def test_authorize_ko(self):
test_case = self
class CheckAuthorizeHandlerbadState(FakeOAuthHandler):
def _check_get_parameters(self, parameters):
test_case.assertEqual(
parameters.get('redirect_uri', None),
'http://localhost:%d' % redirect_server_port)
test_case.assertEqual(parameters.get('state', None),
'state_test')
# send bad state
parameters['state'] = 'other_state'
with TestServer(authorize_server_port, CheckAuthorizeHandlerbadState):
manager = None
try:
manager = CredentialManager(service_information,
proxies=dict(http=''))
url = manager.init_authorize_code_process(
'http://localhost:%d' % redirect_server_port, 'state_test')
self.assertIsNotNone(url)
_logger.debug('Url got = %s', url)
requests.get(url, proxies=dict(http=''))
self.assertRaises(
OAuthError,
manager.wait_and_terminate_authorize_code_process)
finally:
if manager is not None and manager.authorization_code_context is not None:
manager.wait_and_terminate_authorize_code_process(0.1)
def __init__(self,
target_endpoint,
client_id='cf',
client_secret='',
proxy=None,
verify=True):
self.info = self._get_info(target_endpoint, proxy, verify=verify)
if not self.info.api_version.startswith('2.'):
raise AssertionError(
'Only version 2 is supported for now. Found %s' %
self.info.api_version)
service_informations = ServiceInformation(
None, '%s/oauth/token' % self.info.authorization_endpoint,
client_id, client_secret, [], verify)
super(CloudFoundryClient, self).__init__(service_informations, proxy)
CredentialManager.__init__(self, service_informations, proxy)
self.v2 = V2(target_endpoint, self)
self.v3 = V3(target_endpoint, self)
if self.info.doppler_endpoint is not None:
self._doppler = DopplerClient(
self.info.doppler_endpoint,
self.proxies['http' if self.info.doppler_endpoint.
startswith('ws://') else 'https'],
self.service_information.verify,
self) if self.info.doppler_endpoint is not None else None
def get_request_to_authorize():
service_information = ServiceInformation(auth_url,token_server,client_id,client_secret,scopes)
manager = CredentialManager(service_information,proxies=dict(http='http://localhost:8080', https='https://localhost:8080'))
url = manager.init_authorize_code_process(redirect_uri, state)
webbrowser.open(auth_url, new=2)
#gets the code from the aurthorization server and checks returnedstate is equal to given state
code = manager.wait_and_terminate_authorize_code_process()
return code
def api_request(client_id, client_secret, uri):
service_info = ServiceInformation(AUTH_URL, TOKEN_URL, client_id,
client_secret, [])
manager = CredentialManager(service_info)
manager.init_with_client_credentials()
response = manager.get(CISCO_BASE + uri)
if response.status_code != 200:
print("error from server, code = %s, body=\n%s" %
(response.status_code, response.text))
return False
json_response = json.loads(response.text)
return json_response['advisories']
class Oauth:
___scope = ['read', 'write']
access_token = ''
def __init__(self, env):
self.___manager = CredentialManager(
ServiceInformation(env.oauth.authorize, env.oauth.token,
env.oauth.clintId, env.oauth.clientSecret,
self.___scope))
def login(self):
self.___manager.init_with_client_credentials()
self.access_token = self.___manager._access_token
def detail(request):
code = request.GET["code"]
try:
scopes = ['scope_1', 'scope_2']
service_information = ServiceInformation(settings.AUTHORIZATION_URI,
settings.ACCESS_TOKEN_URI,
settings.CLIENT_ID,
settings.CLIENT_SECRET,
scopes)
manager = CredentialManager(service_information)
redirect_uri = settings.REDIRECT_URI
manager.init_with_authorize_code(redirect_uri, code)
token = manager._access_token
### call to API with token ###
endpoint = "https://api.intra.42.fr/v2/me"
data = {"ip": "1.1.2.3"}
headers = {"Authorization": "Bearer " + token}
me = requests.get(endpoint, data=data, headers=headers).json()
except OAuthError:
return (redirect('/'))
return render(request, 'polls/detail.html', {'me': me})
def test_authorize_ok(self):
test_case = self
class CheckAuthorizeHandler(FakeOAuthHandler):
def _check_get_parameters(self, parameters):
_logger.debug('CheckAuthorizeHandler - _check_parameters - %s',
