def get_or_create_app(name, redirect_uri, user, client_id=None, client_secret=None): """ Get or creates an OAuth2 application. """ try: application = Application.objects.get(name=name) except Application.DoesNotExist: application = Application() application.user = user if client_id and client_secret: application.client_id = client_id application.client_secret = client_secret application.name = name application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE application.client_type = Application.CLIENT_CONFIDENTIAL application.redirect_uris = redirect_uri application.save() return application
def save(self, commit=True): app = Application(**self.cleaned_data) app.authorization_grant_type = Application.GRANT_CLIENT_CREDENTIALS app.user = self.user app.client_type = Application.CLIENT_CONFIDENTIAL app.save(commit) return app
def add_auth(entity, user, form): if "client_id" in form.cleaned_data: if "client_secret" in form.cleaned_data: if "token_end_point" in form.cleaned_data: id = form.cleaned_data['client_id'] secret = form.cleaned_data['client_secret'] end_point = form.cleaned_data['token_end_point'] client = OAuthRemoteClient() client.client_id = id client.client_secret = secret client.token_endpoint = end_point client.entity = entity client.save() application = Application() application.user = user application.client_type = 'confidential' application.authorization_grant_type = 'client-credentials' application.name = entity.name application.save() entityOA = EntityOAuth() entityOA.entity = entity entityOA.application = application entityOA.save()
def createApplication(self, user, name, id, secret): application = Application() application.user = user application.client_type = 'confidential' application.authorization_grant_type = 'password' application.name = name application.client_id = id application.client_secret = secret application.save()
def create_user_settings(sender, instance=None, created=False, **kwargs): """ For created user, creating Application instance for oauth2 model, use 'client_type = public' for authorization with client_id without client_secret, and 'grant_type = password' for password authenticate. Value for variable from oauth source code. """ if created: app = Application() app.user = instance app.name = 'default' app.authorization_grant_type = 'password' app.client_type = 'public' app.save()
def setUp(self): user = MyUser.objects.create(username=self.username) self.client = APIClient() self.client.force_authenticate(user=user) self.user = user self.user.set_password(self.password) self.user.save() self.cl = APIClient() app= Application() app.client_id=self.client_id app.user=self.user app.authorization_grant_type="password" app.client_type="public" app.client_secret=self.client_secret app.save()
def save(self, *args, **kwargs): if hasattr(self, "application"): application = self.application else: application = Application() application.name = self.name application.user = self.coordinator.user application.client_type = Application.CLIENT_CONFIDENTIAL application.redirect_uris = self.redirect_url application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE application.save() self.application = application super(OAuth2DataRequestProject, self).save(*args, **kwargs)
def setup_user_token(): # create user user = User.objects.create_user('hongzhi', password='******') # create oauth application app = Application() app.user = user app.save() token = AccessToken() token.user = user token.expires = timezone.now().replace(year=timezone.now().year + 1) token.application = app token.token = '987654321' token.save() return user, token.token
def form_valid(self, form): if Application.objects.filter(name=form.cleaned_data["application_name"]).exists(): messages.warning(self.request, "Application with this name already exists.") else: oapp = OAuthApplication() oapp.description = form.cleaned_data["description"] oapp.website = form.cleaned_data["website"] omodel = Application() omodel.user = self.request.user omodel.redirect_uris = form.cleaned_data["callback_url"] omodel.client_type = "confidential" omodel.authorization_grant_type = "authorization-code" omodel.name = form.cleaned_data["application_name"] omodel.save() oapp.client = omodel oapp.save() messages.success(self.request, "Application Created!") return super(OAuthClientCreateView, self).form_valid(form)
