def delete(self, delete_message=None): self.delete_message = delete_message self._deleted = True self._commit() #update caches Account._by_name(self.name, allow_deleted = True, _update = True) #we need to catch an exception here since it will have been #recently deleted try: Account._by_name(self.name, _update = True) except NotFound: pass #remove from friends lists q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == 'friend', eager_load = True) for f in q: f._thing1.remove_friend(f._thing2) q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == 'enemy', eager_load=True) for f in q: f._thing1.remove_enemy(f._thing2) # Remove OAuth2Client developer permissions. This will delete any # clients for which this account is the sole developer. from r2.models.token import OAuth2Client for client in OAuth2Client._by_developer(self): client.remove_developer(self)
def GET_refresh_token(self, *args, **kwargs): # pylint: disable=unused-argument """Generate a refresh token given a username""" username = request.GET['username'] try: account = Account._by_name(username) except NotFound: account = register(username, uuid4().hex, '127.0.0.1') # subscribe the user now because reddit does not have consistency across # its APIs on what it considers the user to be subscribed to if not account.has_subscribed: Subreddit.subscribe_defaults(account) account.has_subscribed = True account._commit() client_id = g.secrets['generate_refresh_token_client_id'] client = OAuth2Client.get_token(client_id) scope = OAuth2Scope(OAuth2Scope.FULL_ACCESS) user_id = account._id36 refresh_token = OAuth2RefreshToken._new( client_id=client._id, user_id=user_id, scope=scope, ) access_token = OAuth2AccessToken._new( client_id=client._id, user_id=user_id, scope=scope, device_id='device', ) return json.dumps(OAuth2AccessController._make_new_token_response(access_token, refresh_token))
def delete(self, delete_message=None): self.delete_message = delete_message self.delete_time = datetime.now(g.tz) self._deleted = True self._commit() # update caches Account._by_name(self.name, allow_deleted=True, _update=True) # we need to catch an exception here since it will have been # recently deleted try: Account._by_name(self.name, _update=True) except NotFound: pass # remove from friends lists q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == "friend", eager_load=True) for f in q: f._thing1.remove_friend(f._thing2) q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == "enemy", eager_load=True) for f in q: f._thing1.remove_enemy(f._thing2) # wipe out stored password data after a recovery period TryLater.schedule("account_deletion", self._id36, delay=timedelta(days=90)) # Remove OAuth2Client developer permissions. This will delete any # clients for which this account is the sole developer. from r2.models.token import OAuth2Client for client in OAuth2Client._by_developer(self): client.remove_developer(self)
def run(self, client_id): if not client_id: return self.error() client = OAuth2Client.get_token(client_id) if client: return client else: return self.error()
def _get_client_auth(self): auth = request.headers.get("Authorization") try: client_id, client_secret = parse_http_basic(auth) client = OAuth2Client.get_token(client_id) require(client) require(constant_time_compare(client.secret, client_secret)) return client except RequirementException: abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def _get_client_auth(self): auth = request.headers.get("Authorization") try: auth_scheme, auth_token = require_split(auth, 2) require(auth_scheme.lower() == "basic") try: auth_data = base64.b64decode(auth_token) except TypeError: raise RequirementException client_id, client_secret = require_split(auth_data, 2, ":") client = OAuth2Client.get_token(client_id) require(client) require(client.secret == client_secret) return client except RequirementException: abort(401, headers=[("WWW-Authenticate", 'Basic realm="reddit"')])
def delete(self, delete_message=None): self.delete_message = delete_message self.delete_time = datetime.now(g.tz) self._deleted = True self._commit() #update caches Account._by_name(self.name, allow_deleted=True, _update=True) #we need to catch an exception here since it will have been #recently deleted try: Account._by_name(self.name, _update=True) except NotFound: pass # Mark this account for scrubbing amqp.add_item('account_deleted', self._fullname) #remove from friends lists q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == 'friend', eager_load=True) for f in q: f._thing1.remove_friend(f._thing2) q = Friend._query(Friend.c._thing2_id == self._id, Friend.c._name == 'enemy', eager_load=True) for f in q: f._thing1.remove_enemy(f._thing2) # wipe out stored password data after a recovery period TryLater.schedule("account_deletion", self._id36, delay=timedelta(days=90)) # Remove OAuth2Client developer permissions. This will delete any # clients for which this account is the sole developer. from r2.models.token import OAuth2Client for client in OAuth2Client._by_developer(self): client.remove_developer(self)