Refresh token cache if invalid rights access

anxuae · anxuae · commit 79f5d7eb3150 · 2022-04-27T22:01:14.000+02:00
diff --git a/pibooth_dropbox/__init__.py b/pibooth_dropbox/__init__.py
@@ -2,4 +2,4 @@
 
 """Pibooth plugin to upload pictures on Dropbox."""
 
-__version__ = "0.0.2"
+__version__ = "0.0.3"
diff --git a/pibooth_dropbox/flow.py b/pibooth_dropbox/flow.py
@@ -1,4 +1,4 @@
-
+# -*- coding: utf-8 -*-
 
 import json
 try:
@@ -15,32 +15,33 @@
 
 class Credentials(object):
 
-    _PROPERTIES = ("token",
-                   "refresh_token",
-                   "token_uri",
-                   "account_id",
-                   "client_id",
-                   "scopes")
-
-    def __init__(self, token, refresh_token, token_uri, account_id,
-                 client_id, scopes, expires_at=None):
+    PROPERTIES = ("token",
+                  "refresh_token",
+                  "token_uri",
+                  "account_id",
+                  "client_id",
+                  "client_secret",
+                  "scopes")
+
+    def __init__(self, client_id=None, client_secret=None, token=None,
+                 refresh_token=None, token_uri=None, account_id=None,
+                 scopes=None, expires_at=None):
         self.token = token
         self.refresh_token = refresh_token
         self.token_uri = token_uri
         self.account_id = account_id
         self.client_id = client_id
-        if isinstance(scopes, (list, tuple)):
-            self.scopes = ' '.join(scopes)
-        else:
-            self.scopes = scopes
+        self.client_secret = client_secret
+        self.scopes = scopes
         self.expires_at = expires_at
 
     @classmethod
-    def from_oauth2_flow_result(cls, result):
+    def from_oauth2_flow_result(cls, result, client_id, client_secret):
         """Return a :py:class:`Credentials` instance from OAuth2 flow result.
         """
-        return cls(result.access_token, result.refresh_token, result.url_state,
-                   result.account_id, result.user_id, result.scope, result.expires_at)
+        return cls(client_id, client_secret, result.access_token, result.refresh_token,
+                   result.url_state, result.account_id, result.scope.split(' '),
+                   result.expires_at)
 
     @classmethod
     def from_authorized_user_file(cls, filename):
@@ -58,15 +59,12 @@ def to_json(self, strip=None):
 
         :returns: A JSON representation of this instance, suitable to write in file.
         """
-        prep = dict((k, getattr(self, k)) for k in Credentials._PROPERTIES)
+        prep = dict((k, getattr(self, k)) for k in Credentials.PROPERTIES)
 
         # Remove entries that explicitely need to be removed
         if strip is not None:
             prep = {k: v for k, v in prep.items() if k not in strip}
 
-        # Save scopes has list
-        prep["scopes"] = prep["scopes"].split(' ')
-
         return json.dumps(prep)
 
 
@@ -88,9 +86,9 @@ class InstalledAppFlow(object):
         "The authentication flow has completed. You may close this window."
     )
 
-    def __init__(self, app_key, app_secret, scopes=None, client_type='offline'):
-        self.app_key = app_key
-        self.app_secret = app_secret
+    def __init__(self, app_key, app_secret, scopes, client_type='offline'):
+        self.client_id = app_key
+        self.client_secret = app_secret
         self.client_type = client_type
         self.scopes = scopes
         self.redirect_uri = None
@@ -180,12 +178,13 @@ def run_local_server(self, host="localhost", port=8080,
               self.redirect_uri)
 
         session = {}
-        flow = DropboxOAuth2Flow(self.app_key,
+        flow = DropboxOAuth2Flow(self.client_id,
                                  self.redirect_uri,
                                  session,
                                  "dropbox-auth-csrf-token",
-                                 self.app_secret,
-                                 token_access_type=self.client_type)
+                                 self.client_secret,
+                                 token_access_type=self.client_type,
+                                 scope=self.scopes)
         auth_url = flow.start()
 
         if open_browser:
@@ -203,7 +202,7 @@ def run_local_server(self, host="localhost", port=8080,
         # This closes the socket
         local_server.server_close()
 
