bytes)) else: return error_response('unsupported_grant_type')
def callback(request): client_id = settings.CROPLET_API_CLIENT_ID client_secret = settings.CROPLET_SECRET_API_KEY error = request.GET.get('error') auth_code = request.GET.get('code') if (error != None): pass elif (auth_code != None): data = {'grant_type': 'authorization_code', 'code': auth_code, 'client_id': client_id, 'client_secret': client_secret} response = requests.post( 'http://localhost:8000/oauth2/access_token/', data) response = json.loads(response.text) if hasattr(request.user, "access_token"): AccessToken.objects.get(user=request.user).delete() token = AccessToken(user=request.user) access_token = response.get('access_token') if access_token: accessToken = AccessToken(user=request.user, access_token=access_token) accessToken.save() request.user.access_token = token request.user.save() return redirect(reverse('map'))
def save_access_token(self, client_key, access_token, request_token, realm=None, secret=None): token = AccessToken(access_token, secret=secret, realm=realm) token.client = Client.query.filter_by(client_key=client_key).one() req_token = RequestToken.query.filter_by(token=request_token).one() token.resource_owner = req_token.resource_owner token.realm = req_token.realm db_session.add(token) db_session.commit()
def test_verify(self): user_id = '1' access_token = AccessToken(self.access_token_store, user_id=user_id) access_token.save() fetched_data = access_token.verify() assert fetched_data['client_id'] == user_id assert 0 <= fetched_data['expires_in'] <= 3600
def post(self): user = self.get_current_user() access_token = AccessToken(self.application.access_token_store, user_id=user.id) access_token.save() data = { "user": user, "access_token": access_token, } self.render("mypage.pug", **data)
def token(): post_data = get_post_data() is_invalid, error_message = _is_invalid_data(post_data) if is_invalid: abort(400, {'error': error_message }) app = ClientApplication.find_by_credentials(post_data['client_key'], post_data['client_secret']) if app is None: abort(400, {'error': APP_NOT_FOUND }) allowed_grant_types = app.grant_type.split(',') if post_data['grant_type'] not in allowed_grant_types: abort(400, {'error': GRANT_TYPE_NOT_ALLOWED }) today = datetime.datetime.now() expires_at = today + datetime.timedelta(days=1) a = AccessToken() a.client_application = app.key a.expires_at = expires_at a.token = ah.generate_random_string() a.token_type = post_data['grant_type'] if post_data['lead_token']: a.lead_token = post_data['lead_token'] a.put() time.sleep(1) return jsonify(data=a.to_json()), 201
def test_find_by_access_token(self): user_id = '1' access_token = AccessToken(self.access_token_store, user_id=user_id) access_token.save() at = AccessToken(self.access_token_store).find_by_access_token( access_token.access_token) assert at.user_id == access_token.user_id assert at.access_token == access_token.access_token assert at.refresh_token == access_token.refresh_token
def test_revoke(self): user_id = '1' access_token = AccessToken(self.access_token_store, user_id=user_id) access_token.save() assert access_token.revoke() failed_user_id = self.access_token_store.get_session( access_token.access_token, 'user_id') assert failed_user_id is None
def fresh_access_token(): try: access_token = AccessToken.objects.get(id=1) except AccessToken.DoesNotExist: access_token = AccessToken() url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=%s&appid=%s&secret=%s" \ % (grant_type, appID, appSecret) r = requests.get(url) message = r.json() access_token.token = message['access_token'] access_token.expires_in = int(message['expires_in']) access_token.save()
def save_access_token(self, client_key, access_token, request_token, secret=None): client = Client.query(Client.client_key == client_key).get() req_token = RequestToken.query( RequestToken.token == request_token).get() if client and req_token: token = AccessToken( token=access_token, secret=secret, client=client.key, resource_owner=req_token.resource_owner, realm=req_token.realm) token.put()
def save_access_token(self, client_key, access_token, request_token, realm=None, secret=None): client = Client.find_one({'client_key':client_key}) if client: token = AccessToken(access_token, secret=secret, realm=realm) token.client_id = client['_id'] req_token = RequestToken.find_one({'token':request_token}) if req_token: token['resource_owner_id'] = req_token['resource_owner_id'] token['realm'] = req_token['realm'] AccessToken.insert(token)
