Finish support for updated gcloud
diff --git a/gstack/controllers/OAuth2.py b/gstack/controllers/OAuth2.py
index b655e59..19218c4 100644
--- a/gstack/controllers/OAuth2.py
+++ b/gstack/controllers/OAuth2.py
@@ -47,4 +47,5 @@
res = make_response(response.text, response.status_code)
for k, v in response.headers.iteritems():
res.headers[k] = v
+
return res
diff --git a/gstack/models/accesstoken.py b/gstack/models/accesstoken.py
index cb4d159..5eb7363 100644
--- a/gstack/models/accesstoken.py
+++ b/gstack/models/accesstoken.py
@@ -24,11 +24,13 @@
__tablename__ = 'accesstoken'
access_token = db.Column(db.String(100), primary_key=True, unique=True)
client_id = db.Column(db.String(100), unique=True)
- expires_in = db.Column(db.Integer)
+ expires_in = db.Column(db.String(10))
+ id_token = db.Column(db.String(1000))
data = db.Column(db.String(500))
- def __init__(self, access_token, client_id, expires_in, data):
+ def __init__(self, access_token, client_id, expires_in, id_token, data):
self.access_token = access_token
self.client_id = client_id
self.expires_in = expires_in
+ self.id_token = id_token
self.data = data
diff --git a/gstack/models/refreshtoken.py b/gstack/models/refreshtoken.py
index 9b8bab0..3a08831 100644
--- a/gstack/models/refreshtoken.py
+++ b/gstack/models/refreshtoken.py
@@ -25,8 +25,10 @@
refresh_token = db.Column(db.String(100), primary_key=True, unique=True)
client_id = db.Column(db.String(100), unique=True)
data = db.Column(db.String(500))
+ id_token = db.Column(db.String(1000))
- def __init__(self, refresh_token, client_id, data):
+ def __init__(self, refresh_token, client_id, id_token, data):
self.refresh_token = refresh_token
self.client_id = client_id
self.data = data
+ self.id_token = id_token
diff --git a/gstack/oauth2provider.py b/gstack/oauth2provider.py
index 9a64e87..0c4a980 100644
--- a/gstack/oauth2provider.py
+++ b/gstack/oauth2provider.py
@@ -78,7 +78,7 @@
return
def persist_token_information(self, client_id, scope, access_token, token_type,
- expires_in, refresh_token, data):
+ expires_in, refresh_token, id_token, data):
client = Client.query.get(client_id)
if client is not None:
existing_access_token = AccessToken.query.filter_by(
@@ -92,7 +92,7 @@
else:
db.session.add(
AccessToken(
- access_token, client_id, expires_in, json.dumps(data)
+ access_token, client_id, expires_in, id_token, json.dumps(data)
)
)
@@ -101,7 +101,7 @@
existing_refresh_token.data = json.dumps(data)
else:
db.session.add(
- RefreshToken(refresh_token, client_id, json.dumps(data)))
+ RefreshToken(refresh_token, client_id, id_token, json.dumps(data)))
db.session.commit()
return True
diff --git a/migrations/versions/76bb287a37d_.py b/migrations/versions/76bb287a37d_.py
index 27e6df6..4353642 100644
--- a/migrations/versions/76bb287a37d_.py
+++ b/migrations/versions/76bb287a37d_.py
@@ -23,11 +23,15 @@
nullable=True),
sa.Column(
'expires_in',
- sa.String(length=255),
+ sa.String(length=10),
+ nullable=True),
+ sa.Column(
+ 'id_token',
+ sa.String(length=1000),
nullable=True),
sa.Column(
'data',
- sa.String(length=255),
+ sa.String(length=500),
nullable=True),
sa.PrimaryKeyConstraint('access_token'),
sa.UniqueConstraint('client_id')
@@ -48,8 +52,12 @@
sa.String(length=255),
nullable=True),
sa.Column(
+ 'id_token',
+ sa.String(length=1000),
+ nullable=True),
+ sa.Column(
'data',
- sa.String(length=255),
+ sa.String(length=500),
nullable=True),
sa.PrimaryKeyConstraint('refresh_token'),
sa.UniqueConstraint('client_id')
diff --git a/pyoauth2/provider.py b/pyoauth2/provider.py
index 9d85ec8..2c95374 100644
--- a/pyoauth2/provider.py
+++ b/pyoauth2/provider.py
@@ -1,4 +1,5 @@
import json
+import jwt
from requests import Response
from cStringIO import StringIO
try:
@@ -100,61 +101,6 @@
"""OAuth 2.0 authorization provider. This class manages authorization
codes and access tokens. Certain methods MUST be overridden in a
subclass, thus this class cannot be directly used as a provider.
