Finish support for updated gcloud
Project: http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/commit/4219ecc2 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/tree/4219ecc2 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/diff/4219ecc2 Branch: refs/heads/master Commit: 4219ecc23d63b44a6040004b8bb8d6a59b213fe8 Parents: 34c685d Author: BroganD1993 <darrenbro...@hotmail.com> Authored: Fri Jul 25 20:23:19 2014 +0100 Committer: BroganD1993 <darrenbro...@hotmail.com> Committed: Fri Jul 25 20:23:19 2014 +0100 ---------------------------------------------------------------------- gstack/controllers/OAuth2.py | 1 + gstack/models/accesstoken.py | 6 ++- gstack/models/refreshtoken.py | 4 +- gstack/oauth2provider.py | 6 +-- migrations/versions/76bb287a37d_.py | 14 ++++-- pyoauth2/provider.py | 75 +++++--------------------------- 6 files changed, 33 insertions(+), 73 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/blob/4219ecc2/gstack/controllers/OAuth2.py ---------------------------------------------------------------------- diff --git a/gstack/controllers/OAuth2.py b/gstack/controllers/OAuth2.py index b655e59..19218c4 100644 --- a/gstack/controllers/OAuth2.py +++ b/gstack/controllers/OAuth2.py @@ -47,4 +47,5 @@ def token(): res = make_response(response.text, response.status_code) for k, v in response.headers.iteritems(): res.headers[k] = v + return res http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/blob/4219ecc2/gstack/models/accesstoken.py ---------------------------------------------------------------------- diff --git a/gstack/models/accesstoken.py b/gstack/models/accesstoken.py index cb4d159..5eb7363 100644 --- a/gstack/models/accesstoken.py +++ b/gstack/models/accesstoken.py @@ -24,11 +24,13 @@ class AccessToken(db.Model): __tablename__ = 'accesstoken' access_token = db.Column(db.String(100), primary_key=True, unique=True) client_id = db.Column(db.String(100), unique=True) - expires_in = db.Column(db.Integer) + expires_in = db.Column(db.String(10)) + id_token = db.Column(db.String(1000)) data = db.Column(db.String(500)) - def __init__(self, access_token, client_id, expires_in, data): + def __init__(self, access_token, client_id, expires_in, id_token, data): self.access_token = access_token self.client_id = client_id self.expires_in = expires_in + self.id_token = id_token self.data = data http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/blob/4219ecc2/gstack/models/refreshtoken.py ---------------------------------------------------------------------- diff --git a/gstack/models/refreshtoken.py b/gstack/models/refreshtoken.py index 9b8bab0..3a08831 100644 --- a/gstack/models/refreshtoken.py +++ b/gstack/models/refreshtoken.py @@ -25,8 +25,10 @@ class RefreshToken(db.Model): refresh_token = db.Column(db.String(100), primary_key=True, unique=True) client_id = db.Column(db.String(100), unique=True) data = db.Column(db.String(500)) + id_token = db.Column(db.String(1000)) - def __init__(self, refresh_token, client_id, data): + def __init__(self, refresh_token, client_id, id_token, data): self.refresh_token = refresh_token self.client_id = client_id self.data = data + self.id_token = id_token http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/blob/4219ecc2/gstack/oauth2provider.py ---------------------------------------------------------------------- diff --git a/gstack/oauth2provider.py b/gstack/oauth2provider.py index 9a64e87..0c4a980 100644 --- a/gstack/oauth2provider.py +++ b/gstack/oauth2provider.py @@ -78,7 +78,7 @@ class CloudstackAuthorizationProvider(AuthorizationProvider): return def persist_token_information(self, client_id, scope, access_token, token_type, - expires_in, refresh_token, data): + expires_in, refresh_token, id_token, data): client = Client.query.get(client_id) if client is not None: existing_access_token = AccessToken.query.filter_by( @@ -92,7 +92,7 @@ class CloudstackAuthorizationProvider(AuthorizationProvider): else: db.session.add( AccessToken( - access_token, client_id, expires_in, json.dumps(data) + access_token, client_id, expires_in, id_token, json.dumps(data) ) ) @@ -101,7 +101,7 @@ class CloudstackAuthorizationProvider(AuthorizationProvider): existing_refresh_token.data = json.dumps(data) else: db.session.add( - RefreshToken(refresh_token, client_id, json.dumps(data))) + RefreshToken(refresh_token, client_id, id_token, json.dumps(data))) db.session.commit() return True http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/blob/4219ecc2/migrations/versions/76bb287a37d_.py ---------------------------------------------------------------------- diff --git a/migrations/versions/76bb287a37d_.py b/migrations/versions/76bb287a37d_.py index 27e6df6..4353642 100644 --- a/migrations/versions/76bb287a37d_.py +++ b/migrations/versions/76bb287a37d_.py @@ -23,11 +23,15 @@ def upgrade(): nullable=True), sa.Column( 'expires_in', - sa.String(length=255), + sa.String(length=10), + nullable=True), + sa.Column( + 'id_token', + sa.String(length=1000), nullable=True), sa.Column( 'data', - sa.String(length=255), + sa.String(length=500), nullable=True), sa.PrimaryKeyConstraint('access_token'), sa.UniqueConstraint('client_id') @@ -48,8 +52,12 @@ def