@@ -313,108 +313,6 @@ def from_json(cls, json_struct):
313313 return cls (** dic )
314314
315315
316- class RefreshDB (object ):
317- """Database for refresh token storage."""
318-
319- def __init__ (self ):
320- warnings .warn (
321- "Using `RefreshDB` is deprecated, please use `Token` and `refresh_token_factory` instead." ,
322- DeprecationWarning ,
323- stacklevel = 2 ,
324- )
325-
326- def get (self , refresh_token ):
327- """
328- Retrieve info about the authentication proces from the refresh token.
329-
330- :return: Dictionary with info
331- :raises: KeyError
332- """
333- raise NotImplementedError
334-
335- def store (self , token , info ):
336- """
337- Store the information about the authentication process.
338-
339- :param token: Token
340- :param info: Information associated with token to be stored
341- """
342- raise NotImplementedError
343-
344- def remove (self , token ):
345- """
346- Remove the token and related information from the internal storage.
347-
348- :param token: Token to be removed
349- """
350- raise NotImplementedError
351-
352- def create_token (self , client_id , uid , scopes , sub , authzreq , sid ):
353- """
354- Create refresh token for given combination of client_id and sub and store it in internal storage.
355-
356- :param client_id: Client_id of the consumer
357- :param uid: User identification
358- :param scopes: Scopes associated with the token
359- :param sub: Sub identifier
360- :param authzreq: Authorization request
361- :param sid: Session ID
362- :return: Refresh token
363- """
364- refresh_token = "Refresh_{}" .format (rndstr (5 * 16 ))
365- self .store (
366- refresh_token ,
367- {
368- "client_id" : client_id ,
369- "uid" : uid ,
370- "scope" : scopes ,
371- "sub" : sub ,
372- "authzreq" : authzreq ,
373- "sid" : sid ,
374- },
375- )
376- return refresh_token
377-
378- def verify_token (self , client_id , refresh_token ):
379- """Verify if the refresh token belongs to client_id."""
380- if not refresh_token .startswith ("Refresh_" ):
381- raise WrongTokenType
382- try :
383- stored_cid = self .get (refresh_token ).get ("client_id" )
384- except KeyError :
385- return False
386- return client_id == stored_cid
387-
388- def revoke_token (self , token ):
389- """Remove token from database."""
390- self .remove (token )
391-
392-
393- class DictRefreshDB (RefreshDB ):
394- """Dictionary based implementation of RefreshDB."""
395-
396- def __init__ (self ):
397- super (DictRefreshDB , self ).__init__ ()
398- warnings .warn (
399- "Using `DictRefreshDB` is deprecated, please use `Token` and `refresh_token_factory` instead." ,
400- DeprecationWarning ,
401- stacklevel = 2 ,
402- )
403- self ._db = {} # type: Dict[str, Dict[str, str]]
404-
405- def get (self , refresh_token ):
406- """Retrieve info for given token from dictionary."""
407- return self ._db [refresh_token ].copy ()
408-
409- def store (self , token , info ):
410- """Add token and info to the dictionary."""
411- self ._db [token ] = info
412-
413- def remove (self , token ):
414- """Remove the token from the dictionary."""
415- self ._db .pop (token )
416-
417-
418316def create_session_db (
419317 base_url ,
420318 secret ,
@@ -450,7 +348,6 @@ def create_session_db(
450348 return SessionDB (
451349 base_url ,
452350 db ,
453- refresh_db = None ,
454351 code_factory = code_factory ,
455352 token_factory = token_factory ,
456353 refresh_token_factory = refresh_token_factory ,
@@ -559,8 +456,6 @@ def __init__(
559456 self ,
560457 base_url ,
561458 db ,
562- refresh_db = None ,
563- refresh_token_expires_in = None ,
564459 token_factory = None ,
565460 code_factory = None ,
566461 refresh_token_factory = None ,
@@ -570,12 +465,6 @@ def __init__(
570465
571466 :param db: Database for storing the session information.
572467 """
573- if refresh_token_expires_in is not None :
574- warnings .warn (
575- "Setting a `refresh_token_expires_in` has no effect, please set the expiration on "
576- "`refresh_token_factory`." ,
577- DeprecationWarning ,
578- )
579468 self .base_url = base_url
580469 if not isinstance (db , SessionBackend ):
581470 warnings .warn (
@@ -588,27 +477,11 @@ def __init__(
588477
589478 self .token_factory_order = ["code" , "access_token" ]
590479
591- # TODO: This should simply be a factory like all the others too,
592- # even for the default case.
