← Back to branch summary

~launchpad-pqm/launchpad/devel 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

= Managing OAuth access tokens =

All access tokens and request tokens for a given user can be seen
and/or revoked from that user's +oauth-tokens page.

    >>> from zope.component import getUtility
    >>> from lp.registry.interfaces.person import IPersonSet
    >>> from lp.services.webapp.interfaces import OAuthPermission

    # Create a desktop integration token.
    >>> login('salgado@ubuntu.com')
    >>> consumer = factory.makeOAuthConsumer(
    ...     "System-wide: Ubuntu (mycomputer)")
    >>> salgado = getUtility(IPersonSet).getByName('salgado')
    >>> desktop_token = factory.makeOAuthAccessToken(
    ...     consumer, salgado, OAuthPermission.DESKTOP_INTEGRATION)

    # Create a request token, authorize it for READ_PRIVATE access,
    # but don't exchange it for an access token.
    >>> consumer = factory.makeOAuthConsumer(
    ...     "Example consumer for READ_PRIVATE")
    >>> request_token = factory.makeOAuthRequestToken()
    >>> request_token.review(salgado, OAuthPermission.READ_PRIVATE)
    >>> logout()

    # View the tokens.
    >>> my_browser = setupBrowser(auth='Basic salgado@ubuntu.com:zeca')
    >>> my_browser.open('http://launchpad.dev/~salgado/+oauth-tokens')
    >>> print my_browser.title
    Authorized applications...
    >>> main_content = find_tag_by_id(my_browser.contents, 'maincontent')
    >>> print extract_text(main_content)
    Authorized applications
    ...
    Claimed tokens:
    Application name: System-wide: Ubuntu (mycomputer)
    Authorized...to integrate an entire system
    Application name: foobar123451432
    Authorized...to read non-private data
    Application name: launchpad-library
    Authorized...to change anything
    Unclaimed tokens:
    Application name: oauthconsumerkey...
    Authorized...to read anything
    Must be claimed before

For each token we have a separate <form> with the token and consumer
keys stored in hidden <input>s as well as the button to revoke the
authorization.

    >>> li = find_tag_by_id(main_content, 'tokens').find('li')
    >>> for input in li.find('form').findAll('input'):
    ...     print input['name'], input['value']
    consumer_key System-wide: Ubuntu (mycomputer)
    token_key ...
    token_type access_token
    revoke Revoke Authorization

    >>> li2 = li.findNextSibling('li')
    >>> for input in li2.find('form').findAll('input'):
    ...     print input['name'], input['value']
    consumer_key foobar123451432
    token_key salgado-read-nonprivate
    token_type access_token
    revoke Revoke Authorization

    >>> li3 = li2.findNext('li')
    >>> for input in li3.find('form').findAll('input'):
    ...     print input['name'], input['value']
    consumer_key launchpad-library
    token_key salgado-change-anything
    token_type access_token
    revoke Revoke Authorization

    >>> li4 = li3.findNext('li')
    >>> for input in li4.find('form').findAll('input'):
    ...     print input['name'], input['value']
    consumer_key oauthconsumerkey...
    token_key ...
    token_type request_token
    revoke Revoke Authorization

If a token is revoked the application will not be able to access
Launchpad on that user's behalf anymore, nor will that application be
shown as one of the authorized ones.

    >>> my_browser.getControl('Revoke Authorization', index=2).click()
    >>> print my_browser.title
    Authorized applications...
    >>> for message in get_feedback_messages(my_browser.contents):
    ...     print message
    Authorization revoked successfully.

    >>> my_browser.open('http://launchpad.dev/~salgado/+oauth-tokens')
    >>> print extract_text(find_tag_by_id(my_browser.contents, 'maincontent'))
    Authorized applications
    ...
    Claimed tokens:
    Application name: System-wide: Ubuntu (mycomputer)
    Authorized...to integrate an entire system
    Application name: foobar123451432
    Authorized...to read non-private data
    Unclaimed tokens:
    Application name: oauthconsumerkey...
    Authorized...to read anything
    Must be claimed before

Some tokens grant access only to a certain context in Launchpad.  If
that's the case, the description of the authorization granted will
include that.

    >>> from lp.registry.interfaces.product import IProductSet
    >>> from lp.services.oauth.interfaces import IOAuthConsumerSet
    >>> login('salgado@ubuntu.com')
    >>> token = getUtility(IOAuthConsumerSet).getByKey(
    ...     'launchpad-library').newRequestToken()
    >>> token.review(salgado, OAuthPermission.WRITE_PUBLIC,
    ...              context=getUtility(IProductSet)['firefox'])
    >>> access_token = token.createAccessToken()
    >>> logout()
    >>> my_browser.open('http://launchpad.dev/~salgado/+oauth-tokens')
    >>> print extract_text(find_tag_by_id(my_browser.contents, 'maincontent'))
    Authorized applications
    ...
    launchpad-library
    ...
    to change non-private data related to Mozilla Firefox
    ...

That page is protected with the launchpad.Edit permission, for obvious
reasons, so users can only access their own.

    >>> user_browser.open('http://launchpad.dev/~salgado/+oauth-tokens')
    Traceback (most recent call last):
    ...
    Unauthorized: ...launchpad.Edit...