Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_request_body(self):
client = WebApplicationClient(self.client_id, code=self.code)
# Basic, no extra arguments
body = client.prepare_request_body(body=self.body)
self.assertFormBodyEqual(body, self.body_code)
rclient = WebApplicationClient(self.client_id)
body = rclient.prepare_request_body(code=self.code, body=self.body)
self.assertFormBodyEqual(body, self.body_code)
# With redirection uri
body = client.prepare_request_body(body=self.body, redirect_uri=self.redirect_uri)
self.assertFormBodyEqual(body, self.body_redirect)
# With extra parameters
body = client.prepare_request_body(body=self.body, **self.kwargs)
self.assertFormBodyEqual(body, self.body_kwargs)
def test_populate_attributes(self):
client = WebApplicationClient(self.client_id)
response_uri = (self.response_uri +
"&access_token=EVIL-TOKEN"
"&refresh_token=EVIL-TOKEN"
"&mac_key=EVIL-KEY")
client.parse_request_uri_response(response_uri, self.state)
self.assertEqual(client.code, self.code)
# We must not accidentally pick up any further security
# credentials at this point.
self.assertIsNone(client.access_token)
self.assertIsNone(client.refresh_token)
self.assertIsNone(client.mac_key)
def generate_oauth2_url(oauth2_client_id, redirect_uri):
client = WebApplicationClient(
client_id=oauth2_client_id,
token_type="authorization_code",
)
oauth = OAuth2Session(
client=client,
scope="voice",
redirect_uri=redirect_uri,
)
auth_url, state = oauth.authorization_url(AUTH_API)
return auth_url, state
def __init__(self, client_id=None, client=None, token=None):
"""Construct a new OAuth 2 authorization object.
:param client_id: Client id obtained during registration
:param client: :class:`oauthlib.oauth2.Client` to be used. Default is
WebApplicationClient which is useful for any
hosted application but not mobile or desktop.
:param token: Token dictionary, must include access_token
and token_type.
"""
self._client = client or WebApplicationClient(client_id, token=token)
if token:
for k, v in token.items():
setattr(self._client, k, v)
in its token argument.
:param kwargs: Arguments to pass to the Session constructor.
"""
super(OAuth2Session, self).__init__(**kwargs)
self.client_id = client_id
if client is not None and not self.client_id:
self.client_id = client.client_id
self.scope = scope
self.redirect_uri = redirect_uri
self.token = token or {}
self.state = state or generate_token
self._state = state
self.auto_refresh_url = auto_refresh_url
self.auto_refresh_kwargs = auto_refresh_kwargs or {}
self.token_updater = token_updater
self._client = client or WebApplicationClient(client_id, token=token)
self._client._populate_attributes(token or {})
# Allow customizations for non compliant providers through various
# hooks to adjust requests and responses.
self.compliance_hook = {
'access_token_response': set([]),
'refresh_token_response': set([]),
'protected_request': set([]),
}
def __init__(self, client_id=None, client=None, token=None):
self._client = client or oauth2.WebApplicationClient(client_id,
token=token)
if token:
for k, v in token.items():
setattr(self._client, k, v)
when parsing the authorization response.
Can be either a string or a no argument callable.
:auto_refresh_url: Refresh token endpoint URL, must be HTTPS. Supply
this if you wish the client to automatically refresh
your access tokens.
:auto_refresh_kwargs: Extra arguments to pass to the refresh token
endpoint.
:token_updater: Method with one argument, token, to be used to update
your token database on automatic token refresh. If not
set a TokenUpdated warning will be raised when a token
has been refreshed. This warning will carry the token
in its token argument.
:param kwargs: Arguments to pass to the Session constructor.
"""
super(OAuth2Session, self).__init__(**kwargs)
self._client = client or WebApplicationClient(client_id, token=token)
self.token = token or {}
self.scope = scope
self.redirect_uri = redirect_uri
self.state = state or generate_token
self._state = state
self.auto_refresh_url = auto_refresh_url
self.auto_refresh_kwargs = auto_refresh_kwargs or {}
self.token_updater = token_updater
# Ensure that requests doesn't do any automatic auth. See #278.
# The default behavior can be re-enabled by setting auth to None.
self.auth = lambda r: r
# Allow customizations for non compliant providers through various
# hooks to adjust requests and responses.
self.compliance_hook = {
def make_client(self, token=None):
# request_token_url is for oauth1
if self.request_token_url:
# get params for client
params = self.get_oauth1_client_params(token)
client = oauthlib.oauth1.Client(
client_key=self.consumer_key,
client_secret=self.consumer_secret,
**params)
else:
if token:
if isinstance(token, (tuple, list)):
token = {'access_token': token[0]}
elif isinstance(token, string_types):
token = {'access_token': token}
client = oauthlib.oauth2.WebApplicationClient(
self.consumer_key, token=token)
return client
def get_token(client_id, client_secret, ads_code):
""" Using authentication code retrieved from URL, take code, client_id and
client_secret to send HTTP request to fetch refresh token taken from parsed
response """
oauthlib_client = oauth2.WebApplicationClient(client_id)
# Prepare the access token request body --> makes a
# request to the token endpoint by adding the following parameters
post_body = oauthlib_client.prepare_request_body(
client_secret=client_secret, code=ads_code, redirect_uri=CALLBACK_URL)
# URL request
request = urllib2.Request(GOOGLE_OAUTH2_GEN_ENDPOINT,
post_body, OAUTH2_REFRESH_HEADERS)
if HTTPS_PROXY:
request.set_proxy(HTTPS_PROXY, 'https')
# Open the given url, read and decode into raw_response
raw_response = urllib2.urlopen(request).read().decode()
# Parse the JSON response body given in raw_response
oauth2_credentials = oauthlib_client.parse_request_body_response(
raw_response)
# Return the refresh token
token = oauth2_credentials['refresh_token']