def save_access_token(self, client_key, access_token, request_token, secret=None): client = Client.query(Client.client_key == client_key).get() req_token = RequestToken.query( RequestToken.token == request_token).get() if client and req_token: token = AccessToken(token=access_token, secret=secret, client=client.key, resource_owner=req_token.resource_owner, realm=req_token.realm) token.put()
def save_access_token(self, client_key, access_token, request_token, realm=None, secret=None): client = Client.find_one({'client_key': client_key}) if client: req_token = RequestToken.find_one({'token': request_token}, as_obj=True) if req_token: if not req_token['user_id']: req_token['user_id'] = current_user.get_id() req_token.save() token = AccessToken.find_or_create( client_id=client['_id'], user_id=req_token['user_id'], #current_user.get_id(), realm=realm if realm else req_token['realm']) token.secret = secret token.token = access_token token.save()
def edit_trigger_group(trigger_group_id=None): received_token = request.headers.get('Authorization') access_token = AccessToken.find(received_token) if access_token is None: return "Invalid token", 401 trigger_group = (TriggerGroup( chat_id=access_token.chat_id) if trigger_group_id is None else TriggerGroup.query.get(trigger_group_id)) trigger_group.save() if trigger_group is None: return "Not found", 404 if trigger_group.chat_id != access_token.chat_id: return "Forbidden", 403 group_attrs = request.get_json() trigger_group.update( ignore_case=group_attrs['ignore_case'], ignore_repeated_letters=group_attrs['ignore_repeated_letters']) update_trigger_group_attrs(trigger_group, group_attrs['answers'], group_attrs['triggers']) return jsonify({ "saved": True, "trigger_group_id": trigger_group.trigger_group_id })
def add_access_token(user, token): access_token = AccessToken(token=token, provider='this', created_when=datetime.datetime.now(), expired_when=datetime.datetime.now() + datetime.timedelta(days=1)) updated = user.update(access_token=access_token) return updated, access_token
def access_for_refresh_token(token): path = "/api/refreshtoken" request = {"refreshToken": token} response = requests.post(host + path, data=request) data = json.loads(response.text) return AccessToken.from_json(data)
def post(self): username = self.request.get('username').strip().lower() password = self.request.get('password') try: if '@' in username: user_login = User.query(User.email_address == username).get() if user_login != None: username = user_login.username u = self.auth.get_user_by_password(username, password) token = AccessToken() token.user = self.user_model.key token.token = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(20)) token.put() data = {} data["token"] = token.token self.response.out.write(json.dumps(data)) except( auth.InvalidAuthIdError, auth.InvalidPasswordError): self.response.out.write(json.dumps(data))
def test_save(self): user_id = '1' access_token = AccessToken(self.access_token_store, user_id=user_id) access_token.save() fetched_user_id = self.access_token_store.get_session( access_token.access_token, 'user_id') fetched_refresh_token = self.access_token_store.get_session( access_token.access_token, 'refresh_token') fetched_access_token = self.access_token_store.get_session( access_token.prefixed_for_refresh(access_token.refresh_token), 'access_token') print(fetched_user_id, fetched_access_token, fetched_refresh_token) assert user_id == fetched_user_id assert access_token.refresh_token == fetched_refresh_token assert access_token.refresh_token == fetched_refresh_token
def token(request): # 验证应用端合法性 client = oauth_server.authorize(request.META.get('HTTP_AUTHORIZATION')) if not client: response = HttpResponse('401 Unauthorized', status=401) response[ 'WWW-Authenticate'] = 'Basic realm="Please provide your client_id and client_secret."' return response # 验证是否为令牌表单 form = TokenForm(request.POST) if not form.is_valid(): return error_response('invalid_request') grant_type = form.cleaned_data['grant_type'] code = form.cleaned_data['code'] redirect_uri = form.cleaned_data['redirect_uri'] # 处理authorization_code请求 if grant_type == 'authorization_code': try: code = AuthorizationCode.objects.filter( expire_time__gte=datetime.datetime.now()).get( client=client, code=UUID(bytes=urlsafe_base64_decode(code)), redirect_uri=redirect_uri) except AuthorizationCode.DoesNotExist: return error_response('invalid_grant') try: token = AccessToken(client=client, user=code.user, code=code.code, expire_time=datetime.datetime.now() + datetime.timedelta(hours=1)) token.save() except IntegrityError: AccessToken.objects.get(code=code.code).delete() code.delete() return error_response('invalid_grant') return success_response(urlsafe_base64_encode(token.token.bytes)) else: return error_response('unsupported_grant_type')
