def token_verify():
token = request.form.get('access_token')
client_resource = request.form.get('resource') # Can only be a single resource
if not client_resource:
# No resource specified by caller
return resource_error('no_resource')
if not token:
# No token specified by caller
return resource_error('no_token')
if not current_auth.client.namespace:
# This client has not defined any resources
return api_result('error', error='client_no_resources')
authtoken = AuthToken.get(token=token)
if not authtoken:
# No such auth token
return api_result('error', error='no_token')
if (current_auth.client.namespace + ':' + client_resource not in authtoken.effective_scope) and (
current_auth.client.namespace + ':*' not in authtoken.effective_scope):
# Token does not grant access to this resource
return api_result('error', error='access_denied')
if '/' in client_resource:
parts = client_resource.split('/')
if len(parts) != 2:
return api_result('error', error='invalid_scope')
resource_name, action_name = parts
else:
resource_name = client_resource
action_name = None
if resource_name != '*':
resource = Resource.get(resource_name, client=current_auth.client)
if not resource:
# Resource does not exist or does not belong to this client
return api_result('error', error='access_denied')
if action_name and action_name != '*':
action = ResourceAction.query.filter_by(name=action_name, resource=resource).first()
if not action:
return api_result('error', error='access_denied')
# All validations passed. Token is valid for this client and scope. Return with information on the token
# TODO: Don't return validity. Set the HTTP cache headers instead.
params = {'validity': 120} # Period (in seconds) for which this assertion may be cached.
if authtoken.user:
params['userinfo'] = get_userinfo(authtoken.user, current_auth.client, scope=authtoken.effective_scope)
params['clientinfo'] = {
'title': authtoken.client.title,
'userid': authtoken.client.owner.buid,
'buid': authtoken.client.owner.buid,
'uuid': authtoken.client.owner.uuid,
'owner_title': authtoken.client.owner.pickername,
'website': authtoken.client.website,
'key': authtoken.client.key,
'trusted': authtoken.client.trusted,
}
return api_result('ok', **params)
def token_verify():
token = request.form.get('access_token')
client_resource = request.form.get(
'resource') # Can only be a single resource
if not client_resource:
# No resource specified by caller
return resource_error('no_resource')
if client_resource != '*':
# Client resources are no longer supported; only the '*' resource is
return resource_error('unknown_resource')
if not token:
# No token specified by caller
return resource_error('no_token')
if not current_auth.auth_client.namespace:
# This client has not defined any resources
return api_result('error', error='client_no_resources')
authtoken = AuthToken.get(token=token)
if not authtoken:
# No such auth token
return api_result('error', error='no_token')
if (current_auth.auth_client.namespace + ':' + client_resource
not in authtoken.effective_scope) and (
current_auth.auth_client.namespace + ':*'
not in authtoken.effective_scope):
# Token does not grant access to this resource
return api_result('error', error='access_denied')
# All validations passed. Token is valid for this client and scope. Return with information on the token
# TODO: Don't return validity. Set the HTTP cache headers instead.
params = {
'validity': 120
} # Period (in seconds) for which this assertion may be cached.
if authtoken.user:
params['userinfo'] = get_userinfo(authtoken.user,
current_auth.auth_client,
scope=authtoken.effective_scope)
params['clientinfo'] = {
'title': authtoken.auth_client.title,
'userid': authtoken.auth_client.owner.buid,
'buid': authtoken.auth_client.owner.buid,
'uuid': authtoken.auth_client.owner.uuid,
'owner_title': authtoken.auth_client.owner.pickername,
'website': authtoken.auth_client.website,
'key': authtoken.auth_client.buid,
'trusted': authtoken.auth_client.trusted,
}
return api_result('ok', **params)
def token_get_scope():
token = request.form.get('access_token')
if not token:
# No token specified by caller
return resource_error('no_token')
if not current_auth.auth_client.namespace:
# This client has not defined any resources
return api_result('error', error='client_no_resources')
authtoken = AuthToken.get(token=token)
if not authtoken:
# No such auth token
return api_result('error', error='no_token')
client_resources = []
nsprefix = current_auth.auth_client.namespace + ':'
for item in authtoken.effective_scope:
if item.startswith(nsprefix):
client_resources.append(item[len(nsprefix):])
if not client_resources:
return api_result('error', error='no_access')
# All validations passed. Token is valid for this client. Return with information on the token
# TODO: Don't return validity. Set the HTTP cache headers instead.
params = {
'validity': 120
} # Period (in seconds) for which this assertion may be cached.
