def request_authorization_code(): provider = FlaskAuthorizationProvider() response_type = request.args.get("response_type", "code") client_id = request.args.get("client_id", None) redirect_uri = request.args.get("redirect_uri", None) scope = request.args.get("scope", None) if not current_user.is_authenticated or not provider.validate_has_scopes( client_id, current_user.db_user().username, scope ): if not provider.validate_redirect_uri(client_id, redirect_uri): current_app = provider.get_application_for_client_id(client_id) if not current_app: abort(404) return provider._make_redirect_error_response( current_app.redirect_uri, "redirect_uri_mismatch" ) # Load the scope information. scope_info = scopes.get_scope_information(scope) if not scope_info: abort(404) return # Load the application information. oauth_app = provider.get_application_for_client_id(client_id) app_email = oauth_app.avatar_email or oauth_app.organization.email oauth_app_view = { "name": oauth_app.name, "description": oauth_app.description, "url": oauth_app.application_uri, "avatar": json.dumps(avatar.get_data(oauth_app.name, app_email, "app")), "organization": { "name": oauth_app.organization.username, "avatar": json.dumps(avatar.get_data_for_org(oauth_app.organization)), }, } # Show the authorization page. has_dangerous_scopes = any([check_scope["dangerous"] for check_scope in scope_info]) return render_page_template_with_routedata( "oauthorize.html", scopes=scope_info, has_dangerous_scopes=has_dangerous_scopes, application=oauth_app_view, enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri, scope=scope, csrf_token_val=generate_csrf_token(), ) if response_type == "token": return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope) else: return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def invite_view(invite): if invite.user: return member_view(invite.user, invited=True) else: return { "email": invite.email, "kind": "invite", "avatar": avatar.get_data(invite.email, invite.email, "user"), "invited": True, }
def invite_view(invite): if invite.user: return member_view(invite.user, invited=True) else: return { 'email': invite.email, 'kind': 'invite', 'avatar': avatar.get_data(invite.email, invite.email, 'user'), 'invited': True }
def request_authorization_code(): provider = FlaskAuthorizationProvider() response_type = request.args.get('response_type', 'code') client_id = request.args.get('client_id', None) redirect_uri = request.args.get('redirect_uri', None) scope = request.args.get('scope', None) if (not current_user.is_authenticated or not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)): if not provider.validate_redirect_uri(client_id, redirect_uri): current_app = provider.get_application_for_client_id(client_id) if not current_app: abort(404) return provider._make_redirect_error_response(current_app.redirect_uri, 'redirect_uri_mismatch') # Load the scope information. scope_info = scopes.get_scope_information(scope) if not scope_info: abort(404) return # Load the application information. oauth_app = provider.get_application_for_client_id(client_id) app_email = oauth_app.avatar_email or oauth_app.organization.email oauth_app_view = { 'name': oauth_app.name, 'description': oauth_app.description, 'url': oauth_app.application_uri, 'avatar': json.dumps(avatar.get_data(oauth_app.name, app_email, 'app')), 'organization': { 'name': oauth_app.organization.username, 'avatar': json.dumps(avatar.get_data_for_org(oauth_app.organization)) } } # Show the authorization page. has_dangerous_scopes = any([check_scope['dangerous'] for check_scope in scope_info]) return render_page_template_with_routedata('oauthorize.html', scopes=scope_info, has_dangerous_scopes=has_dangerous_scopes, application=oauth_app_view, enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri, scope=scope, csrf_token_val=generate_csrf_token()) if response_type == 'token': return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope) else: return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def get(self, client_id): """ Get information on the specified application. """ application = model.oauth.get_application_for_client_id(client_id) if not application: raise NotFound() app_email = application.avatar_email or application.organization.email app_data = avatar.get_data(application.name, app_email, 'app') return { 'name': application.name, 'description': application.description, 'uri': application.application_uri, 'avatar': app_data, 'organization': org_view(application.organization, []) }
def get(self, client_id): """ Get information on the specified application. """ application = model.oauth.get_application_for_client_id(client_id) if not application: raise NotFound() app_email = application.avatar_email or application.organization.email app_data = avatar.get_data(application.name, app_email, "app") return { "name": application.name, "description": application.description, "uri": application.application_uri, "avatar": app_data, "organization": org_view(application.organization, []), }