def validate_access_token(self, client_key, resource_owner_key): token = None client = Client.query(Client.client_key == client_key).get() if client: token = AccessToken.query( AccessToken.client == client.key, AccessToken.token == resource_owner_key).get() return token is not None
def save_access_token(self, client_key, access_token, request_token, realm=None, secret=None): client = Client.find_one({'client_key': client_key}) if client: token = AccessToken(access_token, secret=secret, realm=realm) token.client_id = client['_id'] req_token = RequestToken.find_one({'token': request_token}) if req_token: token['resource_owner_id'] = req_token['resource_owner_id'] token['realm'] = req_token['realm'] AccessToken.insert(token)
def test_downloader_view_new_download(self): self.assertTrue(self.login()) ci = 1 at = 5 newToken = AccessToken(id=at,accessToken="testToken",userID="0",serviceType="google",tokenTime=timezone.now(),userInfo="noInfo",cloudItem=CloudItem.objects.get(id=ci)) newToken.save() #first get the normal page r = self.client.get("/download/"+str(ci)+"/"+str(at)+"/",secure=True) self.assertContains(r,"No download have been started") #take last download d = Download.objects.latest("downTime") self.assertEquals(at,d.tokenID.id) #button has not been click self.assertEquals(constConfig.THREAD_NOTCLICKED,d.threadStatus)
def validate_access_token(self, client_key, resource_owner_key): token = None client = Client.find_one({'client_key':client_key}) if client: token = AccessToken.find_one( {'token':resource_owner_key, 'client_id': client['_id']}) return token != None
def get_token_user(self): authorization = self.request.headers.get('Authorization', None) if authorization: match = token_repatter.match(authorization) if match: token = match.groups()[0] access_token = AccessToken(self.application.access_token_store).find_by_access_token(token) if access_token.user_id: user = User.get(id=access_token.user_id) return user return None
def validate_access_token(self, client_key, resource_owner_key): token = None client = Client.find_one({'client_key': client_key}) if client: token = AccessToken.find_one({ 'token': resource_owner_key, 'client_id': client['_id'] }) return token != None
def get_access_token(self, timeout=60): assert self.authorization_code, 'You must first get the authorization code' qd = {'grant_type': 'authorization_code', 'code': self.authorization_code, 'redirect_uri': self.redirect_uri, 'client_id': self.key, 'client_secret': self.secret} response = requests.post(self.ACCESS_TOKEN_URL, data=qd, timeout=timeout) raise_for_error(response) response = response.json() self.token = AccessToken(response['access_token'], response['expires_in']) return self.token
def get_access_token_secret(self, client_key, resource_owner_key): client = Client.query(Client.client_key == client_key).get() if client: token = AccessToken.query( AccessToken.client == client.key, AccessToken.token == resource_owner_key).get() if token: return token.secret return None
def get_access_token_secret(self, client_key, resource_owner_key): client = Client.find_one({'client_key':client_key}) if client: token = AccessToken.find_one( {'token':resource_owner_key, 'client_id': client['_id']}) if token: return token['secret'] return None
def get_access_token_secret(self, client_key, resource_owner_key): client = Client.find_one({'client_key': client_key}) if client: token = AccessToken.find_one({ 'token': resource_owner_key, 'client_id': client['_id'] }) if token: return token['secret'] return None
