diff options
author | jturmel <jturmel@gmail.com> | 2014-03-29 23:33:26 -0500 |
---|---|---|
committer | jturmel <jturmel@gmail.com> | 2014-03-29 23:33:26 -0500 |
commit | 5d0fc1182f6d9826764cc43ade99bc5e5a81c711 (patch) | |
tree | 507668de5c1dabd7309982304477698aee72ed63 | |
parent | 14f687b7355df142ea76145dea53bcbe7d012fdc (diff) | |
download | oauthlib-5d0fc1182f6d9826764cc43ade99bc5e5a81c711.tar.gz |
Changes per PR comments
* Rename methods from crypto to signed
* Since generating a signed token to be used as a refresh token could be a bit
overkill in terms of length/storage, allow setting of refresh token generator
separately, or it defaults to whatever the other token generator was set to
* Simplify tests per PR comments
-rw-r--r-- | oauthlib/common.py | 4 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/endpoints/pre_configured.py | 31 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/tokens.py | 23 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/test_server.py | 30 |
4 files changed, 45 insertions, 43 deletions
diff --git a/oauthlib/common.py b/oauthlib/common.py index 831f9eb..d9d56b3 100644 --- a/oauthlib/common.py +++ b/oauthlib/common.py @@ -235,7 +235,7 @@ def generate_token(length=30, chars=UNICODE_ASCII_CHARACTER_SET): return ''.join(rand.choice(chars) for x in range(length)) -def generate_crypto_token(private_pem, request): +def generate_signed_token(private_pem, request): import Crypto.PublicKey.RSA as RSA import jwt @@ -256,7 +256,7 @@ def generate_crypto_token(private_pem, request): return token -def verify_crypto_token(private_pem, token): +def verify_signed_token(private_pem, token): import Crypto.PublicKey.RSA as RSA import jwt diff --git a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py index 4e4924c..a0fce39 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py +++ b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py @@ -26,7 +26,8 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint, """An all-in-one endpoint featuring all four major grant types.""" def __init__(self, request_validator, token_expires_in=None, - token_generator=None, *args, **kwargs): + token_generator=None, refresh_token_generator=None, + *args, **kwargs): """Construct a new all-grants-in-one server. :param request_validator: An implementation of @@ -35,6 +36,8 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint, expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. + :param refresh_token_generator: A function to generate a token from a + request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ @@ -44,7 +47,7 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint, credentials_grant = ClientCredentialsGrant(request_validator) refresh_grant = RefreshTokenGrant(request_validator) bearer = BearerToken(request_validator, token_generator, - expires_in=token_expires_in) + token_expires_in, refresh_token_generator) AuthorizationEndpoint.__init__(self, default_response_type='code', response_types={ 'code': auth_grant, @@ -69,7 +72,7 @@ class WebApplicationServer(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoin """An all-in-one endpoint featuring Authorization code grant and Bearer tokens.""" def __init__(self, request_validator, token_generator=None, - token_expires_in=None, **kwargs): + token_expires_in=None, refresh_token_generator=None, **kwargs): """Construct a new web application server. :param request_validator: An implementation of @@ -78,13 +81,15 @@ class WebApplicationServer(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoin expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. + :param refresh_token_generator: A function to generate a token from a + request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ auth_grant = AuthorizationCodeGrant(request_validator) refresh_grant = RefreshTokenGrant(request_validator) bearer = BearerToken(request_validator, token_generator, - expires_in=token_expires_in) + token_expires_in, refresh_token_generator) AuthorizationEndpoint.__init__(self, default_response_type='code', response_types={'code': auth_grant}, default_token_type=bearer) @@ -104,7 +109,7 @@ class MobileApplicationServer(AuthorizationEndpoint, ResourceEndpoint, """An all-in-one endpoint featuring Implicit code grant and Bearer tokens.""" def __init__(self, request_validator, token_generator=None, - token_expires_in=None, **kwargs): + token_expires_in=None, refresh_token_generator=None, **kwargs): """Construct a new implicit grant server. :param request_validator: An implementation of @@ -113,12 +118,14 @@ class MobileApplicationServer(AuthorizationEndpoint, ResourceEndpoint, expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. + :param refresh_token_generator: A function to generate a token from a + request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ implicit_grant = ImplicitGrant(request_validator) bearer = BearerToken(request_validator, token_generator, - expires_in=token_expires_in) + token_expires_in, refresh_token_generator) AuthorizationEndpoint.__init__(self, default_response_type='token', response_types={'token': implicit_grant}, default_token_type=bearer) @@ -133,7 +140,7 @@ class LegacyApplicationServer(TokenEndpoint, ResourceEndpoint, """An all-in-one endpoint featuring Resource Owner Password Credentials grant and Bearer tokens.""" def __init__(self, request_validator, token_generator=None, - token_expires_in=None, **kwargs): + token_expires_in=None, refresh_token_generator=None, **kwargs): """Construct a resource owner password credentials grant server. :param request_validator: An implementation of @@ -142,13 +149,15 @@ class LegacyApplicationServer(TokenEndpoint, ResourceEndpoint, expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. + :param refresh_token_generator: A function to generate a token from a + request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ password_grant = ResourceOwnerPasswordCredentialsGrant(request_validator) refresh_grant = RefreshTokenGrant(request_validator) bearer = BearerToken(request_validator, token_generator, - expires_in=token_expires_in) + token_expires_in, refresh_token_generator) TokenEndpoint.