def absolute_uri(request, base_url):
if not absolute_http_url_re.match(base_url):
if base_url.startswith("/"):
base_url = base_url[1:]
return '%s://%s/%s' % (request.is_secure() and 'https'
or 'http', request.get_host(), base_url)
return base_url
def absolute_uri(request, base_url):
if not absolute_http_url_re.match(base_url):
if base_url.startswith("/"):
base_url = base_url[1:]
return '%s://%s/%s' % (
request.is_secure() and 'https' or 'http',
request.get_host(), base_url)
return base_url
def rewrite_link(self, link):
if not absolute_http_url_re.match(link):
if link.startswith("/"):
link = link[1:]
absolute_path = self.absolute_path
if self.absolute_path.endswith("/"):
absolute_path = absolute_path[1:]
return normalize(absolute_path, link)
return link
def rewrite_link(self, link):
if not absolute_http_url_re.match(link):
if link.startswith("/"):
link = link[1:]
absolute_path = self.absolute_path
if self.absolute_path.endswith("/"):
absolute_path = absolute_path[1:]
return normalize(absolute_path, link)
return link
def rewrite_location(request, prefix_path, location):
prefix_path = prefix_path or ''
url = urlparse(location)
scheme = request.is_secure() and 'https' or 'http'
if not absolute_http_url_re.match(location):
# remote server doesn't follow rfc2616
proxy_uri = '%s://%s%s' % (scheme, request.get_host(), prefix_path)
return urljoin(proxy_uri, location)
elif url.scheme != scheme or url.netloc != request.get_host():
return urlunparse((scheme, request.get_host(), prefix_path + url.path,
url.params, url.query, url.fragment))
return location
def rewrite_location(request, prefix_path, location):
prefix_path = prefix_path or ''
url = urlparse(location)
scheme = request.is_secure() and 'https' or 'http'
if not absolute_http_url_re.match(location):
# remote server doesn't follow rfc2616
proxy_uri = '%s://%s%s' % (scheme,
request.get_host(), prefix_path)
return urljoin(proxy_uri, location)
elif url.scheme != scheme or url.netloc != request.get_host():
return urlunparse((scheme, request.get_host(),
prefix_path + url.path, url.params, url.query, url.fragment))
return location
def get_redirect_uri(self, request=None):
'''Get the redirect URI'''
# Check if got a redirect URI
if self.redirect_uri is None:
# If no redirect URI, raise
raise MissRedirectUri(_('No redirect_uri to send response.'))
# If this is an absolute redirect URI, return it
if absolute_http_url_re.match(self.redirect_uri):
# Return the absolute URI
return oauth2_tools.normalize_redirect_uri(self.redirect_uri)
# The URL is not absolute, but check if starts with a slash to be able to build it with HTTP_REFERER
#if not self.redirect_uri.startswith('/'):
# # Not an absolute
# If not absolute,
if not request:
raise MissRedirectUri(_('Absolute redirect_uri required.'))
http_referer = request.META.get('HTTP_REFERER')
if http_referer is None or not absolute_http_url_re.match(http_referer) or not self.redirect_uri.startswith('/'):
raise MissRedirectUri(_('Absolute redirect_uri required.'))
split = list(urlparse.urlparse(http_referer))
split[2] = self.redirect_uri # Path
split[3] = split[4] = split[5] = '' # No parameters, query or fragment
return urlparse.urlunparse(split)
def _validate(self):
"""Validate the request."""
if self.client_id is None:
raise InvalidRequest('No client_id')
try:
self.client = Client.objects.get(key=self.client_id)
except Client.DoesNotExist:
raise InvalidClient("client_id %s doesn't exist" % self.client_id)
# Redirect URI
if self.redirect_uri is None:
if self.client.redirect_uri is None:
raise MissingRedirectURI("No redirect_uri"
"provided or registered.")
elif self.client.redirect_uri is not None:
if normalize(self.redirect_uri) != normalize(
self.client.redirect_uri):
self.redirect_uri = self.client.redirect_uri
raise InvalidRequest("Registered redirect_uri doesn't "
"match provided redirect_uri.")
self.redirect_uri = self.redirect_uri or self.client.redirect_uri
# Check response type
if self.response_type is None:
raise InvalidRequest('response_type is a required parameter.')
if self.response_type not in ["code", "token"]:
raise InvalidRequest("No such response type %s" %
self.response_type)
# Response type
if self.authorized_response_type & RESPONSE_TYPES[
self.response_type] == 0:
raise UnauthorizedClient("Response type %s not allowed." %
self.response_type)
if not absolute_http_url_re.match(self.redirect_uri):
raise InvalidRequest('Absolute URI required for redirect_uri')
# Scope
if self.authorized_scope is not None and self.scope is None:
self.scope = self.authorized_scope
if self.scope is not None:
self.access_ranges = AccessRange.objects.filter(key__in=self.scope)
access_ranges = set(
self.access_ranges.values_list('key', flat=True))
difference = access_ranges.symmetric_difference(self.scope)
if len(difference) != 0:
raise InvalidScope("Following access ranges do not "
"exist: %s" % ', '.join(difference))
if self.authorized_scope is not None:
new_scope = self.scope - self.authorized_scope
if len(new_scope) > 0:
raise InvalidScope("Invalid scope: %s" %
','.join(new_scope))
def _validate(self):
"""Validate the request."""
