OAuth: Support refresh tokens, etc

Initially I was going to write a failing test for refresh tokens. Thus this fix includes an orphaned 'expect_failure' method in test utils. I ended up writing support for OAuth refresh tokens, as well as a lot of cleanup (hopefully) in the OAuth plugin code. **Rebase**: While waiting for this stuff to be merged, the testing framework changed, it comes with batteries included regarding fails. Removed legacy nosetest helper. Also added a lot of backref=backref([...], cascade='all, delete-orphan')
author: Joar Wandborg <joar@wandborg.se> 2013-03-10 22:52:07 +0100
committer: Joar Wandborg <joar@wandborg.se> 2013-04-06 22:17:27 +0200
commit: c121a7d3d0c48d4e3abf43c06047dde3e25616c3 (patch)
tree: 049194dbcf47d2184845736fca3a75fbdd2cacf9 /mediagoblin/plugins/oauth/models.py
parent: fe6755f0f44e1148e2cb72538f8e64c4a9740f7f (diff)
download: mediagoblin-c121a7d3d0c48d4e3abf43c06047dde3e25616c3.tar.lz
mediagoblin-c121a7d3d0c48d4e3abf43c06047dde3e25616c3.tar.xz
mediagoblin-c121a7d3d0c48d4e3abf43c06047dde3e25616c3.zip
1 files changed, 62 insertions, 25 deletions
diff --git a/mediagoblin/plugins/oauth/models.py b/mediagoblin/plugins/oauth/models.py
index 695dad31..439424d3 100644
--- a/mediagoblin/plugins/oauth/models.py
+++ b/mediagoblin/plugins/oauth/models.py
@@ -14,17 +14,17 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import uuid
-import bcrypt
 
 from datetime import datetime, timedelta
 
-from mediagoblin.db.base import Base
-from mediagoblin.db.models import User
 
 from sqlalchemy import (
         Column, Unicode, Integer, DateTime, ForeignKey, Enum)
-from sqlalchemy.orm import relationship
+from sqlalchemy.orm import relationship, backref
+from mediagoblin.db.base import Base
+from mediagoblin.db.models import User
+from mediagoblin.plugins.oauth.tools import generate_identifier, \
+    generate_secret, generate_token, generate_code, generate_refresh_token
 
 # Don't remove this, I *think* it applies sqlalchemy-migrate functionality onto
 # the models.
@@ -41,11 +41,14 @@ class OAuthClient(Base):
     name = Column(Unicode)
     description = Column(Unicode)
 
-    identifier = Column(Unicode, unique=True, index=True)
-    secret = Column(Unicode, index=True)
+    identifier = Column(Unicode, unique=True, index=True,
+                        default=generate_identifier)
+    secret = Column(Unicode, index=True, default=generate_secret)
 
     owner_id = Column(Integer, ForeignKey(User.id))
-    owner = relationship(User, backref='registered_clients')
+    owner = relationship(
+        User,
+        backref=backref('registered_clients', cascade='all, delete-orphan'))
 
     redirect_uri = Column(Unicode)
 
@@ -54,14 +57,8 @@ class OAuthClient(Base):
         u'public',
         name=u'oauth__client_type'))
 
-    def generate_identifier(self):
-        self.identifier = unicode(uuid.uuid4())
-
-    def generate_secret(self):
-        self.secret = unicode(
-                bcrypt.hashpw(
-                    unicode(uuid.uuid4()),
-                    bcrypt.gensalt()))
+    def update_secret(self):
+        self.secret = generate_secret()
 
     def __repr__(self):
         return '<{0} {1}:{2} ({3})>'.format(
@@ -76,10 +73,15 @@ class OAuthUserClient(Base):
     id = Column(Integer, primary_key=True)
 
     user_id = Column(Integer, ForeignKey(User.id))
-    user = relationship(User, backref='oauth_clients')
+    user = relationship(
+        User,
+        backref=backref('oauth_client_relations',
+                        cascade='all, delete-orphan'))
 
     client_id = Column(Integer, ForeignKey(OAuthClient.id))
-    client = relationship(OAuthClient, backref='users')
+    client = relationship(
+        OAuthClient,
+        backref=backref('oauth_user_relations', cascade='all, delete-orphan'))
 