def test_unregister(self): """ To test that unregistering user is working. """ # test not logged user can't unregister. self.client.logout() result = self.client.post(reverse('member-unregister'), follow=False) self.assertEqual(result.status_code, 302) # test logged user can register. user = ProfileFactory() login_check = self.client.login(username=user.user.username, password='******') self.assertEqual(login_check, True) result = self.client.post(reverse('member-unregister'), follow=False) self.assertEqual(result.status_code, 302) self.assertEqual( User.objects.filter(username=user.user.username).count(), 0) # Attach a user at tutorials, articles, topics and private topics. After that, # unregister this user and check that he is well removed in all contents. user = ProfileFactory() user2 = ProfileFactory() alone_gallery = GalleryFactory() UserGalleryFactory(gallery=alone_gallery, user=user.user) shared_gallery = GalleryFactory() UserGalleryFactory(gallery=shared_gallery, user=user.user) UserGalleryFactory(gallery=shared_gallery, user=user2.user) # first case : a published tutorial with only one author published_tutorial_alone = PublishedContentFactory(type='TUTORIAL') published_tutorial_alone.authors.add(user.user) published_tutorial_alone.save() # second case : a published tutorial with two authors published_tutorial_2 = PublishedContentFactory(type='TUTORIAL') published_tutorial_2.authors.add(user.user) published_tutorial_2.authors.add(user2.user) published_tutorial_2.save() # third case : a private tutorial with only one author writing_tutorial_alone = PublishableContentFactory(type='TUTORIAL') writing_tutorial_alone.authors.add(user.user) writing_tutorial_alone.save() writing_tutorial_alone_galler_path = writing_tutorial_alone.gallery.get_gallery_path( ) # fourth case : a private tutorial with at least two authors writing_tutorial_2 = PublishableContentFactory(type='TUTORIAL') writing_tutorial_2.authors.add(user.user) writing_tutorial_2.authors.add(user2.user) writing_tutorial_2.save() self.client.login(username=self.staff.username, password="******") # same thing for articles published_article_alone = PublishedContentFactory(type='ARTICLE') published_article_alone.authors.add(user.user) published_article_alone.save() published_article_2 = PublishedContentFactory(type='ARTICLE') published_article_2.authors.add(user.user) published_article_2.authors.add(user2.user) published_article_2.save() writing_article_alone = PublishableContentFactory(type='ARTICLE') writing_article_alone.authors.add(user.user) writing_article_alone.save() writing_article_2 = PublishableContentFactory(type='ARTICLE') writing_article_2.authors.add(user.user) writing_article_2.authors.add(user2.user) writing_article_2.save() # beta content beta_forum = ForumFactory(category=CategoryFactory()) beta_content = BetaContentFactory(author_list=[user.user], forum=beta_forum) beta_content_2 = BetaContentFactory( author_list=[user.user, user2.user], forum=beta_forum) # about posts and topics authored_topic = TopicFactory(author=user.user, forum=self.forum11) answered_topic = TopicFactory(author=user2.user, forum=self.forum11) PostFactory(topic=answered_topic, author=user.user, position=2) edited_answer = PostFactory(topic=answered_topic, author=user.user, position=3) edited_answer.editor = user.user edited_answer.save() upvoted_answer = PostFactory(topic=answered_topic, author=user2.user, position=4) upvoted_answer.like += 1 upvoted_answer.save() CommentVote.objects.create(user=user.user, comment=upvoted_answer, positive=True) private_topic = PrivateTopicFactory(author=user.user) private_topic.participants.add(user2.user) private_topic.save() PrivatePostFactory(author=user.user, privatetopic=private_topic, position_in_topic=1) # add API key self.assertEqual(Application.objects.count(), 0) self.assertEqual(AccessToken.objects.count(), 0) api_application = Application() api_application.client_id = 'foobar' api_application.user = user.user api_application.client_type = 'confidential' api_application.authorization_grant_type = 'password' api_application.client_secret = '42' api_application.save() token = AccessToken() token.user = user.user token.token = 'r@d0m' token.application = api_application token.expires = datetime.now() token.save() self.assertEqual(Application.objects.count(), 1) self.assertEqual(AccessToken.objects.count(), 1) # login and unregister: login_check = self.client.login(username=user.user.username, password='******') self.assertEqual(login_check, True) result = self.client.post(reverse('member-unregister'), follow=False) self.assertEqual(result.status_code, 