def oauth_callback(request): """Accept the authorization from the server and store the data we use to communicate with the Weavr""" token = request.REQUEST.get('oauth_token') verifier = request.REQUEST.get('oauth_verifier') confirmed = request.REQUEST.get('oauth_callback_confirmed') # Make sure we have the required parameters if (not verifier) or (not token): return render_error("missing params") if not confirmed: return render_error("connection wasn't confirmed") # Get the token and store the verifier request_token = get_object_or_404(RequestToken, oauth_key=token) if not request_token: return render_error("invalid request token") prosthetic = request_token.prosthetic cls = prosthetic.get_class() if not cls: raise Exception("Can't get class for prosthtic") # verify the token and create a local object verified_token = oauth.OAuthToken(request_token.oauth_key, request_token.oauth_secret) access_token = request_token.prosthetic.wrangler().get_access_token( verified_token, verifier) access_object = AccessToken(oauth_key=access_token.key, oauth_secret=access_token.secret, prosthetic=request_token.prosthetic, enabled=True) # make an API call with the token before we save it. configuration = access_object.get_json("/1/weavr/configuration") access_object.weavr_name = configuration['name'] access_object.weavr_url = configuration['blog'] if "post_keyword" in configuration: access_object.prosthetic.blog_keyword = configuration['post_keyword'] # everything worked. Save access token access_object.save() request_token.delete() # don't need this any more # if the ptk wants to do something at this point, it is able to. ptk = cls(access_object) post_oauth_callback = ptk.post_oauth_callback() if post_oauth_callback: return post_oauth_callback # show or hide user login hide_usernav = True return render_to_response("success.html", locals(), context_instance=RequestContext(request))
def get_token(self): if self.token is not None: return self.token else: token = AccessToken() token.expire_in_2_weeks() token.generate_token() self.token = token return token
def validate_realm(self, client_key, access_token, uri=None, required_realm=None): if not required_realm: return True client = Client.query(Client.client_key == client_key).get() if client: token = AccessToken.query( AccessToken.token == access_token, AccessToken.client == client.key).get() if token: return token.realm in required_realm return False
def validate_realm(self, client_key, access_token, uri=None, required_realm=None): if not required_realm: return True # insert other check, ie on uri here client = Client.find_one({'client_key':client_key}) if client: token = AccessToken.find_one( {'token':access_token, 'client_id': client['_id']}) if token: return token['realm'] in required_realm return False
def validate_realm(self, client_key, access_token, uri=None, required_realm=None): if not required_realm: return True client = Client.query(Client.client_key == client_key).get() if client: token = AccessToken.query(AccessToken.token == access_token, AccessToken.client == client.key).get() if token: return token.realm in required_realm return False
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): client = Client.find_one({'client_key':client_key}) if client: nonce = Nonce(nonce, timestamp) nonce.client_id = client['_id'] if request_token: req_token = RequestToken.find_one({'token':request_token}) nonce.request_token_id = req_token['_id'] if access_token: token = AccessToken.find_one({'token':access_token}) nonce.access_token_id = token['_id'] nonce.insert()
def post(self): handle_type = self.get_argument("grant_type") if handle_type == 'refresh_token': refresh_token = self.get_argument("refresh_token") client_id = self.get_argument("client_id") client_secret = self.get_argument("client_secret") access_token = AccessToken(self.application.access_token_store).refresh(refresh_token) data = { 'token_type': 'Bearer', 'access_token': access_token.access_token, 'expires_in': access_token.access_token_store.options["expire"], 'refresh_token': access_token.refresh_token, } self.set_header("Content-Type", "application/json") self.write(json.dumps(data))
def f(*args, **kvargs): if 'Authorization' in request.headers: token_type, token = slice_token(request.headers['Authorization']) access_token = AccessToken.find_by_active_token(token) if access_token is None: abort_auth_invalid_token() else: if access_token.token_type in roles or access_token.token_type == ROLE_ADMIN: if access_token.token_type == ROLE_LEAD: # todo: validates if the token_type x = 1 else: abort_auth_notauthorized() else: abort_auth_no_present() return action(*args, **kvargs)
def delete_trigger_group(trigger_group_id): token = request.headers.get('Authorization') access_token = AccessToken.find(token) trigger_group = TriggerGroup.query.get(trigger_group_id) if access_token is None: return "Invalid", 401 if trigger_group is None: return "Not found", 404 if trigger_group.chat_id != access_token.chat_id: return "Forbidden", 403 delete_answers(trigger_group) delete_triggers(trigger_group) trigger_group.delete() return jsonify({"deleted": True})
