diff --git a/examples/github_app.py b/examples/github_app.py index 1cc6e24e..3a14ad0d 100644 --- a/examples/github_app.py +++ b/examples/github_app.py @@ -133,7 +133,7 @@ @app.route('/') def index(): """Home page: try to print user email or redirect to login with github.""" - if not current_user.is_authenticated(): + if not current_user.is_authenticated: return redirect(url_for("invenio_oauthclient.login", remote_app='github')) return "hello {}".format(current_user.email) diff --git a/invenio_oauthclient/contrib/orcid.py b/invenio_oauthclient/contrib/orcid.py index 98451339..aa7ae06f 100644 --- a/invenio_oauthclient/contrib/orcid.py +++ b/invenio_oauthclient/contrib/orcid.py @@ -134,7 +134,7 @@ def disconnect_handler(remote, *args, **kwargs): from invenio_oauthclient.utils import oauth_unlink_external_id from invenio_oauthclient.models import RemoteAccount - if not current_user.is_authenticated(): + if not current_user.is_authenticated: return current_app.login_manager.unauthorized() account = RemoteAccount.get(user_id=current_user.get_id(), diff --git a/invenio_oauthclient/handlers.py b/invenio_oauthclient/handlers.py index 4ac8bd89..c61dfa1e 100644 --- a/invenio_oauthclient/handlers.py +++ b/invenio_oauthclient/handlers.py @@ -111,7 +111,7 @@ def token_setter(remote, token, secret='', token_type='', extra_data=None): session[token_session_key(remote.name)] = (token, secret) # Save token if used is authenticated - if current_user.is_authenticated(): + if current_user.is_authenticated: uid = current_user.get_id() cid = remote.consumer_key @@ -139,7 +139,7 @@ def token_getter(remote, token=''): """ session_key = token_session_key(remote.name) - if session_key not in session and current_user.is_authenticated(): + if session_key not in session and current_user.is_authenticated: # Fetch key from token store if user is authenticated, and the key # isn't already cached in the session. remote_token = RemoteToken.get( @@ -215,7 +215,7 @@ def authorized_signup_handler(resp, remote, *args, **kwargs): # Sign-in/up user # --------------- - if not current_user.is_authenticated(): + if not current_user.is_authenticated: account_info = handlers['info'](resp) user = oauth_get_user( @@ -274,7 +274,7 @@ def disconnect_handler(remote, *args, **kwargs): wish to extend this module to perform clean-up in the remote service before removing the link (e.g. removing install webhooks). """ - if not current_user.is_authenticated(): + if not current_user.is_authenticated: return current_app.login_manager.unauthorized() with db.session.begin_nested(): @@ -291,7 +291,7 @@ def disconnect_handler(remote, *args, **kwargs): def signup_handler(remote, *args, **kwargs): """Handle extra signup information.""" # User already authenticated so move on - if current_user.is_authenticated(): + if current_user.is_authenticated: return redirect("/") # Retrieve token from session diff --git a/invenio_oauthclient/views/client.py b/invenio_oauthclient/views/client.py index ac6738d3..4f67f52f 100644 --- a/invenio_oauthclient/views/client.py +++ b/invenio_oauthclient/views/client.py @@ -22,6 +22,7 @@ from __future__ import absolute_import from flask import Blueprint, abort, current_app, request, session, url_for +from flask_login import _create_identifier from itsdangerous import BadData, TimedJSONWebSignatureSerializer from werkzeug.local import LocalProxy @@ -91,7 +92,7 @@ def login(remote_app): state_token = serializer.dumps({ 'app': remote_app, 'next': next_param, - 'sid': session['_id'] + 'sid': _create_identifier(), }) return oauth.remote_apps[remote_app].authorize( @@ -115,7 +116,7 @@ def authorized(remote_app=None): state = serializer.loads(state_token) # Verify that state is for this session, app and that next parameter # have not been modified. - assert state['sid'] == session['_id'] + assert