def oauthtool(self):
if cherrypy.request.config.get('tools.sessions.on') == False: # to enable skipping /static etc
return
# the following are used to identify current state
auth_code = cherrypy.request.params.get('code')
target_url = cherrypy.request.params.get('state')
scope = cherrypy.request.params.get('scope')
error = cherrypy.request.params.get('error')
error_description = cherrypy.request.params.get('error_description')
# user has been redirected back by self.authorize_url
if auth_code and scope and target_url:
# get access token
data = {'grant_type': 'authorization_code', 'code': auth_code, 'redirect_uri': self.redirect_url}
for i in range(2): # 2 tries
try:
response = requests.post(self.access_token_url, data=data, auth=(self.client_id, self.client_secret))
except Exception as e:
print 'post to auth server failed', e
continue
if response.json().get('access_token'):
access_token = response.json()['access_token']
cherrypy.session[FLAG_access_token] = access_token
response.close()
# redirect to endpoint where user attempted to access
raise cherrypy.HTTPRedirect(target_url)
else:
print 'response from auth server', response.json()
response.close()
raise Exception('Failed to retrieved access-token from server!') # shouldn't reach here normally
elif error and error_description:
# this can occur when, for example, user denies access at self.authorize_url
# in case of error e.g. access-denied we keep the target_url state intact
print cherrypy.url(qs=cherrypy.request.query_string)
else:
# clean url; no special oauth parameters
# remember endpoint where user attempts to access; may be passed to self.authorize_url
target_url = cherrypy.url(base=self.redirect_url, path=cherrypy.request.path_info)
# main gate: user must have an access_token to proceed to application
if not cherrypy.session.get(FLAG_access_token):
if self.client_details_s3_refresh_url:
try:
self.client_id, self.client_secret = aws_s3_configreader.get_client_id_and_secret_from_s3_file(self.client_details_s3_refresh_url)
except:
raise Exception('Failed to read client_id and secret from S3')
params = {
'response_type': 'code',
'redirect_uri': self.redirect_url,
'client_id': self.client_id,
'state': target_url,
}
raise cherrypy.HTTPRedirect('%s&%s' % (self.authorize_url, urlencode(params)))
def oauthtool(self):
if cherrypy.request.config.get('tools.sessions.on') == False: # to enable skipping /static etc
return
# the following are used to identify current state
auth_code = cherrypy.request.params.get('code')
target_url = cherrypy.request.params.get('state')
error = cherrypy.request.params.get('error')
error_description = cherrypy.request.params.get('error_description')
# user has been redirected back by self.authorize_url
if auth_code and target_url:
# get access token
data = {'grant_type': 'authorization_code', 'code': auth_code, 'redirect_uri': self.redirect_url}
for i in range(2): # 2 tries
try:
response = requests.post(self.access_token_url, data=data, auth=(self.client_id, self.client_secret))
except Exception as e:
print 'post to auth server failed', e
continue
if response.json().get('access_token'):
access_token = response.json()['access_token']
cherrypy.session[FLAG_access_token] = access_token
response.close()
# redirect to endpoint where user attempted to access
raise cherrypy.HTTPRedirect(target_url)
else:
print 'response from auth server', response.json()
response.close()
raise Exception('Failed to retrieved access-token from server!') # shouldn't reach here normally
elif error and error_description:
# this can occur when, for example, user denies access at self.authorize_url
# in case of error e.g. access-denied we keep the target_url state intact
print cherrypy.url(qs=cherrypy.request.query_string)
else:
# clean url; no special oauth parameters
# remember endpoint where user attempts to access; may be passed to self.authorize_url
target_url = cherrypy.url(base=self.redirect_url, path=cherrypy.request.path_info)
# main gate: user must have an access_token to proceed to application
if not cherrypy.session.get(FLAG_access_token):
if self.client_details_s3_refresh_url:
try:
self.client_id, self.client_secret = aws_s3_configreader.get_client_id_and_secret_from_s3_file(self.client_details_s3_refresh_url)
except:
raise Exception('Failed to read client_id and secret from S3')
params = {
'response_type': 'code',
'redirect_uri': self.redirect_url,
'client_id': self.client_id,
'state': target_url,
}
raise cherrypy.HTTPRedirect('%s&%s' % (self.authorize_url, urlencode(params)))
def __init__(self, oauth_settings):
# cherrypy.session is not available before this _point
self._point = 'before_handler'
self._name = None
self._priority = 0
self.client_details_s3_refresh_url = oauth_settings.get('client_details_s3_refresh_url')
self.client_id = oauth_settings['client_id']
self.client_secret = oauth_settings['client_secret']
if self.client_details_s3_refresh_url:
self.client_id, self.client_secret = aws_s3_configreader.get_client_id_and_secret_from_s3_file(self.client_details_s3_refresh_url)
self.access_token_url = oauth_settings['access_token_url']
self.authorize_url = oauth_settings['authorize_url']
self.redirect_url = oauth_settings['redirect_url']
cherrypy.tools.oauthtool = self
def __init__(self, oauth_settings):
# cherrypy.session is not available before this _point
self._point = 'before_handler'
self._name = None
self._priority = 0
self.client_details_s3_refresh_url = oauth_settings.get(
'client_details_s3_refresh_url')
self.client_id = oauth_settings['client_id']
self.client_secret = oauth_settings['client_secret']
if self.client_details_s3_refresh_url:
self.client_id, self.client_secret = aws_s3_configreader.get_client_id_and_secret_from_s3_file(
self.client_details_s3_refresh_url)
self.access_token_url = oauth_settings['access_token_url']
self.authorize_url = oauth_settings['authorize_url']
self.redirect_url = oauth_settings['redirect_url']
cherrypy.tools.oauthtool = self