upgrade(): sa.String(length=255), nullable=True), sa.Column( + 'id_token', + sa.String(length=1000), + nullable=True), + sa.Column( 'data', - sa.String(length=255), + sa.String(length=500), nullable=True), sa.PrimaryKeyConstraint('refresh_token'), sa.UniqueConstraint('client_id') http://git-wip-us.apache.org/repos/asf/cloudstack-gcestack/blob/4219ecc2/pyoauth2/provider.py ---------------------------------------------------------------------- diff --git a/pyoauth2/provider.py b/pyoauth2/provider.py index 9d85ec8..2c95374 100644 --- a/pyoauth2/provider.py +++ b/pyoauth2/provider.py @@ -1,4 +1,5 @@ import json +import jwt from requests import Response from cStringIO import StringIO try: @@ -100,61 +101,6 @@ class AuthorizationProvider(Provider): """OAuth 2.0 authorization provider. This class manages authorization codes and access tokens. Certain methods MUST be overridden in a subclass, thus this class cannot be directly used as a provider. - - These are the methods that must be implemented in a subclass: - - validate_client_id(self, client_id) - # Return True or False - - validate_client_secret(self, client_id, client_secret) - # Return True or False - - validate_scope(self, client_id, scope) - # Return True or False - - validate_redirect_uri(self, client_id, redirect_uri) - # Return True or False - - validate_access(self) # Use this to validate your app session user - # Return True or False - - from_authorization_code(self, client_id, code, scope) - # Return mixed data or None on invalid - - from_refresh_token(self, client_id, refresh_token, scope) - # Return mixed data or None on invalid - - persist_authorization_code(self, client_id, code, scope) - # Return value ignored - - persist_token_information(self, client_id, scope, access_token, - token_type, expires_in, refresh_token, - data) - # Return value ignored - - discard_authorization_code(self, client_id, code) - # Return value ignored - - discard_refresh_token(self, client_id, refresh_token) - # Return value ignored - - Optionally, the following may be overridden to acheive desired behavior: - - @property - token_length(self) - - @property - token_type(self) - - @property - token_expires_in(self) - - generate_authorization_code(self) - - generate_access_token(self) - - generate_refresh_token(self) - """ @property @@ -179,14 +125,15 @@ class AuthorizationProvider(Provider): :rtype: int """ - return 3600 + return "3600" - def generate_id_token(self): + def generate_id_token(self, client_id, client_secret): """Generate a random authorization code. :rtype: str """ - return 'ryJhbGciOiJSUzI1NiIsImtpZCI6IjRiODZiNDQxMmE2MmRiOWRmY2JkYjg2MWZlZmRjM2YwMzgzYjFlNDIifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiaWQiOiIxMTc1NTA3MTAxNzk0MTI2NTQxNzkiLCJzdWIiOiIxMTc1NTA3MTAxNzk0MTI2NTQxNzkiLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImVtYWlsIjoiYnJvZ2FuZDkzQGRhcnJlbmJyb2dhbi5pZSIsImF0X2hhc2giOiJzdmVrRzJlVmc3YnpiRW91a05xY3FRIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJkYXJyZW5icm9nYW4uaWUiLCJ0b2tlbl9oYXNoIjoic3Zla0cyZVZnN2J6YkVvdWtOcWNxUSIsInZlcmlmaWVkX2VtYWlsIjp0cnVlLCJjaWQiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImlhdCI6MTQwNjIzMTczOCwiZXhwIjoxNDA2MjM1NjM4fQ.QpvqKU_GWtqBdZsazpJs4UnuwkpVlOhYk6tYNNXhJSnbbLgpg847vbuMUEBM_vP03JB7Ot5P3AuSzSiBtXXB4hd8IU8puR4NYUMkrMfSNLYSGTyy1qf39v3LM10wsaUC4trw9eWPNHZoVimxhblfs-ocAyfiyFFizK8kdvWlM9w' + return jwt.encode({"email": "user@gstack"}, client_secret) + def generate_authorization_code(self): """Generate a random authorization code. @@ -324,7 +271,7 @@ class AuthorizationProvider(Provider): token_type = self.token_type expires_in = self.token_expires_in refresh_token = self.generate_refresh_token() - id_token = self.generate_id_token() + id_token = self.generate_id_token(client_id, client_secret) # Save information to be used to validate later requests self.persist_token_information(client_id=client_id, @@ -333,6 +280,7 @@ class AuthorizationProvider(Provider): token_type=token_type, expires_in=expires_in, refresh_token=refresh_token, + id_token=id_token, data=data) # Return json response @@ -400,7 +348,7 @@ class AuthorizationProvider(Provider): token_type = self.token_type expires_in = self.token_expires_in refresh_token = self.generate_refresh_token() - id_token = self.generate_id_token() + id_token = self.generate_id_token(client_id, client_secret) # Save information to be used to validate later requests self.persist_token_information(client_id=client_id, @@ -409,6 +357,7 @@ class AuthorizationProvider(Provider): token_type=token_type, expires_in=expires_in, refresh_token=refresh_token, + id_token=id_token, data=data) # Return json response @@ -487,9 +436,7 @@ class AuthorizationProvider(Provider): # Catch missing parameters in request return self._make_json_error_response('invalid_request') - except Exception as exc: - self._handle_exception(exc) - print exc + except Exception: # Catch all other server errors return self._make_json_error_response('server_error') @@ -527,7 +474,7 @@ class AuthorizationProvider(Provider): def persist_token_information(self, client_id, scope, access_token, token_type, expires_in, refresh_token, - data): + id_token, data): raise NotImplementedError('Subclasses must implement ' 'persist_token_information.')
