def test_authenticate_password(self): obs = self.post( '/qiita_db/authenticate/', { 'grant_type': 'password', 'client_id': 'DWelYzEYJYcZ4wlqUp0bHGXojrvZVz0CNBJvOqUKcrPQ5p4U' 'qE', 'username': '******', 'password': '******' }) self.assertEqual(obs.code, 200) obs_body = loads(obs.body) exp = { 'access_token': 'placeholder', 'token_type': 'Bearer', 'expires_in': 3600 } self.assertItemsEqual(obs_body.keys(), exp.keys()) self.assertEqual(obs_body['token_type'], exp['token_type']) self.assertEqual(obs_body['expires_in'], exp['expires_in']) self.assertEqual(len(obs_body['access_token']), 55) self.assertEqual(type(obs_body['access_token']), unicode) # Make sure token in system with proper ttl token = r_client.hgetall(obs_body['access_token']) self.assertNotEqual(token, {}) self.assertItemsEqual(token.keys(), ['timestamp', 'user', 'client_id', 'grant_type']) self.assertEqual(token['user'], '*****@*****.**') self.assertEqual(token['grant_type'], 'password') self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_header(self): # Authenticate using header obs = self.post('/qiita_db/authenticate/', {'grant_type': 'client'}, { 'Authorization': 'Basic MTluZGtPM29NS3NvQ2hqVlZXbHVGN1FreEhSZl' 'loVEtTRmJBVnQ4SWhLN2daZ0RhTzQ6SjdGZlE3Q1FkT3' 'h1S2hRQWYxZW9HZ0JBRTgxTnM4R3UzRUthV0ZtM0lPMk' 'pLaEFtbUNXWnVhYmUwTzVNcDI4czE=' }) self.assertEqual(obs.code, 200) obs_body = loads(obs.body) exp = { 'access_token': 'token', 'token_type': 'Bearer', 'expires_in': 3600 } self.assertItemsEqual(obs_body.keys(), exp.keys()) self.assertEqual(obs_body['token_type'], exp['token_type']) self.assertEqual(obs_body['expires_in'], exp['expires_in']) self.assertEqual(len(obs_body['access_token']), 55) self.assertEqual(type(obs_body['access_token']), unicode) # Make sure token in system with proper ttl token = r_client.hgetall(obs_body['access_token']) self.assertNotEqual(token, {}) self.assertItemsEqual(token.keys(), ['timestamp', 'client_id', 'grant_type']) self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_post(self): # Authenticate using post only obs = self.post( '/qiita_db/authenticate/', { 'grant_type': 'client', 'client_id': '19ndkO3oMKsoChjVVWluF7QkxHRfYhTKSFbAVt8IhK7gZgDa' 'O4', 'client_secret': 'J7FfQ7CQdOxuKhQAf1eoGgBAE81Ns8Gu3EKaWFm3IO2J' 'KhAmmCWZuabe0O5Mp28s1' }) self.assertEqual(obs.code, 200) obs_body = loads(obs.body) exp = { 'access_token': 'placeholder', 'token_type': 'Bearer', 'expires_in': 3600 } self.assertItemsEqual(obs_body.keys(), exp.keys()) self.assertEqual(obs_body['token_type'], exp['token_type']) self.assertEqual(obs_body['expires_in'], exp['expires_in']) self.assertEqual(len(obs_body['access_token']), 55) self.assertEqual(type(obs_body['access_token']), unicode) # Make sure token in system with proper ttl token = r_client.hgetall(obs_body['access_token']) self.assertNotEqual(token, {}) self.assertItemsEqual(token.keys(), ['timestamp', 'client_id', 'grant_type']) self.assertEqual(token['grant_type'], 'client') self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_header(self): # Authenticate using header obs = self.post( '/qiita_db/authenticate/', {'grant_type': 'client'}, { 'Authorization': 'Basic MTluZGtPM29NS3NvQ2hqVlZXbHVGN1FreEhSZl' 'loVEtTRmJBVnQ4SWhLN2daZ0RhTzQ6SjdGZlE3Q1FkT3' 'h1S2hRQWYxZW9HZ0JBRTgxTnM4R3UzRUthV0ZtM0lPMk' 'pLaEFtbUNXWnVhYmUwTzVNcDI4czE='}) self.assertEqual(obs.code, 200) obs_body = loads(obs.body) exp = {'access_token': 'token', 'token_type': 'Bearer', 'expires_in': 3600} self.assertItemsEqual(obs_body.keys(), exp.keys()) self.assertEqual(obs_body['token_type'], exp['token_type']) self.assertEqual(obs_body['expires_in'], exp['expires_in']) self.assertEqual(len(obs_body['access_token']), 