-
- These are the methods that must be implemented in a subclass:
-
- validate_client_id(self, client_id)
- # Return True or False
-
- validate_client_secret(self, client_id, client_secret)
- # Return True or False
-
- validate_scope(self, client_id, scope)
- # Return True or False
-
- validate_redirect_uri(self, client_id, redirect_uri)
- # Return True or False
-
- validate_access(self) # Use this to validate your app session user
- # Return True or False
-
- from_authorization_code(self, client_id, code, scope)
- # Return mixed data or None on invalid
-
- from_refresh_token(self, client_id, refresh_token, scope)
- # Return mixed data or None on invalid
-
- persist_authorization_code(self, client_id, code, scope)
- # Return value ignored
-
- persist_token_information(self, client_id, scope, access_token,
- token_type, expires_in, refresh_token,
- data)
- # Return value ignored
-
- discard_authorization_code(self, client_id, code)
- # Return value ignored
-
- discard_refresh_token(self, client_id, refresh_token)
- # Return value ignored
-
- Optionally, the following may be overridden to acheive desired behavior:
-
- @property
- token_length(self)
-
- @property
- token_type(self)
-
- @property
- token_expires_in(self)
-
- generate_authorization_code(self)
-
- generate_access_token(self)
-
- generate_refresh_token(self)
-
"""
@property
@@ -179,14 +125,15 @@
:rtype: int
"""
- return 3600
+ return "3600"
- def generate_id_token(self):
+ def generate_id_token(self, client_id, client_secret):
"""Generate a random authorization code.
:rtype: str
"""
- return 'ryJhbGciOiJSUzI1NiIsImtpZCI6IjRiODZiNDQxMmE2MmRiOWRmY2JkYjg2MWZlZmRjM2YwMzgzYjFlNDIifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiaWQiOiIxMTc1NTA3MTAxNzk0MTI2NTQxNzkiLCJzdWIiOiIxMTc1NTA3MTAxNzk0MTI2NTQxNzkiLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImVtYWlsIjoiYnJvZ2FuZDkzQGRhcnJlbmJyb2dhbi5pZSIsImF0X2hhc2giOiJzdmVrRzJlVmc3YnpiRW91a05xY3FRIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJkYXJyZW5icm9nYW4uaWUiLCJ0b2tlbl9oYXNoIjoic3Zla0cyZVZnN2J6YkVvdWtOcWNxUSIsInZlcmlmaWVkX2VtYWlsIjp0cnVlLCJjaWQiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImlhdCI6MTQwNjIzMTczOCwiZXhwIjoxNDA2MjM1NjM4fQ.QpvqKU_GWtqBdZsazpJs4UnuwkpVlOhYk6tYNNXhJSnbbLgpg847vbuMUEBM_vP03JB7Ot5P3AuSzSiBtXXB4hd8IU8puR4NYUMkrMfSNLYSGTyy1qf39v3LM10wsaUC4trw9eWPNHZoVimxhblfs-ocAyfiyFFizK8kdvWlM9w'
+ return jwt.encode({"email": "user@gstack"}, client_secret)
+
def generate_authorization_code(self):
"""Generate a random authorization code.
@@ -324,7 +271,7 @@
token_type = self.token_type
expires_in = self.token_expires_in
refresh_token = self.generate_refresh_token()
- id_token = self.generate_id_token()
+ id_token = self.generate_id_token(client_id, client_secret)
# Save information to be used to validate later requests
self.persist_token_information(client_id=client_id,
@@ -333,6 +280,7 @@
token_type=token_type,
expires_in=expires_in,
refresh_token=refresh_token,
+ id_token=id_token,
data=data)
# Return json response
@@ -400,7 +348,7 @@
token_type = self.token_type
expires_in = self.token_expires_in
refresh_token = self.generate_refresh_token()
- id_token = self.generate_id_token()
+ id_token = self.generate_id_token(client_id, client_secret)
# Save information to be used to validate later requests
self.persist_token_information(client_id=client_id,
@@ -409,6 +357,7 @@
token_type=token_type,
expires_in=expires_in,
refresh_token=refresh_token,
+ id_token=id_token,
data=data)
# Return json response
@@ -487,9 +436,7 @@
# Catch missing parameters in request
return self._make_json_error_response('invalid_request')
- except Exception as exc:
- self._handle_exception(exc)
- print exc
+ except Exception:
# Catch all other server errors
return self._make_json_error_response('server_error')
@@ -527,7 +474,7 @@
def persist_token_information(self, client_id, scope, access_token,
token_type, expires_in, refresh_token,
- data):
+ id_token, data):
raise NotImplementedError('Subclasses must implement '
'persist_token_information.')