def authorization_view(access_token): oauth_app = access_token.application app_email = oauth_app.avatar_email or oauth_app.organization.email return { "application": { "name": oauth_app.name, "description": oauth_app.description, "url": oauth_app.application_uri, "avatar": avatar.get_data(oauth_app.name, app_email, "app"), "organization": { "name": oauth_app.organization.username, "avatar": avatar.get_data_for_org(oauth_app.organization), }, }, "scopes": scopes.get_scope_information(access_token.scope), "uuid": access_token.uuid, }
def authorization_view(access_token): oauth_app = access_token.application app_email = oauth_app.avatar_email or oauth_app.organization.email return { 'application': { 'name': oauth_app.name, 'description': oauth_app.description, 'url': oauth_app.application_uri, 'avatar': avatar.get_data(oauth_app.name, app_email, 'app'), 'organization': { 'name': oauth_app.organization.username, 'avatar': avatar.get_data_for_org(oauth_app.organization) } }, 'scopes': scopes.get_scope_information(access_token.scope), 'uuid': access_token.uuid }
def list_entity_robot_permission_teams(self, prefix, include_token=False, include_permissions=False, limit=None): tuples = model.user.list_entity_robot_permission_teams( prefix, limit=limit, include_permissions=include_permissions) robots = {} robot_teams = set() for robot_tuple in tuples: robot_name = robot_tuple.get(User.username) if robot_name not in robots: token = None if include_token: if robot_tuple.get(RobotAccountToken.token): token = robot_tuple.get( RobotAccountToken.token).decrypt() robot_dict = { "name": robot_name, "token": token, "created": robot_tuple.get(User.creation_date), "last_accessed": (robot_tuple.get(User.last_accessed) if features.USER_LAST_ACCESSED else None), "description": robot_tuple.get(RobotAccountMetadata.description), "unstructured_metadata": robot_tuple.get(RobotAccountMetadata.unstructured_json), } if include_permissions: robot_dict.update({ "teams": [], "repositories": [], }) robots[robot_name] = Robot( robot_dict["name"], robot_dict["token"], robot_dict["created"], robot_dict["last_accessed"], robot_dict["description"], robot_dict["unstructured_metadata"], ) if include_permissions: team_name = robot_tuple.get(TeamTable.name) repository_name = robot_tuple.get(Repository.name) if team_name is not None: check_key = robot_name + ":" + team_name if check_key not in robot_teams: robot_teams.add(check_key) robot_dict["teams"].append( Team(team_name, avatar.get_data(team_name, team_name, "team"))) if repository_name is not None: if repository_name not in robot_dict["repositories"]: robot_dict["repositories"].append(repository_name) robots[robot_name] = RobotWithPermissions( robot_dict["name"], robot_dict["token"], robot_dict["created"], (robot_dict["last_accessed"] if features.USER_LAST_ACCESSED else None), robot_dict["teams"], robot_dict["repositories"], robot_dict["description"], ) return robots.values()
def list_entity_robot_permission_teams(self, prefix, include_token=False, include_permissions=False, limit=None): tuples = model.user.list_entity_robot_permission_teams(prefix, limit=limit, include_permissions=include_permissions) robots = {} robot_teams = set() for robot_tuple in tuples: robot_name = robot_tuple.get(User.username) if robot_name not in robots: token = None if include_token: # TODO(remove-unenc): Remove branches once migrated. if robot_tuple.get(RobotAccountToken.token): token = robot_tuple.get(RobotAccountToken.token).decrypt() if token is None and ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS): token = robot_tuple.get(FederatedLogin.service_ident) assert not token.startswith('robot:') robot_dict = { 'name': robot_name, 'token': token, 'created': robot_tuple.get(User.creation_date), 'last_accessed': (robot_tuple.get(User.last_accessed) if features.USER_LAST_ACCESSED else None), 'description': robot_tuple.get(RobotAccountMetadata.description), 'unstructured_metadata': robot_tuple.get(RobotAccountMetadata.unstructured_json), } if include_permissions: robot_dict.update({ 'teams': [], 'repositories': [], }) robots[robot_name] = Robot(robot_dict['name'], robot_dict['token'], robot_dict['created'], robot_dict['last_accessed'], robot_dict['description'], robot_dict['unstructured_metadata']) if include_permissions: team_name = robot_tuple.get(TeamTable.name) repository_name = robot_tuple.get(Repository.name) if team_name is not None: check_key = robot_name + ':' + team_name if check_key not in robot_teams: robot_teams.add(check_key) robot_dict['teams'].append(Team( team_name, avatar.get_data(team_name, team_name, 'team') )) if repository_name is not None: if repository_name not in robot_dict['repositories']: robot_dict['repositories'].append(repository_name) robots[robot_name] = RobotWithPermissions(robot_dict['name'], robot_dict['token'], robot_dict['created'], (robot_dict['last_accessed'] if features.USER_LAST_ACCESSED else None), robot_dict['teams'], robot_dict['repositories'], robot_dict['description']) return robots.values()