Updated handling of anonymous tokens

adsabs · Sep 19, 2018 · 37cb173 · 37cb173
1 parent e585542
commit 37cb173
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/adsws/accounts/views.py b/adsws/accounts/views.py
@@ -698,14 +698,14 @@ def get(self):
 
         # If we visit this endpoint and are unauthenticated, then login as
         # our anonymous user
-        if not current_user.is_authenticated():
-
-            if 'scopes' in kwargs or client_name or redirect_uri:
-                abort(401, "Sorry, you cant change scopes/name/redirect_uri when creating temporary OAuth application")
-
+        if not current_user.is_authenticated():            
             login_user(user_manipulator.first(
                 email=current_app.config['BOOTSTRAP_USER_EMAIL']
             ))
+
+        if current_user.email == current_app.config['BOOTSTRAP_USER_EMAIL']:
+            if 'scopes' in kwargs or client_name or redirect_uri:
+                abort(401, "Sorry, you cant change scopes/name/redirect_uri when creating temporary OAuth application")
 
         try:
             scopes = self._sanitize_scopes(kwargs.get('scope', None))
@@ -723,6 +723,10 @@ def get(self):
                     client, token = Bootstrap.load_client(
                         session['oauth_client']
                     )
+                elif hasattr(request, 'oauth') and request.oauth.user.email == current_app.config['BOOTSTRAP_USER_EMAIL']:
+                    client, token = Bootstrap.load_client(
+                        request.oauth.client.client_id
+                    )
                 else:
                     raise NoClientError('client/user mismatch')
 
@@ -856,6 +860,7 @@ def bootstrap_bumblebee():
             is_confidential=False,
             is_internal=True,
             _default_scopes=scopes,
+            ratelimit=1.0
         )
         client.gen_salt()
 

diff --git a/adsws/tests/test_accounts.py b/adsws/tests/test_accounts.py
@@ -848,6 +848,27 @@ def test_bootstrap_api(self):
             assert r.status_code == 400
 
 
+        # and a client without any session and without any api key
+        atoken = ''        
+        with self.client as c:
+            c.cookie_jar.clear()
+            r = c.get(url, query_string={'create_new': True}, headers={})
+            j = r.json
+            assert r.status_code == 200
+            assert j['username'] == 'bootstrap_user@unittests'
+            assert j['ratelimit'] == 1.0
+            assert j['scopes'] == []
+            token = j['access_token']
+
+            # tryin again, should give us the same token
+            r = c.get(url, headers={})
+            assert r.json['access_token'] == token
+
+            c.cookie_jar.clear()
+            r = c.get(url, headers={'Authorization': 'Bearer %s' % token})
+            assert r.json['access_token'] == token
+
+
     def test_change_password(self):
         """
         test change password workflow