str(parameters))
test_case.assertEqual(
parameters.get('redirect_uri', None),
'http://localhost:%d' % redirect_server_port)
test_case.assertEqual(parameters.get('state', None),
'state_test')
test_case.assertEqual(parameters.get('client_id', None),
'client_id_test')
test_case.assertEqual(parameters.get('scope', None),
'scope1 scope2')
with TestServer(authorize_server_port, CheckAuthorizeHandler):
manager = None
try:
manager = CredentialManager(service_information,
proxies=dict(http=''))
url = manager.init_authorize_code_process(
'http://localhost:%d' % redirect_server_port, 'state_test')
self.assertIsNotNone(url)
requests.get(url, proxies=dict(http=''))
code = manager.wait_and_terminate_authorize_code_process()
manager = None
self.assertEqual(code, FakeOAuthHandler.CODE)
finally:
if manager is not None and manager.authorization_code_context is not None:
manager.wait_and_terminate_authorize_code_process(0.1)
def test_authorize_ko(self):
test_case = self
class CheckAuthorizeHandlerbadState(FakeOAuthHandler):
def _check_get_parameters(self, parameters):
test_case.assertEqual(parameters.get('redirect_uri', None),
'http://localhost:%d' % redirect_server_port)
test_case.assertEqual(parameters.get('state', None), 'state_test')
# send bad state
parameters['state'] = 'other_state'
with TestServer(authorize_server_port, CheckAuthorizeHandlerbadState):
manager = None
try:
manager = CredentialManager(service_information, proxies=dict(http=''))
url = manager.init_authorize_code_process('http://localhost:%d' % redirect_server_port, 'state_test')
self.assertIsNotNone(url)
_logger.debug('Url got = %s', url)
requests.get(url, proxies=dict(http=''))
self.assertRaises(OAuthError, manager.wait_and_terminate_authorize_code_process)
finally:
if manager is not None and manager.authorization_code_context is not None:
manager.wait_and_terminate_authorize_code_process(0.1)
def test_authorize_ok(self):
test_case = self
class CheckAuthorizeHandler(FakeOAuthHandler):
def _check_get_parameters(self, parameters):
_logger.debug('CheckAuthorizeHandler - _check_parameters - %s', str(parameters))
test_case.assertEqual(parameters.get('redirect_uri', None),
'http://localhost:%d' % redirect_server_port)
test_case.assertEqual(parameters.get('state', None), 'state_test')
test_case.assertEqual(parameters.get('client_id', None), 'client_id_test')
test_case.assertEqual(parameters.get('scope', None), 'scope1 scope2')
with TestServer(authorize_server_port, CheckAuthorizeHandler):
manager = None
try:
manager = CredentialManager(service_information, proxies=dict(http=''))
url = manager.init_authorize_code_process('http://localhost:%d' % redirect_server_port, 'state_test')
self.assertIsNotNone(url)
requests.get(url, proxies=dict(http=''))
code = manager.wait_and_terminate_authorize_code_process()
manager = None
self.assertEqual(code, FakeOAuthHandler.CODE)
finally:
if manager is not None and manager.authorization_code_context is not None:
manager.wait_and_terminate_authorize_code_process(0.1)
def _test_get_token(self,
call_request,
required_parameters,
no_refresh_token=False):
test_case = self
refresh_token = required_parameters['refresh_token'] if 'refresh_token' in required_parameters \
else 'the refresh token'
access_token = 'the access token'
class CheckGetTokenWithCode(FakeOAuthHandler):
def _handle_post(self, parameters):
try:
test_case.assertEqual(
self.headers.get('Authorization', None), basic_auth)
for name, expected_value in required_parameters.items():
test_case.assertEqual(
parameters.get(bufferize_string(name), None),
[bufferize_string(expected_value)])
response_body = dict(access_token=access_token)
if not no_refresh_token:
response_body['refresh_token'] = refresh_token
response = json.dumps(response_body)
self.send_response(OK, 'OK')
self.send_header("Content-type", 'text/plain')
self.send_header("Content-Length", len(response))
self.end_headers()
self.wfile.write(bufferize_string(response))
except AssertionError as error:
_logger.error('error - %s', error)
self.send_response(BAD_REQUEST, 'BAD_REQUEST')
self.send_header("Content-type", 'text/plain')