-        return Credentials.from_oauth2_flow_result(result)
+        return Credentials.from_oauth2_flow_result(result, self.client_id, self.client_secret)
 
 
 class _WSGIRequestHandler(wsgiref.simple_server.WSGIRequestHandler):
diff --git a/pibooth_dropbox/plugin.py b/pibooth_dropbox/plugin.py
@@ -103,24 +103,35 @@ def _auth(self):
 
     def _save_credentials(self, credentials):
         """Save credentials in a file to use API without need to allow acces."""
-        with open(self.token_cache_file, 'w') as fp:
-            fp.write(credentials.to_json())
+        try:
+            with open(self.token_cache_file, 'w') as fp:
+                fp.write(credentials.to_json())
+        except OSError as err:
+            LOGGER.warning("Can not save Dropbox token in file '%s': %s",
+                           self.token_cache_file, err)
 
     def _get_authorized_session(self):
         """Create credentials file if required and open a new session."""
         credentials = None
         if not os.path.exists(self.token_cache_file) or \
                 os.path.getsize(self.token_cache_file) == 0:
-            credentials = self._auth()
-            LOGGER.debug("First use of pibooth-dropbox: store token in file %s",
+            LOGGER.debug("First use of plugin, store token in file %s",
                          self.token_cache_file)
-            try:
-                self._save_credentials(credentials)
-            except OSError as err:
-                LOGGER.warning("Can not save Dropbox token in file '%s': %s",
-                               self.token_cache_file, err)
+            credentials = self._auth()
+            self._save_credentials(credentials)
         else:
             credentials = Credentials.from_authorized_user_file(self.token_cache_file)
+            if credentials.client_id != self.app_key or\
+                    credentials.client_secret != self.app_secret:
+                LOGGER.debug("Application key or secret has changed, store new token in file '%s'",
+                             self.token_cache_file)
+                credentials = self._auth()
+                self._save_credentials(credentials)
+
+        # Remove cache if access rights are not correct
+        if set(self.SCOPES).intersection(set(credentials.scopes)) != set(self.SCOPES):
+            LOGGER.warning("Invalid permission, please set write access in Dropbox.com and restart pibooth")
+            os.remove(self.token_cache_file)
 
         if credentials:
             return dropbox.Dropbox(app_key=self.app_key,
@@ -172,8 +183,9 @@ def upload(self, fullname, folder, name, overwrite=False):
                     data, path, mode,
                     client_modified=datetime.datetime(*time.gmtime(mtime)[:6]),
                     mute=True)
-            except dropbox.exceptions.ApiError:
-                LOGGER.error('*** Dropbox API error', exc_info=True)
+            except Exception as ex:
+                LOGGER.error('Dropbox API error: %s', ex)
+                LOGGER.debug(str(ex), exc_info=True)
                 return None
 
         LOGGER.debug('Uploaded as %s', res.name.encode('utf8'))
@@ -186,6 +198,7 @@ def get_temp_url(self, path):
             res = self._session.files_get_temporary_link(path)
             LOGGER.debug('Temporary picture URL -> %s', res.link)
             return res.link
-        except:
-            LOGGER.error("Can not get temporary URL for Dropbox", exc_info=True)
+        except Exception as ex:
+            LOGGER.error('Can not get temporary URL for Dropbox: %s', ex)
+            LOGGER.debug(str(ex), exc_info=True)
             return None

Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,4 @@`
`2`	`2`
`3`	`3`	`"""Pibooth plugin to upload pictures on Dropbox."""`
`4`	`4`
`5`		`-__version__ = "0.0.2"`
	`5`	`+__version__ = "0.0.3"`