593-
594480 if refresh_token_factory :
595- if refresh_db :
596- raise ImproperlyConfigured (
597- "Only use one of refresh_db or refresh_token_factory"
598- )
599- self ._refresh_db = None
600481 self .token_factory ["refresh_token" ] = refresh_token_factory
601482 self .token_factory_order .append ("refresh_token" )
602- elif refresh_db :
603- warnings .warn (
604- "Using `refresh_db` is deprecated, please use `refresh_token_factory`" ,
605- DeprecationWarning ,
606- stacklevel = 2 ,
607- )
608- self ._refresh_db = refresh_db
609483 else :
610484 # Not configured
611- self ._refresh_db = None
612485 self .token_factory ["refresh_token" ] = None
613486
614487 self .access_token = self .token_factory ["access_token" ]
@@ -829,26 +702,7 @@ def upgrade_to_token(
829702 dic ["oidreq" ] = oidreq
830703
831704 if issue_refresh :
832- if "authn_event" in dic :
833- authn_event = AuthnEvent .from_json (dic ["authn_event" ])
834- else :
835- authn_event = None
836- if authn_event :
837- uid = authn_event .uid
838- else :
839- uid = None
840-
841- if self ._refresh_db :
842- refresh_token = self ._refresh_db .create_token (
843- dic ["client_id" ],
844- uid ,
845- dic .get ("scope" ),
846- dic ["sub" ],
847- dic ["authzreq" ],
848- key ,
849- )
850- dic ["refresh_token" ] = refresh_token
851- elif self .token_factory ["refresh_token" ] is not None :
705+ if self .token_factory ["refresh_token" ] is not None :
852706 refresh_token = self .token_factory ["refresh_token" ](key , sinfo = dic )
853707 dic ["refresh_token" ] = refresh_token
854708 self ._db [key ] = dic
@@ -865,34 +719,7 @@ def refresh_token(self, rtoken, client_id):
865719 WrongTokenType for wrong token type
866720 """
867721 # assert that it is a refresh token and that it is valid
868- if self ._refresh_db :
869- if self ._refresh_db .verify_token (client_id , rtoken ):
870- # Valid refresh token
871- _info = self ._refresh_db .get (rtoken )
872- try :
873- sid = _info ["sid" ]
874- except KeyError :
875- areq = json .loads (_info ["authzreq" ])
876- sid = self .token_factory ["code" ].key (user = _info ["uid" ], areq = areq )
877- dic = _info
878- dic ["response_type" ] = areq ["response_type" ].split (" " )
879- else :
880- try :
881- dic = self ._db [sid ]
882- except KeyError :
883- dic = _info
884-
885- access_token = self .access_token (sid = sid , sinfo = dic )
886- try :
887- at = dic ["access_token" ]
888- except KeyError :
889- pass
890- else :
891- if at :
892- self .access_token .invalidate (at )
893- else :
894- raise ExpiredToken ()
895- elif self .token_factory ["refresh_token" ] is None :
722+ if self .token_factory ["refresh_token" ] is None :
896723 raise WrongTokenType ()
897724 elif self .token_factory ["refresh_token" ].valid (rtoken ):
898725 if self .token_factory ["refresh_token" ].is_expired (rtoken ):
@@ -931,9 +758,6 @@ def is_valid(self, token, client_id=None):
931758 :param token: Access or refresh token
932759 :param client_id: Client ID, needed only for Refresh token
933760 """
934- if token .startswith ("Refresh_" ):
935- return self ._refresh_db .verify_token (client_id , token )
936-
937761 try :
938762 typ , sid = self ._get_token_type_and_key (token )
939763 except KeyError :
@@ -987,9 +811,7 @@ def revoke_refresh_token(self, rtoken):
987811
988812 :param rtoken: Refresh token
989813 """
990- if self ._refresh_db :
991- self ._refresh_db .revoke_token (rtoken )
992- elif self .token_factory ["refresh_token" ] is not None :
814+ if self .token_factory ["refresh_token" ] is not None :
993815 self .token_factory ["refresh_token" ].invalidate (rtoken )
994816
995817 return True
0 commit comments