self.send_header("Content-Length", 0)
self.end_headers()
with TestServer(token_server_port, CheckGetTokenWithCode):
manager = CredentialManager(service_information,
proxies=dict(http=''))
call_request(manager)
if not no_refresh_token:
self.assertEqual(manager.refresh_token, refresh_token)
else:
self.assertIsNone(manager.refresh_token)
self.assertEqual(manager._access_token, access_token)
def test_bearer_requests(self):
access_token = 'the access token'
test_case = self
class BearerHandler(BaseHTTPRequestHandler):
EXPECTED_METHOD = None
def do_GET(self):
test_case.assertEqual('GET', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_POST(self):
test_case.assertEqual('POST', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_PUT(self):
test_case.assertEqual('PUT', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_PATCH(self):
test_case.assertEqual('PATCH', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_DELETE(self):
test_case.assertEqual('DELETE', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def _handle_request(self):
try:
test_case.assertEqual(self.headers.get('Authorization', None), 'Bearer %s' % access_token)
self.send_response(HTTPStatus.OK.value, 'OK')
self.send_header("Content-type", 'text/plain')
self.send_header("Content-Length", 0)
self.end_headers()
except AssertionError as ex:
body = str(ex.message)
self.send_response(HTTPStatus.UNAUTHORIZED.value, 'Unauthorized')
self.send_header("Content-type", 'text/plain')
self.send_header("Content-Length", len(body))
self.end_headers()
self.wfile.write(bytes(body, 'UTF-8'))
with TestServer(api_server_port, BearerHandler):
_logger.debug('test_get_token_with_code - server started')
api_url = 'http://localhost:%d/api/uri' % api_server_port
manager = CredentialManager(service_information, proxies=dict(http=''))
manager._access_token = access_token
BearerHandler.EXPECTED_METHOD = 'GET'
manager.get(api_url)
BearerHandler.EXPECTED_METHOD = 'POST'
manager.post(api_url)
BearerHandler.EXPECTED_METHOD = 'PUT'
manager.put(api_url)
BearerHandler.EXPECTED_METHOD = 'PATCH'
manager.patch(api_url)
BearerHandler.EXPECTED_METHOD = 'DELETE'
manager.delete(api_url)
def authenticate():
while not config.jira.url:
part = input(NEED_JIRA_URL)
path = Tempo.matching_instances(part)
if path:
config.jira.url = path
if config.tempo.access_token:
if validate_access_token(config.tempo.access_token):
return
logger.info(
f'Could not validate access using {config.tempo.access_token}'
)
# config.tempo.access_token = None
if config.tempo.client_id and config.tempo.client_secret:
service_information = ServiceInformation(
urljoin(
config.jira.url,
'/plugins/servlet/ac/io.tempo.jira/oauth-authorize/'
),
urljoin(
config.tempo.api_url,
'/oauth/token/',
),
config.tempo.client_id,
config.tempo.client_secret,
[],
)
manager = CredentialManager(
service_information,
)
if config.tempo.refresh_token:
try:
manager.init_with_token(config.tempo.refresh_token)
if validate_access_token(manager._access_token):
config.tempo.access_token = manager._access_token
return
except OAuthError:
pass
if input(BAD_ACCESS_TOKEN).lower()[0] != 'y':
sys.exit(1)
redirect_uri = 'http://localhost:8158/oauth/code'
url = manager.init_authorize_code_process(
redirect_uri,
str(uuid.uuid4())
)
url = f'{url}&access_type=tenant_user'
logger.info('Opening this url in your browser: %s', url)
webbrowser.open(url)
print('Please finish the authorization process in your browser.')
code = manager.wait_and_terminate_authorize_code_process()
logger.debug('Code got = %s', code)
manager.init_with_authorize_code(redirect_uri, code)
logger.debug('Access got = %s', manager._access_token)
config.tempo.access_token = manager._access_token
config.tempo.refresh_token = manager.refresh_token
else:
webbrowser.open(
urljoin(
config.jira.url,
'/plugins/servlet/ac/io.tempo.jira/tempo-configuration/'
)
)
access_token = input(
'I opened a new browser window where you can get an access token. '
'Paste your access token here:'
)
if validate_access_token(access_token):
config.tempo.access_token = access_token
else:
print('Could not communicate with tempo. Check the logs.')
