Skip to content

Commit 30724fd

Browse files
carljohnsencarljohnsen
committed
Scope of database was incorrect in refresh
1 parent f4d5529 commit 30724fd

File tree

1 file changed

+64
-65
lines changed

1 file changed

+64
-65
lines changed

main.py

Lines changed: 64 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -627,81 +627,80 @@ def refresh_handler():
627627
# Find the entry
628628
with dbclient.context():
629629
entry = ndb.Key(dbmodel.AuthToken, keyid).get()
630-
if entry is None:
631-
response = jsonify({'error': 'No such key'})
632-
response.headers['X-Reason'] = 'No such key'
633-
response.status_code = 404
634-
return response
635-
636-
servicetype = entry.service
637-
638-
# Decode
639-
data = base64.b64decode(entry.blob)
640-
resp = None
641-
642-
# Decrypt
643-
try:
644-
resp = json.loads(simplecrypt.decrypt(password, data).decode('utf8'))
645-
except:
646-
logging.exception('decrypt error')
647-
response = jsonify({'error': 'Invalid authid password'})
648-
response.headers['X-Reason'] = 'Invalid authid password'
649-
response.status_code = 400
650-
return response
651-
652-
service = find_service(entry.service)
653-
654-
# Issue a refresh request
655-
url = service['auth-url']
656-
request_params = {
657-
'client_id': service['client-id'],
658-
'grant_type': 'refresh_token',
659-
'refresh_token': resp['refresh_token']
660-
}
661-
if "client-secret" in service:
662-
request_params['client_secret'] = service['client-secret']
663-
if "redirect-uri" in service:
664-
request_params['redirect_uri'] = service['redirect-uri']
630+
if entry is None:
631+
response = jsonify({'error': 'No such key'})
632+
response.headers['X-Reason'] = 'No such key'
633+
response.status_code = 404
634+
return response
665635

666-
# Some services do not allow the state to be passed
667-
if 'no-redirect_uri-for-refresh-request' in service and service['no-redirect_uri-for-refresh-request']:
668-
del request_params['redirect_uri']
636+
servicetype = entry.service
669637

670-
data = urllib.parse.urlencode(request_params)
671-
if settings.TESTING:
672-
logging.info('REQ RAW: ' + str(data))
638+
# Decode
639+
data = base64.b64decode(entry.blob)
640+
resp = None
673641

674-
try:
675-
req = requests.post(url, data=data, timeout=20)
676-
req.raise_for_status()
677-
content = req.content
678-
except requests.HTTPError as err:
679-
logging.info('ERR-CODE: ' + str(err.response.status_code))
680-
logging.info('ERR-BODY: ' + err.response.text)
681-
raise err
642+
# Decrypt
643+
try:
644+
resp = json.loads(simplecrypt.decrypt(password, data).decode('utf8'))
645+
except:
646+
logging.exception('decrypt error')
647+
response = jsonify({'error': 'Invalid authid password'})
648+
response.headers['X-Reason'] = 'Invalid authid password'
649+
response.status_code = 400
650+
return response
682651

683-
# Store the old refresh_token as some servers do not send it again
684-
rt = resp['refresh_token']
652+
service = find_service(entry.service)
685653

686-
# Read the server response
687-
resp = json.loads(content)
688-
exp_secs = int(resp["expires_in"])
654+
# Issue a refresh request
655+
url = service['auth-url']
656+
request_params = {
657+
'client_id': service['client-id'],
658+
'grant_type': 'refresh_token',
659+
'refresh_token': resp['refresh_token']
660+
}
661+
if "client-secret" in service:
662+
request_params['client_secret'] = service['client-secret']
663+
if "redirect-uri" in service:
664+
request_params['redirect_uri'] = service['redirect-uri']
665+
666+
# Some services do not allow the state to be passed
667+
if 'no-redirect_uri-for-refresh-request' in service and service['no-redirect_uri-for-refresh-request']:
668+
del request_params['redirect_uri']
669+
670+
data = urllib.parse.urlencode(request_params)
671+
if settings.TESTING:
672+
logging.info('REQ RAW: ' + str(data))
673+
674+
try:
675+
req = requests.post(url, data=data, timeout=20)
676+
req.raise_for_status()
677+
content = req.content
678+
except requests.HTTPError as err:
679+
logging.info('ERR-CODE: ' + str(err.response.status_code))
680+
logging.info('ERR-BODY: ' + err.response.text)
681+
raise err
682+
683+
# Store the old refresh_token as some servers do not send it again
684+
rt = resp['refresh_token']
685+
686+
# Read the server response
687+
resp = json.loads(content)
688+
exp_secs = int(resp["expires_in"])
689689

690-
# Set the refresh_token if it was missing
691-
if 'refresh_token' not in resp:
692-
resp['refresh_token'] = rt
690+
# Set the refresh_token if it was missing
691+
if 'refresh_token' not in resp:
692+
resp['refresh_token'] = rt
693693

694-
# Encrypt the updated response
695-
cipher = simplecrypt.encrypt(password, json.dumps(resp))
696-
entry.expires = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(seconds=exp_secs)
697-
entry.blob = base64.b64encode(cipher)
698-
entry.put()
694+
# Encrypt the updated response
695+
cipher = simplecrypt.encrypt(password, json.dumps(resp))
696+
entry.expires = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(seconds=exp_secs)
697+
entry.blob = base64.b64encode(cipher)
698+
entry.put()
699699

700-
cached_res = {'access_token': resp['access_token'], 'expires': entry.expires, 'type': servicetype}
700+
cached_res = {'access_token': resp['access_token'], 'expires': entry.expires, 'type': servicetype}
701701

702-
with dbclient.context():
703702
ndb.get_context().cache.set(cacheurl, cached_res, time=exp_secs - 10)
704-
logging.info('Caching response to: %s for %s secs, service: %s', keyid, exp_secs - 10, servicetype)
703+
logging.info('Caching response to: %s for %s secs, service: %s', keyid, exp_secs - 10, servicetype)
705704

706705
# Write the result back to the client
707706
return jsonify({

0 commit comments

Comments
 (0)