def authorize(*args, **kwargs):
"""
OAuth authorization screen, will display the list of scopes and a yes/no
TODO: Make sure this is somewhat secure
"""
client_id = kwargs.get('client_id')
client = Client.query.filter_by(client_id=client_id).first()
kwargs['client'] = client
if request.method == 'GET':
# Let's see if we don't already have a token for this user/app ?
token = Token.query.filter_by(
user_id=current_user.id, client_id=client_id).first()
kwargs['Scopes'] = Scope.all()
if token and token.scopes != kwargs['scopes']:
# We already have a token but different permissions
kwargs['token'] = token
kwargs['new_scopes'] = [scope for scope in kwargs['scopes']
if scope not in token.scopes]
return render_template('oauth_authorize_scopes.html',
query_string=request.query_string, **kwargs)
if not token:
# No ? Let's ask the user then
kwargs['token'] = token
print(kwargs['scopes'])
kwargs['scopes'] = kwargs['scopes']
return render_template('oauth_authorize.html',
query_string=request.query_string, **kwargs)
# Everything match ? Done.
return oauth.confirm_authorization_request()
# Request is POST
return request.form.get('accept', 'false') == 'true'
def import_scopes():
db_scopes = Scope.query.all()
for db_scope in db_scopes:
db.session.delete(db_scope)
db.session.commit()
with open("scopes.json") as f:
scopes = json.loads(f.read())
for scope in scopes:
s = Scope.from_dict(scope)
db.session.add(s)
try:
db.session.commit()
except Exception as e:
print(e)
else:
redis.delete('j4oauth:scopes')
Scope.all()
print('Scopes imported with success !')