55) self.assertEqual(type(obs_body['access_token']), unicode) # Make sure token in system with proper ttl token = r_client.hgetall(obs_body['access_token']) self.assertNotEqual(token, {}) self.assertItemsEqual(token.keys(), ['timestamp', 'client_id', 'grant_type']) self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_password(self): obs = self.post( '/qiita_db/authenticate/', { 'grant_type': 'password', 'client_id': 'DWelYzEYJYcZ4wlqUp0bHGXojrvZVz0CNBJvOqUKcrPQ5p4U' 'qE', 'username': '******', 'password': '******'}) self.assertEqual(obs.code, 200) obs_body = loads(obs.body) exp = {'access_token': 'placeholder', 'token_type': 'Bearer', 'expires_in': 3600} self.assertItemsEqual(obs_body.keys(), exp.keys()) self.assertEqual(obs_body['token_type'], exp['token_type']) self.assertEqual(obs_body['expires_in'], exp['expires_in']) self.assertEqual(len(obs_body['access_token']), 55) self.assertEqual(type(obs_body['access_token']), unicode) # Make sure token in system with proper ttl token = r_client.hgetall(obs_body['access_token']) self.assertNotEqual(token, {}) self.assertItemsEqual(token.keys(), ['timestamp', 'user', 'client_id', 'grant_type']) self.assertEqual(token['user'], '*****@*****.**') self.assertEqual(token['grant_type'], 'password') self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def test_authenticate_client_post(self): # Authenticate using post only obs = self.post( '/qiita_db/authenticate/', { 'grant_type': 'client', 'client_id': '19ndkO3oMKsoChjVVWluF7QkxHRfYhTKSFbAVt8IhK7gZgDa' 'O4', 'client_secret': 'J7FfQ7CQdOxuKhQAf1eoGgBAE81Ns8Gu3EKaWFm3IO2J' 'KhAmmCWZuabe0O5Mp28s1'}) self.assertEqual(obs.code, 200) obs_body = loads(obs.body) exp = {'access_token': 'placeholder', 'token_type': 'Bearer', 'expires_in': 3600} self.assertItemsEqual(obs_body.keys(), exp.keys()) self.assertEqual(obs_body['token_type'], exp['token_type']) self.assertEqual(obs_body['expires_in'], exp['expires_in']) self.assertEqual(len(obs_body['access_token']), 55) self.assertEqual(type(obs_body['access_token']), unicode) # Make sure token in system with proper ttl token = r_client.hgetall(obs_body['access_token']) self.assertNotEqual(token, {}) self.assertItemsEqual(token.keys(), ['timestamp', 'client_id', 'grant_type']) self.assertEqual(token['grant_type'], 'client') self.assertEqual(r_client.ttl(obs_body['access_token']), 3600)
def wrapper(handler, *args, **kwargs): header = handler.request.headers.get('Authorization', None) if header is None: _oauth_error(handler, 'Oauth2 error: invalid access token', 'invalid_request') return token_info = header.split() # Based on RFC6750 if reply is not 2 elements in the format of: # ['Bearer', token] we assume a wrong reply if len(token_info) != 2 or token_info[0] != 'Bearer': _oauth_error(handler, 'Oauth2 error: invalid access token', 'invalid_grant') return token = token_info[1] db_token = r_client.hgetall(token) if not db_token: # token has timed out or never existed _oauth_error(handler, 'Oauth2 error: token has timed out', 'invalid_grant') return # Check daily rate limit for key if password style key if db_token['grant_type'] == 'password': limit_key = '%s_%s_daily_limit' % (db_token['client_id'], db_token['user']) limiter = r_client.get(limit_key) if limiter is None: # Set limit to 5,000 requests per day r_client.setex(limit_key, 5000, 86400) else: r_client.decr(limit_key) if int(r_client.get(limit_key)) <= 0: _oauth_error( handler, 'Oauth2 error: daily request limit reached', 'invalid_grant') return return f(handler, *args, **kwargs)