302) # check that the bot have taken authorship of tutorial: self.assertEqual(published_tutorial_alone.authors.count(), 1) self.assertEqual(published_tutorial_alone.authors.first().username, settings.ZDS_APP["member"]["external_account"]) self.assertFalse(os.path.exists(writing_tutorial_alone_galler_path)) self.assertEqual(published_tutorial_2.authors.count(), 1) self.assertEqual( published_tutorial_2.authors.filter( username=settings.ZDS_APP["member"] ["external_account"]).count(), 0) # check that published tutorials remain published and accessible self.assertIsNotNone( published_tutorial_2.public_version.get_prod_path()) self.assertTrue( os.path.exists( published_tutorial_2.public_version.get_prod_path())) self.assertIsNotNone( published_tutorial_alone.public_version.get_prod_path()) self.assertTrue( os.path.exists( published_tutorial_alone.public_version.get_prod_path())) self.assertEqual( self.client.get(reverse('tutorial:view', args=[ published_tutorial_alone.pk, published_tutorial_alone.slug ]), follow=False).status_code, 200) self.assertEqual( self.client.get(reverse( 'tutorial:view', args=[published_tutorial_2.pk, published_tutorial_2.slug]), follow=False).status_code, 200) # test that published articles remain accessible self.assertTrue( os.path.exists( published_article_alone.public_version.get_prod_path())) self.assertEqual( self.client.get(reverse('article:view', args=[ published_article_alone.pk, published_article_alone.slug ]), follow=True).status_code, 200) self.assertEqual( self.client.get(reverse( 'article:view', args=[published_article_2.pk, published_article_2.slug]), follow=True).status_code, 200) # check that the tutorial for which the author was alone does not exists anymore self.assertEqual( PublishableContent.objects.filter( pk=writing_tutorial_alone.pk).count(), 0) self.assertFalse(os.path.exists( writing_tutorial_alone.get_repo_path())) # check that bot haven't take the authorship of the tuto with more than one author self.assertEqual(writing_tutorial_2.authors.count(), 1) self.assertEqual( writing_tutorial_2.authors.filter( username=settings.ZDS_APP["member"] ["external_account"]).count(), 0) # authorship for the article for which user was the only author self.assertEqual(published_article_alone.authors.count(), 1) self.assertEqual(published_article_alone.authors.first().username, settings.ZDS_APP["member"]["external_account"]) self.assertEqual(published_article_2.authors.count(), 1) self.assertEqual( PublishableContent.objects.filter( pk=writing_article_alone.pk).count(), 0) self.assertFalse(os.path.exists(writing_article_alone.get_repo_path())) # not bot if another author: self.assertEqual( published_article_2.authors.filter( username=settings.ZDS_APP["member"] ["external_account"]).count(), 0) self.assertEqual(writing_article_2.authors.count(), 1) self.assertEqual( writing_article_2.authors.filter( username=settings.ZDS_APP["member"] ["external_account"]).count(), 0) # topics, gallery and PMs: self.assertEqual( Topic.objects.filter(author__username=user.user.username).count(), 0) self.assertEqual( Post.objects.filter(author__username=user.user.username).count(), 0) self.assertEqual( Post.objects.filter(editor__username=user.user.username).count(), 0) self.assertEqual( PrivatePost.objects.filter( author__username=user.user.username).count(), 0) self.assertEqual( PrivateTopic.objects.filter( author__username=user.user.username).count(), 0) self.assertIsNotNone(Topic.objects.get(pk=authored_topic.pk)) self.assertIsNotNone(PrivateTopic.objects.get(pk=private_topic.pk)) self.assertIsNotNone(Gallery.objects.get(pk=alone_gallery.pk)) self.assertEquals(alone_gallery.get_linked_users().count(), 1) self.assertEquals(shared_gallery.get_linked_users().count(), 1) self.assertEquals( UserGallery.objects.filter(user=user.user).count(), 0) self.assertEquals( CommentVote.objects.filter(user=user.user, positive=True).count(), 0) self.assertEquals( Post.objects.filter(pk=upvoted_answer.id).first().like, 0) # zep 12, published contents and beta self.assertIsNotNone( PublishedContent.objects.filter( content__pk=published_tutorial_alone.pk).first()) self.assertIsNotNone( PublishedContent.objects.filter( content__pk=published_tutorial_2.pk).first()) self.assertTrue( Topic.objects.get(pk=beta_content.beta_topic.pk).is_locked) self.assertFalse( Topic.objects.get(pk=beta_content_2.beta_topic.pk).is_locked) # check API self.assertEqual(Application.objects.count(), 0) self.assertEqual(AccessToken.objects.count(), 0)