__init__(self, default_grant_type='password', grant_types={ 'password': password_grant, @@ -165,7 +174,7 @@ class BackendApplicationServer(TokenEndpoint, ResourceEndpoint, """An all-in-one endpoint featuring Client Credentials grant and Bearer tokens.""" def __init__(self, request_validator, token_generator=None, - token_expires_in=None, **kwargs): + token_expires_in=None, refresh_token_generator=None, **kwargs): """Construct a client credentials grant server. :param request_validator: An implementation of @@ -174,12 +183,14 @@ class BackendApplicationServer(TokenEndpoint, ResourceEndpoint, expiration offset (in seconds) given a oauthlib.common.Request object. :param token_generator: A function to generate a token from a request. + :param refresh_token_generator: A function to generate a token from a + request for the refresh token. :param kwargs: Extra parameters to pass to authorization-, token-, resource-, and revocation-endpoint constructors. """ credentials_grant = ClientCredentialsGrant(request_validator) bearer = BearerToken(request_validator, token_generator, - expires_in=token_expires_in) + token_expires_in, refresh_token_generator) TokenEndpoint.__init__(self, default_grant_type='client_credentials', grant_types={'client_credentials': credentials_grant}, default_token_type=bearer) diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py index 8421af0..66c7826 100644 --- a/oauthlib/oauth2/rfc6749/tokens.py +++ b/oauthlib/oauth2/rfc6749/tokens.py @@ -165,14 +165,12 @@ def random_token_generator(request, refresh_token=False): return common.generate_token() -def crypto_token_generator(private_pem): - def crypto_token_generator(request, refresh_token=False): - if not refresh_token: - return common.generate_crypto_token(private_pem, request) - else: - return common.generate_token() +def signed_token_generator(private_pem, **kwargs): + def signed_token_generator(request): + request.claims = kwargs + return common.generate_signed_token(private_pem, request) - return crypto_token_generator + return signed_token_generator class TokenBase(object): @@ -190,12 +188,13 @@ class TokenBase(object): class BearerToken(TokenBase): def __init__(self, request_validator=None, token_generator=None, - expires_in=None, **kwargs): + expires_in=None, refresh_token_generator=None): self.request_validator = request_validator self.token_generator = token_generator or random_token_generator + self.refresh_token_generator = ( + refresh_token_generator or self.token_generator + ) self.expires_in = expires_in or 3600 - # Claims to be stored when using a crypto token - self.claims = kwargs def create_token(self, request, refresh_token=False): """Create a BearerToken, by default without refresh token.""" @@ -206,7 +205,6 @@ class BearerToken(TokenBase): expires_in = self.expires_in request.expires_in = expires_in - request.claims = self.claims token = { 'access_token': self.token_generator(request), @@ -225,8 +223,7 @@ class BearerToken(TokenBase): not self.request_validator.rotate_refresh_token(request)): token['refresh_token'] = request.refresh_token else: - token['refresh_token'] = self.token_generator( - request, refresh_token=True) + token['refresh_token'] = self.refresh_token_generator(request) token.update(request.extra_credentials or {}) diff --git a/tests/oauth2/rfc6749/test_server.py b/tests/oauth2/rfc6749/test_server.py index 71f1eb7..24c9fb9 100644 --- a/tests/oauth2/rfc6749/test_server.py +++ b/tests/oauth2/rfc6749/test_server.py @@ -7,6 +7,7 @@ import jwt import mock from oauthlib import common +from oauthlib.oauth2.rfc6749.endpoints import Server from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint from oauthlib.oauth2.rfc6749.endpoints.token import TokenEndpoint from oauthlib.oauth2.rfc6749.endpoints.resource import ResourceEndpoint @@ -161,7 +162,7 @@ class TokenEndpointTest(TestCase): self.assertEqual(json.loads(body), token) -class CryptoTokenEndpointTest(TestCase): +class SignedTokenEndpointTest(TestCase): def setUp(self): self.expires_in = 1800 @@ -175,17 +176,6 @@ class CryptoTokenEndpointTest(TestCase): self.mock_validator = mock.MagicMock() self.mock_validator.authenticate_client.side_effect = set_user self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock()) - auth_code = AuthorizationCodeGrant( - request_validator=self.mock_validator) - password = ResourceOwnerPasswordCredentialsGrant( - request_validator=self.mock_validator) - client = ClientCredentialsGrant( - request_validator=self.mock_validator) - supported_types = { - 'authorization_code': auth_code, - 'password': password, - 'client_credentials': client, - } self.private_pem = ( "-----BEGIN RSA PRIVATE KEY-----\n" @@ -216,11 +206,15 @@ class CryptoTokenEndpointTest(TestCase): "c6MxSWgsa+2Ld5SWSNbGtpPcmEM3Fl5ttMCNCKtNc0UE16oHwaPAIw==\n" "-----END RSA PRIVATE KEY-----" ) - token = tokens.BearerToken(self.mock_validator, - token_generator=tokens.crypto_token_generator(self.private_pem), - expires_in=self.expires_in, user_id=123) - self.endpoint = TokenEndpoint('authorization_code', - default_token_type=token, grant_types=supported_types) + + signed_token = tokens.signed_token_generator(self.private_pem, + user_id=123) + self.endpoint = Server( + self.mock_validator, + token_expires_in=self.expires_in, + token_generator=signed_token, + refresh_token_generator=tokens.random_token_generator + ) @mock.patch('oauthlib.common.generate_token', new=lambda: 'abc') def test_authorization_grant(self): @@ -260,7 +254,7 @@ class CryptoTokenEndpointTest(TestCase): access_token = json.loads(body)['access_token'] - claims = common.verify_crypto_token(self.private_pem, access_token) + claims = common.verify_signed_token(self.private_pem, access_token) self.assertEqual(claims['scope'], 'all of them') self.assertEqual(claims['user_id'], 123) |