     state = Column(Enum(
         u'approved',
@@ -103,15 +105,18 @@ class OAuthToken(Base):
             default=datetime.now)
     expires = Column(DateTime, nullable=False,
             default=lambda: datetime.now() + timedelta(days=30))
-    token = Column(Unicode, index=True)
-    refresh_token = Column(Unicode, index=True)
+    token = Column(Unicode, index=True, default=generate_token)
 
     user_id = Column(Integer, ForeignKey(User.id), nullable=False,
             index=True)
-    user = relationship(User)
+    user = relationship(
+        User,
+        backref=backref('oauth_tokens', cascade='all, delete-orphan'))
 
     client_id = Column(Integer, ForeignKey(OAuthClient.id), nullable=False)
-    client = relationship(OAuthClient)
+    client = relationship(
+        OAuthClient,
+        backref=backref('oauth_tokens', cascade='all, delete-orphan'))
 
     def __repr__(self):
         return '<{0} #{1} expires {2} [{3}, {4}]>'.format(
@@ -121,6 +126,34 @@ class OAuthToken(Base):
                 self.user,
                 self.client)
 
+class OAuthRefreshToken(Base):
+    __tablename__ = 'oauth__refresh_tokens'
+
+    id = Column(Integer, primary_key=True)
+    created = Column(DateTime, nullable=False,
+                     default=datetime.now)
+
+    token = Column(Unicode, index=True,
+                   default=generate_refresh_token)
+
+    user_id = Column(Integer, ForeignKey(User.id), nullable=False)
+
+    user = relationship(User, backref=backref('oauth_refresh_tokens',
+                                              cascade='all, delete-orphan'))
+
+    client_id = Column(Integer, ForeignKey(OAuthClient.id), nullable=False)
+    client = relationship(OAuthClient,
+                          backref=backref(
+                              'oauth_refresh_tokens',
+                              cascade='all, delete-orphan'))
+
+    def __repr__(self):
+        return '<{0} #{1} [{3}, {4}]>'.format(
+                self.__class__.__name__,
+                self.id,
+                self.user,
+                self.client)
+
 
 class OAuthCode(Base):
     __tablename__ = 'oauth__codes'
@@ -130,14 +163,17 @@ class OAuthCode(Base):
             default=datetime.now)
     expires = Column(DateTime, nullable=False,
             default=lambda: datetime.now() + timedelta(minutes=5))
-    code = Column(Unicode, index=True)
+    code = Column(Unicode, index=True, default=generate_code)
 
     user_id = Column(Integer, ForeignKey(User.id), nullable=False,
             index=True)
-    user = relationship(User)
+    user = relationship(User, backref=backref('oauth_codes',
+                                              cascade='all, delete-orphan'))
 
     client_id = Column(Integer, ForeignKey(OAuthClient.id), nullable=False)
-    client = relationship(OAuthClient)
+    client = relationship(OAuthClient, backref=backref(
+        'oauth_codes',
+        cascade='all, delete-orphan'))
 
     def __repr__(self):
         return '<{0} #{1} expires {2} [{3}, {4}]>'.format(
@@ -150,6 +186,7 @@ class OAuthCode(Base):
 
 MODELS = [
         OAuthToken,
+        OAuthRefreshToken,
         OAuthCode,
         OAuthClient,
         OAuthUserClient]
author	Joar Wandborg <joar@wandborg.se>	2013-03-10 22:52:07 +0100
committer	Joar Wandborg <joar@wandborg.se>	2013-04-06 22:17:27 +0200
commit	c121a7d3d0c48d4e3abf43c06047dde3e25616c3 (patch)
tree	049194dbcf47d2184845736fca3a75fbdd2cacf9 /mediagoblin/plugins/oauth/models.py
parent	fe6755f0f44e1148e2cb72538f8e64c4a9740f7f (diff)
download	mediagoblin-c121a7d3d0c48d4e3abf43c06047dde3e25616c3.tar.lz mediagoblin-c121a7d3d0c48d4e3abf43c06047dde3e25616c3.tar.xz mediagoblin-c121a7d3d0c48d4e3abf43c06047dde3e25616c3.zip