def results_by_access_token(results, client_secret):
""" Splits results by access token validity
The first list of results have valid access tokens
The second list do not
"""
access_results = []
other_results = []
for result in results:
# do we even have a token
if result.access_token is None:
other_results.append(result)
else:
# check encrypted access token
tok = result.access_token
decrypted = decrypt(client_secret, tok)
if hash_sha1_64(decrypted) != result.access_sha1:
logger.debug("Invalidated %s because of invalid access checksum"%(result.id,))
other_results.append(result)
else:
# check token expiration
if result.access_exp and \
result.access_exp - time.time() < 300:
# will expire in less than 5 minutes
logger.debug("Invalidated %s because it will expire in less than 5 minutes: %s"%(result.id,result.access_exp - time.time()))
other_results.append(result)
else:
access_results.append(result)
return access_results, other_results
def access_token(record, client_secret):
""" Loads up an access_token from the database
The resulting object can be returned to the client
"""
access_token = decrypt(client_secret, record.access_token)
if hash_sha1_64(access_token) == record.access_sha1:
token = {
"access_token": access_token,
"token_type": record.access_token_type
}
if record.access_exp:
token['expires_in'] = int(record.access_exp - time.time())
else:
token['expires_in'] = 600 # 10 minute default
return token
else:
logger.info("Invalid access checksum in database")
return None
def results_by_refresh_token(results, client_secret): """ Splits results by refresh token validity The first list of results have valid refresh tokens The second list do not """ refresh_results = [] other_results = [] for result in results: # do we even have a token if result.refresh_token is None: other_results.append(result) else: # check encrypted refresh token tok = result.refresh_token decrypted = decrypt(client_secret, tok) if hash_sha1_64(decrypted) != result.refresh_sha1: other_results.append(result) else: refresh_results.append(result) return refresh_results, other_results
def parse_access_token(self, record, client_secret, token_data):
logger.info("Received access token for "+record.client_id)
record.access_token = encrypt(client_secret, token_data['access_token'])
record.access_sha1 = hash_sha1_64(token_data['access_token'])
if 'expires_in' in token_data: # required per spec
record.access_exp = time.time() + int(token_data['expires_in'])
elif 'expires' in token_data: # facebook is wrong
record.access_exp = time.time() + int(token_data['expires'])
else:
logger.debug("Strange, access token is missing expiration")
if 'token_type' in token_data: # required per spec
record.access_token_type = token_data['token_type']
else:
logger.debug("Access token is missing token_type, assuming Bearer")
record.access_token_type = 'Bearer'
if urlparse.urlparse(record.token_uri).netloc == 'graph.facebook.com':
self.parse_facebook_token(record, client_secret, token_data)
self.db.commit()
if 'refresh_token' in token_data:
self.parse_refresh_token(record, client_secret, token_data)
def parse_refresh_token(self, record, client_secret, token_data):
if 'refresh_token' in token_data:
logger.info("Received refresh token for "+record.client_id)
record.refresh_token = encrypt(client_secret, token_data['refresh_token'])
record.refresh_sha1 = hash_sha1_64(token_data['refresh_token'])
self.db.commit()