Source

ytmanager / atom / token_store.py

Full commit
#!/usr/bin/python
#
# Copyright (C) 2008 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""This module provides a TokenStore class which is designed to manage
auth tokens required for different services.

Each token is valid for a set of scopes which is the start of a URL. An HTTP
client will use a token store to find a valid Authorization header to send
in requests to the specified URL. If the HTTP client determines that a token
has expired or been revoked, it can remove the token from the store so that
it will not be used in future requests.
"""


__author__ = 'api.jscudder (Jeff Scudder)'


import atom.http_interface
import atom.url


SCOPE_ALL = 'http'


class TokenStore(object):
  """Manages Authorization tokens which will be sent in HTTP headers."""
  def __init__(self, scoped_tokens=None):
    self._tokens = scoped_tokens or {}

  def add_token(self, token):
    """Adds a new token to the store (replaces tokens with the same scope).

    Args:
      token: A subclass of http_interface.GenericToken. The token object is 
          responsible for adding the Authorization header to the HTTP request.
          The scopes defined in the token are used to determine if the token
          is valid for a requested scope when find_token is called.

    Returns:
      True if the token was added, False if the token was not added becase
      no scopes were provided.
    """
    if not hasattr(token, 'scopes') or not token.scopes:
      return False

    for scope in token.scopes:
      self._tokens[str(scope)] = token
    return True  

  def find_token(self, url):
    """Selects an Authorization header token which can be used for the URL.

    Args:
      url: str or atom.url.Url or a list containing the same.
          The URL which is going to be requested. All
          tokens are examined to see if any scopes begin match the beginning
          of the URL. The first match found is returned.

    Returns:
      The token object which should execute the HTTP request. If there was
      no token for the url (the url did not begin with any of the token
      scopes available), then the atom.http_interface.GenericToken will be 
      returned because the GenericToken calls through to the http client
      without adding an Authorization header.
    """
    if url is None:
      return None
    if isinstance(url, (str, unicode)):
      url = atom.url.parse_url(url)
    if url in self._tokens:
      token = self._tokens[url]
      if token.valid_for_scope(url):
        return token
      else:
        del self._tokens[url]
    for scope, token in self._tokens.iteritems():
      if token.valid_for_scope(url):
        return token
    return atom.http_interface.GenericToken()

  def remove_token(self, token):
    """Removes the token from the token_store.

    This method is used when a token is determined to be invalid. If the
    token was found by find_token, but resulted in a 401 or 403 error stating
    that the token was invlid, then the token should be removed to prevent
    future use.

    Returns:
      True if a token was found and then removed from the token
      store. False if the token was not in the TokenStore.
    """
    token_found = False
    scopes_to_delete = []
    for scope, stored_token in self._tokens.iteritems():
      if stored_token == token:
        scopes_to_delete.append(scope)
        token_found = True
    for scope in scopes_to_delete:
      del self._tokens[scope]
    return token_found

  def remove_all_tokens(self):
    self._tokens = {}