sys.exit(1)
def test_bearer_requests(self):
access_token = 'the access token'
test_case = self
class BearerHandler(BaseHTTPRequestHandler):
EXPECTED_METHOD = None
def do_GET(self):
test_case.assertEqual('GET', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_POST(self):
test_case.assertEqual('POST', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_PUT(self):
test_case.assertEqual('PUT', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_PATCH(self):
test_case.assertEqual('PATCH', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def do_DELETE(self):
test_case.assertEqual('DELETE', BearerHandler.EXPECTED_METHOD)
self._handle_request()
def _handle_request(self):
try:
test_case.assertEqual(self.headers.get('Authorization', None), 'Bearer %s' % access_token)
self.send_response(OK, 'OK')
self.send_header("Content-type", 'text/plain')
self.send_header("Content-Length", 0)
self.end_headers()
except AssertionError as ex:
body = str(ex.message)
self.send_response(UNAUTHORIZED, 'Unauthorized')
self.send_header("Content-type", 'text/plain')
self.send_header("Content-Length", len(body))
self.end_headers()
self.wfile.write(bufferize_string(body))
with TestServer(api_server_port, BearerHandler):
_logger.debug('test_get_token_with_code - server started')
api_url = 'http://localhost:%d/api/uri' % api_server_port
manager = CredentialManager(service_information, proxies=dict(http=''))
manager._access_token = access_token
BearerHandler.EXPECTED_METHOD = 'GET'
manager.get(api_url)
BearerHandler.EXPECTED_METHOD = 'POST'
manager.post(api_url)
BearerHandler.EXPECTED_METHOD = 'PUT'
manager.put(api_url)
BearerHandler.EXPECTED_METHOD = 'PATCH'
manager.patch(api_url)
BearerHandler.EXPECTED_METHOD = 'DELETE'
manager.delete(api_url)
#https://pypi.org/project/oauth2-client/
#以下のサンプルは、ブラウザーでアクセスして承認ボタンを押すタイプ
#前提条件として、misocaにログインしてアプリの設定をしていること
from logging import getLogger, StreamHandler, Formatter
from oauth2_client.credentials_manager import CredentialManager, ServiceInformation
#スコープの設定
scopes = ['read', 'write']
service_information = ServiceInformation(
'https://app.misoca.jp/oauth2/authorize', #authorizeのULR
'https://app.misoca.jp/oauth2/token', #tokenのULR
'アプリケーションIDを設定すること',
'シークレットIDを設定すること',
scopes)
manager = CredentialManager(service_information)
#リダイレクトURLを設定する
redirect_uri = 'http://0.0.0.0:5001/callback_misoca'
url = manager.init_authorize_code_process(redirect_uri, 'state_test')
#ここでブラウザを開いて、コンソールに表示されたURLをブラウザーに入力する
print('Open this url in your browser\n%s' % url)
code = manager.wait_and_terminate_authorize_code_process()
print('Code got = %s' % code)
manager.init_with_authorize_code(redirect_uri, code)
#ここでTokenをゲットできている
print('Access got = [%s]' % manager._access_token)
def __init__(self, env):
self.___manager = CredentialManager(
ServiceInformation(env.oauth.authorize, env.oauth.token,
env.oauth.clintId, env.oauth.clientSecret,
self.___scope))
#####################################################################
##loginidとパスワードを使ってMisoca(ミソカ) APIを使うサンプル
#####################################################################
from logging import getLogger, StreamHandler, Formatter
from oauth2_client.credentials_manager import CredentialManager, ServiceInformation
import urllib.request
scopes = ['read', 'write']
service_information = ServiceInformation(
'https://app.misoca.jp/oauth2/authorize', #authorizeのULR
'https://app.misoca.jp/oauth2/token', #tokenのULR
'アプリケーションIDを設定すること',
'シークレットIDを設定すること',
scopes)
manager = CredentialManager(service_information)
manager.init_with_user_credentials('login idを設定', 'パスワードを設定')
print('Access got = %s' % manager._access_token)
# Here access and refresh token may be used
response = manager.get("https://app.misoca.jp/api/v3/contacts")
print(response.text)
def _token_request(self, request_parameters, refresh_token_mandatory):
response = requests.post(NetatmoClient.TOKEN_URL, data=request_parameters)
if response.status_code != 200:
CredentialManager._handle_bad_response(response)
else:
self._process_token_response(response.json(), refresh_token_mandatory)
