Ejemplo n.º 1
0
        def _authorize(handler, *args, **kwargs):
            redirect_uri = handler.get_argument('redirect_uri', None)
            try:
                if handler.request.method == 'POST':
                    rv = _post(handler, *args, **kwargs)
                else:
                    rv = _get(handler, *args, **kwargs)
            except FatalClientError as e:
                log.debug('Fatal client error %r', e)
                return handler.redirect(e.in_uri(self.error_uri))
            except OAuth2Error as e:
                log.debug('OAuth2Error: %r', e)
                return handler.redirect(
                    e.in_uri(redirect_uri or self.error_uri))
            except Exception as e:
                log.warn('Exception: %r', e)
                return handler.redirect(
                    add_params_to_uri(self.error_uri, {'error': 'unknown'}))

            if not isinstance(rv, bool):
                # if is a response or redirect
                return rv

            if not rv:
                # denied by user
                e = AccessDeniedError()
                return handler.redirect(e.in_uri(redirect_uri))
            return self.confirm_authorization_request(handler)
Ejemplo n.º 2
0
        def _authorize(handler, *args, **kwargs):
            redirect_uri = handler.get_argument('redirect_uri', None)
            try:
                if handler.request.method == 'POST':
                    rv = _post(handler, *args, **kwargs)
                else:
                    rv = _get(handler, *args, **kwargs)
            except FatalClientError as e:
                log.debug('Fatal client error %r', e)
                return handler.redirect(e.in_uri(self.error_uri))
            except OAuth2Error as e:
                log.debug('OAuth2Error: %r', e)
                return handler.redirect(e.in_uri(redirect_uri or
                                                 self.error_uri))
            except Exception as e:
                log.warn('Exception: %r', e)
                return handler.redirect(add_params_to_uri(
                    self.error_uri, {'error': 'unknown'}
                ))

            if not isinstance(rv, bool):
                # if is a response or redirect
                return rv

            if not rv:
                # denied by user
                e = AccessDeniedError()
                return handler.redirect(e.in_uri(redirect_uri))
            return self.confirm_authorization_request(handler)
Ejemplo n.º 3
0
    def post(self):
        uri, http_method, body, headers = extract_params(self.request)

        redirect_uri = self.request.POST.get('redirect_uri')
        if 'submit' in self.request.POST:
            scope = self.request.POST.get('scope', '')
            scopes = scope.split()
            credentials = {
                'client_id': self.request.POST.get('client_id'),
                'redirect_uri': redirect_uri,
                'response_type': self.request.POST.get('response_type'),
                'state': self.request.POST.get('state'),
                'user': self.request.user,
            }
            try:
                server_response = self.server.create_authorization_response(
                    uri,
                    http_method,
                    body,
                    headers,
                    scopes,
                    credentials,
                )

                app = Session.query(Application).filter(
                    Application.id == credentials['client_id'], ).one()

                try:
                    auth_app = Session.query(AuthorizedApplication).filter(
                        AuthorizedApplication.user == self.request.user,
                        AuthorizedApplication.application == app,
                    ).one()
                except NoResultFound:
                    auth_app = AuthorizedApplication(
                        user=self.request.user,
                        application=app,
                    )

                auth_app.redirect_uri = credentials['redirect_uri']
                auth_app.response_type = credentials['response_type']
                auth_app.scope = scopes

                Session.add(auth_app)

                return create_response(*server_response)
            except FatalClientError as e:
                return response_from_error(e)

        elif 'cancel' in self.request.POST:
            e = AccessDeniedError()
            return HTTPFound(e.in_uri(redirect_uri))
Ejemplo n.º 4
0
    def post(self):
        uri, http_method, body, headers = extract_params(self.request)

        redirect_uri = self.request.POST.get('redirect_uri')
        if 'submit' in self.request.POST:
            scope = self.request.POST.get('scope', '')
            scopes = scope.split()
            credentials = {
                'client_id': self.request.POST.get('client_id'),
                'redirect_uri': redirect_uri,
                'response_type': self.request.POST.get('response_type'),
                'state': self.request.POST.get('state'),
                'user': self.request.user,
            }
            try:
                server_response = self.server.create_authorization_response(
                    uri, http_method, body, headers, scopes, credentials,
                )

                app = Session.query(Application).filter(
                    Application.id == credentials['client_id'],
                ).one()

                try:
                    auth_app = Session.query(AuthorizedApplication).filter(
                        AuthorizedApplication.user == self.request.user,
                        AuthorizedApplication.application == app,
                    ).one()
                except NoResultFound:
                    auth_app = AuthorizedApplication(
                        user=self.request.user,
                        application=app,
                    )

                auth_app.redirect_uri = credentials['redirect_uri']
                auth_app.response_type = credentials['response_type']
                auth_app.scope = scopes

                Session.add(auth_app)

                return create_response(*server_response)
            except FatalClientError as e:
                return response_from_error(e)

        elif 'cancel' in self.request.POST:
            e = AccessDeniedError()
            return HTTPFound(e.in_uri(redirect_uri))
Ejemplo n.º 5
0
    def validate_code(self, client_id, code, client, request, *args, **kwargs):
        try:
            grant = Grant.objects.get(code=code, application=client)
            if not grant.is_expired():
                # Additionally check that this user has 2FA enabled
                if len(grant.user.totpdevice_set.all()) > 0:
                    request.scopes = grant.scope.split(" ")
                    request.user = grant.user
                    return True
                else:
                    raise AccessDeniedError(
                        description="The requesting user has not enabled 2FA",
                        request=request)
            return False

        except Grant.DoesNotExist:
            return False