def save_access_token(token, req): assert type(req) is oauthlib.common.Request, type(req) client = req.client assert type(client) is Client, type(client) user = req.user assert type(user) is User, "user = {!r}, of type: {}".format( user, type(user)) at = token['oauth_token'] ats = token['oauth_token_secret'] raw_realms = token['oauth_authorized_realms'] assert isinstance(raw_realms, str), "{!r}, of type {}".format(raw_realms, type(raw_realms)) realms = raw_realms.split(' ') assert isinstance(realms, list), "{!r}, of type {}".format(realms, type(realms)) assert realms, realms assert isinstance(realms[0], str), list(map(repr, realms)) t = AccessToken(client, user, realms, token=at, secret=ats) access_tokens.append(t)
def oauth_callback(request): """Accept the authorization from the server and store the data we use to communicate with the Weavr""" token = request.REQUEST.get("oauth_token") verifier = request.REQUEST.get("oauth_verifier") confirmed = request.REQUEST.get("oauth_callback_confirmed") # Make sure we have the required parameters if (not verifier) or (not token): return render_error("missing params") if not confirmed: return render_error("connection wasn't confirmed") # Get the token and store the verifier request_token = get_object_or_404(RequestToken, oauth_key=token) if not request_token: return render_error("invalid request token") prosthetic = request_token.prosthetic cls = prosthetic.get_class() if not cls: raise Exception("Can't get class for prosthtic") # verify the token and create a local object verified_token = oauth.OAuthToken(request_token.oauth_key, request_token.oauth_secret) access_token = request_token.prosthetic.wrangler().get_access_token(verified_token, verifier) access_object = AccessToken( oauth_key=access_token.key, oauth_secret=access_token.secret, prosthetic=request_token.prosthetic, enabled=True ) # make an API call with the token before we save it. configuration = access_object.get_json("/1/weavr/configuration") access_object.weavr_name = configuration["name"] access_object.weavr_url = configuration["blog"] if "post_keyword" in configuration: access_object.prosthetic.blog_keyword = configuration["post_keyword"] # everything worked. Save access token access_object.save() request_token.delete() # don't need this any more # if the ptk wants to do something at this point, it is able to. ptk = cls(access_object) post_oauth_callback = ptk.post_oauth_callback() if post_oauth_callback: return post_oauth_callback # show or hide user login hide_usernav = True return render_to_response("success.html", locals(), context_instance=RequestContext(request))
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): client = Client.query(Client.client_key == client_key).get() if client: nonce = Nonce( nonce=nonce, timestamp=timestamp, client=client.key) if request_token: req_token = RequestToken.query( RequestToken.token == request_token).get() nonce.request_token = req_token.key if access_token: token = AccessToken.query( AccessToken.token == access_token).get() nonce.access_token = token.key nonce.put()
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): client = Client.find_one({'client_key': client_key}) if client: nonce = Nonce(nonce, timestamp) nonce.client_id = client['_id'] if request_token: req_token = RequestToken.find_one({'token': request_token}) nonce.request_token_id = req_token['_id'] if access_token: token = AccessToken.find_one({'token': access_token}) nonce.access_token_id = token['_id'] nonce.insert()
def save_access_token(self, client_key, access_token, request_token, realm=None, secret=None): client = Client.find_one({'client_key':client_key}) if client: req_token = RequestToken.find_one( {'token':request_token}, as_obj = True) if req_token: if not req_token['user_id']: req_token['user_id'] = current_user.get_id() req_token.save() token = AccessToken.find_or_create( client_id = client['_id'], user_id = req_token['user_id'],#current_user.get_id(), realm = realm if realm else req_token['realm']) token.secret = secret token.token = access_token token.save()
def save_timestamp_and_nonce(self, client_key, timestamp, nonce, request_token=None, access_token=None): client = Client.query(Client.client_key == client_key).get() if client: nonce = Nonce(nonce=nonce, timestamp=timestamp, client=client.key) if request_token: req_token = RequestToken.query( RequestToken.token == request_token).get() nonce.request_token = req_token.key if access_token: token = AccessToken.query( AccessToken.token == access_token).get() nonce.access_token = token.key nonce.put()