if authtoken.user:
params['userinfo'] = get_userinfo(authtoken.user,
current_auth.auth_client,
scope=authtoken.effective_scope)
params['clientinfo'] = {
'title': authtoken.auth_client.title,
'userid': authtoken.auth_client.owner.buid,
'buid': authtoken.auth_client.owner.buid,
'uuid': authtoken.auth_client.owner.uuid,
'owner_title': authtoken.auth_client.owner.pickername,
'website': authtoken.auth_client.website,
'key': authtoken.auth_client.buid,
'trusted': authtoken.auth_client.trusted,
'scope': client_resources,
}
return api_result('ok', **params)
def token_get_scope():
token = request.form.get('access_token')
if not token:
# No token specified by caller
return resource_error('no_token')
if not current_auth.client.namespace:
# This client has not defined any resources
return api_result('error', error='client_no_resources')
authtoken = AuthToken.get(token=token)
if not authtoken:
# No such auth token
return api_result('error', error='no_token')
client_resources = []
nsprefix = current_auth.client.namespace + ':'
for item in authtoken.effective_scope:
if item.startswith(nsprefix):
client_resources.append(item[len(nsprefix):])
if not client_resources:
return api_result('error', error='no_access')
# All validations passed. Token is valid for this client. Return with information on the token
# TODO: Don't return validity. Set the HTTP cache headers instead.
params = {'validity': 120} # Period (in seconds) for which this assertion may be cached.
if authtoken.user:
params['userinfo'] = get_userinfo(authtoken.user, current_auth.client, scope=authtoken.effective_scope)
params['clientinfo'] = {
'title': authtoken.client.title,
'userid': authtoken.client.owner.buid,
'buid': authtoken.client.owner.buid,
'uuid': authtoken.client.owner.uuid,
'owner_title': authtoken.client.owner.pickername,
'website': authtoken.client.website,
'key': authtoken.client.key,
'trusted': authtoken.client.trusted,
'scope': client_resources,
}
return api_result('ok', **params)
def token_verify():
token = request.form.get('access_token')
client_resource = request.form.get(
'resource') # Can only be a single resource
if not client_resource:
# No resource specified by caller
return resource_error('no_resource')
if not token:
# No token specified by caller
return resource_error('no_token')
if not current_auth.client.namespace:
# This client has not defined any resources
return api_result('error', error='client_no_resources')
authtoken = AuthToken.get(token=token)
if not authtoken:
# No such auth token
return api_result('error', error='no_token')
if (current_auth.client.namespace + ':' + client_resource
not in authtoken.effective_scope) and (
current_auth.client.namespace + ':*'
not in authtoken.effective_scope):
# Token does not grant access to this resource
return api_result('error', error='access_denied')
if '/' in client_resource:
parts = client_resource.split('/')
if len(parts) != 2:
return api_result('error', error='invalid_scope')
resource_name, action_name = parts
else:
resource_name = client_resource
action_name = None
if resource_name != '*':
resource = Resource.get(resource_name, client=current_auth.client)
if not resource:
# Resource does not exist or does not belong to this client
return api_result('error', error='access_denied')
if action_name and action_name != '*':
action = ResourceAction.query.filter_by(name=action_name,
resource=resource).first()
if not action:
return api_result('error', error='access_denied')
# All validations passed. Token is valid for this client and scope. Return with information on the token
# TODO: Don't return validity. Set the HTTP cache headers instead.
params = {
'validity': 120
} # Period (in seconds) for which this assertion may be cached.
if authtoken.user:
params['userinfo'] = get_userinfo(authtoken.user,
current_auth.client,
scope=authtoken.effective_scope)
params['clientinfo'] = {
'title': authtoken.client.title,
'userid': authtoken.client.owner.buid,
'buid': authtoken.client.owner.buid,
'uuid': authtoken.client.owner.uuid,
'owner_title': authtoken.client.owner.pickername,
'website': authtoken.client.website,
'key': authtoken.client.key,
'trusted': authtoken.client.trusted,
}
return api_result('ok', **params)