if self.client_id is None:
raise InvalidRequest('No client_id')
try:
self.client = Client.objects.get(key=self.client_id)
except Client.DoesNotExist:
raise InvalidClient("client_id %s doesn't exist" % self.client_id)
# Redirect URI
if self.redirect_uri is None:
if self.client.redirect_uri is None:
raise MissingRedirectURI("No redirect_uri"
"provided or registered.")
elif self.client.redirect_uri is not None:
if normalize(self.redirect_uri) != normalize(self.client.redirect_uri):
self.redirect_uri = self.client.redirect_uri
raise InvalidRequest("Registered redirect_uri doesn't "
"match provided redirect_uri.")
self.redirect_uri = self.redirect_uri or self.client.redirect_uri
# Check response type
if self.response_type is None:
raise InvalidRequest('response_type is a required parameter.')
if self.response_type not in RESPONSE_TYPES:
raise InvalidRequest("No such response "
"type: %s" % self.response_type)
# Response type
if not is_valid_response_type(
RESPONSE_TYPES[self.response_type],
self.client.authorized_reponse_types):
raise UnauthorizedClient("Response type %s not allowed for "
"client" % self.response_type)
if not absolute_http_url_re.match(self.redirect_uri):
raise InvalidRequest('Absolute URI required for redirect_uri')
# Scope
if self.authorized_scope is not None and self.scope is None:
self.scope = self.authorized_scope
if self.scope is not None:
self.access_ranges = AccessRange.objects.filter(key__in=self.scope)
access_ranges = set(self.access_ranges.values_list('key', flat=True))
difference = access_ranges.symmetric_difference(self.scope)
if len(difference) != 0:
raise InvalidScope("Following access ranges do not "
"exist: %s" % ', '.join(difference))
if self.authorized_scope is not None:
new_scope = self.scope - self.authorized_scope
if len(new_scope) > 0:
raise InvalidScope("Invalid scope: %s" % ','.join(new_scope))
def validate(self):
#import pdb
#pdb.set_trace()
#if self.request.META['CONTENT_TYPE'] != 'application/x-www-form-urlencoded':
# raise InvalidRequest()
super(Request, self).validate()
if self.client_id is None:
raise InvalidRequest(_('No client_id'))
try: self.client = Client.objects.get(key=self.client_id)
except Client.DoesNotExist:
raise InvalidClient(_("client_id %(client_id)s doesn't exist") % {'client_id': self.client_id, })
# Redirect URI
if self.redirect_uri is None:
if self.client.redirect_uri is None:
raise InvalidRequest(_('No redirect_uri provided or registered.'))
elif self.client.redirect_uri and not self.client.match_redirect_uri(self.redirect_uri):
self.redirect_uri = self.client.redirect_uri
raise RedirectUriMismatch(_("Registered and provided redirect_uri doesn't match."))
self.redirect_uri = self.redirect_uri or self.client.redirect_uri
# Check no query / fragment etc
# Check response type
if self.response_type is None:
raise InvalidRequest(_('Response type required'))
if self.response_type not in appconsts.RESPONSE_TYPES:
raise InvalidRequest(_('No such response type: %(response_type)s') % {'response_type': self.response_type, })
if self.response_type not in appsettings.RESPONSE_TYPES:
raise UnsupportedResponseType(_('Response type not supported by server: %(response_type)s') % {'response_type': self.response_type, })
# Response type
if not self.client.is_authorized_response_type(self.response_type):
raise UnauthorizedClient(_('Response type %(response_type)s not allowed for client') % {'response_type': self.response_type, })
if not absolute_http_url_re.match(self.redirect_uri):
raise InvalidRequest(_('Absolute URI required for redirect_uri'))
# Scope
if self.scope is not None:
access_ranges = set(AccessRange.objects.filter(key__in=self.scope).values_list('key', flat=True))
difference = access_ranges.symmetric_difference(self.scope)
if len(difference) != 0:
raise InvalidScope(_("Following access ranges doesn't exist: %(access_ranges)s") % {'access_ranges': ', '.join(difference), })
def _check_redirect_uri(self):
"""Raise MissingRedirectURI if no redirect_uri is available."""
if self.redirect_uri is None:
raise MissingRedirectURI('No redirect_uri to send response.')
if not absolute_http_url_re.match(self.redirect_uri):
raise MissingRedirectURI('Absolute redirect_uri required.')
def _check_redirect_uri(self):
"""Raise MissingRedirectURI if no redirect_uri is available."""
if self.redirect_uri is None:
raise MissingRedirectURI('No redirect_uri to send response.')
if not absolute_http_url_re.match(self.redirect_uri):
raise MissingRedirectURI('Absolute redirect_uri required.')