def validate_realm(self, client_key, access_token, uri=None, required_realm=None): if not required_realm: return True # insert other check, ie on uri here client = Client.find_one({'client_key': client_key}) if client: token = AccessToken.find_one({ 'token': access_token, 'client_id': client['_id'] }) if token: return token['realm'] in required_realm return False
def delete(self): token = AccessToken.delete_token(self.request.get('token')) tokens = AccessToken.get_all() self.render_template(tokens)
def user(): """ Hakee, lisää ja poistaa käyttäjän seuraamia pelaajia/joukkueita. Vaatii OAuth-allekirjoitetun pyynnön. TODO välimuisti """ # Poimitaan oauth token HTTP-pyynnön Authorization-headerista: auth_header = request.headers.get("Authorization", None) if not auth_header: abort(401) # Unauthorized for param in auth_header.split(): if param.startswith("oauth_token"): token = param.split("=")[-1][1:-2] break if not token: abort(401) # Haetaan tokenia vastaava käyttäjä: try: acc_token = AccessToken.query(AccessToken.token == token).get() user = acc_token.resource_owner.get() except KeyError: # Access tokenia tai käyttäjää ei löydy abort(401) # Poimitaan ids_only-parametri joko urlista tai post-parametreista: if "ids_only" in request.form: ids_only = request.form["ids_only"] else: ids_only = request.args.get("ids_only", "0") try: ids_only = int(ids_only) except ValueError: abort(400) if request.method == "GET": # Palautetaan käyttäjän seuraamat pelaajat ja joukkueet: if ids_only: # Palautetaan vain id:t: ret = dict(players=user.players, teams=user.teams) else: # Jos ids_only == 1, palautetaan tunnusten lisäksi tilastoja: ret = get_players_and_teams(user.players, user.teams) ret["name"] = user.name return jsonify(ret) if request.method == "POST": # Lisätään seurattava pelaaja tai joukkue: if "pid" in request.form: pid = request.form["pid"] # Validoitaan pelaajan id: if pid in user.players: abort(400) # Pelaaja on jo seurattavien listassa all_players = scraper.scrape_players() if not pid in all_players: abort(400) # pid:tä vastaavaa pelaajaa ei löydy # Lisätään pid käyttäjän seurattavien pelaajien listalle: user.players.append(pid) user.put() # Palautetaan päivittynyt seurantalista, kuten GET-pyynnössä: if ids_only: ret = dict(players=user.players, teams=user.teams) else: ret = get_players_and_teams(user.players, user.teams) ret["name"] = user.name return jsonify(ret) if "team" in request.form: team = request.form["team"].lower() # Validoitaan joukkueen tunnus if team in user.teams: abort(400) # Joukkue on jo seurattavien listassa if not team in scraper.TEAMS: abort(400) # Epäkelpo joukkueen tunnus # Lisätään joukkue käyttäjän seurattavien joukkueiden listalle: user.teams.append(team) user.put() # Palautetaan päivittynyt seurantalista, kuten GET-pyynnössä: if ids_only: ret = dict(players=user.players, teams=user.teams) else: ret = get_players_and_teams(user.players, user.teams) ret["name"] = user.name return jsonify(ret) else: abort(400) # Lisättävä pelaaja tai joukkue tulee määrittää if request.method == "DELETE": # Poistetaan seurattava pelaaja tai joukkue: pid = request.args.get("pid", None) team = request.args.get("team", None) if pid: if not pid in user.players: abort(400) # pelaajaa ei löydy seurattavien listasta user.players.remove(pid) elif team: if not team in user.teams: abort(400) # joukkuetta ei löydy seurattavien listasta user.teams.remove(team) else: abort(400) # joko poistettava pelaaja tai joukkue tulee määrittää user.put() if ids_only: ret = dict(players=user.players, teams=user.teams) else: ret = get_players_and_teams(user.players, user.teams) ret["name"] = user.name return jsonify(ret)
def protected_realm_view(): token = request.oauth.resource_owner_key access_token = AccessToken.get_collection().find_one({'token':token}) user = User.find_one({'_id':access_token['resource_owner_id']}) return user['email']
def getaccesstoken(self): for atk in AccessToken.all(): return atk
def create_token(user, client): access_token = AccessToken(user=user, client=client) access_token.generate_token() access_token.save() return access_token
def post(self): AccessToken.generate_new_token() tokens = AccessToken.get_all() self.render_template(tokens)
def get(self): tokens = AccessToken.get_all() self.render_template(tokens)