def refresh_api_credentials(formdata):
"""returns new expiry if refresh_token/client_id/client_secret correct and valid"""
client_id = formdata.get('client_id')
client_secret = formdata.get('client_secret')
refresh_token = formdata.get('refresh_token')
if None in [client_id, client_secret, refresh_token]:
return {'error':'invalid_token'}
else:
db = get_db()
cur = db.cursor()
cur.execute('SELECT id,userid from api_users WHERE refresh_token = '+app.sqlesc+' AND clientid = (SELECT id FROM api_clients WHERE key = '+app.sqlesc+' AND secret = '+app.sqlesc+')',(refresh_token,client_id,client_secret))
result = cur.fetchall()
if len(result) == 0:
return {'error':'bad_refresh_token'}
elif len(result) != 1:
return {'internal_error':'multiple_users_returned'}
else:
# perform the checking for API key eligibility...
set_api_user(result[0][1])
eligible = check_api_eligibility()
if eligible:
for i in range(100):
# try 100 times to insert new uuids; if fails 100 times, something is seriously wrong!
try:
token = str(uuid.uuid4())
refresh_token = str(uuid.uuid4())
expires_in = 3600
expiry = int(time.time())+expires_in
cur.execute('UPDATE api_users SET token = '+app.sqlesc+', refresh_token = '+app.sqlesc+', expiry = '+app.sqlesc+' WHERE id = '+app.sqlesc,(token,refresh_token,expiry,result[0][0]))
db.commit()
return {'token':token,'refresh_token':refresh_token,'expires_in':expires_in}
except psycopg2.IntegrityError:
db.rollback()
else:
return {'error':'no_api_access'}
return {'internal_error':'unable_to_generate_new_unique_keys'}
评论列表
文章目录