state['sid'] == _create_identifier() assert state['app'] == remote_app # Store next URL set_session_next_url(remote_app, state['next']) diff --git a/setup.py b/setup.py index 5a65aed0..8d417ddd 100644 --- a/setup.py +++ b/setup.py @@ -72,7 +72,8 @@ 'Flask-BabelEx>=0.9.2', 'Flask-Breadcrumbs>=0.3.0', 'Flask-OAuthlib>=0.6.0,<0.7', # quick fix for issue invenio#2158 - 'invenio-accounts>=1.0.0a5', + 'Flask-Security>=1.7.5', + 'invenio-accounts>=1.0.0a6', 'invenio-db>=1.0.0a4', # FIXME # 'invenio-upgrader>=0.1.0', diff --git a/tests/test_contrib_orcid.py b/tests/test_contrib_orcid.py index cd3dc9c8..3e845386 100644 --- a/tests/test_contrib_orcid.py +++ b/tests/test_contrib_orcid.py @@ -23,6 +23,7 @@ import httpretty from flask import session, url_for +from flask_login import _create_identifier from flask_security.utils import login_user from mock import MagicMock from six.moves.urllib_parse import parse_qs, urlparse @@ -41,7 +42,7 @@ def mock_response(oauth, remote_app='test', data=None): def _get_state(): - return serializer.dumps({'app': 'orcid', 'sid': session['_id'], + return serializer.dumps({'app': 'orcid', 'sid': _create_identifier(), 'next': None, }) diff --git a/tests/test_views.py b/tests/test_views.py index 53e8a3f1..38b56a85 100644 --- a/tests/test_views.py +++ b/tests/test_views.py @@ -25,8 +25,8 @@ import time import pytest -from flask import session, url_for -from flask_login import login_user +from flask import url_for +from flask_login import _create_identifier, login_user from itsdangerous import TimedJSONWebSignatureSerializer from mock import MagicMock, patch from simplejson import JSONDecodeError @@ -207,7 +207,7 @@ def test_invalid_authorized_handler(resp, remote, *args, **kwargs): state = serializer.dumps({ 'app': 'test', - 'sid': session['_id'], + 'sid': _create_identifier(), 'next': None, }) @@ -227,7 +227,7 @@ def test_invalid_authorized_handler(resp, remote, *args, **kwargs): state = serializer.dumps({ 'app': 'test_invalid', - 'sid': session['_id'], + 'sid': _create_identifier(), 'next': None, }) @@ -257,7 +257,7 @@ def test_invalid_authorized_response(): state = serializer.dumps({ 'app': 'test', - 'sid': session['_id'], + 'sid': _create_identifier(), 'next': None, }) @@ -273,8 +273,9 @@ def test_invalid_authorized_response(): def test_state_token(monkeypatch): """Test state token.""" # Mock session id - monkeypatch.setattr('invenio_oauthclient.views.client.session', - {'_id': '1234'}) + monkeypatch.setattr('flask_login._create_identifier', lambda: '1234') + monkeypatch.setattr( + 'invenio_oauthclient.views.client._create_identifier', lambda: '1234') app = setup_app() with app.test_client() as client: # Ensure remote apps have been loaded (due to before first @@ -335,13 +336,12 @@ def test_no_remote_app(): assert resp.status_code == 404 -# @patch('invenio.ext.session.interface.SessionInterface.save_session') -# @patch('invenio_oauthclient.views.client.session') def test_token_getter_setter(monkeypatch): """Test token getter setter.""" # Mock session id - monkeypatch.setattr('invenio_oauthclient.views.client.session', - {'_id': '1234'}) + monkeypatch.setattr('flask_login._create_identifier', lambda: '1234') + monkeypatch.setattr( + 'invenio_oauthclient.views.client._create_identifier', lambda: '1234') app = setup_app() oauth = app.extensions['oauthlib.client'] @@ -418,8 +418,9 @@ def test_token_getter_setter(monkeypatch): def test_rejected(monkeypatch): """Test rejected.""" # Mock session id - monkeypatch.setattr('invenio_oauthclient.views.client.session', - {'_id': '1234'}) + monkeypatch.setattr('flask_login._create_identifier', lambda: '1234') + monkeypatch.setattr( + 'invenio_oauthclient.views.client._create_identifier', lambda: '1234') app = setup_app() oauth = app.extensions['oauthlib.client']