Ejemplo n.º 1
0
def getAuthCode():
    #logging.warning("GETCODE THE USER IS " + str(g.user.username))
    code = randomString(32)
    client = lookupClientByID(request.form.get("client_id"))
    if client and request.form.get("confirm_yes"):
        redirectUrl = client.redirect_url
        codeDB = AuthCode(client_id=client.client_id,
                          client=client.key,
                          user=g.user.key,
                          code=code,
                          expires=datetime.now() +
                          timedelta(seconds=app.config["AUTHCODE_EXPIRATION"]))
        codeDB.put()
        taskqueue.add(url='/_expire-authcode',
                      params={
                          'code': code,
                          "secret": app.config["QUEUE_SECRET"]
                      },
                      method="GET",
                      countdown=app.config["AUTHCODE_EXPIRATION"])
        return redirect("{0}?code={1}&expires={2}".format(
            redirectUrl, code, app.config["AUTHCODE_EXPIRATION"]))
    else:
        logging.warning("DID NOT CONFIRM")
        return "<script>window.close()</script>"
Ejemplo n.º 2
0
def getToken():		#client does this
	client = lookupClientByID(request.form.get("client_id"))
	#logging.warning("CLIENT ID: " + str(request.form.get("client_id")))
	if client and client.client_secret == request.form.get("client_secret"):
		time.sleep(0.1)
		codeInDB = AuthCode.query(AuthCode.code == request.form.get("code")).get()
		#logging.warning("CODE IN DB:" + str(codeInDB))
		if codeInDB:
			tokenGrant = Token(client = client.key, user = codeInDB.user, access_token = randomString(32),
							   refresh_token = randomString(32), expires = datetime.now() + timedelta(seconds=app.config["ACCESSTOKEN_EXPIRATION"]))
			ndb.delete_multi(Token.query(Token.client == client.key and Token.user == codeInDB.user).fetch(keys_only = True)) #delete prior tokens
			tokenGrant.put()
			codeInDB.key.delete()
			taskqueue.add(url='/_expire-token', params={'access_token': tokenGrant.access_token, "secret": app.config["QUEUE_SECRET"]}, 
						  method="GET", countdown = app.config["ACCESSTOKEN_EXPIRATION"])
			return jsonify({"access_token": tokenGrant.access_token, 
							"refresh_token": tokenGrant.refresh_token, "expires": app.config["ACCESSTOKEN_EXPIRATION"]})
		else:
			return jsonify({"error": "Auth code expired or invalid"})
	return jsonify({"error": "Invalid credentials"})
Ejemplo n.º 3
0
def getAuthCode():
	#logging.warning("GETCODE THE USER IS " + str(g.user.username))
	code = randomString(32)
	client = lookupClientByID(request.form.get("client_id"))
	if client and request.form.get("confirm_yes"):
		redirectUrl = client.redirect_url
		codeDB = AuthCode(client_id = client.client_id, client = client.key, 
						  user = g.user.key, code = code, expires = datetime.now() + timedelta(seconds=app.config["AUTHCODE_EXPIRATION"]))
		codeDB.put()
		taskqueue.add(url='/_expire-authcode', params={'code': code, "secret": app.config["QUEUE_SECRET"]}, method="GET", countdown = app.config["AUTHCODE_EXPIRATION"])
		return redirect("{0}?code={1}&expires={2}".format(redirectUrl, code, app.config["AUTHCODE_EXPIRATION"]))
	else:
		logging.warning("DID NOT CONFIRM")
		return "<script>window.close()</script>"
Ejemplo n.º 4
0
def getToken():  #client does this
    client = lookupClientByID(request.form.get("client_id"))
    #logging.warning("CLIENT ID: " + str(request.form.get("client_id")))
    if client and client.client_secret == request.form.get("client_secret"):
        time.sleep(0.1)
        codeInDB = AuthCode.query(
            AuthCode.code == request.form.get("code")).get()
        #logging.warning("CODE IN DB:" + str(codeInDB))
        if codeInDB:
            tokenGrant = Token(
                client=client.key,
                user=codeInDB.user,
                access_token=randomString(32),
                refresh_token=randomString(32),
                expires=datetime.now() +
                timedelta(seconds=app.config["ACCESSTOKEN_EXPIRATION"]))
            ndb.delete_multi(
                Token.query(Token.client == client.key
                            and Token.user == codeInDB.user).fetch(
                                keys_only=True))  #delete prior tokens
            tokenGrant.put()
            codeInDB.key.delete()
            taskqueue.add(url='/_expire-token',
                          params={
                              'access_token': tokenGrant.access_token,
                              "secret": app.config["QUEUE_SECRET"]
                          },
                          method="GET",
                          countdown=app.config["ACCESSTOKEN_EXPIRATION"])
            return jsonify({
                "access_token": tokenGrant.access_token,
                "refresh_token": tokenGrant.refresh_token,
                "expires": app.config["ACCESSTOKEN_EXPIRATION"]
            })
        else:
            return jsonify({"error": "Auth code expired or invalid"})
    return jsonify({"error": "Invalid credentials"})